Friday, September 2, 2011

Complete DHS Daily Report for September 2, 2011

Daily Report

Top Stories

• Federal investigators blamed a utility’s lax approach to pipeline safety and weak government oversight for a 2010 California natural gas explosion that destroyed a neighborhood and killed eight people. – Reuters (See item 2)

2. August 31, Reuters – (California) U.S. blames utility, regulators for pipeline blast. Investigators August 30 blamed a utility’s lax approach to pipeline safety and weak government oversight for a California natural gas explosion that destroyed a neighborhood and killed eight people nearly a year ago. The National Transportation Safety Board (NTSB) said in a scathing report on the blast in San Bruno that Pacific Gas & Electric Co. (PG&E) for years exploited regulatory weaknesses. “We also identified regulators that placed a blind trust in the companies that they were charged with overseeing to the detriment of public safety,” the NTSB Chairman said. The half-century-old gas transmission line ruptured September 9, 2010, ejecting a 28-foot section of pipe and igniting a ferocious fire that destroyed 38 homes and damaged 70 others. Eight people were killed and dozens of others were hurt. The safety board found the piping installed 4-feet underground in 1956 did not meet certain specifications and the welds were poorly constructed. Poor quality control and follow-up, the board said, resulted in the defective piping going undetected for decades. The blast, investigators said, was “clearly preventable.” Regulatory exemptions of certain rules by the California Public Utility Commission and the U.S. Transportation Department contributed to the explosion, the safety board said. The NTSB has issued a number of urgent safety recommendations to regulators and the pipeline industry to address the deficiencies it identified during its investigation. Source:

• Metro-North’s Port Jervis, New York metro train line suffered such “catastrophic” damage from Hurricane Irene that large swaths will have to be completely rebuilt in a process expected to take months. – New York Post (See item 16)

16. September 1, New York Post – (New York; New Jersey) Metro-North line damage is ‘catastrophic’. In New York, Metro-North’s Port Jervis line suffered such “catastrophic” damage from Hurricane Irene that large swaths will have to be completely rebuilt, a time-consuming and expensive process that will likely take months, the Metropolitan Transportation Authority (MTA) said August 31. “There are sections of track literally suspended in the air, and in many places we will have to build a new railroad from scratch, from the foundation to the tracks to the signals,” said the MTA chairman, who toured damaged areas. He invoked emergency powers that will let the agency cut through red tape, allowing the waiver of procurement rules, and the immediate hiring of outside consultants. Still, it will likely take months to resume normal service, one official said. The MTA is using buses to accommodate customers on the line, which runs from Port Jervis to Suffern, New York, where trains continue to Hoboken, New Jersey, along New Jersey Transit tracks. Meanwhile, the Long Island Rail Road said it would restore full service September 1. Source:


Banking and Finance Sector

14. September 1, Newark Star-Ledger – (New Jersey; New York) Dayton woman, N.Y. man arrested for bank fraud. Residents of Princeton Orchards in South Brunswick, New Jersey, awoke to an unusual sight in their condominium complex August 31: Nearly a dozen FBI agents and police officers carting evidence out a neighbor’s home. One of the men, who lived in the home being searched, and a co-conspirator, of Hicksville, New York, were arrested and charged with one count of each of conspiracy to commit bank fraud, authorities said. They had opened more than 3,900 phony credit cards and racked up more than $10 million in fraudulent charges, according to a criminal complaint filed in federal court. The scam allegedly began in November 2006. The two men set up credit cards with more than 600 mostly fictitious names. They would make small purchases and pay them off, allowing them to raise credit limits. After raising the limits, authorities said, the pair would “bust out” the cards with extravagant purchases of jewelry, luxury cars, electronics, spa treatments, and clothing. The men face jail time of up to 30 years. Authorities said the two could be deported if they are found to be in the country illegally. “In light of immigration status and their ties to Pakistan, I’m inclined to hold them,” a U.S. magistrate judge said. Source:

