Wednesday, July 13, 2011

Complete DHS Daily Report for July 13, 2011

Daily Report

Top Stories

• The New York Times reports 14 states are suffering from severe drought that has caused billions in losses by wiping out wheat, corn, and other crops, and forcing ranchers to sell off livestock. (See item 27)

27. July 11, New York Times – (National) Drought spreads pain from Florida to Arizona. The heat and the drought are so bad in southwest Georgia that hogs can barely eat. Corn is burning up in fields. Farmers with the money and equipment to irrigate are running wells dry in the unseasonably early and particularly brutal national drought that some say could rival the Dust Bowl days. The pain has spread across 14 states, from Florida, where severe water restrictions are in place, to Arizona, where ranchers could be forced to sell off entire herds of cattle because they simply cannot feed them. The U.S. Department of Agriculture in June designated all 254 counties in Texas natural disaster areas, qualifying them for varying levels of federal relief. More than 30 percent of the state’s wheat fields might be lost, adding pressure to a crop in short supply globally. Even if weather patterns shift and relief-giving rain comes, losses will surely head past $3 billion in Texas alone, state agricultural officials said. The drought, which could go down as one of the nation’s worst, has come on extra hot and extra early. It has its roots in 2010 and continued through the winter. The 5 months from this February to June, for example, were so dry that they shattered a Texas record set in 1917, said the acting state climatologist. Source:

• Two new surveys illustrate an escalating shortage of vital drugs that could affect nearly every hospital in the United States and cause hundreds of millions in extra costs, reports. (See item 30)

30. July 12, – (National) Drug shortages slam patients, health workers. Two new surveys conducted by the American Hospital Association (AHA) and the American Society of Health-System Pharmacists (ASHP) illustrate an escalating shortage of vital drugs that could affect nearly every hospital in the United States, forcing delays or substitutions in patient care, diverting pharmacy staff from crucial duties, and racking up $216 million in costs. Federal Food and Drug Administration officials said the shortages are caused by manufacturing problems, firms that simply stop making drugs, and production delays. Among the findings from AHA’s online survey that drew responses from 820 of the nation’s 5,100 hospitals, 99.5 percent of them reported one or more drug shortages in the last 6 months, and nearly half reported shortages of 21 or more drugs. Some 82 percent of those hospitals said they have delayed patient treatment because of shortages, or have been unable to treat patients as recommended. The ASHP survey, which drew 353 responses from 1,322 pharmacy directors, found that more than 80 percent of institutions ran low on three top vital drugs: succinylcholine injection, concentrated dextrose solutions, and epinephrine injections. The shortages have forced some clinical staff to shift away from patient duties ito manage the problem, the ASHP survey found. Nearly two-thirds of hospitals said they rarely receive advance notices of shortages, and 14 percent never do, the AHA survey said. More than half said they are rarely told how long the shortages will last. Source:


Banking and Finance Sector

15. July 12, Courthouse News Service – (Pennsylvania) SEC nails an old accountant. The Securities and Exchange Commission (SEC) said July 11 a 73-year-old accountant of Villanova, Pennsylvania, and his firm raked in more than $5 million "in purported fees and trading profits," ill-gotten gains from a $75 million Ponzi scheme. The SEC sued the Pennsylvania man and the company he founded and ran, Jacklin Associates, of Radnor. In its settled complaint, the SEC claims the man helped an accomplice run a Ponzi scam; the accomplice previously pleaded guilty to multiple fraud charges and money laundering and was sentenced to 15 years in prison. The SEC claims the man solicited customers for the head of the scheme, and "without performing any due diligence, passed along to investors through Jacklin materially false and misleading information about, among other things, Forte LP's current value and growth, historical performance, rapid-trading strategy, and retention of an accountant." The SEC said in announcing the filing of its settled complaint that "[the suspect], through Jacklin, also performed back office and bookkeeping functions for Forte LP, including creating and issuing to investors false quarterly statements and tax documents prepared based on false information. ... In communicating the fraudulent information to investors, [the suspect] disregarded red flags that should have alerted him that the information that he was passing on was false." Source:

16. July 11, Associated Press – (Connecticut; Arizona; Florida) Stamford man pleads guilty in mortgage fraud. Federal prosecutors said a Stamford, Connecticut man pleaded guilty July 11 to wire fraud related to a $4 million mortgage scheme. A Connecticut U.S. attorney said the man waived his right to indictment and pleaded guilty in New Haven to one count of wire fraud. The attorney said the 43-year-old submitted mortgage applications to several lenders for homes in Arizona, Connecticut, and Florida in 2006 and 2007. The prosecutor said that in many of the mortgage applications, he provided false information. He said each of the homes the man bought was sold in foreclosure and mortgage lenders lost more than $2 million. He faces up to 20 years in prison, and a fine of as much as $4 million when he is scheduled to be sentenced October 4. Source:

Information Technology Sector

41. July 12, Help Net Security – (International) Critical vulnerability in Sun Java. ACROS Security discovered a vulnerability in Sun Java that can be exploited by malicious individuals to compromise a user's system, according to Secunia. The vulnerability is caused due to the application loading an executable file in an insecure manner when an out of memory condition occurs. This can be exploited to execute arbitrary programs by tricking a user into, for example, opening a HTML file, which loads an applet located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 6 update 26 (build 1.6.0_26-b03). Other versions may also be affected. Source:

42. July 11, Softpedia – (International) Click fraud trojan distributors borrow scareware techniques. Security researchers from GFI warned cyber criminals pushing click fraud trojans adopted distribution techniques commonly seen in scareware schemes. According to experts, this is one of the first browser-aware schemes used to distribute this type of malware and appears to target Chrome and Firefox users specifically. The trojan, part of the 2GCash family, is distributed from a domain registered through a free dynamic DNS provider. Security researchers did not say how users end up on this page, but they are most likely taken through several redirects, possibly after clicking on malicious search results. Internet Explorer users get redirected to, a legitimate Web site, while people using other browsers are served malicious files for download. Google Chrome users will be prompted to download and install a Flash Player update called v11_flash_AV(dot)exe. Firefox users will see a fake "what's new" page that similarly claims that Flash Player is outdated. This mimics the page that normally appears after Firefox is upgraded to a new version and actually performs a check to see if installed plug-ins are up to date. However, despite warning about an old version of Flash Player, the file served for download is called ff-update(dot)exe. Both files install the same 2GCash variant, a trojan used to perform click fraud and hijack people's search results. The malware can also act as a downloader for additional threats, including PDF exploits and scareware. The newer 2GCash variants possess the ability to detect virtual machines, making it harder for researchers to analyze the trojan because most of them use virtual machines. "They also tend to rotate variants almost every 6 to 12 hours as a method to try and evade detection," the GFI security researchers warned. Source:

43. July 11, Computerworld – (International) Researchers uncover more Android malware on Google's Market. Security researchers found more malicious Android apps on Google's official download site and being spread through Chinese app stores. Lookout Security spotted four apps on the Android Market July 8 that were infected with a variant of the "DroidDream Light" malware that has now plagued the e-store three times during 2011. On July 11, researchers at North Carolina State University announced they found new malware that forced Android smartphones into texting a premium number. According to Lookout, Google quickly removed the four applications from the Android Market. The mobile security company said , like the June campaign, the DroidDream Light malware discovered July 8 launched itself without user interaction after it was downloaded. Once on an Android smartphone, DroidDream Light can prompt owners to download other apps from the market, bait users with a malicious URL, or even automatically download more apps to the device. Also, July 11, a North Carolina State University researcher, issued a warning of a new Android threat: "HippoSMS." The malware was only published to unauthorized Chinese app stores. HippoSMS piggybacks on a host app and is installed when that app is downloaded and approved by the user. Its makers are monetizing the malware by forcing an infected smartphone to text a premium number, but they are also trying to hide that behavior from users. Source:

Communications Sector

44. July 12, – (Minnesota) Religious KTIS-AM in Minneapolis is hit by copper thieves. Copper thieves struck a religious station in Minneapolis, Minnesota, nearly taking it off the air, reported July 12. Minnesota's Oakdale Patch reported someone got through the station's fence at the tower site and entered a building, taking two 3-foot sections of copper from the transmitter site. An engineer identified the missing metal as the ground straps. While KTIS 900 AM Minneapolis was still on the air, they were forced to reduce daytime power from their normal 50,000 watts to just 5,000 watts due to the damage and lost copper. There was no timetable as to when "Faith Radio" would return to full broadcast power. Source:

45. July 11, Skokie Patch – (Illinois) No TV? No Internet? Comcast is down. A chaotic storm that lasted for 20 minutes July 11 did enough damage to claim more than 600,000 homes without power in Illinois. Comcast customers also experienced Internet and TV outages. According to a Comcast representative, the Midwest experienced a large outage. The representative said technicians are trying to remedy the problem, but no timetable for repairs was given. Source:

46. July 11, WSLS 10 Roanoke – (Virginia) Phone outage in Franklin Co. causes problems for 911. Century Link said July 11 calls can be made to Franklin County, Virginia's 911 center, and outgoing calls from the 576 exchange can be made, but no incoming calls can be made. Franklin County officials earlier notified WSLS 10 Roanoke that telephone services were down in the Union Hall area, including calls to the 911 Communications Center. All fire and rescue Stations were being manned until further notice for emergencies. All people needing assistance were advised to go to their local fire and EMS station or call emergency services by cell phone. WSLS was told July 11 the service providers were working to find the problems. Source:

47. July 9, Rome News-Tribune – (Georgia) Lightning strike weakens The Ridge signal. Listeners of WATG radio, The Ridge, 95.7 FM, in Rome, Georgia, may have to struggle to pick up that radio station for an undetermined period of time, the Rome News-Tribune reported July 9. The station's general manager said the station’s transmitter was struck by lightning recently. The station was off the air for about 36 hours before engineers could restore a low power signal. The signal has weakened since July 6, and the manager said that the transmitter sustained a lot of damage. The station is difficult to pick up in some areas of Rome. The manager said listeners in Chattooga County can still receive a relatively solid signal. “I’m not sure how long it is going to be running at low power,” the manager said. "I was first told it was going to be six to eight weeks, but then the engineers said it would only be a week to 10 days.” Source:

48. July 9, Boulder Daily Camera – (Colorado) CU-Boulder's Radio 1190 back on air after lightning struck its tower Thursday. Radio 1190 was back on the air July 9 after a severe thunderstorm in the Boulder, Colorado area left the listeners of the University of Colorado at Boulder radio station in silence for almost 2 days. The station's tower — KVCU 1190 AM Boulder — was struck by lightning July 7, which is not unusual, the student general manager said. After a failed attempt at resetting the system, the station was off the air for all of July 8, and early July 9. Its online streaming broadcast at also resumed. It went down after the storm killed power at University Memorial Center, where Radio 1190's studios are located. Source:

For another story see item 43 above in the Information Technology Sector

Tuesday, July 12, 2011

Complete DHS Daily Report for July 12, 2011

Daily Report

Top Stories

• Severe thunderstorms hit the Chicago, Illinois area July 11, shutting down train service, canceling hundreds of flights, and knocking out power to more than 600,000 customers, according to the Chicago Sun-Times. (See item 25)

25. July 11, Chicago Sun-Times – (Illinois; Indiana) 615,000 without power, travel delays after storms pelt Chicago area. Severe thunderstorms swept through the Chicago, Illinois area the morning of July 11, pelting commuters rushing to get to work, and leaving more than 615,000 Commonwealth Edison customers without power. The heavy rain, hail and winds downed wires throughout Chicago, and sent trees into streets. As of 9:15 a.m, more than 615,000 ComEd customers were without power after the storms, a spokesman said. The hardest hit region was in the northern suburbs where 280,000 were without power. Flights in and out of O’Hare International Airport were experiencing 45-minute delays. More than 100 flights have been canceled, the department of aviation said. At Midway International Airport, some airlines were experiencing delays averaging 50 minutes for in and inbound flights, with 1 cancellation reported, the department said. Trains were either halted or delayed during the heavy storms, according to the Chicago Transit Authority, and Metra. On Metra, due to weather related high winds, Union Pacific North Line, Northwest Line and West Line trains were stopped the morning of July 11, a Metra spokesman said. Trains were back on the move by about 8:50 a.m. but several trains remained delayed as of 9:40 a.m. On the BNSF Railway line, trains were traveling at a reduced speed due to the winds, the Metra spokesman said. All other lines were operating normally. The CTA was honoring Metra tickets on Union Pacific trains during the delays. The CTA issued a customer alert noting all CTA trains were experiencing major delays due to the severe weather. Downed trees on tracks near the Morris station temporarily stopped Purple Line train service. Yellow Line service was also suspended. Source:

• The U.S. State Department said it would seek compensation from the Syrian government after hundreds of its supporters smashed windows and scrawled graffiti at the U.S. Embassy in Damascus July 11, reports. (See item 45 )

45. July 11,, Reuters, and Associated Press – (International) Pro-Assad mob attacks US, French embassies in Syria. Syrian government supporters smashed windows at the U.S. and French embassies in Damascus July 11, raised Syrian flags, and scrawled graffiti calling the U.S. ambassador a "dog" in anger over a visit last week to an opposition stronghold. They tore down U.S. Embassy plaques and tried to break security glass, diplomats said, in an escalation of protests against the visit by the U.S. and French ambassadors to the city of Hama, which has seen demonstrations against the Syrian president. "Four buses full of shabbiha (militia loyal to Assad) came from Tartous. They used a battering ram to try to break into the main door," a resident of Afif, the old district where the U.S. Embassy is located, told Reuters by telephone. "This is a violent escalation by the regime," a Western diplomat in the Syrian capital said. "You do not bring busloads of thugs into central Damascus from the coast without its consent." After the crowd was dispersed, protesters moved to the residence of the U.S. Ambassador and attacked it, causing unspecified damage, officials said. No staff at either location were injured, and no personnel were ever in imminent danger, the officials said. French Embassy security guards fired in the air to hold back supporters of Assad's regime who were also protesting the French ambassador's visit to Hama. Protesters smashed French Embassy windows, shattered the windshield of a diplomatic SUV outside the compound and replaced the French flag with a Syrian one. The French Foreign Ministry said three embassy workers were injured. The Syrian regime called the visits to Hama interference in the country's internal affairs, and accused the ambassadors of undermining Syria's stability. The U.S. State Department July 11 condemned Syria for failing to protect the U.S. embassy. "A television station that is heavily influenced by Syrian authorities encouraged this violent demonstration," a State Department spokesperson said in a statement. "We strongly condemn the Syrian government's refusal to protect our embassy, and demand compensation for damages," the statement said. Source:


Banking and Finance Sector

20. July 10, Sebring News-Sun – (Florida) More than 120 victims of skimmers reported by HCSO. The Sebring News-Sun reported July 10 suspected credit card skimming activities first reported in Avon Park, Florida, have encompassed 3 counties and more than 120 victims locally, according to a spokeswoman with the Highlands County Sheriff's Office. "The Highlands County Sheriff's Office has taken 80 reports to date and estimated Friday [July 8] morning that over 100 people in Highlands County alone have been victims of credit card fraud during the recent suspected skimming activity," a press release stated. The spokeswoman later confirmed 46 more cases were reported July 8 by an undisclosed credit card company. "In all it is estimated the total claims will exceed $200,000," she said. Source:

21. July 9, Cincinnati Enquirer – (Ohio; Indiana) 4.5M Ponzi scheme probed. Dunhill Investment Advisers kept an office on the edge of downtown Cincinnati, Ohio, and advertised a stock trading strategy that promised profits even when the markets were down. However, investigators said most of the $4.5 million the firm was entrusted with was never invested, the Cincinnati Enquirer reported July 9. Instead, the money went to pay the salaries of the owners. After an investigation of more than a year, Indiana authorities arrested one of Dunhill’s owners, an Indiana resident, and charged him with 18 felonies, including securities fraud and theft. Another owner faces the same charges, but investigators said he has not surrendered, and they do not know where he is. Source:|head

22. July 8, Chicago Tribune – (Illinois) Defective counterfeit detector caused Bank of America fire in Loop, suit claims. A March fire at a Bank of America branch in the Loop area of Chicago, Illinois, was caused by a defective machine that is used to detect counterfeit money, Bank of America said in a lawsuit. An independent investigation by Bank of America shows the fire March 6 originated in the machine that was located at a teller window, according to the suit filed July 6 in a Chicago federal court. Bank of America is suing the counterfeit detector's manufacturer, Hilton Trading Corp., based in Miami, Florida. The bank said the fire caused about $1 million in damages. Source:,0,3032199.story

23. July 8, Torrance Daily Breeze – (California) Gardena mortgage broker, former bank employees face charges in loan fraud. A mortgage broker from Gardena, California, and two former bank employees faced charges for their alleged involvement in a scheme in which bogus loan applications were used to con lenders out of about $4 million, prosecutors said July 8. Prosecutors allege the man and the co-conspirators obtained about $4 million from various financial institutions by lying on loan applications used to purchase homes in the names of straw buyers. Source:

For another story see item 55 below in the Information Technology Sector

Information Technology Sector

53. July 11, Softpedia – (International) Microsoft security center search results poisoned with malicious links. Microsoft suspended the search capability on its Safety & Security Center Web site after it was discovered cyber criminals poisoned the results with malicious links. Search result poisoning, technically known as black hat search engine optimization (BHSEO), is a common method used to distribute malware or promote spam sites. The technique involves compromising legitimate Web sites and creating pages under their domain that are filled with popular search keywords. Attackers then use other hacked Web sites to link back to the pages, increasing their search result standing for the targeted terms. However, while the pages appear to have content to search engine crawlers, they are designed to redirect real visitors to malicious Web sites. According to the general manager of security software at GFI, the BHSEO campaign on Microsoft's Safety & Security Center Web site was unique. It appeared cyber criminals managed to create search results to search results. "In other words, blackhat SEOs are seeding illegimate search results within the Microsoft search results," the security expert noted. "There are a number of ways this could be done (for example, using the ability on the site to Twitter a search result)," he explained. The rogue search results on Microsoft's Security Center predominantly led to malicious adult sites which asked users to download special codecs in order to play videos. Source:

54. July 11, IDG News Service – (International) Google+ hit with spam bug. The Google+ social networking site malfunctioned the weekend of July 9 and 10, spamming its users with repeated notifications via e-mail. Google+, which is being beta tested with a limited number of users, ran out of disk space July 9, causing the glitch, according to a Google senior vice president of engineering. "Please accept our apologies for the spam we caused this afternoon. For about 80 minutes we ran out of disk space on the service that keeps track of notifications. Hence our system continued to try sending notifications. Over, and over again. Yikes," he wrote in a Google+ post. "We didn't expect to hit these high thresholds so quickly, but we should have. Thank you for helping us during this field trial, and once again, we are very sorry for the spam," he added. Google+ is the company's latest and most high-profile attempt to date to launch a social networking service. Source:

55. July 9, Softpedia – (International) Zbot targets Android users. Security researchers identified a Zbot component designed for Android that steals mobile transaction authentication numbers sent by banks via SMS. ZeuS, or Zbot, is one of the most popular banking trojans. Zbot originally targeted desktop systems and stole financial information and online banking credentials that fraudsters exploited. However, more banks began to introduce additional layers of security, such as two-factor authentication systems. Some banks also require each transaction request to be confirmed by inputting an unique code sent to the account owner's mobile phone. These codes are known as mobile transaction authentication numbers (mTAN) and make it harder to steal money from compromised accounts. In order to continue stealing money, ZeuS fraudsters learned to capture these mTANs with the help of a man-in-the-mobile component, and social engineering. In 2010, security researchers began to discover ZeuS-related mobile malware created specifically to steal mTANs from phones running Symbian, Windows Mobile, and BlackBerry. However, a sample targeting Android devices only appeared during the past several weeks. "Actually, it is not a new sample and has been detected under several names (Android.Trojan.SmsSpy.B, Trojan-Spy.AndroidOS.Smser.a, Andr/SMSRep-B), but it is far more scary when propagated by the ZeuS gang," said a Fortinet security researcher. He said the malware poses as a banking activation application, but after it is installed, it intercepts all SMS messages and uploads them to a remote server. Source:

56. July 8, Computerworld – (International) Microsoft beefs up Outlook-to-Hotmail security. Microsoft July 7 boosted the security of a tool that lets Outlook users send and receive messages through the company's Web-based Hotmail service. The new Outlook Hotmail Connector supports HTTPS, a protocol that encrypts all traffic between the e-mail client and the Windows Live Hotmail service. Microsoft added an all-HTTPS option to Hotmail in November 2010, in part as a reaction to Firesheep, a Firefox add-on released October 2010 that let anyone scan an unsecured Wi-Fi network and hijack others' access to Facebook, Twitter, and a host of other services. The latest update to Outlook Hotmail Connector is a follow-up to Microsoft's 2010 move. "Using a connection with HTTPS helps you be even more confident that your account is safer from hijackers, and that your private information remains private," the Outlook team wrote. The new tool encrypts communication between Outlook and the Windows Live e-mail, calendar, and contacts services. Source:

Communications Sector

See items 54, 55, and 56 above in the Information Technology Sector