Tuesday, October 11, 2011

Complete DHS Daily Report for October 11, 2011

Daily Report

Top Stories

• A freight train loaded with ethanol from a corn processing plant crashed and exploded October 7, forcing the evacuation of a small town in northern Illinois. – Associated Press (See item 1)

1. October 7, Associated Press – (Illinois) Fiery train derailment in Ill. leads to evacuation. A freight train loaded with ethanol crashed and exploded October 7, sending up bright orange flames and plumes of smoke that could be seen miles away, and forcing the evacuation of a small town in northern Illinois. A captain of the Ottawa Fire Department said the train's tanker cars were shipping ethanol for Decatur-based, corn processor Archer Daniels Midland, and possibly other materials and chemicals, when it crashed and derailed. At least six tanker cars were burning, he said. There was no immediate information about any injuries. Authorities said evacuees from Tiskilwa, a village of about 800 people about 100 miles west of Chicago, were being taken to a nearby high school. Twenty-six cars on the 131-car train derailed, including seven to nine loaded with ethanol, according to the chief operating officer of Iowa Interstate Railroad. The fire prevented officials from immediately getting close enough to the train to determine what caused the accident. Source: http://www.google.com/hostednews/ap/article/ALeqM5gARFekxb6F8QnXncXNeJQzhlvEQQ?docId=8c309528a3f748e4a2db2826e356f957

• The Anik F2 Canadian satellite shut down October 6, cutting out communications for many communities in the United States and Canada, canceling flights, and knocking out some automated teller machines. – ZD Net UK See item 36 below in the Communications Sector


Banking and Finance Sector

10. October 7, Macon Telegraph – (Georgia) Alleged Macon gang member denied loan, threatens to shoot employees. An alleged Macon, Georgia gang member has been charged with making terroristic threats after he refused to leave a credit union and threatened to shoot employees on a return trip October 5. A Robins Federal Credit Union employee told police the 21-year-old man was turned down for a loan about 11:30 a.m. October 5 at the credit union’s branch on Log Cabin Drive. In response, the man said he intended to return to the credit union and “pick off” several employees using a .45-caliber Glock handgun, according to a police report. He refused to leave the credit union after a manager asked him twice to do so. When a police officer arrived, he found the suspect wearing all black clothing, including a black bandanna hanging from his back pocket, a hooded sweatshirt, and screaming profanity. While in custody, he told police he planned to return to the credit union with his ”homies” and shoot employees if he did not get a loan, according to the report. He also was charged with participation in a criminal street gang, and criminal trespassing. An off-duty police officer will be at the credit union branch during business hours for the next several days. Source: http://www.macon.com/2011/10/07/1734290/man-makes-threats-after-loan-denied.html

11. October 7, The Register – (International) AmEx 'debug mode left site wide open', says hacker. An alleged vulnerability on American Express (AmEx) site exposed customers to a serious security risk before the credit card giant closed down a portion of its site the afternoon of October 6. A researcher claimed the problem arose because the debug mode of the americanexpress.com site had inexplicably been left on, thus providing access to vulnerable debug tools. The security shortcoming creating a possible mechanism to harvest users' authentication cookies, according to a researcher. AmEx said the issue was confined to a test page. In a statement, issued to Financial News Network, it stressed customer information was never at risk. "We learned this morning that an internal test page created to update promotional offers was temporarily accessible on our US website. The page did not contain CM information such as card number, name or address. The page in question has been taken down. We are not aware of any information at this time that this vulnerability was used for malicious purposes but we are continuing to investigate." The researcher went public with his findings October 6 – posting what appears to be a harmless proof-of-concept illustration of the bug – after he struggled to report the bug directly to AmEx. "The debugging tool is vulnerable to XSS [cross-site scripting] and it quickly becomes an issue when the debugging tools are called through unprotected GET parameters," he said. "The debug window refreshes itself so that injected code that doesn’t break the loop will execute infinitely. An attacker could inject a cookie stealer combined with jQuery’s .hide() and harvest cookies –- which can, ironically enough, be exploited by using the admin panel provided by sloppy American Express developers." He told The Register October 6 the security vulnerability was still present hours after he went public about the flaw. Source: http://www.theregister.co.uk/2011/10/07/amex_website_security_snafu/

12. October 6, U.S. Securities and Exchange Commission – (National) SEC files emergency action to halt green-product themed Ponzi scheme. The U.S. Securities and Exchange Commission (SEC) announced it obtained an emergency court order October 6 to halt a Ponzi scheme that promised investors rich returns on water-filtering natural stone pavers, but bilked them of about $26 million over a 4-year period. The SEC’s complaint, filed in U.S. District Court for the Southern District of New York, alleged a convicted felon and others defrauded investors in PermaPave Companies, a group of firms based on Long Island, New York. About 140 individuals, many working in the construction or landscaping business, invested in the scheme between 2006 and 2010, the SEC alleged. Investors were told PermaPave had a tremendous backlog of orders for pavers imported from Australia, which could be sold in the United States at a substantial mark-up, yielding monthly returns to investors of 7.8 percent to 33 percent. In reality, the complaint said there was little demand for the product, and the cost of the pavers far exceeded the revenue from sales. Lacking the profits promised to investors, the leaders of the scheme and two other PermaPave executives used new investments to make payments to earlier investors, and then siphoned off much of the rest for themselves. In addition, the complaint alleged the ringleader used investors’ money to make court-ordered restitution payments to victims of a previous scheme to which he pleaded guilty to in 2000. The SEC also alleged the defendants used some of the money raised through the scheme to buy a publicly traded company, Interlink-US-Network, Ltd. Several months later, the SEC said Interlink issued a Form 8-K, which falsely stated LED Capital Corp. had agreed to invest $6 million in Interlink. According to the complaint, LED Capital Corp. did not have $6 million and had no dealings, let alone any agreements, with Interlink. A federal judge granted the SEC’s request to freeze assets of the defendants, and eight relief defendants. The SEC is seeking preliminary and permanent injunctions against the defendants, and to have them return their allegedly illicit profits with prejudgment interest, and pay civil monetary penalties. In addition, the SEC seeks to bar the men from participating in penny-stock offerings, and from serving as officers or directors of public companies. Source: http://www.sec.gov/news/press/2011/2011-201.htm

13. October 6, Associated Press – (Kansas) Bomb threat closes bank, streets in NE Kansas town; nothing suspicious found. Authorities in northeast Kansas gave the all-clear October 6 after a bomb threat at a bank prompted a 2-hour search. The Holton Police chief said that someone called Holton National Bank on the morning of October 6 saying the building had to be evacuated or it would be bombed within 10 minutes. The Topeka Capital-Journal reported about 10 employees and a customer left the bank. Several nearby businesses were also evacuated, and streets around the town square were closed to traffic. Two bomb-detecting dogs checked the bank building while officers from several agencies conducted a search. The police chief said no bomb was found, and no arrests have been made. Source: http://www.therepublic.com/view/story/7511094a86824da2b3176f73098dd8ca/KS--Bank-Bomb-Threat/

For more stories, see item 36 below in the Communications Sector

Information Technology Sector

31. October 7, The Register – (International) IE security hole sewn up for Patch Tuesday. Microsoft is planning to release eight security updates the week of October 10 –- two critical –- as part of its Patch Tuesday program. The highlight of the batch is a critical update for Internet Explorer (IE) that affects all supported versions of Microsoft's Web browser, including IE 9. The second critical update covers flaws in Microsoft .NET Framework and Microsoft Silverlight that create a possible mechanism for miscreants to inject hostile code onto vulnerable systems. The remaining six updates address lesser Windows vulnerabilities in Microsoft Forefront and Host Integration server. All six of these updates are rated as "important", and not all of them apply to all configurations. Source: http://www.theregister.co.uk/2011/10/07/ms_patch_tuesday_oct_pre_release/

32. October 7, Softpedia – (International) BlackBerry responds to Russian password cracking tool. The password-cracking tool advertised by Elcomsoft was analyzed by the BlackBerry Security Incident Response Team (BBSIRT) that wrote a statement regarding the application that allegedly is able to break almost any BlackBerry device password. Designed by Elcomsoft for safeword recovery, the software could be used to break the protection of Apple and BlackBerry machines. BBSIRT provided further details on the matter, also advising customers on how to better protect devices. Their response highlights the large number of unlikely to occur situations where a smartphone could actually be hacked by a criminal mind using the recovery utility. “The tool uses a brute-force attack to guess the smartphone password by attempting to decrypt the contents of a media card that has been removed from the smartphone. For this tool to do what Elcomsoft claims, an IT administrator or the smartphone user must have chosen to encrypt the contents of the media card with the smartphone password only." ”Furthermore, an attacker must have access to the media card from the smartphone, and the tool would have to successfully guess the password. To then use the password to unlock the smartphone, that attacker would also have to have access to the smartphone,” according to the statement issued by the BBSIRT. RIM advised customers to take the following measures to protect their assets: enable device data encryption; encrypt media cards by using device key or a combination of a device key and the device password; use strong passwords; and enable the built-in device firewall. Source: http://news.softpedia.com/news/BlackBerry-Responds-to-Russian-Password-Cracking-Tool-226203.shtml

33. October 6, H Security – (International) More patches from Cisco. A week after its latest patch day, network equipment manufacturer Cisco has published three additional advisories that discuss and provide patches to close holes in various products. The manufacturer closed five holes in the Firewall Services Module (FWSM) in its 6500 Catalyst switches and 7600 router series. Attackers can use one of the holes to get around the TACACS+ authentication and obtain administrative access to devices. The other four holes can be used to conduct denial-of-service attacks. Cisco also had to patch the TACACS+ authentication hole in its ASA 5500 Series Adaptive Security Appliances and the Catalyst 6500 Series ASA Services Module. The third advisory concerns a directory-traversal hole in the Network Admission Control (NAC) Manager. Attackers could use the vulnerability to gain access to critical information, such as password files and system logs, via TCP port 443. Cisco has published patches and, in most cases, workarounds for all of the holes. Source: http://www.h-online.com/security/news/item/More-patches-from-Cisco-1356415.html

34. October 6, Infosecurity – (International) Cybercriminals phish for Google AdWords' user names and passwords. A new Google AdWords phishing scheme designed to steal user name and password data has been discovered in the wild by M86 Security Labs. The phishing scheme involves a bogus notification e-mail that reads, “Google AdWords: You have a new alert” or ”Google Team: You have a new alert.” The phishing e-mail contains a “dodgy” URL, which the recipient is directed to click on, according to an M86 Security Labs blog. If recipients clicks on the URL, they are directed to a malicious Web page that enables cyber criminals to capture their user name and password for their Google AdWords account, M86 explained. ”Once you enter your Google account credentials in the phishing page this will NOT just compromise your Google AdWords account, but all your Google services like GMail or Google+ will be affected as well. When you receive these sorts of notification emails, always double check the URL before you click on them –- if it looks suspicious, it probably is,” the blog advised. Source: http://www.infosecurity-magazine.com/view/21196

For more stories, see items 11 above in the Banking and Finance Sector and 36 below in the Communications Sector

Communications Sector

35. October 7, Associated Press – (Iowa) Severed fiber causes long-distance, cellphone and 911 problems in northwest Iowa. Long-distance, cellphone, and 911 services were restored the afternoon of October 6 after disruptions in northwest Iowa. A Frontier Communications general manager told the Fort Dodge Messenger that the problems were caused by an accident near Ames the morning of October 6. She said a communications fiber there was cut, which affected services from Ames to Mason City, and from Ames to Des Moines. She said the cut disrupted long-distance service as well as cellphone service, even though it goes through a tower. Webster County Emergency Management Agency alerted the county that 911 was not working, so alternative numbers were given out to the public. Source: http://www.therepublic.com/view/story/5b1ff36241e344249eeb8b4eb9f85eb9/IA--Phone-Service-Disruption/

36. October 7, ZD Net UK – (International) Satellite outage hits US and Canada. The Anik F2 satellite stopped providing services the morning of October 6, cutting out communications for many people in the United States and Canada. Its operator, Telesat Canada, described the glitch as "a technical anomaly" and said the Anik F2 satellite could be returned to normal operation. Reports suggest the downtime caused flight cancellations, while also taking ATMs and mobile phone services out of action in some areas. "Telesat is now undertaking to return the satellite to normal operations and is working with its customers on Anik F2 to restore traffic in an orderly manner and minimise the impact to their networks," the company said in a statement October 6. The cause of the malfunction has not been identified, but is not related to a solar storm that happened the same day, Telesat told the Ottawa Business Journal. "There was an issue on the spacecraft, and it went into safe mode," a company spokesman told the newspaper. In safe mode, the satellite shuts itself down and turns itself toward the sun, with its panels in the best position to power its batteries. According to the Canadian Broadcasting Corporation (CBC), 39 communities in the north of Canada lost their long-distance phone service during the outage, which began around 6:30 a.m. Internet and some cable TV services were also affected, as were flights and ATMs that relied on Anik F2 for connectivity. However, satellite phones in the affected communities remained operational, as they use a different satellite, according to reports. Neverthless, the problems could affect thousands of people across North America. ZDNet UK's sister site CNET News.com reported tsatellite-based Internet service providers including WildBlue were also hit, with customers losing Web access during the outage. Source: http://www.zdnet.co.uk/news/networking/2011/10/07/satellite-outage-hits-us-and-canada-40094132/

For more stories, see items 32 and 34 above in the Information Technology Sector