15. September 1, KXTV 10 Sacramento – (California) ATM skimmers arrested in Manteca might be part of an Armenian gang. Two men were arraigned in Manteca, California superior court August 30, accused of being members of an Armenian gang that steals money by placing skimming devices on ATM machines. The men faced numerous felony counts, after being caught on surveillance video attaching the devices to an ATM machine by a bank employee. The bank worker notified the Tracy Police Department who staked out the bank in an unmarked car and arrested the men when they returned to the bank. A judge set bail at $2 million each, saying the men are a flight risk. Source:

Information Technology Sector

39. August 31, IDG News Service – (International) Hackers break into Linux source code site. IDG News Service reported hackers broke into the Web site that is home to the Linux project in August. They gained root access to a server known as Hera and ultimately compromised “a number of servers in the infrastructure,” according to a note on the Kernel site August 31. Site administrators learned of the problem August 29 and soon discovered many bad things were happening on servers. Files were modified, a malicious program was added to the server’s start-up scripts, and some user data was logged.’s owners contacted law enforcement in the United States and Europe, and are in the process of reinstalling the site’s infrastructure and figuring out what happened. They think the hackers may have stolen a user’s log-in credentials to break into the system, and the site is making each of its 448 users change their passwords and secure shell keys. The hack is problematic because is the place where Linux distributors download the source code for the widely used operating system’s kernel. However,’s note said that, even with root access, it would be difficult for a hacker to slip malicious source code into the Linux kernel without it being noticed, because Linux’s change-tracking system takes a cryptographic hash of each file at the time it is published. Source:

40. August 31, Computerworld – (International) Hackers may have stolen over 200 SSL certificates. Hackers may have obtained more than 200 digital certificates from a Dutch company after breaking into its network, including ones for Mozilla, Yahoo, and the Tor project, a security researcher reported August 31. The count is considerably higher than DigiNotar first acknowledged. Earlier the week of August 29, a company spokesman said “several dozen” certificates had been acquired by the attackers. “About 200 certificates were generated by the attackers,” said the principal security consultant and founder of Madison Gurka, a Dutch security company, citing a source he said wished to remain confidential. Among the certificates acquired by the attackers in a mid-July hack of DigiNotar, the consultant’s source said, were ones valid for,, and Mozilla confirmed a certificate for its add-on site had been obtained by the DigiNotar attackers. The consultant’s number is similar to the tally of certificates that Google has blacklisted in Chrome. An entry in the Chromium bug-tracking database lists 247 certificates that the project blacklisted August 30. Source:

41. August 31, IDG News Service – (International) Mac OS X can’t properly revoke dodgy digital certificates. A programming glitch in Apple’s OS X operating system has made it difficult for Mac users to tell their computers not to trust digital certificates, exacerbating an ongoing security problem with a Dutch certificate authority that was recently hacked. Mac users began reporting problems August 30 when they tried to revoke digital certificates issued by DigiNotar, a Dutch company whose servers were compromised in July and used to issue fraudulent digital certificates. Mac users revoked the certificates on their computers, but still saw some sites that used those certificates being marked as trustworthy. Source:

42. August 31, H Security – (International) Opera 11.51 closes security holes. Opera released version 11.51 of its Web browser, a maintenance and security update that addresses a high risk vulnerability. According to the developers, Opera 11.51 closes a hole that could have been exploited by an attacker to bypass certain security features. The issue is caused by an error when loading content that causes the browser to display the security information of a trusted site instead of the actual untrusted site. The update also adds adds support for the full-screen app mode in Mac OS X 10.7 Lion, and addresses a number of bugs on all supported platforms. The developers said the update also fixes a “low severity issue;” however, details of the vulnerability were not disclosed. Source:

For another story, see item 46 below in the Communications Sector

Communications Sector

43. September 1, Associated Press – (Maine; New Hampshire; Vermont) Internet restored by Time Warner in Maine, Vt, NH. Time Warner Cable Inc. said it has restored Internet, digital phone, and TV services to about 350,000 homes and businesses in northern New England that had lost connection August 31 in the aftermath of Hurricane Irene. A Time Warner spokeswoman said service was restored around 6:10 p.m., about three and-a-half hours after flooding and debris affected fiber-optic cable lines throughout Maine, New Hampshire, and Vermont. The company had been providing services on a backup network after damage to its main lines. August 31 was the first time customers actually saw service cut off. Source:

44. September 1, Middletown Times Herald-Record – (New York) Phone service affected by storm. The rains and wind of Hurricane Irene gave telephone lines a beating in the Hudson Valley of New York the weekend of August 26. Frontier Communications found the majority of its 12,000 land-line customers in Goshen and Washingtonville were impacted by the storm. Most were expected to have service restored by September 1 or September 2, with some having to wait until September 4. “With hurricane damage like this, there were power outages as well,” said Frontier’s regional marketing manager. “If a (utility) pole goes down, our crews are not allowed to go in to assess the damage or repair the damage until it can be determined that the scene is safe.” Local offices in both villages sustained flood damage, a Frontier general manager said. Source:

45. September 1, Vineland Daily Journal – (New Jersey) River flooding temporarily silences local radio stations. Little more than a static hum rolled from the speakers when listeners tuned into September 1 two local Vineland, New Jersey radio stations that faced flooding problems from recent heavy storms. Cruisin’ 92.1 FM WVLT and 1270 AM WMIZ, the local Spanish station it shares a home with on Maurice River Parkway, went dark August 29 for the first time in decades on the air. A WVLT producer said they hope to return to regular programming September 2. The stations were broadcasting as usual when Hurricane Irene moved through the region, but heavy rainfall from multiple storms this month helped the Maurice River flood into the backyard of the stations’ headquarters, the producer said. A small shed that houses the stations’ transmitters sits about a foot off the ground, but still took on 5 inches of water, he said. That forced the FM station off the air at 7 a.m. August 29. The AM station and the facility’s power were shut down an hour later as a safety precaution, the producer said. The staff needs replacement parts for the transformers that sustained water damage before broadcasts can resume, he said. Source:

46. August 31, threatpost – (International) Hackers push Sipvicious VoIP tools in malicious attacks. Researchers at NSS Labs claim they have spotted attacks that use Sipvicious, a common auditing tool for Voice over IP (VoIP) networks as part of malicious attacks aimed at taking control of vulnerable VoIP servers. The attacks are apparently aimed at taking control of VoIP servers to place unauthorized calls. A description of the attacks, posted on the NSS blog August 31, said researchers at NSS witnessed the sipvicious tool installed by a trojan downloader program on systems, most of which had first been compromised in drive-by Web site attacks. The attacks use a known trojan, jqs(dot)exe, and connect to command and control servers to receive instructions on downloading instructions as well as the sipvicious tool from a .cc domain. After installation, sipvicious is run to scan for Session Initiation Protocol devices on the compromised computer’s network and then to launch brute force attacks to guess the administrative password on those systems. Source:

47. August 31, Newark Star-Ledger – (New Jersey) Power outage leaves half-million N.J. residents without TV, phone and Internet. As storm-related power outages continued for the third day August 31, at least a half-million New Jersey homes remained without cable, phone, Internet, and television service, according to the board of public utilities. Frustrated by the delays, many customers took to social media sites to vent their grievances with their providers. But, underscoring their dependency on commercial power, the region’s major cable operators — Verizon FIOs, Cablevision, Comcast, and Time Warner Cable — all attributed the bulk of their service disruptions to the outages. In some cases, if the customer has power and is still without cable service, the problem may lie in damaged cable lines in the neighborhood, or at the individual’s home, a Verizon spokesman said. Ironically, because cable service depends on power, it can actually be less reliable than traditional copper wire phones during events such as storms, some experts said. Since copper wire phone lines can conduct electricity, they can function as long as a provider’s central facilities continue to operate — and most of these facilities have backup generators in the case of outages. Source:

48. August 31, New Hampshire Public Radio – (New Hampshire; Vermont) Phoneless Vermont residents in for longer wait. Across northern New England, more than 1,800 Fairpoint customers were without telephone or Internet service August 31. Repair crews in Vermont face the greatest hurdles. A Fairpoint spokesman said the company knows of at least 514 New Hampshire customers who have lost service; the disruption in Vermont is much more extensive. He added roadway and telephone system damage from flooding often go hand in hand. When the bridge washes out,” he said, “the cable is severed and that means people will lose their power and their phone.” He said in each location, after electric crews restore power, phone company workers move in to get telecommunications back up. Full service in New Hampshire should be restored by September 3. Vermont residents will have a longer wait. Source: