Thursday, September 15, 2011

Complete DHS Daily Report for September 14, 2011

Daily Report

Top Stories

• Police shot and killed a man who fired 70 rounds from semi-automatic guns, injuring one person at an Arkansas courthouse September 13. – CNN (See item 34)

34. September 14, CNN – (Arkansas) Report: Police shoot Arkansas courthouse gunman dead. A man who opened fire at an Arkansas courthouse September 13, injuring one person, was shot and killed by police, according to authorities and CNN affiliate KFSM 5 Fort Smith. The man, 48, was shot once in the torso and once in the head, and later died of his injuries in a Fort Smith, Arkansas, hospital, according to KFSM. Police said he was armed with three semi-automatic handguns and a semi-automatic rifle when he entered the Crawford County Courthouse in Van Buren. He was also wearing a tactical vest with webbing, enabling him to carry additional ammunition. Authorities told KFSM that he entered the office of the Crawford County Division 1 judge about 4:45 p.m. September 13. The judge is believed to have presided over a divorce and custody hearing involving the suspect, the station reported. "As he entered the office, he demanded to see the judge," a sheriff said. "When they told him the judge was not in ... is when he started firing." The man fired some 70 rounds, police said. But surveillance camera footage showed his gun malfunctioned several times, the sheriff noted. The judge's secretary sustained a non-life-threatening wound to the leg, KFSM reported. Source: http://www.cnn.com/2011/CRIME/09/14/arkansas.courthouse.shooting/

• A long-burning fire in Minnesota exploded the week of September 12, burning more than 156 square miles and forcing the evacuation of more than 100 homes, 36 businesses, and a huge camping area. – Duluth News Tribune (See item 48)

48. September 14, Duluth News Tribune – (Minnesota) Pagami Creek fire largest Minnesota fire since 1918. A fire that started August 18 with a bolt of lightning and a puff of smoke in Minnesota jolted to life early the week of September 12, storming across 25 miles of forest, blackening 100,000 acres. Hundreds of campers were escorted out of the 1.1 million-acre Boundary Waters Canoe Area Wilderness (BWCAW) while others had to flee for their lives. More than 100 homes and 36 businesses were evacuated on the eastern and southern reaches of the fire in Lake and Cook counties. The fire has burned across more than 156 square miles. It is by far the largest forest fire in Minnesota since 1918. So far, the Pagami Creek fire has not destroyed any homes, and only one small structure has burned, a relief cabin for Minnesota Department of Natural Resources conservation officers on Insula Lake. Much of the eastern BWCAW has been closed, with only access points north and west of Ely and northeast of the Gunflint Trail remaining open. The governor directed the Minnesota National Guard to assist in firefighting efforts. Four Blackhawk helicopters were ordered to the area to support firefighters with water drops where needed. The Duluth-based 148th fighter unit will provide refueling for the St. Paul-based helicopters. The Blackhawks join the Minnesota Department of Natural Resources’ CL-215 water bombers as well as smaller aircraft and helicopters. A giant water-dropping helicopter also has been ordered along with additional ground crews. Source: http://www.duluthnewstribune.com/event/article/id/209327/group/homepage/

Details

Banking and Finance Sector

15. September 14, WFTV 9 Orlando – (Florida) Orlando bank ATM rigged with skimmer. A Bank of America ATM on South Kirkman Road in Orlando, Florida, was rigged with a skimmer September 13, Orlando police said. Police said they are searching for two men who they believe installed the skimming device. They said the device was stealing people's credit and debit card numbers since 8:30 p.m. September 13. Surveillance pictures taken from the bank show the two men installing the device. Bank officials caught on to the scam quickly and removed the device. Orlando police said they are looking to see if similar devices have been set up anywhere else in the city. Source: http://www.wftv.com/news/29178978/detail.html

