Wednesday, June 1, 2011

Complete DHS Daily Report for June 1, 2011

Daily Report

My apologies to all for the delay in my posts over the past two weeks. I am sorry, but it has been unavoidable as DHS has been slow to lackadaisical relative to their posting of the DHS Daily Report. I endeavor to be timely with a target of posting my blog prior to the start of the business day in the U.S. Eastern Time Zone.

Top Stories

• According to WSOC 9 Charlotte, a fire damaged a chemical plant, destroyed two other businesses, and forced the evacuation of 750 people near Hudson, North Carolina. (See item 5)

5. May 29, WSOC 9 Charlotte – (North Carolina) Explosion and fire rock Hudson plant. A mutiple-alarm fire ripped through a chemical manufacturing plant May 28, shutting down busy U.S. 321, and forcing evacuations of nearby businesses and hundreds of homes in Caldwell County, North Carolina. Fire officials said the fire was contained to a storage area of the Chemical Coatings plant in Hudson. However, flames spread to two upholstery businesses that were destroyed. Investigators do not know how the fire started. Residents were evacuated around 4 p.m. after explosions. Emergency officials evacuated about 750 homes, and many businesses in a 2-mile radius of the facility. The highway reopened just before 10 p.m. Officials said the chemicals inside are hazardous and have the volatility of gun powder in a fire. Fifteen agencies from Caldwell County along with representation from Lincoln, Gaston, Catawba, Alexander, Wilkes, Burke, and Mecklenburg counties responded. Two. The Red Cross is handling resident relocation centers. They said most people displaced by the fire stayed with family members. Two firefighters were treated for heat-related illnesses, officials said. No one was inside the plant at the time of the fire, and no one else was hurt. The Blue Ridge Electric Company said there were about 1,000 customers in Hudson without power for less than an hour after the fire knocked out a circuit. Chemical Coatings makes dyes, lacquers, and other coatings for furniture. Source: http://firenews.net/index.php/news/news_article/3157/

• The Richmond Times-Dispatch reports a tour bus driver was charged with reckless driving after a bus crash that killed 4 passengers, injured 54 others, and shut a major interstate for 7 hours. (See item 16)

16. May 31, Richmond Times-Dispatch – (Virginia) Bus driver charged with reckless driving in I-95 wreck. The driver of a bus that flipped and overturned on Interstate 95 in Caroline County, Virginia May 31, killing four and sending 54 to 11 area hospitals, has been charged with reckless driving, Virginia State Police (VSP) said. The 37-year-old of Flushing, N.Y., was being held on $3,000 bond at Pamunkey Regional Jail in Hanover County, VSP said. They said earlier that the wreck was caused by driver fatigue, and that the driver had been cooperating with authorities. The VSP Motor Carrier Safety Team has finished its investigation and ruled out mechanical errors or malfunctions as factors in the 4:55 a.m. wreck, which closed the northbound interstate until 11:30 a.m., officials said. The bus owned by Sky Express Inc. of Charlotte, N.C., left Greensboro, North Carolina, at 10:30 p.m. May 30 en route to a Chinatown stop in New York, state police said. The company has had a checkered safety record, according to federal data. The driver was the only person aboard the bus who did not require hospitalization. The driver’s seat was the only one equipped with seatbelts, authorities said. The 60-passenger bus had 59 aboard as it ran off the right side of the interstate less than a mile south of the Carmel Church exit at mile marker 104, hit an embankment and flipped, a VSP spokesman said. The 54 passenger who were hurt had injuries ranging from minor to life-threatening, authorities said. Sky Express has a troubled safety inspection history, according to the Federal Motor Carrier Safety Administration’s (FMCSA) Web site. Sky Express performed worse than 97 percent of all passenger bus companies within the last 12 months and 99.7 percent worse in the last 24 months in the “Driver Fitness” category, FMCSA records show. The carrier’s registration information as of May 20, 2011, said the company has 34 vehicles and 53 drivers, and traveled 3.6 million miles in 2009. Source: http://www2.godanriver.com/news/2011/may/31/38/tour-bus-overturns-i-95-north-caroline-traffic-det-ar-1075341/

Details

Banking and Finance Sector

12. May 31, The Spokane Spokesman-Review – (Washington) Four arrested in bank scam. Four Seattle, Washington residents did not just steal $33,000 from several Spokane banks in one afternoon; they were handed the money as if it were theirs, according to court records. In a new example of identity theft, authorities said four people – one suspect has already pleaded guilty – went to local banks on March 12, 2010, with stolen credit cards. They identified themselves as the cardholders and sought cash advances that were declined. They would then call a number from their cell phones, talk to someone on the line, and then hand the phone to the bank teller; that official-sounding person directed the tellers to approve the transactions. Four tellers fulfilled those requests and two refused before four suspects were caught. An agent with the U.S. Secret Service questioned the suspects about the identity of the person who verified the accounts over the phone, but a detective said it is his understanding that the federal investigation has stalled. Source: http://www.spokesman.com/stories/2011/may/31/four-arrested-in-bank-scam/

13. May 27, Associated Press – (National) 2 arrested in Alabama on ATM skimming charges. Hoover, Alabama police have arrested two people they said were involved in an electronic ATM skimming operation that resulted in more than $1 million in losses nationwide. Police said they arrested a 40-year-old man and a 34-year-old woman shortly after midnight May 20 outside a Regions Bank after police saw them standing outside the bank. Police said the two had attached an electronic skimming device to an ATM. A Hoover police captain said the suspects each were charged with offenses against intellectual property under the Alabama Computer Crime Act. Both are being held in the Jefferson County Jail without bond. Source: http://www.timesunion.com/default/article/2-arrested-in-Alabama-on-ATM-skimming-charges-1398712.php

14. May 28, Associated Press – (California) FBI says ‘Geezer Bandit’ robs 14th California bank. Authorities said May 28 the “Geezer Bandit” robbed California bank number 14 — his first in San Luis Obispo County. The FBI said in a news release that a man believed to be the elderly bank robber struck a bank in Morro Bay after 11 robberies in the San Diego area starting in 2009. He is also suspected in a robbery in Bakersfield, and one in Santa Barbara. Authorities said the man believed to be in his 70s pointed a revolver at two tellers at a Heritage Oaks Bank branch May 27, threatened them, and demanded money. The suspect left with an undisclosed amount. A $20,000 reward is offered for information leading to his capture and conviction. The FBI has considered that the man’s elderly features could be a disguise, after some witness reports that he was wearing a mask. Source: http://www.mercurynews.com/breaking-news/ci_18163250

15. May 26, Washington Post – (National) Former Nasdaq executive Donald Johnson pleads guilty to fraud for insider trading. A federal crackdown on insider trading has nabbed a former executive of the Nasdaq Stock Market who pleaded guilty May 27 to one count of securities fraud for trading on confidential information about companies listed on the Nasdaq. The man placed illegal trades from his computer at Nasdaq offices in New York, using an online brokerage account in his wife’s name, the Securities and Exchange Commission (SEC) said. From 2006 to 2009, he reaped more than $755,000 in illegal profits, the SEC said. From his perch at Nasdaq’s “market

intelligence desk,” the man received advance word of market-moving corporate developments such as changes in company leadership, earnings reports and the fact that a drug for hypertension had won approval from the U.S. Food and Drug Administration, the government said. He used the information to place secret trades, sometimes betting stocks would rise and other times betting they would fall, the government said. Source: http://www.washingtonpost.com/business/economy/former-nasdaq-executive-pleads-guilty-to-fraud/2011/05/26/AGjUeGCH_story.html

Information Technology

39. May 31, Softpedia – (International) New scareware campaign uses fake Firefox security alerts. Security researchers from Sophos warn of a new scareware campaign that directs Firefox users to rogue pages mimicking security alerts normally issued by the browser. Firefox leverages Google’s Safe Browsing API to prevent users from visiting Web sites flagged as malicious. The service aggregates data from various third-party sources and Google’s own specialized crawlers. When a rogue page is opened in Firefox, the browser displays a security alert saying the request has been blocked and providing the user several options. According to Sophoss, the people behind this scareware distribution campaign have cloned the page and modified it to appear as if a computer scan is also performed and infections are found. “Mozilla Firefox recommends you to install proper software to protect your computer,” the phishing page says and presents a “Start Protection” button. Clicking it will prompt people to download and install a rogue antivirus application designed to scare them into buying a license to allegedly clean the fictitious infections. The scam is browser-aware and will direct Internet Explorer users to a different page mimicking a classic Explorer window. Source: http://news.softpedia.com/news/New-Scareware-Campaign-Uses-Fake-Firefox-Security-Alerts-203305.shtml

40. May 30, Softpedia – (International) Phishers store rogue forms on Google Docs. Security researchers from antivirus vendor F-Secure have found phishing forms stored as spreadsheets on Google Docs. The files seem to be part of different phishing campaigns. “Spreadsheets can even contain functionality, such as forms, and these can be published to the whole world. Unfortunately, that means we regularly see phishing sites via Google Docs spreadsheets and hosted on spreadsheets.google.com,” said F-Secure’s chief research officer. In one case, a spreadsheet titled “webmail account upgrade” contains fields for inputting Web mail account credentials. In another, a form is gathering student data. One page, claiming to be a Google Voice account transfer form, is crafted so well that F-Secure researchers are not sure if it is legitimate or not. On the one hand, it asks for Google Voice numbers, e-mail addresses and secret PIN codes like a phishing scam, but on the other, Google employees have linked to it on support forums. Source: http://news.softpedia.com/news/Phishers-Store-Rogue-Forms-on-Google-Docs-203230.shtml

