Tuesday, May 31, 2011

Complete DHS Daily Report for May 31, 2011

Daily Report

Top Stories

• The Atlanta Journal-Constitution reports fierce storms hit the metro Atlanta, Georgia area, knocking out power to 240,000 customers and causing flash flooding that closed down numerous streets. (See item 1)

1. May 27, Atlanta Journal-Constitution – (Georgia) Flood warning lifted for DeKalb, Fulton. The fierce storms that left 3 people dead and nearly 200,000 utility customers without power moved out of Atlanta, Georgia, early May 27, but not before dumping enough rain to prompt flash flood warnings for Fulton and DeKalb counties. The National Weather Service issued flash flood warnings just before 5 a.m. for areas of central Fulton and DeKalb counties where as much as 3 inches of rain fell overnight, but lifted the warning about an hour later. Numerous interstate ramps and surface streets remained flooded before daybreak May 27. Georgia Power spokesman said about 49,000 customers statewide were without power at 7 a.m., with 42,000 of those in metro Atlanta. At the peak of the outages May 26, about 200,000 metro Atlanta customers and 240,000 across the state were in the dark, a spokesman said. Georgia Power was bringing in crews from across the state to help restore power. Source: http://www.ajc.com/news/metro-atlanta-weather-flood-957576.html?cxtype=rss_news

• According to CNN, nearly 700 patients and 100 employees at Emory University Hospital in Atlanta, Georgia have been exposed to tuberculosis. (See item 40)

40. May 27, CNN – (Georgia) Atlanta hospital notifies nearly 700 patients about TB exposure. Nearly 700 patients and 100 employees at Emory University Hospital in Atlanta, Georgia have been exposed to tuberculosis (TB) after coming in contact with a hospital employee carrying the disease, a hospital spokesman said May 26. The Georgia Department of Community Health and the hospital have identified 680 patients who were exposed to TB between November and February, a hospital spokesman said. Patients will begin getting tested for TB the week of May 30, he said. To date, no patients or employees have reported symptoms, he said. The hospital and the department began notifying people about the exposure this month, after an Emory employee was diagnosed in April with the infectious disease, he said. The employee did not know he had TB when he came in contact with employees and patients, the hospital said. The hospital took extra precautions by contacting patients who were in the hospital for 90 days before the day the employee is known to have developed the disease, he said. All hospital employees are screened for the disease and must receive screenings each year, it added. A hospital statement did not say whether the employee who developed TB had been screened. Source: http://edition.cnn.com/2011/HEALTH/05/26/georgia.tuberculosis.scare/


Banking and Finance Sector

16. May 27, The Tennessean – (National) Fake bomb used to rob Music Row bank. Investigators are trying to identify a man who used a fake bomb to rob the Bank of America on Music Row in Nashville, Tennessee, May 26. The bank robber walked in at 11:20 a.m. and put the device on a teller’s counter, said it was a bomb and demanded money, according to police. The robber, a suspect in two other incidents, left the bank with an undisclosed amount of money and left the device behind. The police department hazardous devices nit later determined it was not a bomb. The man is also a suspect in the attempted robbery of the U.S. post office at 1109 Woodland Street less than an hour before the bank heist. He is also considered a suspect in a recent Goodlettsville, Tennessee bank robbery. Source: http://www.tennessean.com/article/20110527/NEWS/305270074/Fake-bomb-used-rob-Music-Row-bank?odyssey=nav|head

17. May 27, Charlotte Observer – (Missouri) Charlotte armored car robber sought. Local and federal authorities are offering a reward and asking the public’s help in finding the man they said robbed an armored car driver at gunpoint May 19 in Charlotte, North Carolina’s University City area. The FBI office in Charlotte said the robbery happened at 9 a.m. at a Bank of America ATM. According to the FBI, an armed man pointed the gun at a Loomis armored car driver who was servicing the ATM. The gunman grabbed a courier bag of money and ran down Technology Drive. The gunman is described as a black male, about 5 feet 7 inchess tall with medium build. He was wearing black clothing. A reward of up to $20,000 is being offered for information helping solve this case. Source: http://www.charlotteobserver.com/2011/05/27/2331332/charlotte-armored-car-robber-sought.html

18. May 27, Miami Herald – (Florida) Four of Scott Rothstein’s colleagues charged with fraud. A former attorney in a convicted con man’s Fort Lauderdale, Florida law firm — along with two other ex-employees and a one-time night club owner – were charged May 27 with conspiracy offenses related to the man’s $1.2 billion Ponzi scheme. All four Broward County men face one count of conspiring to commit wire fraud, which carries a potential maximum penalty of 5 years in prison. All the defendants are being charged by information, not by indictment. That means they are cooperating with the U.S. attorney’s office and are expected to plead guilty to the single conspiracy count. The scheme’s perpetrator was arrested in 2009, charged with racketeering, money laundering, and fraud stemming from the sale of phony legal settlements involving purported sexual harassment, discrimination, and whistle-blow lawsuits over the previous 4 years. He pleaded guilty in January 2010 and was sentenced to 50 years in prison and ordered to repay $363 million to about 320 victims from South Florida, the Northeast, and elsewhere. Source: http://www.miamiherald.com/2011/05/27/v-fullstory/2238217/four-of-scott-rothsteins-colleagues.html

19. May 27, NJtoday.net – (New Jersey) Three men indicted in bank robbery, shootout with police. A grand jury in Middlesex County, New Jersey, indicted three men on charges of robbing a bank in Franklin Township and then shooting at police officers while fleeing through North Brunswick and New Brunswick, where they were apprehended, a Middlesex County prosecutor announced May 26. The 24-count indictment charges the trio with counts of attempted murder of three New Brunswick police officers, armed robbery, conspiracy, theft, eluding police, the theft of two getaway vehicles, receiving stolen property, and weapons offenses for carrying five guns, including semi-automatic weapons and a sawed-off shotgun, during the March 12, 2009 robbery. Also, the grand jury handed up three separate indictments charging each of the defendants with five counts of illegally possessing weapons, as each had previously served prison terms for various offenses, and were banned by law from having weapons. Source: http://njtoday.net/2011/05/27/three-men-indicted-in-bank-robbery-shootout-with-police/

20. May 27, San Francisco Chronicle – (California) ATM repairman accused of loading fake money. An employee of an ATM servicing company has been charged with swapping $200,000 in fake bills for real cash at machines in Daly City and San Francisco, California, a prosecutor said May 26. The 64-year-old suspect was wanted on a warrant when he was arrested during a traffic stop in Phoenix, Arizona May 11, 10 months after the thefts, a San Mateo County District Attorney (DA) said. The man was an employee of Diebold, which services ATMs for Bank of America. On July 4, 2010, officials said he went to six bank branches in San Francisco and one in Daly City and stole about $200,000 by replacing cash in the machine trays with counterfeit or photocopied $20 bills, the DA said. He used his work card key to access the ATMs and was captured on video at all seven locations, authorities said. The next day, he “abandoned his wife and disappeared,” the DA said. His wife reported him missing and angry Bank of America customers contacted the bank to complain about the fake money, authorities said. He pleaded not guilty in San Mateo County Superior Court to charges of burglary, embezzlement, forgery, and possession of counterfeiting apparatus, and faces similar charges in San Francisco. Source: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2011/05/27/BANQ1JLBKP.DTL

21. May 26, Eliicot City Patch – (Maryland) Arrests made in armored car robberies in Ellicott City, Silver Spring. Two men accused of robbing armored car employees in Howard County and Montgomery County, Maryland were arrested May 26. Police said the men robbed an armored car in Ellicott City December 27, 2010, and an armored car in front of a bank in Silver Spring April 4, 2011. Both have been charged in the Howard County case with one count each of armed robbery, robbery, first-degree assault, second-degree assault, theft, and using a handgun to commit a felony, according to police. They are also facing charges from the Montgomery County case: one count of armed robbery, and one count of conspiracy to commit armed robbery, police said. Their arrests stemmed from the investigation of the Silver Spring case where a Dunbar armored car guard was robbed at a Bank of America on the 11400 block of Old Columbia Pike, according to police. Source: http://ellicottcity.patch.com/articles/arrests-made-in-armored-car-robberies-in-ellicott-city-silver-spring

22. May 26, Associated Press – (New Jersey) NY man admits ‘skimming’ ATMS for nearly $300K. A Bulgarian native has admitted scanning personal information from an ATM in northern New Jersey and stealing nearly $300,000. The man pleaded guilty May 26 in federal court in Newark, New Jersey, to bank fraud conspiracy, and aggravated identity theft. The man was arrested last fall. He was accused of using an electronic device to skim identity and account information from Valley National Bank branches in Nutley, and Belleville. The Queens, New York, resident and others allegedly withdrew nearly $300,000 using the stolen personal identification numbers. The bank fraud conspiracy charge carries a maximum potential penalty of 30 years in prison. Aggravated identity theft carries a mandatory consecutive 2-year prison term. Source: http://online.wsj.com/article/AP55d27bec47994e1e84d5640d74b58f4b.html

Information Technology

52. May 27, IDG News Service – (International) Jury convicts two for selling counterfeit Cisco gear. A U.S. federal jury convicted two people the week of May 23 over a scheme to import and sell counterfeit Cisco-branded networking equipment, the U.S. Department of Justice (DOJ) said May 26. The jury found a woman from Virginia guilty of conspiracy and 15 other counts related to import fraud and counterfeit labeling, the DOJ said. She ran the U.S. headquarters of a Chinese company that stole intellectual property and defrauded customers, the DOJ statement said, citing a U.S. attorney. The woman took millions of dollars from unsuspecting U.S. consumers and businesses, the attorney said. The jury’s May 24 verdict also convicted a second suspect, a man from Maryland, of conspiracy, the statement said. The man from Maryland, and the woman from Virginia, and family members in China had operated a “large-scale counterfeit computer networking equipment business” under the name Han Tong Technology (Hong Kong), the DOJ said. The woman from Virginia and others working with her had defrauded U.S. buyers through a company in Virginia called JDC Networking. JDC Networking used pirated software to alter Cisco products and falsify labels, the DOC said. The woman used different names and addresses on import documents, and hid millions of dollars of counterfeit proceeds through bank accounts and property under the names of family members in China, the statement said. Source: http://www.computerworld.com/s/article/9217106/Jury_convicts_two_for_selling_counterfeit_Cisco_gear

53. May 27, Softpedia – (International) Pharma spam campaign distributes fake Apple AppStore emails. Security researchers from Finnish antivirus vendor F-Secure warn about a wave of pharma spam e-mails masquerading as official communications from Apple’s AppStore. The e-mails bear a subject of “ID:[random number] Apple AppStore Order Cancellation” and come with spoofed headers to appear as if they from an AppStore@apple(dot)com address. The messages were created using a real Apple AppStore e-mails template, but all links inside have been replaced with ones leading to rogue online pharmacies. There are two links, one on the random ID number and one on “order information.” The e-mails are designed to make recipients ask themselves questions like why was his order canceled or why was there an order in the first place. In both cases, users will likely click on the links to obtain more information, only to find themselves taken to a rogue pharmacy Web site selling prescription drugs. Source: http://news.softpedia.com/news/Pharma-Spam-Campaign-Distributes-Fake-Apple-AppStore-Emails-202746.shtml

54. May 27, H Security – (International) DNSSEC signature can crash Bind name servers. Where a Bind name server is set up as a caching resolver, it is vulnerable to DoS attacks which could cause it to crash. The Internet Systems Consortium (ISC) describes the issue in its advisory Large RRSIG RRsets and Negative Caching can crash named and categorises the problem, which can be triggered remotely, as “high” severity. The DNSSEC extension plays a key role in the latest security problem to hit the widely used name server. It appears the internal memory manager can become confused when it has to cache signed entries for non-existent domains. A member of ISC confirmed to H Security’s associates at heise Security that servers which do not themselves offer DNSSEC functionality are also vulnerable. According to ISC, to exploit the bug an attacker must be running a DNSSEC-signed authority server for a domain. He would then be able to induce DNS lookups for non-existent names on that domain (for example by sending out spam), which would trigger the bug on the vulnerable name server. Versions 9.4-ESV-R3, 9.6-ESV-R2, 9.6.3, 9.7.1, 9.8.0 and earlier are all affected. ISC has released updates that should fix the problem. Source: http://www.h-online.com/security/news/item/DNSSEC-signature-can-crash-Bind-name-servers-1251729.html

55. May 26, The Register – (International) Google Web Store quietly purged of nosy apps. Google’s Chrome Web Store has quietly been purged of at least two games after a blogger revealed the Flash-based browser extensions had unfettered access to all Web site data, browsing history, and bookmarks stored on users’ computers. The removal of Super Mario World and Super Mario World 2 came without explanation following a post published May 26 a by mobile-security blogger who read the fine print in Google’s Chrome application store. The most troubling caveat: “This item can read every page that you visit –- your bank, your web email, your Facebook page, and so on. Often, this kind of item needs to see all pages so that it can perform a limited task such as looking for RSS feeds that you might want to subscribe to. Caution: Besides seeing all your pages, this item could use your credentials (cookies) to request your data from websites.” “It’s pretty obvious how potentially bad the Mario extension could be, particularly when this is supposed to be just a Flash game,” the blogger wrote. “What really irks me though is the ‘permissions by default’ installation. You click one button and it’s there, almost immediately with no prompt.” Source: http://www.theregister.co.uk/2011/05/26/google_web_store_privacy_threats/

56. May 26, Softpedia – (International) Trend Micro joins Sophos in criticizing Microsoft SmartScreen stats. Trend Micro researchers are backing up anti-malware experts from Sophos in claiming Microsoft’s recently published SmartScreen numbers might lead to a false sense of security. Starting with Internet Explorer (IE) 9, Microsoft has added an application reputation component to the browser’s SmartScreen filter. The SmartScreen technology was introduced in Internet Explorer 7 as a malicious URL blocking feature and, according to the browser vendor, it has blocked 160 million phishing pages and 1.5 billion malware distribution sites. Microsoft claims IE’s new app reputation filter kicks in immediately when a new attack is launched, unlike traditional antivirus signatures that start appearing much later. The company said SmartScreen warnings only appear for 1 in 10 downloads, and that 1 in 14 downloaded files ultimately confirmed as malware. The week of May 16, a senior security advisor at Sophos expressed concerns about the numbers released by Microsoft. He said the statistics lack comparison with other, more prevalent, Web infection vectors such as drive-by downloads. Drive-by download attacks occur when Web sites exploit vulnerabilities in plug-ins such as Java, Flash, or Adobe Reader to install malware on computers. In these cases, the browser has no control over the downloads. Source: http://news.softpedia.com/news/Trend-Micro-Joins-Sophos-in-Criticizing-Microsoft-SmartScreen-Stats-202516.shtml

57. May 26, Softpedia – (International) Fake YouTube emails lead to rogue pharma sites. A wave of spam e-mails purporting to come from YouTube direct users to rogue online pharmacies through compromised legitimate Web sites. According to Belgian e-mail security vendor MX Lab, the new spam campaign generates e-mails that bear a subject of “YouTube Administration sent you a message: Your video on the TOP of YouTube.” The fake communications have their header spoofed to appear as if they originate from a service@youtube(dot)com e-mail address and are built based on a YouTube template. There are several links inside the message, including the youtube(dot)com one, one on the word “inbox,” one on “YouTube Administration,” as well as three in top right menu, “help center,” “e-mail options” and,”report spam.” All links point to redirect scripts hosted on legitimate compromised Web sites that further take users to sites pushing unregulated drugs under the Canadian Family Pharmacy brand. Passing spam e-mails as official communications from social media Web sites is not a new technique, but YouTube is not a regular target for such campaigns. Source: http://news.softpedia.com/news/Fake-YouTube-Emails-Lead-to-Pharma-Spam-202571.shtml

58. May 25, Softpedia – (International) Mariposa is making a comeback. Security researchers from Trend Micro warn that Mariposa, once one of the largest botnets in the world, is slowly, but steadily, growing back to its former self. Mariposa was the name given to a particular botnet, which at its peak, was made up of as many as 12 million infected computers spread across 190 countries. The Mariposa botnet was based on a variant of a worm called Palevo or Rimecud, which is capable of spreading using a variety of methods, including exploiting Windows vulnerabilities, copying itself to removable storage devices and network shares, as well as sending itself over instant messaging and p2p file sharing programs. Mariposa was dismantled in March 2010 and another big arrest was made in July. Following these events, the worm’s activity registered a steep decline. But Trend Micro researchers said the malware started gaining traction again in Q4 of 2010. In fact, the worm is almost as active now as in Q1 2010 when it was taken down. According to abuse tracking Web site abuse.ch, there are currently 118 Palevo command and control servers being tracked. Source: http://news.softpedia.com/news/Mariposa-Is-Making-a-Comeback-202386.shtml

Communications Sector

59. May 27, Binghamton Press – (New York) 669 phone exchange out of service. The 669 telephone exchange, which serves the Town of Binghamton, New York, was out of service May 27, the Broome County Office of Emergency Services said. Frontier Telecom is responding, although there was no time estimate for repairs. Residents affected by the outage can call 911 on their cell phones in the event of an emergency, or visit Town of Binghamton Fire Station 1 at 967 Hawleyton Road, where crews are waiting to assist. Source: http://www.pressconnects.com/article/20110527/NEWS01/110527005/669-phone-exchange-out-service?odyssey=nav|head

60. May 26, Bradenton Herald – (Florida) Verizon looks to have phone lines fixed by 4 a.m. A major line break of Verizon fiber lines disrupted land line and cell phone service May 26 for an estimated 3,600 customers in Myakka and East Manatee in Brandenton, Florida. Crews were working to restore the lines and expected them to be running by 4 a.m. May 27, according to the media relations manager with Verizon. Manatee County Public Safety Department advised that anyone who could not dial 911 with an emergency should seek help at the Myakka Fire Department. Customers with a 322 exchange were told to call the fire department for assistance. The media relations manager with Verizon said the fiber was cut by a crew working 6 to 7 miles east of Interstate 75 on Fruitville Road. He added that it was not a Verizon crew. Source: http://business-video.tmcnet.com/news/2011/05/26/5538327.htm