Thursday, July 7, 2011

Complete DHS Daily Report for July 7, 2011

Daily Report

Top Stories

• U.S. pipeline safety regulators July 5 said Exxon Mobil must repair a ruptured Montana oil pipeline and submit a restart plan after 42,000 gallons of oil spilled into the Yellowstone River, according to Reuters. (See items 2, 33)

2. July 6, Reuters – (Montana) Government orders Exxon to craft pipeline safety plan. U.S. pipeline safety regulators July 5 said Exxon Mobil must make fixes to its ruptured Montana oil pipeline and submit a restart plan before oil can flow again. The U.S. Transportation Department's Pipeline and Hazardous Materials Safety Administration also ordered the company to re-bury the pipeline segment, and do a risk study where it crosses any waterway. The Transportation Secretary said in a statement that those found responsible for the leak would be held accountable. Exxon Mobil does not have a definite repair plan yet for the ruptured Montana crude oil pipeline that it shut over the weekend of July 2 and 3, and company and government officials are still trying to determine the cause of the spill, a top executive said earlier July 5. Oil deposits from the rupture may have traveled as far as 240 miles downstream, the government said in its order. Exxon estimated that up to 1,000 barrels (42,000 gallons) of oil spilled into the rain-swollen Yellowstone River when its Silvertip crude oil pipeline ruptured late July 1. Exxon said it shut the 40,000 barrels per day pipeline early July 2 within minutes of discovering a pressure loss that indicated a rupture. Source:

33. July 6, Reuters – (Montana) Exxon spill on Yellowstone River disrupts Montana ranches. Environmental officials scrambled July 5 to assess the extent of contamination from an oil spill July 1 that fouled water supplies and ranch lands along a scenic stretch of the Yellowstone River in Montana. The Exxon Mobil pipeline ruptured about 150 miles downstream from Yellowstone National Park near the town of Laurel, Montana, dumping up to 1,000 barrels, or 42,000 gallons, of crude oil into the flood-swollen river. The spill has wreaked havoc on ranching and farming operations along the Yellowstone, the longest river without a dam in the United States, which provides irrigation and drinking water for communities along its banks. One woman who raises livestock, wheat, alfalfa, and hay with her husband on about 800 acres of land around Laurel, said high water from the river has washed oil across much of her property. The spring wheat crop and alfalfa are both in need of irrigation, but farmers in the area were advised not to take water from the river for the time being. Drinking supplies also are in limbo, she said. Environmental experts said it will likely take months, even years, for the ecosystem to rebound from the influx of crude. Concerns about petroleum contamination prompted downstream communities that rely on the river for drinking water to shut off their intake valves, but it was unclear whether residents who depend on well water had been urged to avoid drinking it. Source:

• The Associated Press reports a massive dust storm that hit Phoenix, Arizona, knocked out power to thousands of customers, and caused airport delays in Phoenix, Nevada, and California. (See item 26)

26. July 6, Associated Press – (Arizona) Massive dust storm sweeps through Phoenix area. A massive dust storm descended on the Phoenix, Arizona, area, July 5, drastically reducing visibility and delaying flights as strong winds downed trees and left thousands of residents without power. The dust cloud formed in an afternoon storm in the Tucson area, and then rolled north across the desert before sweeping over the city like an enormous wave, a National Weather Service (NWS) meteorologist saud. Radar data showed the storm's towering dust wall had reached as high as 8,000 to 10,000 feet, or nearly 2 miles, he said. The NWS said strong winds with gusts of up to more than 60 mph in some places rapidly moved the cloud northwest through Phoenix, and the surrounding cities of Avondale, Tempe, and Scottsdale. More than a dozen communities in the area also were placed under a severe thunderstorm watch until 11 p.m. Some 8,000 Salt River Project utility customers were left without power, KNXV-TV reported late July 5. The Federal Aviation Administration said on its Web site that because of low visibility in the area, no Phoenix-bound flights were allowed to leave Las Vegas, Nevada, or Los Angeles, California airports until 9 p.m., and flights at the airport were delayed for about an hour. Source:


Banking and Finance Sector

20. July 6, Reuters – (National) Expert pleads guilty in insider probe. A former senior director at Flextronics International pleaded guilty July 5, telling a U.S. judge he was paid $200 an hour by an expert network firm to spill inside information to hedge funds. The 39-year-old man was the latest out of more than a dozen accused in a broad insider trading probe to plead guilty in Manhattan, New York federal court to working illegally while consulting for Primary Global Research (PGR). At the plea hearing, the convict told a U.S. district judge he was paid $200 an hour by PGR to give secrets about Flextronics or its customers to hedge funds and investors, often over the phone. The man, arrested in December 2010, was accused of leaking secrets about Apple Inc.'s iPad ahead of its launch, and giving up new details about the company's iPhone 4. He pleaded guilty to two counts of conspiracy to commit securities fraud and wire fraud, and one count of securities fraud. He faces up to 30 years in prison. Court documents unsealed July 5 said one hedge fund made $560,000 in profits in October 2009 by trading on Flextronics secrets provided by the man. Source:

21. July 6, St. Louis Post-Dispatch – (National) Part of multi-million-dollar credit fraud broken here, officials say. Three members of a ring that used fake credit cards to buy millions of dollars worth of electronic goods have been nabbed in St. Charles County, Missouri, followed by the arrest of the group's head, according to federal court documents. The three were arrested by a St. Charles County sheriff's deputy June 20 after the name of one came up in a Secret Service investigation. According to court records, testimony and investigators, that man is believed to be a "lieutenant" in an organization run by a 29-year-old man arrested the week of June 27 in the Detroit, Michigan area. The leader of the scheme provided fake identification and bogus credit cards to groups he sent around the country to buy iPads, iPods, and laptop computers, investigators said. The buyers would store the items, then ship them back to Michigan for sale. In federal court in St. Louis, an assistant U.S. attorney said investigators believe one of the men alone made 10 to 12 trips, yielding electronics worth at least $1 million. Sam's Club initially contacted a financial crimes task force after noticing a series of fraudulent purchases by people using fake Sam's Club membership cards in Michigan, and other Midwestern states beginning last summer. Source:

22. July 6, Orange County Register – (California) Did O.C.'s 'drifter bandit' strike again? A man who held up a bank July 5 is believed to be a serial bank robber who has hit three South County, California banks so far. Investigators believe the "drifter bandit" has hit three banks since May, targeting banks just a short distance from the I-5 freeway and Capistrano Beach. The robbery took place at a Farmers & Merchants Bank branch on Del Obispo Street near Camino Capistrano. The suspect was believed to have been carrying a handgun during the heist. Identifying the man from surveillance video at the bank, investigators believe the man is a robber who has been dubbed the "drifter bandit" for his thin build and tousled appearance, said a spokesman for the Orange County Sheriff's Department. Source:

23. July 5, – (National) Morgan Stanley data breach hits investors. Personal information belonging to 34,000 investment clients of Morgan Stanley Smith Barney has been lost, and possibly stolen, in a data breach. According to two letters sent to clients, and obtained by, the information includes clients’ names, addresses, account, and tax identification numbers, the income earned on the investments in 2010, and — for some clients — Social Security numbers. The data was saved on two CD-ROMs that were protected by passwords, according to the letters, but the CDs were not encrypted. The company mailed the CDs containing information about investors in tax-exempt funds and bonds to the New York State Department of Taxation and Finance. It appears the package was intact when it reached the department, but by the time it arrived on the desk of its intended recipient the CDs were missing, a spokesman for Morgan Stanley Smith Barney said. The state notified Morgan Stanley Smith Barney about the lost data June 8. The company took 2 weeks to conduct an “exhaustive search” of all the facilities the package passed through, the spokesman said, and then mailed the letters to clients June 24. Source:

24. July 5, KPRC 2 Houston – (Texas) Skimming devices on Houston ATM machines prompt 4 arrests. Federal fraud charges have been lodged against four Houston, Texas men accused of attaching skimming devices to ATM machines all over Houston, KPRC 2 Houston reported July 5. Two of the men were caught in the act, but Secret Service agents said the ringleader continued to operate the theft ring from behind bars. Agents said they would attach skimming devices that would lift customer data from the magnetic stripes on their debit cards. Federal felony charges of identity theft and debit card fraud have been filed against the four men. All four face 30 years in federal prison if they are found guilty. In court papers, Secret Service agents wrote that this group is responsible for $57,808 in losses for Chase bank in April alone. One of the suspects told a confidential informant that $18,000 was "pulled" from victims' accounts in a single night, according to court records. Agents said the men would spray paint over the security cameras installed in each of the ATM machines they chose in the scheme. Source:

25. July 1, Federal Bureau of Investigation – (Arizona) Two indicted, arrested in $17 million mortgage fraud scheme. A federal grand jury in Phoenix, Arizona, returned an indictment June 28 against a 43-year-old mortgage broker, and her alleged associate. The indictment charged the two each with one count of conspiracy, and one count of wire fraud. Special agents of the Internal Revenue Service and the FBI arrested the pair June 30. The indictment alleges the 43-year-old woman portrayed herself as a mortgage broker, loan officer, and real estate investor. Her associate is alleged to be the president of Arizona Cooling Control Plus, Inc. and involved in construction and remodeling work. The indictment charges the pair recruited people with good credit scores to act as straw buyers to ostensibly purchase one or more properties as investments, enticing buyers by offering to pay a kickback of up to $15,000 per property or to make the mortgage payments until the property could be resold for a profit, or both. In addition, the indictment charges the defendants submitted false loan applications and supporting documents to induce lenders to fund loans. Then, at the close of escrow, they enriched themselves by directing a portion of loan proceeds, or “cash back,” to a company that one of them controlled. The indictment goes on to allege that between October 2005 and February 2007, the pair obtained mortgage financing for 17 properties and induced lenders to fund about $17 million in loans, resulting in over $2.4 million dollars in cash back. Conviction for the crimes of conspiracy and wire fraud each carries a maximum penalty of 30 years in prison, a $1 million fine, or both. Source:

For another story, see item 54 below in the Information Technology Sector

Information Technology Sector

50. July 6, The Register – (International) Google dumps all 11+ million sites from its results. Google removed over 11 million .co(dot)cc Web sites from its search engine results pages on the basis that most of them contain too much spam. The .co(dot)cc space is not an officially authorized second-level domain, rather it is offered independently by a Korean company (http://co(dot)cc/) that happens to own the domain name .co(dot)cc. Google classes the firm as a "freehost," and exercised its right to block the whole domain "if we see a very large fraction of sites on a specific freehost are spammy or low-quality", according to the head of Google's Web spam team. The company said in a recent blog post: "To help protect users we recently modified those [malware-scanning] systems to identify bulk subdomain services which are being abused. In some severe cases our systems may now flag the whole bulk domain." According to a recent report from the Anti-Phishing Working Group, the (dot)cc top-level domain hosted 4,963 phishing attacks in the second half of 2010, almost twice the number found under any other extension. Source:

51. July 6, H Security – (International) Update for BIND DNS server reduces crash risk. Two vulnerabilities in the popular BIND 9 DNS server jeopardize the server's stability and can cause the service to crash. One of the flaws can be exploited remotely via specially crafted UPDATE requests and affects both recursive and authoritative servers. The developers said the nature of the defect makes it impossible to prevent potential attacks using Access Control Lists (ACLs). The second defect is triggered by flawed request processing in servers that use "Response Policy Zones" (RPZs). Certain DNAME and CNAME records will cause BIND to crash. The intended use of the RPZ feature is to specify domain names that are not to be resolved. The domain names in question can, for instance, be established via a reputation database. RPZ is designed to counteract the thousands of spamming and malware domains that are registered every day. The developers made available updates 9.6-ESV-R4-P3, 9.7.3-P3, and 9.8.0-P4 for BIND to fix the problems. Source:

52. July 6, H Security – (International) Jailbreak for iOS 4.3.3 dents iPhone security. A new untethered jailbreak, JailbreakMe 3.0 for the iPhone and iPad, exploits an issue in Mobile Safari's PDF renderer. Untethered jailbreaks can be performed without the use of a USB cable and a PC or Mac. This means the vulnerabilities the new jailbreak uses could potentially be exploited by malicious persons to attack Apple's mobile devices. A patch was made available for the PDF vulnerability, but it can only be installed on a jailbroken device; the patch is available from the Cydia installer and is called pdfpatch2. Source:

53. July 5, Computerworld – (International) Rustock take-down proves botnets can be crippled, says Microsoft. Microsoft said July 5 the coordinated take-down of the Rustock botnet and follow-up efforts purged the malware from more than half of the PCs once controlled by Russian hackers. "This shows that disruptive action [against botnets] is viable and possible," said a senior attorney with Microsoft's Digital Crime Unit. "Once you start taking apart the infrastructure of botnets, you drive up the cost of [botnet gangs] doing business," he added in an interview July 4. Since March, when Microsoft lawyers and U.S. marshals seized Rustock command-and-control (C&C) servers at five Web hosting providers in seven U.S. cities, the number of Windows PCs infected with the malware has dropped worldwide from 1.6 million to just over 700,000 as of June 18, the Microsoft attorney reported July 5. In the United States, an estimated 86,000 Rustock-infected PCs in March were reduced to 53,000 by June, a drop of 38 percent. Source:

54. July 5, Softpedia – (International) New major botnet crippled. Security experts are working on shutting down a new botnet based on a modified Palevo version whose creators were arrested in Europe the week of June 27. According to security firm Unveillance, which is involved in the effort, the new botnet affects computers in more than 172 countries, including the United States, Russia, Brazil, China, the United Kingdom, and Iran. The malware powering the botnet is a variant of Palevo, a computer worm that spreads by exploiting Windows vulnerabilities, copying itself to removable storage devices and network shares, as well as sending itself over instant messaging and p2p file sharing networks. Security researchers from Trend Micro announced in May that Palevo's activity is as strong as it was before Mariposa was taken down — likely the result of the new botnet Unveillance was tracking. The law enforcement action in Europe the week of June 27 ended with the arrests of a man from Bosnia, and a man from Slovenia. The two are suspected of operating the botnet to steal money from the bank accounts of people worldwide. Authorities seized computer equipment and some of the command and control domains were taken offline, however, others remain active. Security researchers continue to analyze the threat to try to find a way to shut it down. Source:

55. July 5, threatpost – (International) URL shortening services used in large malware attack. According to Symantec’s MessageLabs Intelligence Blog, spammers are exploiting anonymous URL shortening services as part of a large malware attack. Using five different URL shortening Web sites, the attackers are sending mangled links to users under the guise of a bank transfer service. Claiming a transfer has been canceled; the attackers try to get the victim to click a link to open a PDF file that will describe why. In reality, the link connects the user to a site serving drive-by exploits. URL shorteners have been used frequently in recent attack vectors. Source:

Communications Sector

56. July 6, – (Maine) Holiday storm knocks out cable. Cable service was restored to homes in York, Maine July 5, after parts of the town lost service in a fast-moving thunderstorm July 4. A spokesperson for Time Warner Cable of Maine said July 5 that service was restored to all homes by 11:30 a.m. As of July 5, Time Warner was still determining the cause of the outage. Also, Central Maine Power (CMP) reported that 80 homes in York, and another 115 homes in South Berwick lost power in the storm. All power was restored by 8 p.m., July 4, a CMP spokesman said. Source:

57. July 5, Billings Gazette – (Wyoming) Shoshone floods campgrounds while storms damage radio towers. High winds and lightning knocked out two U.S. Forest Service communication towers, and flooding along the Shoshone River in Wyoming prompted the agency to close several campgrounds over the weekend of July 2 and 3. While forest officials worked to relocate campers, they also scrambled to repair two radio towers serving the North Fork and South Fork drainages outside Cody. A Wapiti District ranger said he believed the tower on Clayton Mountain was damaged by lightning, while high winds likely frayed the wires on the tower at Carter Mountain. He said forest crews were able to communicate despite the setback. “We have some landlines in most of our campgrounds, and when you get away from the campgrounds into the North Fork and backcountry trails, we carried satellite phones,” he said. Forest officials were seen flying equipment July 3 from a helipad at Wapiti to the communication towers. Crews were expected to return to the towers soon to complete repairs, the ranger said July 5. Source:

For another story, see item 52 above in the Information Technology Sector