41. May 30, H Security – (International) Critical vulnerability in open source Eucalyptus clouds. Researchers at Ruhr-University Bochum have discovered a critical vulnerability in Eucalyptus, an open source implementation of the Amazon EC2 cloud APIs. An attacker can, with access to network traffic, intercept Eucalyptus SOAP commands and modify them or issue their own arbitrary commands. To do this, the attacker must only copy the signature from an XML packet sent by Eucalyptus to the user. As Eucalyptus did not properly validate SOAP requests, the attacker could use their own copy in commands sent to the SOAP interface and have them executed as the authenticated user. All versions up to and including 2.0.2 are vulnerable; a fixed version, 2.0.3, is available to download. Ubuntu’s Eucalyptus-based Ubuntu Enterprise Cloud (UEC) is also vulnerable; updates for Ubuntu 10.04 LTS, 10.10 and 11.04 are already available in Canonical’s repositories. Eucalyptus said the changes made to close the holes may lead to some existing tools failing to work as the system will interpret them as a replay attack if they issue commands too rapidly. Source: http://www.h-online.com/security/news/item/Critical-vulnerability-in-open-source-Eucalyptus-clouds-1252593.html

42. May 29, H Security – (International) Cross-site scripting vulnerability in TweetDeck’s ChromeDeck. Chrome TweetDeck, the browser-based version of the Tweetdeck Twitter client, has been found to be suffering from a cross-site scripting vulnerability (XSS). The Chrome TweetDeck application, also known as ChromeDeck, executes scripts placed within a tweet that pop up a dialog box with “Scanned” displayed as the text, indicating it had run the JavaScript. The hole has now been closed and an update has been released to ChromeDeck users who should install it as soon as possible. TweetDeck was recently acquired by Twitter. Source: http://www.h-online.com/security/news/item/Cross-site-scripting-vulnerability-in-TweetDeck-s-ChromeDeck-1251989.html

43. May 27, Computerworld – (International) New malware scanner finds 5% of Windows PCs infected. One in every 20 Windows PCs whose users turned to Microsoft for cleanup help were infected with malware, Microsoft said the week of May 23. This was one statistic Microsoft cited from data generated by its new Safety Scanner, a free malware scanning and scrubbing tool that re-launched May 12. The 420,000 copies of the tool downloaded in the first week of its availability cleaned malware or signs of exploitation from more than 20,000 Windows PCs, Microsoft’s Malware Protection Center reported May 25. That represented an infection rate of 4.8 percent. On average, each of the infected PCs hosted 3.5 threats, which Microsoft defined as either actual malware or clues a successful attack had been launched against the machine. Of the top 10 threats found by Safety Scanner, 7 were Java exploits. Source: http://www.computerworld.com/s/article/9217113/New_malware_scanner_finds_5_of_Windows_PCs_infected

44. May 27, U.S. Consumer Product Safety Commission – (National) HP expands recall of notebook computer batteries due to fire hazard. Hewlett-Packard Company, of Palo Alto, California, issued a recall May 27 for about 162,000 additional lithium-ion batteries used in HP and Compaq notebook computers (54,000 and 70,000 batteries were previously recalled in May 2010 and May 2009, respectively). The recalled lithium-ion batteries can overheat and rupture, posing fire and burn hazards to consumers. Since the May 2010 recall expansion, HP has received 40 additional reports of batteries that overheated and ruptured, resulting in 7 burn injuries, 1 smoke inhalation injury, and 36 instances of property damage. The batteries were sold at computer and electronics stores nationwide, hp.com, and hpshopping.com from July 2007 through July 2008. Source: http://www.cpsc.gov/cpscpub/prerel/prhtml11/11234.html

Communications Sector

45. May 30, Associated Press – (Montana) Floods halt phone service in Mont. cities as rain continues, snowmelt looms; SD town on alert. Flooding disrupted emergency phone service across a broad swath of eastern Montana May 30 as areas of the state remained inundated and downstream communities prepared for the worst. In southeast South Dakota, residents of the small town of Dakota Dunes were told to be ready to leave their homes by May 29 — and prepare to be gone awhile — as the Missouri River continued to rise. Knox County emergency manager told the Norfolk Daily News that Nebraska Highway 12, which connects Lazy River Acres with Niobrara and Verdel, could be flooded over soon. In Montana, flooding near Hardin on May 29 brought down telephone equipment that handles 911 and long-distance calls for Glendive, Miles City, Sidney, Fairview, Colstrip, Forsyth, Wibaux, and Terry. Emergency calls were rerouted until full service was restored at about 11 a.m. May 30, Qwest spokeswoman said. Source: http://www.washingtonpost.com/national/soaked-montana-gets-more-rain-downstream-states-prepare-for-reservoir-releases/2011/05/30/AGIpugEH_story.html

- 18 -

46. May 27, Ithaca Journal – (New York) Verizon DSL service restored this afternoon. Service was restored to Verizon high-speed Internet customer by 2:30 p.m. May 27 after storms knocked out service May 26 to as many as 8,700 Verizon high-speed Internet customers from Binghamton to Syracuse, New York. A vicious storm severed a fiber-optic line south of Binghamton. A Verizon spokesman said repairs were made and service was restored between 2 p.m. and 2:30 p.m. May 27. The affected fiber-optic line was on County Route 117, south of the city. The line is owned by First Energy. Verizon customer service lines were flooded with calls about service interruptions in the region. Traditional phone lines were not affected by the Internet service interruption. Source: http://www.theithacajournal.com/article/20110527/NEWS01/110527014/Verizon-DSL-service-restored-afternoon?odyssey=mod|newswell|text|Local%20News|s