Friday, October 14, 2011

Complete DHS Daily Report for October 14, 2011

Daily Report

Top Stories

• The Federal Highway Administration is advising state transportation departments that oversee fracture-critical bridges constructed of T1 steel to inspect butt welds, in case they have cracks that could lead to a structure failure. – Engineering News-Record (See item 14)

14. October 13, Engineering News-Record – (National) Ohio River bridge closure triggers federal advisory. The Federal Highway Administration (FHWA) is advising state transportation departments that oversee fracture-critical bridges constructed of T1 steel to inspect butt welds, just in case they have cracks similar to those recently discovered on the Interstate 64 Sherman Minton Bridge between Kentucky and Indiana. On September 9, the Indiana Department of Transportation closed the 49-year-old bridge — a double-deck structure spanning the Ohio River with two 800-foot main spans — after an inspection revealed a 2.5-inch crack in the butt weld of a tension tie — a lateral component crucial to reinforcing tied-arch structures. T-1 steel is a high-strength material commonly used to construct bridges in the 1950s and 1960s. The September advisory specifies tension components constructed of T-1 steel prior to adoption of the so-called fracture control plan of welding codes recommended by the American Association of State Highway and Transportation Officials. Bridges constructed prior to adoption of the 1995 code may develop cracks due to a lack of hydrogen control during welding, according to the FHWA. The agency defines Sherman Minton and other fracture-critical bridges as structures with non-redundant components, meaning if one part of a bridge fails, the entire structure could be at risk. Source:

• A custody battle may have precipitated a deadly shooting at a Southern California hair salon October 12 that left eight people dead. – CNN; KTLA 5 Los Angeles (See item 45)

45. October 13, CNN; KTLA 5 Los Angeles – (California) Report: Custody battle led to California salon shooting. A custody battle may have provided the motive for a deadly shooting at a Southern California hair salon that left eight people dead, according to KTLA 5 Los Angeles October 13. A ninth person, a woman, was critically injured in the incident about 1:21 p.m. October 12 at Salon Meritage in Seal Beach, California, police said. Officers responding to the sound of shots fired at the salon found six people — a man and five women — dead inside the business. Three people were taken to a hospital, where two more — a man and a woman — died from their injuries, a Seal Beach police sergeant said. The suspect was arrested without incident as he was trying to leave the scene in a vehicle, a police statement said. He faces multiple counts of murder, according to police. KTLA reported that the suspect's ex-wife was a stylist at the salon, and that the two were involved in a custody battle over their son. She was among those killed in the shooting, according to KTLA. The people shot appeared to be seeking shelter or cover during the shooting, the police sergeant said. Victims were scattered throughout the salon, and one victim was found outside, although it was not known whether he was shot outside or inside, he said. The shooting is the deadliest in Orange County history, KTLA reported. Source: shooting/index.html?hpt=us_c1


Banking and Finance Sector

11. October 12, Courthouse News Service – (International) Feds nab another eight in Holocaust fund scam. Five former employees of a group that helps compensate victims of Nazi persecution were among those arrested October 12 for an alleged scheme that stole $57 million intended for Holocaust victims. The Conference on Jewish Material Claims against Germany employees are accused of approving nearly 5,000 fraudulent applications in exchange for kickbacks, according to the newly unsealed complaints and depositions of FBI agents. Eight people were charged in the complaint, and a ninth is expected to surrender October 13. To date, the Justice Department has charged 30 people in connection to the fraud, which the FBI has been investigating since December 2009. As part of the scheme, investigators said defendants submitted claims to the conference's "hardship fund" with falsified data. That fund, sponsored by the German government, pays eligible applicants $3,500 for fleeing Nazi persecution. "We have identified numerous applications for payment under the hardship fund in which the applicants' names and Social Security numbers are valid, but where the dates of birth were doctored to make the applicant appear to be born during or before World War II," an FBI special agent said. The claims conference determined 3,839 of its hardship fund applications appear fraudulent, causing $12.3 million in losses for the fund. Some of the conspirators acted as "recruiters" for fraudulent claims, recruiting members of the Russian Jewish community to obtain identification documents, and eventually passing them to a claims conference employee, investigators said. All of the defendants were charged with conspiracy to commit mail fraud, and face a maximum of 20 years in prison if convicted. Source:

12. October 12, U.S. Department of Treasury – (International) Treasury designates Iranian commercial airline linked to Iran's support for terrorism. The U.S. Department of the Treasury announced October 12 the designation of Iranian commercial airline Mahan Air pursuant to Executive Order (E.O.) 13224 for providing financial, material, and technological support to the Islamic Revolutionary Guard Corps-Qods Force (IRGC-QF). Based in Tehran, Iran, Mahan provides transportation, funds transfers and personnel travel services to the IRGC-QF. Mahan provided travel services to IRGC-QF personnel flown to and from Iran and Syria for military training. Mahan also facilitated the covert travel of suspected IRGC-QF officers into and out of Iraq by bypassing normal security procedures, and not including information on flight manifests to eliminate records of the IRGC-QF travel. Mahan crews have facilitated IRGC-QF arms shipments. Funds were also transferred via Mahan for the procurement of controlled goods by the IRGC-QF. In addition to the reasons for which Mahan was designated October 12, it also provides transportation services to Hizballah, a Lebanon-based designated Foreign Terrorist Organization. Mahan has transported personnel, weapons, and goods for Hizballah, and omitted from cargo manifests secret weapons shipments. As a result of the October 12 action, U.S. persons are barred from engaging in commercial or financial transactions with Mahan, and any assets it may hold under U.S. jurisdiction are frozen. Source:

13. October 12, Reuters – (California) 11 arrested in San Francisco protest, organizers say. Eleven protesters were arrested October 12 in San Francisco after shutting down all entrances to the Wells Fargo corporate headquarters downtown during a march against economic inequality, an organizer on the scene said. San Francisco police could not immediately confirm the arrests. But a protest organizer told Reuters by phone from the scene that the arrests were made to allow bankers into the corporate portion of the building. Roughly 100 or 200 protesters remained at the building and the attached bank was shut down for the day, the organizer said. Source:

For another story, see item 37 below in the Information Technology Sector

Information Technology Sector

37. October 13, Softpedia – (International) P2P Techniques Boost the Power of ZeuS. A Swiss security researcher discovered a customized variant of the infamous ZeuS that no longer uses a Domain Generation Algorithm (DGA) to determine the currently active C&C domain, Softpedia reported October 13. "The 'new' version of ZeuS (v3?) implements a Kademlia-like P2P botnet. Similar to the Miner botnet, ZeuS is now using a 'IP list' which contains IP addresses of other drones participating in the P2P botnet. An initial list of IP addresses is hardcoded in the ZeuS binary,” the researcher revealed. The improved version of t he Trojan only uses DGA if everything else fails. Because HTTP is only utilized to receive commands from the botnet master and for dropping stolen data to the drop zone, BinaryURL and ConfigURL are not necessarily present, which means it is harder to track. When it lands on a computer, it will immediately look for an active node by sending UDP packages. If such a node is found, it will reply with a list of IPs that take part in the peer-to-peer network. After getting information on the binary and config versions utilized, it will check for a recent form that allows connection to the node via a TCP high port to download the updated binary or the current config file. Finally, the HTTP bit steps in and the bot connects to the C&C domain listed in the configuration file. The research further shows India currently has the most infected systems, Italy and the United States closely following. The expert advises security personnel to keep a close eye for strings such as gameover.php, gameover2.php or gameover3.php in the Web proxy log, which indicate the presence of ZeuS' new variant. Source:

38. October 13, H Security – (International) Microsoft report: Users responsible for half of all infections. In its latest security report October 13, Microsoft found that only 5.6 percent of all infections with malicious software are the result of security holes. Almost half the time (45 percent), users infect their computers by launching malicious software themselves. Infected USB sticks are behind an impressive 26 percent of all attacks. This vulnerability is made possible by the USB autostart function, which was only included in Windows up to Vista; in February, Microsoft disabled it with an update. Infected network shares are behind 17.2 per cent of all attacks, with contaminants spreading by infecting other files 4.4 per cent of the time. Brute force attacks on passwords and manipulation of Office macros are relatively negligible in spreading viruses at 1.7 and 0.3 per cent, respectively. It is the first time Microsoft has analyzed how viruses are disseminated in its report. Up to now, many experts had assumed that vulnerabilities play a much greater role in computer infection. Source:

39. October 13, H Security – (International) Apple's iOS 5 update closes almost 100 security holes. Apple released version 5 of its iOS mobile operating system October 13, a major update that adds several new features and addresses many security vulnerabilities. According to the company, the update closes nearly 100 holes in the OS that could, for example, be exploited to gain access to private data, cause a device reset, lead to a cross-site scripting (XSS) attack, or execute arbitrary code on a victim's device. The security update fixes issues with the mobile version of the Safari Web browser, the Calendar app, the Office Import component for viewing Microsoft Office Word and Excel files, and the way X.509 certificates are handled. Support for TLS 1.2 has been added to prevent an attacker from decrypting an SSL connection via the recently disclosed potential information disclosure risk in SSL/TLS. The new version also removes trust from the certificate authorities (CAs) operated by DigiNotar after the CA was compromised. Source:

40. October 13, IDG News Service – (International) Thailand floods may disrupt global electronics makers. Severe floods in Thailand have disrupted production of electronics including hard disk drives and semiconductors, with a number of factories suspending operations, Computerworld reported October 13. Hard disk drive maker Seagate Technology warned that a disruption in its supply chain could affect production, although its factories in Thailand were still in operation. "As a result of the disruption caused by the floods, Seagate anticipates hard drive supply will be constrained throughout the current quarter," the company said in a statement. Seagate continued to operate its factories in Thailand, and employees were getting to work, the company said. But its hard disk drive component supply chain was getting disrupted, and supply of certain components could be affected, it added. Western Digital, Microsemi, ON Semiconductor, and Hutchinson Technology also reported production slowdowns or stoppages due to flooding. About 280 people have died, and a large number of provinces in the country have been inundated by the floods since late July, according to reports. Source:

41. October 12, IDG News Service – (National) Man charged with hacking Scarlett Johansson, other celebs. A 35-year-old man was arrested October 13 on charges that he broke into the e-mail accounts of numerous Hollywood celebrities and stole private photographs and correspondence. The man from Jacksonville, Florida, is accused of breaking into more than 50 online accounts over the past year, the FBI said. It said the man "distributed some of the files he obtained illegally, including photos of celebrities, and offered them to various celebrity blog sites." The man allegedly dug up personal information about the celebrities on the Internet and used it to break into their Yahoo, Apple, and Google e-mail accounts. Prosecutors did not say how he did this, but in the past, hackers have broken into accounts by finding the answers to password-reset questions. He also allegedly found new victims by scanning the address books of his targets, and by setting up their accounts to auto-forward e-mails to his own address. That meant that even after the stars had reset their passwords, the suspect was still able to read their e-mail, the FBI said. Source:

42. October 12, SC Magazine – (International) Fake Android app mimics Netflix-for-mobile. A new, malicious application masquerading as the online streaming video service Netflix is aiming to steal information from Android users, according to researchers at Symantec. The phony app, which appears nearly identical to the actual one, contains a trojan “Android.Fakeneflic” that attempts to harvest users' Netflix account information, a Symantec researcher wrote in a blog post October 12. The app was discovered on an online Android user forum, but is not available in the official Android Market. Once an unsuspecting user enters log-in credentials into the app, the data is captured and posted to the attackers' server. A screen then appears that informs users their current hardware is unable to install the app, and they must upload another version. The official Android Netflix app was launched earlier this year for select phones that could handle video streaming. ”A gap in availability, combined with the large interest of users attempting to get the popular service running on their Android device, created the perfect cover for [the trojan] to exploit,” the researcher wrote. Source:

For another story, see item 43 below in the Communications Sector

Communications Sector

43. October 12, Los Angeles Times – (International) RIM CEO says BlackBerry service restored, apologizes for outage. A top Research in Motion (RIM) executive said BlackBerry service was fully restored early October 13 after the company's worst-ever outage, and personally apologized for the problem that affected many of its 70 million customers around the world. In a conference call with reporters October 13, RIM's president and co-chief executive said any continuing problems experienced by BlackBerry users were likely caused by the lengthy backlog of messages due to the 3-day outage. He also suggested that customers still experiencing problems remove their BlackBerry's battery for a short time to reset the device because the lengthy outage could have affected its ability to synchronize with the network. The RIM executives said the company has been working around the clock to resolve the outage, which began in Europe October 10. By October 12, the service disruptions had spread to five continents, including North America. The company believes the outages were triggered by a hardware failure, and RIM was taking "immediate and aggressive steps" to minimize the risk of it happening again. The outage was the most extensive in the company's 12-year history. Source:

For more stories, see items 39 and 42 above in the Information Technology Sector