Tuesday, September 20, 2011

Complete DHS Daily Report for September 20, 2011

Daily Report

Top Stories

• Seventeen people were injured September 20 when part of a building and the attached scaffolding collapsed onto a city bus in the Harlem section of New York City. – New York Post (See item 20)

20. September 20, New York Post – (New York) 17 injured after scaffold collapses on city bus in Harlem. Seventeen people were injured September 20 when part of a building and the attached scaffolding collapsed onto a city bus in the Harlem section of New York City, authorities said. The 3-story building's facade, along with the scaffolding, collapsed at 9:30 a.m. on W. 125th Street near Frederick Douglass Boulevard, sending pipes, rocks, and debris crashing down, witnesses said. People became trapped underneath the rubble and had to be rescued by firefighters. There were about 30 people on the Bx15 at the time of the accident, police said. The 17 injured people were taken to St. Lukes, Cornell, and Harlem hospitals with minor injuries, said a New York City Fire Department spokesman. Police said eight people who were injured were passengers on the bus. Two police officers were among the injured after they were hurt digging through the rubble, police said. The city's department of buildings is investigating the accident. Source: http://www.nypost.com/p/news/local/harlem_least_injured_after_scaffold_JtsoNU7pNeb20ytFyyRBsK

• Four people have died and 35 people in 10 states have been sickened in an outbreak of listeria traced to Colorado cantaloupes, the U.S. Centers for Disease Control and Prevention said September 19. – Associated Press (See item 25)

25. September 19, Associated Press – (Colorado; National) Cantaloupe deaths: Several dead from eating tainted cantaloupe linked to Colorado. Four people have died in an outbreak of listeria traced to Colorado cantaloupes, the U.S. Centers for Disease Control and Prevention (CDC) said September 19. One death occurred in Colorado, one in Oklahoma, and two in New Mexico. The death count could soon rise to six. A spokesman for the New Mexico Department of Heath said the CDC is in the process of confirming two additional deaths linked to the outbreak in his state. The CDC said 35 people in 10 states have been sickened in the outbreak so far. The illnesses are in California, Colorado, Illinois, Indiana, Montana, Nebraska, New Mexico, Oklahoma, Texas, and West Virginia. Colorado has the most illnesses with 12 sickened, followed by Oklahoma with six, and New Mexico with five. The illnesses have been traced to fruit from Jensen Farms in Holly, Colorado. The Food and Drug Administration said September 19 it had found listeria in samples of Jensen Farms' cantaloupe taken from a Denver-area store, and on samples taken from equipment and cantaloupe at the farm's packing facility. Tests confirmed the samples matched the strain of the disease found in those sickened. Jensen Farms recalled its Rocky Ford-brand cantaloupes the week of September 12 after the illnesses were linked to its fruit. Source: http://www.huffingtonpost.com/2011/09/19/cantaloupe-deaths-colorado_n_970856.html

Details

Banking and Finance Sector

16. September 20, Gaithersburg Gazette – (Maryland; Virginia) Police find $60,000 in cash, gun during search of alleged bank robber’s residence in Beltsville. Police detectives and FBI agents believe the man responsible for 13 bank robberies in Montgomery County, Maryland, and Northern Virginia may have run out of luck thanks to a call from a tipster. The 44-year-old was arrested September 16 by Montgomery County police and FBI agents at his house in Beltsville, a Montgomery County police spokeswoman said. She said officers learned about the suspect when an anonymous caller contacted police after seeing photographs of him in the news. A person matching the man's physical description was linked by police to 9 robberies in Montgomery County and 4 in Virginia from July 2, 2010, to September 6, 2011, police said. He faces seven counts each for armed robbery and the use of a handgun in the commission of a crime, according to court documents filed in Montgomery County District Court in Rockville. Both charges carry a maximum sentence of 20 years in prison for each count, said the assistant state’s attorney who presided over the suspect's September 19 bond review hearing. The lawyer said during the search police found the .44-caliber revolver and several items of clothing involved in the robberies, as well as $60,000 in cash. The suspect will likely face federal charges due to the number of offenses and because several police jurisdictions were affected, said an FBI spokesman for the bureau's Baltimore field office. Source: http://www.gazette.net/article/20110920/NEWS/709209993/1022/1022/police-find-60000-in-cash-gun-during-search-of-alleged-bank&template=gazette

17. September 20, Softpedia – (Texas) 3D printers used to create ATM skimmers. ATM skimmers were printed with high-tech 3D devices by a group of fraudsters who managed to steal more than $400,000 from unsuspecting bank customers, Softpedia reported September 20. The thieves replicated credit card slots on automated teller machines. The four men indicted by a federal court in June used a 3D printer to create scanners to place on ATMs. The scam began after the gang's leader was imprisoned for ATM fraud in 2009. The group's technical expert decided to print the front of ATM slots. The accomplice who handled the “heavy lifting” was a man from Missouri City, Texas. He was in charge with mounting skimmers on the machines, making sure that the surveillance camera's were blocked. The last member of the gang had the mission of driving all around Texas, emptying the bank accounts of the victims. According to the owner of a company that handles 3D printing, costs for a high-end device that could almost flawlessly reproduce the front of an ATM can reach $20,000. Source: http://news.softpedia.com/news/3D-Printers-Used-to-Create-ATM-Skimmers-222574.shtml

18. September 19, KOMO 4 Seattle – (Washington) Feds: 2 men installed skimmers on Eastside ATM machines. Federal agents the week of September 12 arrested in Seattle a pair of suspects accused of running an international crime ring, KOMO 4 Seattle reported September 19. Prosecutors said the men rigged ATM machines with skimmers to record bank account data, and stole hundreds of thousands of dollars. The pair mounted skimmers on ATM machines in Bellevue, Bothell, and Kirkland, federal prosecutors said, then transferred the information onto other cards, like gift cards. One of the men appeared in federal court September 19. A judge ordered him held until trial, fearing he may try to flee the country if he is released. The second man was due in court September 20. Prosecutors said the men are part of an organized crime ring from Romania. Investigators charged four other men in late 2010 in connection with the ring. Most of the suspects had entered the United States illegally, investigators said. Source: http://www.komonews.com/news/local/130167093.html

19. September 19, Federal Bureau of Investigation – (California; Illinois; New York) Fourth defendant charged in insider trading scheme involving former Citigroup investment banker. A federal grand jury in San Francisco charged a 52-year-old Orland Park, Illinois man with conspiracy and securities fraud relating to an insider trading scheme in which he made profits in excess of $1.1 million, a U.S. attorney announced. The indictment, unsealed September 19, stems from the insider trading scheme first charged in 2009 against a former investment banker from San Carlos, California, at Citigroup Global Markets Inc. in New York; the banker's brother from Walnut Creek, California; and another conspirator from Pleasanton, California. The indictment said the banker misappropriated material, non-public data about confidential corporate acquisitions, financings, and other transactions in New York, in violation of his fiduciary duty and duty of trust and confidence to Citigroup and its clients. He then tipped his brother about the confidential transactions. The brother then tipped the 52-year-old Orland Park man, who is charged with trading on the material, non-public information about securities of four publicly traded biotechnology companies from 2005 through 2007. The 52-year-old was arrested by the FBI September 9 in Illinois. The maximum statutory penalty for each count of securities fraud is 20 years and a fine of $5 million, plus restitution if appropriate. Source: http://www.fbi.gov/sanfrancisco/press-releases/2011/fourth-defendant-charged-in-insider-trading-scheme-involving-former-citigroup-investment-banker

Information Technology Sector

38. September 20, The Register – (International) Crooks push fake anti-virus via Skype calls. Scareware pushers have turned to Skype with automated messages to pressure users into buying worthless security software. The scam is promoted via unsolicited calls on Skype during which a machine-generated message warns potential victims their computer security is "out-of-date." Victims are invited to visit a Web site selling fake anti-virus software for $19.95. The robotic message states: "Attention: this is an automated computer system alert. Your computer protection service is not active. To activate computer protection, and repair your computer, go to..." Users are confronted with the alarming alert when they click on a message from an account called "URGENT NOTICE." Source: http://www.theregister.co.uk/2011/09/20/skype_scareware_scam/

39. September 19, Computerworld – (International) Microsoft fixes SSL 'kill switch' blooper. Microsoft re-released an update September 19 for Windows XP to correct a snafu that left users vulnerable to potential "man-in-the-middle" attacks for most of the week of September 12. The September 19 update addressed a gaffe introduced when Microsoft blocked six additional root certificates issued by DigiNotar that were cross-signed by a pair of other certificate authorities. Microsoft admitted September 19 the update it shipped to Windows XP and Server 2003 users September 13 was flawed. "The versions...for Windows XP and for Windows Server 2003 contained only the latest six digital certificates cross-signed by GTE and Entrust," said Microsoft in a revised support document. "These versions of the update did not contain the digital certificates that were included in [earlier updates]." The earlier update, delivered by Microsoft September 6, blocked five DigiNotar root certificates. "If you installed update 2616676 and had not already installed update 2607712 or update 2524375, your system would not have been protected from the use of fraudulent digital certificates," Microsoft admitted. The re-released update for XP and Server 2003 has been added to Windows Update, Microsoft said. Customers who do not have Automatic Updates enabled should manually download and install the new version of the DigiNotar blocker. Windows Vista, Windows 7, Server 2008, and Server 2008 R2 were not affected by the update goof, according to Microsoft. Source: http://www.computerworld.com/s/article/9220121/Microsoft_fixes_SSL_kill_switch_blooper

40. September 19, Softpedia – (International) Google alerts spread ZeroAccess trojans. Google Alerts members who want to be informed about trojans get a lot more than they bargained for, as they receive links with real threats waiting to be accessed by unsuspecting victims. After Bing and Yahoo search engines advertised Web sites containing malware, Google is now sending customers links to virus-laden pages. A researcher from CleanBytes set up his Google Alerts account to send him updates on anything related to trojans, and September 18 he received a link that apparently came from WCBI. After clicking on it, he was directed to a place that resembled a Megaupload site. The page is a fake and if the download button is pressed, a file called 2_setup(dot)exe, that is supposed to contain a trojan anti-virus, is offered. Upon submission to VirusTotal, the results revealed a ZeroAccess trojan was masqueraded as the innocent looking file. These types of software are able to hide themselves deep in the operating system, infecting the master boot record if not stopped in time. In this case, it appears the WCBI Web site was hacked and the search results poisoned, the researcher said. Source: http://news.softpedia.com/news/Google-Alerts-Spread-ZeroAccess-Trojans-222426.shtml

41. September 19, threatpost – (International) New DroidDream variant has ability to fight off other malware. DroidDream, a malicious program that targets Android devices, received a major overhaul, and now contains more features for stealing data and phishing the owners of compromised Android phones and tablets, according to a Trend Micro researcher. The latest update to the DroidDream malware, which Trend labeled "ANDROIDOS_DORDRAE.N" is spreading over third party mobile application Web sites, mostly in China. Building on earlier versions of the DroidDream malware, it includes expanded data theft capabilities, allowing remote attackers to siphon off SMS messages, call logs, mobile contact lists, and information related to Google accounts that may be stored on the compromised Android device, according to Trend's research blog. Source: http://threatpost.com/en_us/blogs/new-droiddream-variant-has-ability-fight-other-malware-091911

Communications Sector

Nothing to report

Tuesday, September 20, 2011

Complete DHS Daily Report for September 20, 2011

Daily Report

Top Stories

• Dozens of employees at Honolulu's airport were fired or suspended after an investigation found workers did not screen checked bags for explosives, the Transportation Security Administration said. – Associated Press (See item 24)

24. September 17, Associated Press – (Hawaii) TSA fires 28 Honolulu bag screeners after probe. Dozens of employees at Honolulu's airport were fired or suspended after an investigation found workers did not screen checked bags for explosives, the Transportation Security Administration (TSA) said September 16. The firings and suspensions amounted to the single largest personnel action for misconduct in the federal agency's history. The TSA said in a statement that 28 workers were "removed," 15 suspended, and 3 resigned or retired. The cases of two other employees were still being decided. The agency began an investigation at the end of 2010 after two Honolulu employees told officials that thousands of bags were not checked properly or screened for traces of explosives. The probe, which included interviews with more than 100 employees, determined that some checked bags during one shift at the airport were not properly screened. In June 2011, the TSA placed 36 of the workers on paid administrative leave as it began the process of firing them. It also suspended 12 workers at that time. The Honolulu airport has 750 TSA employees. Source: http://www.msnbc.msn.com/id/44557230/ns/travel/#.TndCq-x3jTo

• National Transportation Safety Board officials are investigating the cause of a stunt plane crash that killed 10 people and injured at least 70 at an air show September 16 in Reno, Nevada. – ABC News (See item 52)

52. September 19, ABC News – (Nevada) Nevada air race crash death toll rises. A 10th person has died from injuries sustained when a stunt plane crashed at the Reno Air Race near Reno, Nevada September 16. At least 70 people were injured in the crash. News of the death came as investigators turned their attention to the pilot who may have been unconscious when his World War II-era P-51 Mustang smashed into a crowd of spectators, killing him and nine others. He was traveling at 500 miles per hour when he crashed, killing fans seated in the VIP seats on the tarmac. Witnesses said that as the P-51 Mustang Galloping Ghost rounded the final clubhouse turn, something dropped off the tail of the plane, and that that may have been what caused the problem. In one of the final photos taken before the crash, half of a sliver piece of metal — crucial for the aircraft to maintain balance — appeared to be missing. Investigators said that they recovered a damaged "elevator trim tab" among the debris. The pilot's age and medical history may also prove relevant to their investigation, according to National Transportation Safety Board (NTSB) officials. They said that the Reno-Tahoe Airport Authority is resuming operations at the airport where the crash occurred, and that on-scene public affairs officials would be returning to Washington D.C.. Officials said that the airplane had a recording system, and a box containing memory cards was found at the scene of the crash. Investigators said they had analyzed the cards to see if there was any footage that could explain what happened. One NTSB member said that investigators recovered a "tremendous amount of material" at the scene. Source: http://abcnews.go.com/US/reno-air-race-crash-tenth-person-dies/story?id=14552222

Details

Banking and Finance Sector

17. September 19, Reuters – (International) SEC alleges insider trading in Global Industries. The U.S. Securities and Exchange Commission (SEC) September 16 filed an insider trading lawsuit in connection with the recent purchase of U.S. underwater oil services company Global Industries Ltd. by France's Technip SA . According to the complaint, the unnamed defendants bought Global shares on the 2 trading days immediately before Technip on September 12 said it would buy the company for $8 per share, a 55-percent premium. The defendants realized $1.73 million of illegal profit by then selling their shares, according to the complaint. The SEC said the purchases were made through an account in the name of Austria's Raiffeisen Bank International AG held at broker-dealer Brown Brothers Harriman & Co. It said the purchases accounted for about 10 percent of daily trading volume in Global, though there was no major publicly available news about the Louisiana-based company. This "suggests that the information was obtained as a result of breaches of fiduciary duty," the SEC said. The complaint seeks to force the defendants to give up their illegal profit and pay civil fines. Source: http://www.chicagotribune.com/business/sns-rt-us-sec-insidertrading-globalindustriestre78i2tr-20110919,0,4100864.story

18. September 17, Associated Press – (Mississippi) 2 convicted for possessing fake credit cards. A federal jury in Mississippi September 16 convicted two men from Miami for possession of about 91 counterfeit credit cards. A U.S. attorney said September 16 that a 54-year-old and a 23-year-old will be sentenced December 13. Each faces up to 10 years in prison, and a $250,000 fine. Vicksburg Police arrested the men March 2 after a traffic stop. The false credit cards, found in their car, were embossed with account numbers that did not belong to the persons named on the face of the cards. Source: http://www.chron.com/news/article/2-convicted-for-possessing-fake-credit-cards-2175623.php

19. September 17, St. Petersburg Times – (Florida) Man arrested in Holiday ATM 'skimming' case at Bank of America. All authorities had was a "pretty good picture" of a dark-haired man suspected of putting a "skimming" device on an ATM in Holiday, Florida to steal financial information from unsuspecting customers. As it turned out, the photo, taken last month by a Bank of America surveillance camera, was all they needed. Detectives identified their suspect, and at 3:30 a.m. September 12, officers in Destin arrested a 23-year-old man from the country of Moldova they think was involved in a fraud operation that could have victimized residents across the state. The suspect faces charges of organized fraud, two counts of criminal use of personal identification information, three counts of possession of a scanning device, and four counts of grand theft. Bank workers had discovered scratches and gluey residue on the ATM August 26. An investigation showed that over several nights in August, a thief or thieves placed a device — called a skimmer — on the ATM to read and copy card numbers. Such data is then transferred onto cloned credit cards, and used to withdraw cash at other ATMs. Officials said last month that 44 victims had been identified so far, with more than $26,000 stolen from their Bank of America accounts. Source: http://www.tampabay.com/news/publicsafety/crime/man-arrested-in-holiday-atm-skimming-case-at-bank-of-america/1191920

20. September 16, Federal Bureau of Investigation – (Illinois) Former Jerseyville bank vice president convicted. A 56-year-old of Jerseyville, Illinois woman pled guilty in federal court in East St. Louis to bank fraud, a U.S. attorney for the Southern District of Illinois, announced September 16. The bank fraud took place from at 2003, through January, 2011, in Jersey County, Illinois. The offense carries a maximum penalty of up to 30 years’ imprisonment and/or a fine of $1 million, 5 years’ supervised release, and mandatory restitution. The charge also includes a forfeiture allegation seeking property and proceeds traceable to the violation, which includes the convict's residence, two condominiums, a boat, vehicles, and bank stock. In her guilty plea, she admitted she electronically transferred funds from the bank’s corresponding accounts to her own accounts, inflated expenses to a prepaid expense account, took money from a certificate of deposit account, and concealed the money in the bank’s general ledger. To perpetuate the scheme, she provided false data in monthly reports to the board. She additionally provided false information to federal examiners, and to state bank examiners. The convict had been employed by the Jersey State Bank since abut 1976. During her employment she held various positions including assistant cashier, a director of the bank holding corporation, and executive vice president. Her responsibilities included being in charge of the bank’s general ledger and corresponding accounts, and she provided regular reports to the president and board members as to the bank’s assets, stability and financial soundness. It is reported that about $4.4 million was embezzled from the bank. Source: http://7thspace.com/headlines/394301/former_jerseyville_bank_vice_president_convicted.html

21. September 16, Infosecurity – (National) FBI probes over 400 cases of corporate bank account cyberjacking. The FBI is currently investigating over 400 reported cases of corporate banking account takeovers in which cybercriminals have initiated unauthorized automated clearing house (ACH) and wire transfers from U.S.-based organizations, an FBI official told a U.S. House panel the week of September 12. Through this method, cybercriminals have attempted to steal over $255 million and have actually stolen around $85 million, the assistant director of the FBI’s cyber division told a House subcommittee on financial institutions and consumer credit. He explained that these cyberattacks are usually carried out through targeted phishing e-mails that contain either malware, or a link to a malware-laden Web site. The phish targets a person within the company who can initiate fund transfers on behalf of the business or institution. “Once the recipient opens the attachment or navigates to the Web site, malware is installed on the user’s computer, which often includes a keylogging program that harvests the user’s online banking credentials. The criminal then either creates another account or directly initiates a funds transfer masquerading as the legitimate user. The stolen funds are often then transferred overseas”, he explained. The targets of these phishing attacks are small and medium-sized businesses, local governments, school districts, and healthcare providers, he noted. Source: http://www.infosecurity-us.com/view/20810/

For another story, see item 45 below in the Information Technology Sector

Information Technology Sector

44. September 19, The Register – (International) Go Daddy mass hack points surfers towards malware. Hundreds of Go Daddy Web sites were compromised to point towards a site hosting malware the weekend of September 17 and 18. The mass hack of around 445 sites involved the injection of hostile code into the .htaccess files. Go Daddy quickly removed the hostile code before working with its customers to take back full control of the sites, which were reportedly compromised by a password hack. Go Daddy’s chief information security officer told Domain Name Wire: "The accounts were accessed using the account holder’s username and password.“ It was unclear how the passwords needed to pull off the attack were obtained, but some sort of targeted phishing attack is one possibility. Go Daddy's investigation into the attack continues, but the chief suggested the blame for the mass hack was outside Go Daddy's control. Source: http://www.theregister.co.uk/2011/09/19/go_daddy_mass_compromise/

45. September 19, threatpost – (International) New attack breaks confidentiality model of SSL, allows theft of encrypted cookies. Two researchers developed a new attack on TLS 1.0/SSL 3.0 that enables them to decrypt client requests on the fly and hijack supposedly confidential sessions with sensitive sites such as online banking, e-commerce, and payment sites. The attack breaks the confidentiality model of the protocol, and is the first known exploitation of a long-known flaw in TLS, potentially affecting the security of transactions on millions of sites. The attack will be presented at the Ekoparty conference in Argentina September 23, and, unlike many other attacks on TLS and SSL, it has nothing to do with the certificate trust model in the protocol. Instead, the researchers developed a tool called BEAST that enables them to grab and decrypt HTTPS cookies from active user sessions. The attack can even decrypt cookies that are marked HTTPS only from sites that use HTTP Strict Transport Security, which forces browsers to communicate over TLS/SSL when it is available. Source: http://threatpost.com/en_us/blogs/new-attack-breaks-confidentiality-model-ssl-allows-theft-encrypted-cookies-091611