16. September 14, San Francisco Chronicle – (California; District of Columbia) Feinstein aide Kinde Durkee held in alleged fraud. A U.S. Senator's $5.2 million re-election war chest may have been "wiped out" by a trusted — and now arrested — treasurer, campaign officials for California's senior Senator said September 13. The Senator's top campaign consultant said First California Bank, which holds campaign funds for the Senator, two Congressional Representatives, and others involved in the alleged fraud, will not allow anyone access to the accounts without signing a release that indemnifies the bank against lawsuits. Hundreds of thousands of dollars have allegedly been misappropriated, and the arrested treasurer had signature authority for more than 400 accounts, according to the FBI. The aide served as treasurer for the Senator's Senate and gubernatorial campaigns in 1992, 1994, 2000, and 2006 as well as her current campaign. She was arrested September 2 on charges she stole or misappropriated $670,000 from a state assemblyman. The treasurer allegedly commingled and transferred funds among various accounts and used money to pay personal bills, including her American Express card, her mother's assisted-living expenses, and mortgage payments. The FBI complaint said the treasurer used funds to make payroll at her firm, Durkee and Associates. Federal agents said she "admitted she had been misappropriating her clients' money for years, and that forms she filed with the state were false." Source: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2011/09/13/MNQ01L4779.DTL

17. September 13, Naples Daily News – (Florida) Naples police: Texas man caught with 30 fake credit cards. Police in Naples, Florida, said a Texas resident was carrying 30 counterfeit credit cards found during a routine traffic stop September 12. The 36-year-old man from Houston was arrested near Goodlette-Frank Road and 5th Avenue North after officers found the credit cards in his luggage, according to an arrest report. He faces a single felony charge of possessing counterfeit credit cards. The suspect was pulled over at about 11:45 a.m. September 12 for a broken brake light on his Ford SUV. After seeing several pieces of luggage in the trunk, the officer asked to search the vehicle, the report said. The suspect consented and the officer found 10 Discover cards with a false name on the front. Another 19 Discover cards had the name of a Tampa-based prepaid card company on the front. A counterfeit American Express card was also found, the report said. A Naples detective found the cards had different numbers encoded on magnetic strips than the numbers printed on the front of the cards. Officers also found 10 Wal-Mart gift cards in the luggage totaling $1,000 in value. “[Police] also believes that due to recent increase in the trafficking of clone and counterfeit credit cards in Collier County, [the suspect] is part of a larger criminal enterprise,” the report said. In the past 3 weeks, deputies from Collier and Lee counties have made four traffic stops resulting in the seizure of 199 counterfeit credit and gift cards. Seven people have been charged or face charges following the traffic stops. Source: http://www.naplesnews.com/news/2011/sep/13/naples-police-texas-man-caught-30-fake-credit-card/

Information Technology Sector

37. September 14, Softpedia – (International) Malware hidden in Windows help files. Viruses and other malicious software contained in simple help files are not news to Internet security specialists, but the fact these pieces of malware are sent using e-mail messages is part of a more recent scheme deployed by cybercriminals to fool unsuspecting victims, Softpedia reported September 14. Symantec's blog indicates these new targeted attacks that come as e-mails and infect computers with malicious applications are used by those who control them to take over users' virtual lives. Targeted attacks are not uncommon, in many cases hiding under "innocent" formats such as jpg, avi, doc, and pdf. Other such methods imply the forgery of executable icons to make them look like harmless file formats. As many users know, .hlp extensions are normally handled by Windows Help and they contain information on how to work with certain applications and facilities. This new technique used by hackers is very efficient because typically a vulnerability must be exploited for an attack code to be executed; and if the target computer's security is up to date, the hit will probably fail. Help files, however, call Windows API to be executed and thus run the planted code along with it. While the victim only sees a blank Windows Help window, the system is being infected with malware. Symantec researchers state that so far they have not seen any .hlp files with forged icons, so it is fairly easy to visually identify them by the large question mark contained in the blue circle. Source: http://news.softpedia.com/news/Malware-Hidden-in-Windows-Help-Files-221611.shtml

