Wednesday, July 6, 2011

Complete DHS Daily Report for July 6, 2011

Daily Report

Top Stories

 The New York Times reports a charter fishing boat carrying 44 people sank July 3 in the Sea of Cortez off the coast of Mexico, leaving at least 1 person dead and 7 Americans missing, the U.S. Coast Guard said. (See item 21)

21. July 5, New York Times – (International) 8 Missing in Mexico after vessel sinks. A charter fishing boat, the Erik, with 44 people aboard sank into the Sea of Cortez off Mexico July 3, leaving at least 1 person dead, the U.S. Coast Guard said. Eight people, seven of them Americans, were still missing late July 4. Survivors of a capsized boat sat inside a helicopter after being rescued by the Mexican Navy in San Felipe July 4. ―Initial reports from Mexico are that it was bad weather and possibly waves,‖ a spokesman for the Coast Guard said. Twenty-seven Americans and 17 other passengers and crew members were aboard the boat when it foundered at 2:30 a.m. July 3, about 60 miles south of the port of San Felipe, the Coast Guard said. Many passengers were able to swim ashore, and they alerted local authorities that the ship had gone down. Others were rescued by the Mexican Navy. Source:

 Two suspects were charged July 4 on charges in connection with the ramming of a gate at a Coast Guard station in Charleston, South Carolina, which resulted in the evacuation of the base early July 3, WCIV 4 Charleston reports. (See item 39)

39. July 4, WCIV 4 Charleston – (South Carolina) Bond set on men accused of busting into Coast Guard base. Two men accused of ramming the gate of a Coast Guard station early July 3 stood before a judge July 4 in Charleston, South Carolina. One of the suspects, a 20-year-old man, was charged with possession of a stolen handgun. The other suspect, a 22-year-old man, was charged with possession of a stolen vehicle, possession of a stolen handgun, and failure to stop for blue lights. The Charleston police said the incident started around 1 a.m. when officers responded to reports of a stolen car in downtown Charleston. Officers said when they attempted to stop the car, the two suspects drove off, turned onto Tradd Street, and sped off. Moments later, police were notified the two men had slammed through the main gate of the Coast Guard Station Charleston, and were loose on the base. A spokesman with the Coast Guard said the base was then evacuated as a SWAT team was brought in to locate the two suspects. A coast guard boat and helicopter were used in the search effort along with K-9 units. The K-9 units found the suspects several hours later hiding under a dock on the base. At bond court July 4 the 22-year old told the judge he was high on drugs at the time of the crime. Source:


Banking and Finance Sector

16. July 5, Associated Press – (Oregon; Washington) FBI: ‘Bad Hair Bandit’ now in Oregon. The FBI says the so-called ―Bad Hair Bandit,‖ sought in connection with as many as 18 bank robberies or attempted robberies in Washington, is now suspected in a robbery in the Portland suburb of Lake Oswego. A Portland FBI spokeswoman said the woman approached a teller July 1 in a Key Bank branch, indicated she had a weapon and demanded money. She walked out with an undisclosed amount of cash. The spokeswoman said the woman wore a distinctive short dark wig and fits the description of other heists by the ―Bad Hair Bandit.‖ A $10,000 reward is being offered for information leading to conviction of the robber. Source:

17. July 4, Associated Press – (Georgia; National) Atlanta man charged in $7 million investment fraud scheme. An Atlanta, Georgia man is facing federal charges in connection with a $7 million Ponzi scheme. The man is accused of recruiting at least 25 people in Georgia, Tennessee, North Carolina, Florida, and Michigan to invest in a purported hedge fund by falsely guaranteeing returns of up to 50 percent each year. Prosecutors said instead of investing the money, he used it to pay personal expenses and to repay earlier investors. He faces five counts of wire fraud and nine counts of mail fraud. Each count carries a maximum sentence of 20 years in prison. Source:

18. July 2, Sacramento Bee – (California) Indictment alleges Elverta investment scam. A former Placer County, California resident was accused June 30 in a federal grand jury indictment of stealing nearly $2 million by flimflamming investors in a nascent Elverta real estate development. He was charged in 12 counts of mail fraud and four counts of using criminally derived funds for monetary transactions between April 2006 and July 2009. The 79-year-old was the operational manager for a group of investors who owned 1,800 acres in Elverta, and he was to prepare 66 of those acres for sale to residential and commercial builders, according to the indictment. It alleges that in calls for capital to defray expenses, he inflated the amounts due and siphoned the excess into his own pocket. He used the money for personal expenditures and investments, the indictment states. Source:

19. July 2, Futures Magazine – (Nebraska) Nebraska resident charged with operating unregistered CPO. The U.S. Commodity Futures Trading Commission (CFTC) filed a complaint in the U.S. District Court for the District of Nebraska June 29 charging a Nebraska woman and ROF Consulting, LLC (ROF) with operating a fraudulent commodity pool scheme. The defendants operated the commodity pool NCCN, LLC (NCCN). The CFTC complaint alleges that from at least February 28, 2005 to October 26, 2009, the woman and ROF fraudulently solicited and accepted approximately $4 million from NCCN pool participants. The defendants allegedly operated NCCN while not being registered as Commodity Pool Operators (CPOs), as required under the Commodity Exchange Act and CFTC regulations. The complaint also charges the woman with making several fraudulent representations to actual and prospective pool participants. Source:

20. July 1, Reuters – (National) Washington Mutual settles fraud suits for $208 million. Washington Mutual’s officers, directors, underwriters, and auditor agreed June 30 to a $208.5 million settlement to end class-action securities fraud lawsuits, according to court documents. The lawsuits, in the United States District Court for the Western District of Washington, accused the defendants of concealing from investors poor loan underwriting and inflated appraisals that overstated earnings and inflated the company’s stock price. In September 2008, regulators seized the company’s savings and loan business in the largest bank failure in the nation’s history. Under the terms of the class-action settlement, announced in court papers dated June 30, claims against the directors and officers will be settled for about $105 million. The settlement is subject to court approval. Source:

Information Technology Sector

49. July 5, The Register – (International) Popular FTP package download tarball poisoned. A backdoor was discovered in the source code of a widely used FTP package. Version 2.3.4 of the source code for vsftpd – billed as probably the most secure and fastest FTP server for Unix-like systems – was replaced with a compromised version with an invalid signature. The dodgy tarball version of the code was uploaded onto the main download site and available for around 3 days before the hack was detected by the author of vsftpd July 3. He moved the main download to a new site,, which is hosted by Google App Engine. The counterfeit code was poorly disguised and it is unlikely too many of the tech-savvy users of vsftpd fell victim to the hack. The incident illustrates code repositories can be poisoned and the importance of checking digital signatures as a safeguard against falling victim to such schemes. Source:

50. July 5, Softpedia – (International) Critical vulnerabilities patched in phpMyAdmin. The phpMyAdmin development team released critical updates for the popular Web-based database management tool in order to patch several vulnerabilities that can be exploited to execute arbitrary code. The new and versions address a total of four security issues rated as highly critical by vulnerability research company Secunia. One of the flaws (CVE-2011-2505) stems from an error in the Swekey authentication function and can be exploited to manipulate the PHP session superglobal. This can be leveraged in other attacks, including the injection and execution of arbitrary PHP code. Another vulnerability (CVE-2011-2507) stems from the improper sanitizing of input passed to the PMA_createTargetTables() function in libraries/server_synchronize.lib.php. This allows attackers to truncate the pattern string and pass the /e modifier to preg_replace() which causes the second argument to be executed as PHP code. The third vulnerability (CVE-2011-2508) is also related to improperly sanitized input, but in the ―PMA_displayTableBody()‖ function. The vulnerability can be leveraged to include files from local resources via directory traversal techniques. Finally, a weakness in setup scripts (CVE-2011-2506) was addressed. Attackers can exploit it to overwrite session variables and this can lead to arbitrary code injection. A researcher from Xxor AB is credited with discovering all of these vulnerabilities. None of them affect the older 2.11.x phpMyadmin branch. Source:

51. July 4, Techworld – (International) Apple developer Website vulnerability is fixed. A vulnerability that could have led to phishing attacks against Mac OS X, iPad, and iPad developers has been closed, according to the hacker group that flagged up the hole on an Apple development Web site 2 months ago. YGN told Apple about the Arbitrary URL Redirect vulnerability and cross-site scripting issue April 25, warning it could lead to phishing attacks on developers using the Web site. Apple acknowledged YGN’s information April 27, but did not fix the hole. YGN then let news reporters know it would go public with the information in a short period of time even if Apple did not correct the problem. One day after the situation was reported on, Apple corrected the issue. Source:

52. July 4, The Register – (International) Top level domain explosion could wreak mayhem on net. A plan to populate the Internet with hundreds or thousands of new top-level domains has security researchers pondering some of the unintended consequences that could be exploited by online criminals. Mayhem might result from addresses that end in ―exchange,‖ ―mailserver,‖ ―domain,‖ or other strings that are frequently used to designate highly sensitive resources on corporate and government networks. If a glitch ever caused an e-mail program or other application to reach one of these external addresses, instead of the internal server carrying the identical host name, the outcome could prove disastrous for the stability of the Internet. An even more dire scenario would arise if online criminals intentionally acquired a strategically named TLD and used the incoming connections to harvest passwords or mount attacks on the connecting clients. A corporate laptop, for example, that connected to an airport hotspot rather than the normal enterprise network might connect to the domain name ―mailserver‖ controlled by hackers, rather than the trusted internal server by the same name. Similar attacks could be waged with other strings, including ―wpad,‖ ―lan,‖ and ―local.‖ The fears come 2 weeks after the Internet Corporation for Assigned Names and Numbers approved a measure allowing anyone to submit applications for virtually any TLD. Source:

53. July 1, WJRT 12 Flint – (Michigan) Chemical leak causes fire at Hemlock Semiconductor. A chemical leak started a small fire July 1 at Hemlock Semiconductor in Thomas Township, Michigan. The leak happened at the facility just before 6:30 a.m. One person was taken to the hospital. About an hour later, a chemical release caused concern at a Dow Corning plant in Midland. Sirens went off around the Hemlock Semiconductor facility, warning residents in the area that there was a problem. Roads around the facility were blocked for about an hour. The emergency response team at Hemlock Semiconductor and the Thomas Township Fire Department were able to quickly put the fire out, but an employee of Hemlock Semiconductor was injured. The company triggered Saginaw County’s 911 Emergency Response System, alerting nearby residents of the situation by phone calls and text messages. The all-clear was given to residents about an hour after the chemical release. An hour after the Hemlock Semiconductor incident, a haze was detected near Dow Corning’s Midland facility on Saginaw Road. The haze was composed of ammonium chloride, which resulted from a small release of material at the site. It quickly dissipated and the all-clear was given there. Source:

54. July 1, IDG News Service – (International) Spam messages promise Google+ invites, deliver drug ads. Security vendor Sophos said pharmaceutical spammers recently started to cash in on the popularity of Google’s Facebook alternative by pushing out fake invitations to the Google+ social service. ―The messages look similar to the real emails that users may receive from friends who are already members of Google+,‖ wrote a Sophos senior technology consultant July 1. ―However, clicking on the links will not take you to the new social network, but instead take you to a pharmacy website set up to sell the likes of Viagra, Cialis and Levitra.‖ Google introduced its new service June 28. Early members were encouraged to invite their friends, but June 29 Google stopped adding new members because of the ―insane demand,‖ according to the senior vice president of Google’s social media group. Spammers are always looking to cash in on the latest news trends, but with these fake Google+ invites, they lucked into an ideal scam. Many people are eager to click on Google+ to see exactly what the service is all about. Source:

Communications Sector

55. July 4, IDG News Service – (National) Fox Twitter account hacked, claims Obama shot in Iowa. The Twitter account for Fox News was apparently hacked, with six tweets falsely reporting early July 4 that the U.S. President had been shot twice in an Iowa restaurant while campaigning. The tweets were posted between 2 a.m. and 3 a.m. Eastern Time by the ―foxnewspolitics‖ account. The account has a badge with a checkmark that means it has been verified by Twitter for authenticity. National media outlets in the U.S., including Fox News itself, carried no such reports. Fox News ran a story on its website acknowledging the hack, saying it ―regrets any distress the false tweets may have created.‖ Officials at Twitter, which is based in San Francisco, California, said they do not comment on specific accounts for privacy reasons but added that users should follow its strong password advice. Source:

56. July 3, Pocono Record – (Pennsylvania) Verizon service in Stroudsburg area interrupted. Some Verizon customers in Pennsylvania may have noticed an inter-ruption in their phone service the weekend of July 1. At the Pocono Record office, phone lines were down at about 8:30 p.m. July 1, preventing outgoing and incoming calls and Internet service. Service was restored by 2 p.m. July 2. The Monroe County sheriff said he first learned phone lines were out early July 3 after receiving an email from the county offices alerting officials of the problem. The email said Verizon users could experience an interruption in service, but it did not specify the reason. Source:

57. July 1, WOWK 13 Huntington – (West Virginia) St. Albans vandals damage Frontier Cable. About 400 customers in St. Albans, West Virginia, were without Frontier Communications service July 1 when vandals cut the cable in a possible theft attempt, according to Frontier. The damaged cable is in a remote location, and Frontier officials said they hoped to have phone and Internet service restored July 2. The cable damage affected customers in the following areas: Pennsylvania Avenue, Lower Falls, Monterey Drive, Parkview, Lakeview, Sun Valley Drive, Shadyside Road, Riverside Drive, Aliff Lane, Riverlake Estates, and Playland. Source:

58. July 1, WZZM 13 Grand Rapids – (Michigan) Radio station off air after lightning strike. The owner of 103.7 ―The Beat‖ said July 1 he was not sure when the Muskegon, Michigan radio station will be back on the air. The WUVS-FM broadcast facility on Peck Street was struck by lightning July 1, starting a small fire and creating a power surge that fried critical electronics. Cleanup of the damage caused by a small fire that started in the building was moving right along July 1. But because it is a holiday weekend, the station owner said it might take a little longer than usual to get everything he needs to put the station back on the air. He says it could be anywhere from a day or two to a week or two. The staff is posting community news and updates on their repairs at the 103.7 ―The Beat‖ website. Source:|newswell|text|FRONTPAGE|p