46. September 19, Softpedia – (International) Rogue certificates used in spam campaigns. After the scandal formed around DigiNotar, spammers sent bank business clients e-mails informing them their certificates have expired, urging them to click on a link to solve the issue. Most Internet browsers and applications banned DigiNotar certificates, an episode that created confusion. According to SC Magazine, numerous security researchers discovered e-mails that tried to fool unsuspecting users into thinking something was wrong with their certificates, thus making them access a Web site to fix the problem. When a link was clicked, a page containing an exploit kit was accessed and the system became completely compromised. “Once the browser visits that site, a series of attacks begin which can result in the download of Trojan.Buzus," revealed Barracuda Networks security researchers. In the monitoring period in which they kept a close watch on that virus, they realized besides stealing log-in information, the malware also opened a backdoor, giving hackers access to the infected device. As a researcher from Websense Security Labs mentioned, it appears this Blackhole exploit kit has not been used a lot. He explained the threat consists of a .scr file that delivers the exploits, also stating that ”This is not a targeted attack in an advanced persistent threat style, but it looks like a phishing e-mail, but this is much more sinister as it delivers an exploit kit and not a standard phish." Source: http://news.softpedia.com/news/Rogue-Certificates-Used-in-Spam-Campaigns-222232.shtml

47. September 17, Softpedia – (International) Induc virus returns and it's more dangerous than ever. A more aggressive version of the 2009 Win32.Induc.A virus has been seen in the wild and, unlike its predecessor, this one sets out to take over all executable files, spreading malware and opening gateways on the computers it infects. The new virus is called Win32.Induc.P and Malware City calls it “the most innovative to come out so far this year.” While the A version only infects compiled applications and especially targets Delphi compilers, the P variant attacks not just those, but others such as RAD Studio development suites. Right from the beginning, the virus tries to compromise all the executable files it finds in its way, from one computer to the other, using any means it can try. The downloader integrated into the core of the malware tries to access external addresses immediately after the infected files are run, downloading even more malicious elements onto the infected system. Bitdefender discovered a keylogger and a backdoor application that allow cybercriminals to completely take over the victim device. The virus infects as user's entire system in a Jeefo kind of way, but the damage caused can lead to more disastrous outcomes. Software developers appear to be the most vulnerable as they might end up with freshly compiled compromised applications that they consider to be clean. Also, while performing application updates, RAD Studio and Delphi users might open malware download portals. Source: http://news.softpedia.com/news/Induc-Virus-Returns-and-It-s-More-Dangerous-Than-Ever-222146.shtml

48. September 16, Computerworld – (International) Google patches 32 Chrome bugs, revs browser to v.14. Google patched 32 vulnerabilities in Chrome September 16, as it upgraded the stable edition of the browser to version 14. Fifteen of the 32 vulnerabilities were rated "high," the second-most-serious ranking in Google's four-step scoring system, while 10 were pegged "medium," and the remaining 7 were marked "low." None of the flaws were ranked "critical," the category usually reserved for bugs that may allow an attacker to escape Chrome's anti-exploit sandbox. Six of the vulnerabilities rated high were identified as "use-after-free" bugs, a type of memory management flaw that can be exploited to inject attack code, while seven of the bugs ranked medium were "out-of-bounds" flaws, including a pair linked to foreign language character sets used in Cambodia and Tibet. Source: http://www.computerworld.com/s/article/9220094/Google_patches_32_Chrome_bugs_revs_browser_to_v.14

For another story see item 21 above in the Banking and Finance Sector

Communications Sector

49. September 16, Saratoga Springs Saratogian – (New York; Massachusetts) Telephone service interrupted for thousands. Service has been restored to Cornerstone Telephone customers in the Troy, New York area, following an outage that lasted about 2.5 hours September 16. Cornerstone, which is based in Troy, serves more than 14,000 voice customers in New York, and Massachusetts, A spokeswoman for the company, said the outage affected a small portion of their customers. She said the problem occurred when a carrier for the company experienced an outage. Phone service went out at about 12:35 p.m., and was restored at 3 p.m. Source: http://saratogian.com/articles/2011/09/16/news/doc4e73aabd8f971044527628.txt