38. September 14, H Security – (International) Another Apache update due to byte range flaw. The Apache Foundation announced September 14 that the newly released version 2.2.21 of its free Web server is essentially a bug fix and security release. In particular, the developers focused on the vulnerability that makes servers susceptible to denial-of-service attacks. The new version corrects and complements the first fix, which was released 2 weeks ago. It corrects an incompatibility with the HTTP definition and changes the interpretation of the MaxRange directive. It also fixes flaws in mod_proxy_ajp, a module that provides support for the Apache JServ protocol. Users are advised to update their Apache installations as soon as possible. However, those who use Apache 2.0 will still need to wait: corrections for this version are scheduled to be incorporated in the release of version 2.0.65 in the near future. Those who use version 1.3 are not affected by the byte range bug. Source: http://www.h-online.com/security/news/item/Another-Apache-update-due-to-byte-range-flaw-1343066.html

39. September 13, The Register – (International) Bittorrent.com's software download hacked to serve malware. Attackers hijacked two popular Bittorrent Web sites September 13 and tampered with their download mechanisms, causing visitors trying to obtain file-sharing software to instead receive malware. The hacks on bittorrent.com and utorrent.com replaced the sites' standard software downloads with a piece of fake antivirus software known as Security Shield, an advisory warned. Anyone who downloaded and installed software from those sites between 4:20 a.m. and 6:10 a.m. PST should scan their systems immediately for infections. Once installed, Security Shield delivers false reports a computer is infected with multiple pieces of malware, and prompts the user for payment before claiming to disinfect the machine. The attack affected only users who downloaded and installed software from bittorrent.com and utorrent.com during the 1 hour and 50 minute window that the sites were compromised. Source: http://www.theregister.co.uk/2011/09/13/bittorrent_malware_hack/

40. September 13, CNET News – (International) Microsoft issue fixes, blacklists more DigiNotar certificates. Microsoft and Adobe released security fixes September 13, and Microsoft blacklisted six more root certificates in the wake of a breach at DigiNotar that allowed fraudulent SSL certificates to be issued. As part of its monthly Patch Tuesday, Microsoft released 5 security bulletins, none of which are critical, plugging 15 holes. Affected software includes Windows, Office, Excel, SharePoint, Windows Server, and Office Web Apps. More details are in the advisor that Microsoft accidentally posted online 4 days early before removing it to save it for September 13. Meanwhile, Microsoft revoked certificates signed by two certificate authorities, Entrust and Cybertrust, which had issued certificates on behalf of DigiNotar. DigiNotar was hacked and more than 500 secure sockets layer (SSL) certificates were fraudulently issued, including one that was used in an attack involving spoofing Google.com to spy on Gmail of users in Iran. Microsoft, Google Chrome, Firefox, Opera, Adobe, and Apple now blacklist the certificates. Meanwhile, Adobe issued fixes September 13 for critical vulnerabilities in Adobe Reader and Acrobat that could allow an attacker to take control of a computer. Source: http://news.cnet.com/8301-1009_3-20105680-83/microsoft-issue-fixes-blacklists-more-diginotar-certificates/

For another story, see item 42 below in the Communications Sector

Communications Sector

41. September 14, FierceCable – (International) Major outage hits Dish Network. A malfunctioning satellite left Dish Network subscribers nationwide unable to watch HD channels the night of September 13. While service to some national cable networks had been restored by September 14, the DBS (direct-broadcast satellite) provider is still unable to deliver local broadcast channels to subscribers in some markets. Dish said it has been "experiencing an interruption" impacting the 129 orbital satellite location, according to a statement posted on its Web site. Dish relies on the satellite at the 129 orbital slot to deliver hundreds of national cable networks and local channels in HD, including ESPN, TBS, TNT, USA Network, and The Weather Channel. The outage resulted in a flood of messages from Dish subscribers on Twitter and online forums for DBS users. Dish has also been using Twitter to communicate with subscribers. The company has told subscribers that have lost HD channels that if they reboot their set-tops, they will be able to watch channels in standard definition. It is not clear what caused the satellite outage, how many subscribers were impacted, and what Dish is doing to restore service. Source: http://www.fiercecable.com/story/major-outage-hits-dish-network/2011-09-14

42. September 13, Salt Lake Tribune – (Utah) Millard County phone, Internet service restored. Telephone and Internet connections were fully restored September 12 to several areas of Millard County, Utah, after copper thieves brought the services down for 3,800 customers September 10 and 11. A spokeswoman for Frontier Communications said that outage was repaired and services restored by mid-day September 12. However, a second, unrelated outage again knocked out Internet service to the same area at 1:19 p.m. That second outage was blamed on a “defective electronics card at another carrier location,” the spokeswoman said. She did not further detail where that failure occurred, except to say service from that outage had been restored by 9:30 p.m. A West Jordan police spokesman said alleged copper thieves cut a fiber optics line in West Jordan to trigger the initial outage. He said the thieves ended up stealing about $300 in copper wiring, but repairs cost about $10,000. The theft occurred about 10 p.m. September 10 near 5700 West and 7800 South. Source: http://www.sltrib.com/sltrib/news/52575226-78/outage-restored-west-internet.html.csp

43. September 13, Voice of San Diego – (California) During blackout, unwelcome sound on radio: static. When the power went out September 8, the number of news sources accessible to many San Diegans dwindled down to one: radio station AM 600 KOGO. TVs and computers stopped working. Cell phones struggled to make calls or get online. And much of the radio dial turned to static as at least a dozen stations vanished from the airwaves, in some cases failing to reappear until the next morning. KFMB-AM and KPBS-FM, the region's two other news stations, both went off the air, although KFMB returned by the evening. Until then, KOGO almost entirely dominated the local news world. Its staffers were a lifeline to many, piecing together what was happening during the blackout's first minutes, when San Diego Gas & Electric remained unreachable. The blackout spotlighted just how much the county's emergency news broadcasting relies on KOGO. Both KOGO and its emergency-alert system backup, a sister sports talk radio station called KLSD/1360 AM, are housed in the same building and use transmitters that are less than two miles apart. Now, however, KPBS is poised to provide another backup. The station, which went off the air during both the blackout and 2007 wildfires, is buying a $10,000 mobile unit that will allow it to stay on the air during a disaster even if its transmitter and studios are damaged. The unit, expected to arrive in the next few weeks in time for wildfire season, will allow KPBS to broadcast at limited strength in a power outage, a spokeswoman said. Source: http://www.voiceofsandiego.org/this_just_in/article_307c3f1c-de6e-11e0-8bc0-001cc4c03286.html

44. September 13, Washington Post – (National) FCC calls for more LightSquared testing as complaints continue about GPS interference. The Federal Communications Commission (FCC) said September 13 that satellite venture LightSquared must do further testing of its proposed terrestrial mobile broadband network, amid a firestorm of criticism by aviation, defense and agricultural agencies and industries about interference with global positioning systems. The FCC, which has been criticized for its handling of LightSquared’s waiver to conditionally launch a terrestrial network, said in a public notice September 13 that a proposed solution to interference problems needs more testing. Specifically, LightSquared said last June it would move its terrestrial transmitters — which were granted through the FCC waiver — to a lower part of the satellite spectrum it shares with GPS receivers. That helped with some interference problems, but not for high precision GPS receivers, including devices used for national security and aviation applications, the FCC said. “Additional testing is therefore necessary,” the FCC said in its notice. The agency has defended a controversial waiver it granted last January that allows LightSquared to operate smartphones and other devices on its 4G LTE network. The FCC said the waiver is conditional and won’t allow the company to light up the network until GPS interference issues are resolved. The National Telecommunications & Information Administration (NTIA) September 9 sent a letter to senior officials at the Department of Defense and Federal Aviation Administration, asking for the agencies to coordinate with LightSquared on further testing of technology for interference with GPS. The NTIA head asked for the tests to be complete by November 30, and said a second round of tests would be necessary after that. Source: http://www.washingtonpost.com/blogs/post-tech/post/fcc-calls-for-more-lightsquared-testing-as-complaints-continue-about-gps-interference/2011/09/13/gIQAXgEJQK_blog.html