Wednesday, August 31, 2011

Complete DHS Daily Report for August 31, 2011

Daily Report

Top Stories

Stories

• Power outages related to Hurricane Irene were still widespread along the East Coast August 30, with utility companies reporting more than 2.8 million homes and businesses without electricity, affecting nearly 6 million people. – msnbc.com; Reuters; Associated Press (See item 1)

1. August 30, msnbc.com; Reuters; Associated Press – (National) Food airlifted into towns cut off by Irene. Vermont on August 30 began airlifting food and water to a dozen towns cut off by Irene, while New Jersey saw new flood evacuations, and across the East Coast power outages, while down by half, impacted millions. Irene has been blamed for at least 42 deaths in 12 states. Power outages were still widespread from north to south on August 30, with utilities reporting more than 2.8 million homes and businesses without electricity, which translates to nearly 6 million people. In Connecticut, around 516,000, or 33 percent of all customers in the state, were still in the dark August 30, the U.S. Department of Energy reported. New York state reported that 563,000 customers were without power. Crews have been restoring power at a fast rate, but tens of thousands of homeowners and businesses might not get theirs back for a week or more. Eastham, Massachusetts, is still mostly cut off. In Wakefield, New Hampshire, 70 percent of the town’s customers are off the grid. And nearly half of the 491,000 homes and businesses in the Richmond, Virginia metro area are blacked out. During the course of Irene, 7.4 million customers lost power — nearly double the outages from the last hurricane to make landfall in the U.S. in 2008. Source: http://www.msnbc.msn.com/id/44324289/ns/weather/t/food-airlifted-vermont-towns-cut-irene/#.Tl0-dF2PxGA

• Baltimore County Department of Public Works in Maryland reported August 30 that a major sewage line break, believed to be caused by Hurricane Irene, was causing 17 million gallons of raw sewage a day to pour into a river leading to the Chesapeake Bay. – WMAR 2 Baltimore (See item 22)

22. August 30, WMAR 2 Baltimore – (Maryland) 17 million gallons of sewage a day flowing into Chesapeake Bay. Baltimore County Department of Public Works (DPW) reported August 30 that Hurricane Irene, last week’s earthquake, or a combination of both have caused a major sewage line to break in Baltimore County, Maryland. DPW said it is a 54 inch main in the south part of the county in a neighborhood called the Baltimore Highlands. The pipe transports about 17 million gallons of sewage daily from the western half of the county into the city treatment plant. This overflow is on-going and cannot be shut off during work, resulting in 17 million gallons of raw sewage a day pouring into a small river which leads to the harbor and then the Chesapeake Bay. DPW says the repairs should be completed by September 2. Nearly half of the county’s stations were affected by Hurricane Irene. In several cases where power is supplied to the stations through 2 independent electrical feeds, both feeds were knocked out of service. At other stations trees downed over power lines prevented crews from accessing the stations with generators until Baltimore Gas and Electric could confirm the power lines were not charged. The following bodies of water were affected: Big Gunpowder Falls, Patapsco River, Bird River, Beaver Dam Run, Shallow Creek, Old Road Bay, Back River, Lake Roland, Jones Creek, North Branch River, and Jones Falls. Baltimore County’s Department of Health (Environmental Health Services) will monitor water quality in the Patapsco area affected by the overflow and will publish water contact advisories when necessary on the Agency’s website. DPW believes the pre-stressed concrete cylinders used to create the main line may be linked to a troubled batch produced in the 1970’s that are now known to fail. Source: http://www.abc2news.com/dpp/news/region/baltimore_county/millions-of-gallons-of-sewage-overflow

Details

Banking and Finance Sector

7. August 30, Softpedia – (National) Fake FDIC emails spread malware. Security researchers from Sophos reported a wave of malicious e-mails posing as official notifications from the Federal Deposit Insurance Corporation (FDIC) August 30. The rogue e-mails bear a subject of ―FDIC notification‖ and have their headers spoofed to appear as originating from a no.reply@fdic.gov address. As most spam e-mails, the body message is full of mistakes, which should serve as indication that it did not originate from a government agency. The fake emails contain an attachment named FDIC_document.zip as well as an executable file of the same name. The file has a PDF icon and since Windows 7 does not display known file extensions, it might easily trick users. The file is actually a computer trojan that serves as a distribution platform for other malware. This means that running it will probably result in multiple infections. Source: http://news.softpedia.com/news/Fake-FDIC-Emails-Spread-Malware-219421.shtml+

8. August 29, Bloomberg News – (Florida) SEC sues Florida men for bilking teachers in $22 million scam. The U.S. Securities and Exchange Commission (SEC) sued two Florida men August 29, claiming they defrauded teachers and retirees in a $22 million Ponzi scheme by posing as a private-equity fund while enriching themselves. The two men fraudulently lured more than 100 investors with promises of annual returns of as much as 124 percent, the SEC said in a lawsuit filed in U.S. District Court in Florida. One man attracted clients from his prior job as an insurance broker, persuaded at least one investor to liquidate an annuity, and invested the proceeds in the fund. The two men paid themselves millions of dollars in fees and sent customers false account statements, according to the SEC. Source: http://www.bloomberg.com/news/2011-08-29/sec-sues-florida-men-for-bilking-teachers-in-22-million-scam.html

For another story, see item 34 below in the Information Technology Sector

Information Technology Sector

34. August 30, The Register – (International) Fake Facebook spam cannon fires double-shotted malware. Malicious spam messages generated by the Cutwail botnet are targeting Facebook users as potential banking trojan victims. The messages arrive in the guise of a Facebook friend invite notification. The e-mails look genuine on casual inspection, due to the malware-spinners’ apparent use of a genuine Facebook template. But where a genuine Facebook invite contains links to the real social networking site, the malicious e-mails feature custom links to malware sites. In addition, the e-mails differ from the genuine article because they do not feature Facebook profile photos. The recipient’s e-mail address is also absent from the fine print at the bottom of the bogus invites. Users tricked into clicking on the malicious link are exposed to a double-barrelled malware based attack. First, they are offered a bogus Adobe Flash update. In addition, clicking on the link opens a hidden iFrame, which then loads data from a remote server hosting the Blackhole Exploit Kit. The exploit kit attempts to exploit browser security holes, most notably involving insecure Java installations. Both techniques attempt to download a variant of the infamous zeus banking trojan onto compromised systems. Impersonating e-mail notifications from Facebook is a common technique among spammers and purveyors of survey scams, but no one has seen it applied to punt banking trojans before. Source: http://www.theregister.co.uk/2011/08/30/facebook_spam_punts_zeus_trojan/

35. August 30, IDG News Service – (International) Google says Gmail attack focused on Iranian targets. Google said August 28 an attack mounted against its Gmail service targeted users primarily located in Iran, although the company has taken steps to block further interception attempts. Google discovered that attackers had acquired a Secure Sockets Layer (SSL) certificate valid for any Web site in the google.com domain. The SSL certificate is used to vouch for the authenticity of Web sites and protect against security threats such as ―man-in-the-middle‖ attacks. A Dutch certificate authority, DigiNotar, issued an SSL certificate for the google.com domain July 10, without Google’s knowledge. It has since revoked the certificate. Using a fake certificate would allow attackers to capture the login details for a person’s Gmail account without a warning coming from the browser that something suspicious is happening, allowing them access to the e-mail account. Google said ―the people affected were primarily located in Iran,‖ although the company did not detail further if it believed their accounts were compromised. To perform the attack, an attacker would need to ―poison‖ a Domain Name System (DNS) cache. DNS is used to lookup the IP address for where a domain is located, but many organizations run their own DNS servers that caches the information to speed the lookup process up, updating it periodically. That tampering could allow a random IP address to appear as a ―*google.com‖ site. Combined with the fraudulent certificate that fools the Web browser’s warning system, a person would not know if they were hacked. Source: http://www.computerworld.com/s/article/9219582/Google_says_Gmail_attack_focused_on_Iranian_targets

36. August 29, Help Net Security – (International) Google servers as a DDoS tool. Google’s servers can be used by cyber attackers to launch DDoS attacks, claims a penetration tester for Italian security consulting firm AIR Sicurezza. He discovered two vulnerable pages — /_/sharebox/linkpreview/ and gadgets/proxy? — can be used to request any file type, which Google+ will download and show — even if the attacker is not logged into Google+. By making many such request simultaneously — which he managed to do by using a shell script he wrote — he virtually used Google’s bandwidth to orchestrate a small DDoS attack against a server he owns. He pointed out his home bandwidth cannot exceed 6Mbps, and that the use of Google’s server resulted in an output bandwidth of at least 91Mbps. ―The advantage of using Google and make requests through their servers, is to be even more anonymous when you attack some site (TOR+This method); The funny thing is that apache will log Google IPs,‖ the researcher said. He said he discovered the flaws that allow the attack August 10 and that he contacted Google’s Security center about it. After 19 days of receiving no reply from Google, he published his findings. Source: http://www.net-security.org/secworld.php?id=11530

Communications Sector

37. August 29, Computerworld – (National) Irene’s wrath leaves 6,500 cell towers out, FCC says. Updated figures released by federal officials August 29 showed 6,500 cell towers and sites were damaged or disrupted as a result of Hurricane Irene. That number includes about 44 percent of all cell sites in Vermont, which suffered massive flooding that cut off dozens of towns. The Federal Communications Commission (FCC) updated its count of outages at 3 p.m. EDT August 29, based on reports to the FCC by registered communications providers. The FCC reported more than four times as many cell site outages August 29 than it did August 28, taking into account the more recent ravages of Irene in New England states such as Vermont and Connecticut. The count August 29 was 6,500, compared with 1,400 cell site outages August 28. The August 29 figures also showed 210,000 wired customers out of service that afternoon, compared to 132,000 August 28. Twice as many customers, 1 million, were without cable service August 29, compared with 500,000 August 28, the FCC said. Also, 2 TV stations and 10 radio stations were down as of August 29, the FCC said. The updated FCC figures show about 44 percent of all cell sites were out in Vermont, 35 percent in Connecticut, 31 percent in Rhode Island, and 25 percent in Virginia. In North Carolina, the percentage dropped to 11 percent of cell sites down, an improvement from 14 percent of the total registered August 28, the FCC said. Source: http://www.computerworld.com/s/article/9219567/Irene_s_wrath_leaves_6_500_cell_towers_out_FCC_says

38. August 29, Yuma Sun – (Arizona; National) Storms disrupt Time Warner services. In addition to sporadic power outages caused by a storm August 27, residents of Yuma, Arizona, reported issues with their Internet and telephone services August 28. They were not alone, as a few thousand Time Warner Cable subscribers across the United States also were affected. ―On Sunday, August 28, some Time Warner Cable customers experienced intermittent service, but service has now been restored,‖ a Time Warner Cable spokesman said August 29. There were some issues due to the storm back East, as well as some failures of some of our circuits on our network, and it just kind of snowballed,‖ Time Warner Cable’s Southwest area manager said. ―As we worked through that process, we brought our customers back up online [August 28].‖ Source: http://www.yumasun.com/news/customers-72568-time-issues.html

39. August 29, Baltimore Sun – (Maryland) WBAL radio temporarily knocked off the air - by weather after the storm. WBAL radio, in Baltimore, Maryland, one of the most powerful broadcast outlets on the East Coast, was temporarily knocked off the air for about 5 hours August 29, the station’s general manager said. He described the outage, which began at noon, as a ―very frustrating experience.‖ The station resumed broadcasting at 5:30 p.m. ―It’s a major power issue, and it is weather related,‖ he said during the outage. The station continued to produce its regular shows, and could be heard online. Source: http://articles.baltimoresun.com/2011-08-29/entertainment/bal-wbal-radio-knocked-off-the-air-weather-20110829_1_wbal-radio-general-manager-ed-kiernan-storm-coverage

40. August 29, Erie Times-News – (Pennsylvania) WQLN-TV still off air, could resume broadcasting tonight. WQLN-TV in Erie, Pennsylvania, is still off the air, the Erie-Times news reported August 29. The station has been unable to broadcast since a storm damaged the station transmitter August 25. Technicians replaced a transmitter tube and had hoped to resume broadcasting by the afternoon of August 29, WQLN’s director of creative services said just after 5 p.m. The goal was not accomplished. ―While that procedure has gone well, there were additional problems discovered that need to be addressed,‖ the director said. The prognosis afterward was that broadcasting would resume in a few hours, he said. Source: http://www.goerie.com/apps/pbcs.dll/article?AID=/20110829/NEWS02/308299903