Monday, October 17, 2011

Complete DHS Daily Report for October 17, 2011

Daily Report

Top Stories

• In the wake of a large condominium complex fire, Pacific Gas and Electric will spend hundreds of millions to replace 1,231 miles of aging, notoriously faulty plastic gas pipeline across California. – San Jose Mercury News (See item 1)

1. October 14, San Jose Mercury News – (California) PG&E to replace more than 1,200 miles of faulty gas piping across California. Facing pressure after a leaky plastic gas pipe sparked a fire at a Cupertino, California, condominium complex, Pacific Gas and Electric (PG&E) has decided to replace all 1,231 miles of the same type of aging and notoriously faulty pipeline across California. The massive project will start next month in Cupertino and Roseville — where the pipe has been involved in recent accidents — and in St. Helena. Communities across northern California and in every Bay Area county will be dug up while the job, expected to cost hundreds of millions of dollars, is completed over the coming years. Unlike the 30-inch, steel transmission line that ruptured last year, killing eight people in San Bruno, the 2-inch wide plastic pipe that failed in Cupertino 6 weeks ago is part of PG&E's network of 42,000 miles of distribution lines that deliver gas directly to businesses and homes. Batches of that plastic pipe, manufactured by DuPont before 1973 under the name Aldyl-A, have shown a history of cracking, prompting numerous federal safety advisories dating to 1998. Replacing all 1,231 miles of PG&E's pre-1973 Aldyl-A pipe will take more than 3 years, a spokeswoman said. The company also is building computerized maps to digitize 15,000 paper maps showing where the pipe is located statewide. It is building a database to help analyze leaks and find which sections should be replaced first, and it will replace some of the 6,676 miles of Aldyl-A pipe built after 1973 in areas with higher-than-normal leak histories, she said, even though that vintage of pipe has not been the subject of federal advisories. Source:

• Errors by air traffic controllers near airports as well as incidents in which there was an unauthorized plane, vehicle, or person on a runway, have increased sharply, a new government watchdog report said. – Associated Press (See item 12)

12. October 14, Associated Press – (National) Watchdog: Air traffic controller errors soaring. Errors by air traffic controllers in the vicinity of airports as well as incidents in which there was an unauthorized plane, vehicle, or person on a runway have increased sharply, a government watchdog said in a report released October 13. Mistakes by controllers working at radar facilities that handle approaches and departures within about 30 miles of an airport that cause planes to fly too close together nearly doubled over 3 years ending in March, the Government Accountability Office (GAO) report said. Separately, runway incursions at airports with control towers increased from 11 incidents per million takeoffs and landings in the 2004 federal budget year to 18 incidents per million takeoffs and landings in the 2010 federal budget year. Most large and medium-sized airports have control towers. Such "runway incursions," as they are called, can involve anything that is not supposed to be on a runway, from a stray baggage cart to a plane that makes a wrong turn while taxiing. The GAO report said that while Federal Aviation Administration officials have met their goals for reducing runway incursions overall, the rate of incidents at airports with towers has increased. Source:*/Article_2011-10-14-Air Traffic Errors/id-52602c51125e43cb9a2fc039cea5c18d


Banking and Finance Sector

7. October 13, WGCL 19 Atlanta – (Georgia) Police bust theft ring, arrest 2, seize Lexus and 91K in cash. Cherokee, Georgia investigators said October 13 they arrested two men in connection to an identity theft ring. The men were arrested after investigators discovered they had been stealing identities and opening credit cards at several stores. Cherokee investigators said they seized high end retail property, a 1999 Lexus, a Harley Davidson motorcycle, and more than $91,000 in cash from the men's home. Police said the men would order high price items then sell the items on eBay. Investigators suspect one of the men has been conducting this operation for over 15 years, stealing about $9 million from victims. He has been charged with conspiracy to commit retail property fencing and violation of the Georgia Racketeering Influenced and Corrupt Organizations (RICO) Act. The other man has been charged with five counts of identity fraud, one count of conspiracy to commit identity fraud, one count of conspiracy to commit retail property fencing, and violation of the Georgia RICO Act. Source:

8. October 13, U.S. Securities and Exchange Commission – (New Jersey) SEC sanctions Direct Edge electronic exchanges and orders remedial measures to strengthen systems and controls. The Securities and Exchange Commission (SEC) October 13 sanctioned two electronic stock exchanges and a broker-dealer owned by Direct Edge Holdings LLC for violations of securities laws arising out of weak internal controls that resulted in millions of dollars in trading losses, and a systems outage. EDGA Exchange Inc., EDGX Exchange Inc., and their affiliated routing broker Direct Edge ECN LLC – all based in Jersey City, New Jersey — agreed to settle cease-and-desist and administrative proceedings without admitting or denying the SEC’s findings. The exchanges and the routing broker, DE Route, cooperated with the investigation and agreed to be censured and undertake remedial measures to correct the deficiencies. According to the SEC’s order, in the first incident November 8, 2010, untested computer code changes resulted in EDGA and EDGX overfilling orders. The unwanted trades involved about 27 million shares in 1,000 or so stocks, totaling roughly $773 million. At the exchanges’ instruction, one member traded out of the overfilled shares and submitted a claim to the exchanges for $105,000 of losses. When other members refused to do likewise, the exchanges assumed and traded out of the overfilled shares through the routing broker’s error account, in violation of their own rules. The SEC also found that in resolving the overfilled trades, which cost the exchanges about $2.1 million, DE Route violated rules on short selling, which involves sales of borrowed shares. DE Route failed to mark the orders as short or mismarked them as long, and failed to locate or document the availability of shares to borrow before selling them short, violating the SEC’s Regulation SHO. In the second incident April 13, 2011, an EDGX database administrator inadvertently disabled database connections, disrupting the exchange’s ability to process incoming orders, modifications, and cancellations, and leading several EDGX members to file claims for more than $668,000 in losses. EDGX waited about 24 minutes after the outage to remove its quotations from public market data, and violated the SEC’s Regulation NMS by failing to immediately identify its quotations as manual quotations. Source:

9. October 13, WHNS 21 Greenville – (International) Officials seize $2M from fake investment companies. A U.S. attorney announced October 13 the Greenville, South Carolina U.S. Attorney's Office along with the U.S. Secret Service and Greenville County Sheriff's Office seized $2,151,532 following an investigation into two shell companies. The U.S. attorney said Prime Investment, LTD and Trading 24/7 LTD were shell companies used as a front to transfer large amounts of money into the country while hiding the true source of funds. Through banking relationships with foreign banks, both companies used monetary wire transfers on "behalf of entities engaging in dubious business activities." The attorney said the sheriff's office helped them contact online gamblers to determine who they were getting their payouts from when they won money online. Through the investigation, Prime Investment and Trading 24/7's bank accounts were found to be paying online gamblers. The attorney said the focus of the investigation was not on the gamblers, but on the companies to maintain the U.S. financial structure by preventing money laundering. According to the attorney, the two foreign-based companies sent more than $40 million to the Unites States between October 2010 and February 2011. Both companies processed gambling proceeds from the online poker industry, sending payouts to players throughout the country including in South Carolina. Both companies violated federal laws including bank fraud, money laundering and the Unlawful Internet Gambling Enforcement Act, according to the U.S. attorney. Source:

10. October 13, New York Post – (New York; New Jersey) 'Holiday Bandit' pleads guilty to bank heists. A California man who became one of New York's most-wanted criminals after a bank robbery spree in the Christmas season of 2010 pleaded guilty October 13 to many charges. The robber, who became known as the "Holiday Bandit", admitted to committing the series of bank jobs at a hearing in Brooklyn federal court. A national of Ukraine, the bandit faces 181-205 months in prison when he is sentenced on nine bank robbery counts and one count of brandishing a firearm. He also could be deported after serving his sentence, officials said. The bandit traveled from the West Coast last winter and began a series of robberies at financial institutions in New York City and New Jersey that were intended to fuel his mounting heroin addiction, law enforcement sources said. In most instances, he would walk up to the teller, pull a pistol, and demand cash. Authorities said the bandit has a rap sheet in California that include arrests for drug possession and petty theft. Source:

11. October 13, KUSA 9 Denver – (Colorado) FBI searches for 'Wig Out Bandit' in 6 bank robberies. Police and the FBI announced October 13 they are looking for a man they have dubbed "The Wig Out Bandit" in connection to several bank robberies in Colorado. The FBI Rocky Mountain Safe Streets Task Force gave the man the name because he wore a wig in the first robbery they believe he committed. He is suspected in at least six robberies. Investigators said the man enters the bank, presents a demand note, and flees. Source:

For another story see item 34 below in the Information Technology Sector

Information Technology Sector

34. October 13, Dark Reading – (International) Blackhole crimeware goes 'prime time'. Attackers are increasingly using the Blackhole exploit kit in phishing campaigns. Most recently, one that poses as an e-mail notification from an HP OfficeJet Printer has sent nearly 8 million e-mails thus far, and uses 2,000 domains to serve up the malware, Dark Reading reported October 13. The OfficeJet e-mail campaign, like other Blackhole attacks, is trolling for victims' online banking credentials. It works a lot like Zeus and others, using browser vulnerabilities on victims' machines and creating a backdoor for downloading and installing the Trojans. An AppRiver researcher said Blackhole appears to favor Java and Adobe bugs. In May, Blackhole, which previously had been marketed as a high-end crimeware tool that cost $1,500 for a 1-year license, was unleashed for free in some underground forums. That has propelled more use of the toolkit. Source:

35. October 13, Computerworld – (International) Mac OS X security update causes crashes, say experts. Apple has released a massive security update for Mac OS X along with a new version of its OS, according to several reports October 13, but installing the patches could render computers unbootable. The Mac OS X Security Update 2011-006 addresses more than 70 vulnerabilities in core components, as well as third-party products bundled by default with the OS. Many of the flaws have the highest severity rating assigned to them and can result in arbitrary code execution through a remote attack vector. Despite the benefits of the security update, users should carefully weigh whether to install it. That is because, according to some reports, the update can result in serious issues. "Apple OSX Security Update makes macbook kernel panic at boot," warned a security researcher October 13 on Twitter. He later confirmed other users have experienced similar problems, particularly on systems with Lion/Snow dual-boot configurations. "If you have two or more os partition on mbp [MacBook Pro] it breaks," the security expert said. Source:

36. October 13, The Register – (International) Flashback trojan targeting OS X shuns virtual machines. Underscoring the growing sophistication of Mac-based malware, a trojan preying on OS X users has adopted several stealth techniques since it was discovered last month, The Register reported October 13. Updates to the Flashback trojan, which gets installed by disguising itself as an Adobe Flash update, now prevent the malware from running on Macs that use VMware Fusion. Such virtual machine software is routinely used by security researchers to test the behavior of a malware sample because it is easier to delete a virtual instance when they are finished than it is to wipe the hard drive clean and reinstall the operating system. When users get tricked into clicking on the recently introduced Flashback.D installer, the program checks to see if the Mac is running Fusion. If it is, it does not execute, researchers from antivirus provider Intego blogged October 13. Flashback developers have also modified their code so it no longer installs itself in an easy-to-spot subfolder off the OS X ~/Library location. Such virtual-machine blocking and cloaking of malicious files have become standard fare in Windows malware. Their addition to Flashback suggests the same techniques were being adopted by criminals targeting Macs. Source:

37. October 13, Network World – (International) Open source WineHQ database breached. For the second time in 2 months, a major open source project has been breached, Network World reported October 13. This time the victim is the WineHQ project, which manages Wine, an open source technology that lets users install and run Windows applications on Linux, Mac, Solaris, and other operating systems. WineHQ earlier the week of October 10 disclosed someone broke into one of its database systems and gained access to an open source PHP tool that allows remote management of databases. The attackers managed to harvest all log-in information of users of the Wine Application Database (AppDB) and Bugzilla, the WineHQ bug tracking system, giving them access to users' log-in names and passwords. "The passwords are stored encrypted, but with enough effort and depending on the quality of the password, they can be cracked," a Wine developer said. "This, I'm afraid, is a serious threat; it means that anyone who uses the same e-mail/password on other systems is now vulnerable to a malicious attacker using that information to access their account." WineHQ is resetting passwords of all affected users, he added. Source:

For another story see item 38 below in the Communications Sector

Communications Sector

38. October 14, High Point Enterprise and McClatchy-Tribune Information Services – (North Carolina) North State Internet outage fixed. North State Communications customers in North Carolina were without Internet service and e-mail for several hours due to an outage October 13. The High Point-based company said in a statement North State had a partial Internet outage while workers were performing upgrades on a computer system. The outage temporarily affected residential and business customers. The outage didn't affect access to electronic medical records for Cornerstone Health Care medical providers, said the supervisor of Cornerstone's IT department. The outage did slow down processing of insurance and billing records. The outage had a limited effect on the city of High Point, said the assistant director of IT services. When the North State service was lost temporarily, the city experienced some disruption of access to the Internet and e-mail. North State serves primarily a 600-square-mile area in the Piedmont. The company provides a variety of telecommunication services to High Point, Thomasville, Archdale, Randleman, Jamestown, Trinity, and portions of Greensboro and Kernersville. Source: