Thursday, September 22, 2011

Complete DHS Daily Report for September 22, 2011

Daily Report

Top Stories

• Thousands of gallons of gasoline flooded an Aurelius, New York crop field and nearby waterways, and forced a large-scale residential evacuation September 20 after a farmer dug into a 10-inch fuel line. – Auburn Citizen (See item 2)

2. September 20, Auburn Citizen – (New York) Aurelius evacuation order lifted; spill cleanup continues. Thousands of gallons of gasoline flooded an Aurelius, New York crop field and forced a temporary large-scale residential evacuation September 20 after a farmer dug into a 10-inch fuel line while attempting to bury drainage pipes. The director of the Cayuga County Emergency Management Office said officials do not know how much fuel was spilled when the line was ruptured at 10:26 a.m., but said at least 1,500 gallons were recovered by 3 p.m. The line was leaking for 45 minutes to an hour before it was shut off. Residents within 1.5 miles east of the spill were temporarily evacuated due to concerns about the potential for explosions, and residents to the west were told to stay indoors, the director said. About 70 households were evacuated. The evacuation area was determined based on wind direction and speed. That evacuation order was lifted at 7:30 p.m., allowing residents to return home. Massive pools of fuel remained in the crop field near the intersection of Turnpike and Townsend roads throughout most of the day, he said. Some of the pools were the size of a football field and up to 5 inches deep. Residents in the area were also being advised to use bottled water for their household needs until health officials could conduct tests to determine if well water in the area is safe to use. Those tests were scheduled to be conducted September 21. Fuel also entered a nearby stream, and the director said emergency crews set up booms to absorb the contamination there. Officials with the state department of environmental conservation have been on the scene assessing damage and will be in charge of the ensuing investigation. The county department of health is also monitoring the situation. Source:

• U.S. officials expressed concern September 21 about recent massive cyberattacks on Japan defense contractors who work with U.S. contractors to build weapons for the Japanese military. – New York Times (See item 13)

13. September 21, New York Times – (International) U.S. expresses concern over cyberattacks in Japan. The United States gave a stern warning September 21 over recent cyberattacks on Japan’s top defense contractors, the latest in a series of security breaches that have fueled worries over Tokyo’s ability to handle delicate information. An online assault on defense contractors including Mitsubishi Heavy Industries (MHI), which builds F-15 fighter jets and other American-designed weapons for Japan’s Self-Defense Forces, began in August but came to light only earlier the week of September 19, prompting rebukes from Japanese officials over the timing of the disclosure. IHI Corp., a military contractor that supplies engine parts for fighter jets, may have also been a target, the Nikkei business daily reported. MHI said September 19 its computer systems were hacked and some network information may have been compromised. According to the company, 83 computers and servers at 11 locations, including its Tokyo headquarters, factories, and a research and development center were accessed in the attack. Details of the breach were still unclear, a company spokesman said September 21. Japan’s defense minister said he did not receive reports that any classified information was compromised. It also remained unclear where the attacks originated, he said. However, an investigation by a security company revealed connections were made to 14 overseas sites, including at least 20 servers in China, Hong Kong, the United States, and India, according to the Yomiuri Shimbun, Japan’s largest daily. MHI has built F-15 fighter jet and missile systems, including Patriot batteries, and AIM-7 Sparrow air-to-air missiles, designed in the United States. The company builds some of that equipment with American contractors, including Raytheon and Lockheed Martin. Source:


Banking and Finance Sector

16. September 21, Inquirer – (National) Malware distribution campaign uses legal threats. Security researchers warn that an e-mail-based malware distribution campaign is threatening users with lawsuits to trick them into opening malicious attachments. In an attempt to gain credibility, the rogue e-mails purport to originate from the Investment Company Institute (ICI), the national association of U.S. investment companies. The spam bear various subjects, most of them threatening in nature, such as, “We are going to sue you”, “FW: This is a final warning”, “We’ve sent you a copy of a complaint” or “A message from our security service”. The spammers actually accuse targeted users of sending spam. The messages reads, “Your email is sending spam messages! If you don’t stop sending spam, we will be impelled to sue you!” The purpose of the threat is to convince users to open the attached file, which the spammers claim is a document detailing the problem. The attachment contains a trojan downloader. “When the trojan triggers, it copies itself to the system path under the Startup folder and deletes itself,” Websense security researchers warned. “Whenever you start the computer, the trojan will execute. This trojan can connect to remote servers and download malicious files.” Source:

17. September 21, WGAL 8 Lancaster – (Pennsylvania) Police: thieves pose as workers, steal entire ATM. Businesses in Dauphin County, Pennsylvania, that have portable ATMs are being warned about a recent theft pulled off with one phone call. Swatara Township police said someone called the Spring Creek Rehabilitation and Health Center September 19 and asked if maintenance personnel had picked up the ATM. “This phone call created the false impression that someone was supposed to pick up the ATM machine,” stated a police news release. Minutes later, three men entered the lobby, put the machine on a dolly, loaded it into a dark-colored minivan and drove off. The Swatara Township Police are currently attempting to identify the three individuals who removed the ATM. Source:

18. September 20, Agence France-Presse – (International) Online gambling site busted in ‘Ponzi scheme. International online gambling site Full Tilt Poker stole $440 million from players in a Ponzi scheme used to pay lavish fees to board members, U.S. prosecutors said September 20. Full Tilt “defrauded players by misrepresenting that their funds on deposit in online gambling accounts were safe, secure, and available for withdrawal at any time,” the U.S. Attorney’s Office for Southern Manhattan said. “In reality, Full Tilt Poker did not maintain funds sufficient to repay all players, and in addition, the company used player funds to pay board members and other owners more than $440 million since April 2007.” The senior prosecutor said the site’s top figures, including two famed poker champions, “lined their own pockets with funds picked from the pockets of their most loyal customers while blithely lying to both players and the public alike about the safety and security of the money deposited with the company.” In a classic pyramid scheme, gamblers were given the impression they still had money deposited and were allowed to keep gambling, even when all that remained were “phantom” funds, prosecutors said. The company ended up owing $390 million worldwide, including $150 million to U.S. customers. Full Tilt was first sued by federal authorities in April as part of a broader crackdown on online gambling, which the Justice Department says is illegal. The suit was revised and refiled September 20 in the developing investigation. In the original suit, Full Tilt and two other online poker firms — PokerStars and Absolute Poker — were charged with bank fraud, money laundering, illegal gambling, and other offenses. The two poker champions were not mentioned in the original complaint against Full Tilt Poker. They are alleged to have been paid $25 million and $42 million respectively by the site. The amended complaint seeks the forfeiture of dividends received by the champions, other directors, and money laundering penalties. Source:

19. September 20, New York Times – (National) S.E.C. hid its lawyer’s Madoff ties. After a giant Ponzi scheme was revealed, the U.S. Securities and Exchange Commission (SEC) went to great lengths to make sure none of its employees working on the case posed a conflict of interest. But as a new report made clear September 20, one top official received a pass: the SEC’s general counsel, who went on to recommend how the scheme’s victims would be compensated, despite his family’s $2 million inheritance from an account in the scheme. The report by the IG provides fresh details about the weakness of the agency’s ethics office, and reveals that no commissioners, except for its chairwoman, had been advised of the counsel’s conflict. It said the chairwoman agreed with a decision to keep the counsel from testifying before Congress, where he would have disclosed his financial interest in the scheme. Federal conflict of interest law requires government employees to be disqualified from participating in a matter “if it would have a direct and predictable effect on the employee’s own financial interests.” But, the counsel “participated personally and substantially in particular matters in which he had a personal financial interest,” the IG wrote. Among the actions taken by the counsel that were cited in the report were his efforts to influence deliberations concerning how victims would be compensated, which could have had a direct impact on his financial standing. The report cited testimony from a witness who said that by early 2009, the chairwoman indicated most SEC commissioners had agreed on a method that would give investors a claim to only the money they had put into the accounts in the scheme. But after the counsel rejoined the SEC in February 2009 after an earlier stint, he argued for a reversal of this decision, the report said, at first pushing for victims to be compensated partly based on the final balance listed in their account. The counsel’s financial interest came to light this year after he and his brothers were sued by the trustee in the case, who is seeking to recover about $1.5 million of the roughly $2 million they received from the account. Two House subcommittees have called a hearing for September 22 about the incident. In his conclusion of the report, the IG recommended the SEC change its reporting lines so that the ethics officer reports directly to the chairman. Source:

Information Technology Sector

38. September 21, Softpedia – (International) Microsoft Gold partner accused of scam calls. Microsoft issued a statement to notify people one of their Gold partners has been blacklisted after making scam calls, alerting them of fake virus infections. India-based computer support service Comantra has been supposedly making phone calls to individuals in the United States, the United Kingdom, and Australia, posing as Microsoft personnel in the attempt to dupe computer users into believing their machines were malfunctioning. They would then offer to fix the issue in exchange for certain amounts of money. According to PC Pro, the ill-intended calls were made since 2009 and even if Microsoft was previously warned about the whole operation, no action was taken up until now. Source:

39. September 21, H Security – (International) Malware for everyone - Aldi Bot at a discount price. Anti-virus vendor G Data is reported a functional botnet builder, dubbed the Aldi Bot, is available on underground forums for $13. The company said the Aldi Bot Builder appears to be based on the ZeuS source code. The Aldi Bot can read (saved) passwords from the Firefox Web browser, Pidgin IM client, and JDownloader download tool, and send them to a command and control server which is included in the price. The Aldi Bot can also carry out distributed denial-of-service attacks. The bot can also be set up as a SOCKS proxy to use infected computers as proxies for protocols of the bot herder’s choosing. Infecting systems with the discount malware does, however, require additional measures, such as exploit packs on infected Web sites. Source:

40. September 21, H Security – (International) Cisco warns of vulnerability in its Identity Services Engine. Cisco is warning users of a critical vulnerability (CVE-2011-3290) in its Identity Services Engine (ISE). In its security advisory, the company said the underlying database used by ISE, its identity and access control policy platform, contains three sets of default credentials that could be exploited by a remote attacker without any end-user interaction. Using these credentials, an attacker could modify the configuration and settings, or even gain complete administrative control of adevice. All hardware appliance and software-only versions of Cisco ISE prior to 1.0.4.MR2 are affected. The company said it will release a free update to the software to address the vulnerability September 30; no temporary workaround is available. Once released, the updates will be available to download from the Cisco Software Center. Source:

41. September 20, The Register – (International) Android bug lets attackers install malware without warning. It has been more than a month since researchers reported two serious security vulnerabilities in Android, but so far there is no indication when they will be purged from the Google operating system that is the world’s most popular smartphone platform. The first flaw allows apps to be installed without prompting users for permission. This permits attackers to surreptitiously install malware in much the way a proof-of-concept exploit a researcher published in 2010 did. In that case, an app he planted in the Android Market and disguised as an expansion pack for the Angry Birds game secretly installed three additional apps that without warning monitored a phone’s contacts, location information, and text messages so data could transmitted to a remote server. The second bug resides in the Linux kernel where Android originates and makes it possible for installed apps with limited privileges to gain full control over the device. The vulnerability is contained in code the device manufacturer has put into some of Android’s most popular handsets, including the Nexus S. The bug undermines the security model Google developers created to contain the damage any one application can do to the overall phone. Source:

For more stories, see items 13 above in Top Stories and 16 above in the Banking and Finance Sector

Communications Sector

42. September 21, Oklahoma City Oklahoman – (Oklahoma; National) Oklahoma regulators seeking help with phone problems. Oklahoma regulators asked the Federal Communications Commission (FCC) to address problems that are preventing some telephone calls from being completed. The Oklahoma Corporation Commission (OCC), like its counterparts in other states, sent a letter to the FCC urging the agency to investigate the issue and pursue a solution. There has been a growing number of complaints in Oklahoma and other states from telephone customers and their service providers regarding so-called “call termination” problems, the commission said. Based on complaints, the problem appears to involve long-distance calls made from a wireline, cellular phone, or Internet-based telephone service. The majority of the complaints involve long-distance calls made to telephone customers in rural areas, but the rural phone companies’ equipment and practices do not appear to be responsible. Rural trade associations from across the country told the FCC that complaints regarding call completion problems were up more than 2,000 percent from March 2010 to April 2011. Because of call termination complaints from Oklahoma, phone companies and their customers, state regulators are conducting their own inquiry. Source:

For another story, see item 41 above in the Information Technology Sector