Thursday, November 10, 2011

Complete DHS Daily Report for November 10, 2011

Daily Report

Top Stories

• A tanker truck carrying thousands of gallons of diesel fuel burst into flames after it was hit by a milk tanker near Chandler, Arizona, killing one person, closing a major highway, and forcing evacuations of nearby hotels, schools, and homes. – Sacramento Bee (See item 1)

1. November 9, Sacramento Bee – (Arizona) 1 killed when 2 tankers collide in south Phoenix. Two tanker trucks collided and burst into flames on a busy freeway in a south Phoenix, Arizona suburb during the height of the rush hour November 9, killing at least one person and closing both directions of Interstate 10. Police in the city of Chandler and state police ordered the evacuations of at least two hotels and a school alongside I-10, the Arizona Department of Public Safety (DPS) spokesman said. Chandler police said they were moving people from hotels, homes, and businesses within a 1-mile radius to the east of the freeway. The Phoenix Fire Department asked residents on the west side of the freeway to stay in their homes. Horizon Community Learning Center on the west side of the freeway was closed for the day and students were sent home. The evacuation orders were lifted about 2 hours after the crash after firefighters finally were able to move in and douse the flames. The crash happened when a milk tanker rear-ended another tanker truck carrying 7,700 gallons of diesel gas byproduct and caught fire, the DPS spokesman said. The driver of the milk truck was killed in the intense fire that sent flames skyward and black smoke hundreds of feet into the air. The driver of the petroleum tanker was shaken up but uninjured and got out on his own, a Phoenix Fire Department spokesman said. The crash happened at about 7:45 a.m. and snarled freeway traffic across the suburbs south of Phoenix. The freeway was closed in both directions from U.S. 60 south to the Loop 202 freeway. Both are major routes into and out of Phoenix from the south. Firefighters were hampered by a lack of water along the freeway and had to bring in water trucks and firefighting foam to attack the flames, the fire department spokesman said. He said fire crews waited about 2 hours because of the threat of explosion before moving in and dousing the flames in 10 minutes. The eastbound lanes of I-10 were expected to reopen before noon, while the westbound lanes would be closed for hours as the debris was hauled away, officials said. Source:

• Federal agents at Chicago's O'Hare International Airport averted "a potential catastrophic event" when they stopped a package containing a phosphorous trip flare from being loaded onto a flight to Japan. – Reuters (See item 19)

19. November 8, Reuters – (Illinois) Agents intercept military flare in mail. Federal agents at Chicago's O'Hare International Airport averted "a potential catastrophic event" when they stopped a package containing a live military flare from being loaded onto a flight to Japan, a federal agency said November 7. The U.S. Customs and Border Protection (CBP) said the Vietnam War-era device, identified as an M49A1 phosphorous trip flare, was found in the mail as it was passing through the busy facility November 3. A customs supervisor said he did not know whether the package that contained the device would have been routed onto a passenger or cargo plane. The device, which burns at a temperature of 5,000 degrees Fahrenheit, had been listed on the shipping manifest as a "military training dummie," the agency said. When agents looking for contraband in the mail contacted the sender for more details, they learned he had acquired the device online from an estate sale and was sending it to a buyer in Japan. Bomb experts from the Chicago Police Department determined the package contained an incendiary device and rendered it safe. The case is under investigation. The CBP said agents did not believe there was any intent to harm. Source:


Banking and Finance Sector

11. November 9, Seattle Times – (Washington) Seattle bank damaged by ‘suspicious’ ATM fire. Seattle police are investigating a suspicious fire at a Madison Park bank early November 9. Police responded around 2 a.m. to an alarm at the bank. Officers found the bank’s outdoor ATM engulfed in flames and saw fire inside the bank, possibly originating from the ATM fire. The Seattle Fire Department responded and put out the fire. It appears there was no forced entry into the bank, police said. It was not immediately known if the the ATM had been burglarized. Source:

12. November 8, U.S. Securities and Exchange Commission – (New York) SEC obtains record $92.8 million penalty against Raj Rajaratnam. The Securities and Exchange Commission (SEC) November 8 obtained a record financial penalty of $92.8 million against a former billionaire hedge fund manager for widespread insider trading. The final judgment found the hedge fund manager liable for a civil monetary penalty of $92,805,705, which marks the largest penalty ever assessed against an individual in an SEC insider trading case. The SEC brought civil charges against the manager October 16, 2009, alleging he and several others, including his New York-based hedge fund advisory firm Galleon Management LP engaged in a massive insider trading scheme. The SEC’s enforcement action against the hedge fund manager and Galleon was part of a larger insider trading probe that has resulted in civil charges against 29 individuals and entities, including hedge fund advisers, Wall Street professionals, and corporate insiders. The SEC alleged insider trading in the securities of more than 15 publicly traded companies for more than $90 million in illicit profits or losses avoided. In the parallel criminal case, the SEC provided significant assistance to the U.S. Attorney’s Office for the Southern District of New York in its successful criminal prosecution of the hedge fund manager, who was found guilty May 11 of all 14 counts he was charged with. Following the jury verdict, he was sentenced to 11 years in prison, and was ordered to pay more than $53.8 million in forfeiture of illicit gains, and $10 million in criminal fines. The total amount of monetary sanctions imposed on the hedge fund manager in the civil and criminal cases is more than $156.6 million. Source:

13. November 8, Arizona Daily Sun – (National) Bank 'bandit' pleads guilty. One of the so-called "High Country Bandits" pleaded guilty October 26 to armed robbery and other charges related to a 6-month bank robbery spree that spanned four states and included two banks in Flagstaff, Arizona, the Arizona Daily Sun reported November 8. As a result of the plea agreement, he now faces 15-25 years in prison when he appears at a sentencing hearing in January 2012. Also as a condition of the plea agreement, he will have to pay restitution to all 16 of the banks he was accused of robbing, even though the charges will be dismissed regarding nine of those. The suspect was alleged to be the mastermind of the crimes. The defendant and his partner robbed rural banks at gunpoint and then often fled on all-terrain vehicles. Investigators believed it was the same man robbing the banks and another man would drive the get-away vehicle. They were able to catch the men in March 2010, after the pair's cell phones gave them away. Federal agents combed through the records of 150,000 phones used to make calls near four of the most remote bank robberies. Investigators were able to identify two cell phone numbers used prior to each robbery, and then requested a court order for the subscriber information on the phones. One of the phone subscribers owned vehicles that matched the descriptions of those used in the robberies. Source:

14. November 7, Associated Press – (National) Judge approves $410 million settlement of lawsuit against Bank of America on overdraft fees. A Federal judge November 7 gave final approval to a $410 million settlement in a class-action lawsuit affecting more than 13 million Bank of America customers who had debit card overdrafts during the past decade. A senior U.S. district judge said the agreement was fair and reasonable, even though it drew criticism from some customers because they would only receive a fraction of what they paid in overdraft fees. The fees were usually $35 per occurrence. A Bank of America attorney said 13.2 million customers who had debit cards between January 2001 and May 2011 would get some payment. Those who still have accounts would get an automatic credit, and the others would get a check mailed to them. An attorney for customers who objected to the deal, said he figured the bank raked in $4.5 billion through the overdraft fees and was repaying less than 10 percent. He said the average customer in the case had $300 in overdraft fees, making them eligible for a $27 award — less than one overdraft charge — from the lawsuit. The bank attorney said only 46 customers filed formal objections to the settlement and 350 decided to opt out, meaning they could take separate legal action on their own. Customers will receive a minimum of 9 percent of the fees they paid through the settlement, he added. The bank has already paid the money into an escrow account. The lawsuit claimed Bank of America processed its debit card transactions in the order of highest to lowest dollar amount so it could maximize the overdraft fees customers paid. Similar lawsuits have been filed against more than 30 other banks. Source:

Information Technology Sector

36. November 9, Computerworld – (International) Mozilla ships Firefox 8, adds Twitter search and patches 8 bugs. Mozilla released Firefox 8 November 8, which patched eight vulnerabilities. Five of the vulnerabilities were rated "critical," the most-serious ranking in Mozilla's threat scoring system. The remaining three bugs were labeled "high," the next-most-serious rating. One of the patches was for a data theft bug originally fixed in August when Mozilla launched Firefox 6, but which was reintroduced in Firefox 7 after developers launched a new Windows graphics acceleration framework, dubbed "Azure," in the September upgrade. Mozilla blamed a Mac-only vulnerability on Apple and Intel, saying the flaw could let attackers sniff out secrets by monitoring a Mac's graphics processor. Mozilla also released Firefox 3.6.24 November 8, a security update that patched three vulnerabilities. Source:

37. November 9, Softpedia – (International) Whistler bootkit evolves to evade AV detection. One of the first discovered pieces of malware that could be considered a bootkit appears to have evolved, with new mechanisms that could allow it to slip unnoticed by anti-virus solutions. According to Bitdefender researchers, in the past months the malware identified as bootkit.MBR.Whistler.B has been seen infecting many master boot records due to its new evasion techniques. The bootkit keeps its data after the last partition on the disk, but if it does not find enough unpartitioned space, it will shrink the partition until at least 400 sectors are available. The first sector, which is responsible for defining the components of the Whistler, is encrypted differently than before with the aid of an additional key specific to the infected system, the key being hardcoded into the malware's code. To make sure security products do not detect it as easily as before, the new variant comes with all components encrypted, unlike the previous version which had only the malicious code encrypte. The encryption key consists of the absolute sector's LBA. The analysis of the bootkit is extremely difficult since after the dropper does its task infecting the MBR, it removes itself. The driver loaded while the machine boots up injects the payload into processes, and will later make sure other malevolent components will land on the system. Since it does not hide its MBR code like other such bootkits and because its payload is fairly well hidden, Whistler is much harder to detect by anti-virus programs. Another thing that helps it hide is the fact that it does not keep any files on the hard disk of the infected device. Source:

38. November 9, Help Net Security – (International) Fake Kaspersky AV solution offered via spam emails. Rogue AV software mimicking popular legitimate AV solutions is occasionally offered by cyber crooks in the hopes the familiar name and look will entice users into buying the offered product. The latest example of this approach has been brought to the attention of Kaspersky Lab experts by users targeted with spam e-mails touting an "Antivirus & Security Complete Antivirus Protection Solution" and supposedly sent by Kaspersky. "The cybercriminals had done a good job: the e-mail not only looked like an official e-mail from Kaspersky Lab, but the 'From' field was a good imitation as well," comments a Kapersky researcher. While the e-mail includes an image of the fake solution using colors similar to those used by Kaspersky, the link included in the e-mail takes the potential victim to a page whose colors and look resemble those used by Symantec. "To buy the program, the user had to enter their credit card details and e-mail address so they could receive further instructions. We followed these step as part of our investigations, but received no more instructions at the e-mail address we specified," shared the Kapersky researcher. "It is quite possible that users could have received more instructions on how to download the fake antivirus at the time the spam was active." Source:

39. November 9, The Register – (International) Steam games forum down amid hack fears. Computer games outfit Valve suspended its Steam user forums following unconfirmed reports of a security breach. Eurogamer claims the official message board for Valve's Steam online games platform, Steampowered, was "defaced" the night of November 7, shortly before the site was suspended. It is believed the defacement involved inserting a prominently displayed message promoting a site called, which offers video game hacks. This was not a simple case of link-spamming, but an out-of-place ostensibly promoted topic on the forum. In addition, some gamers reported the receipt of spam e-mails promoting fkn0wned, supposedly from This would imply hackers may have stolen e-mail addresses or at least accessed a way to send messages via the Steampowered board, but this remains unclear. The Steampowered forum remained suspended as of the morning of November 9, with the usual discussion threads and information replaced by a holding message. Currently, there is no evidence to suggest Steam accounts have been breached. Source:

40. November 9, – (International) Apple and Adobe deliver critical security updates. Apple and Adobe released a series of security updates the week of November 7. The companies issued fixes designed to protect against critical vulnerabilities including remote code execution flaws. The Adobe update addresses vulnerabilities in the Shockwave Player for Windows and Mac OS X systems. The company advises users to install Shockwave Player version to protect against attack. Adobe classifies the update as "critical," warning the flaw could allow an attacker to execute code on a targeted system. The Apple update fixes 17 vulnerabilities in Java for Mac OS X 10.6 and 10.7 systems, some of which could allow an attacker to execute code outside the secure Java sandbox. Source:

41. November 8, Computerworld – (International) Microsoft patches critical Windows 7 bug, downplays exploit threat. Microsoft delivered four security updates November 8 that patched four vulnerabilities in Windows, most of them affecting the newer editions of Vista and Windows 7. Only one of the updates was marked "critical," Microsoft's most-serious threat ranking. Two of the remaining were labeled "important" and the fourth was tagged as "moderate." Microsoft did not patch the Windows kernel vulnerability exploited by the Duqu campaign. The top threat on Microsoft's chart was the MS11-083 update that patches a bug in Windows Vista's, Windows 7's and Server 2008's TCP/IP stack, which regulates Internet connections. The vulnerability could be used by attackers in certain circumstances to hijack an unpatched PC, said Microsoft, which nevertheless downplayed the likelihood of successful attacks. Microsoft also updated Windows Mail and Windows Meeting Space on Vista, Windows 7, and Server 2008 to fix another "DLL load hijacking" vulnerability. Researchers noted that while Microsoft did not patch the Duqu-exploited bug, it fixed a different flaw in the TrueType font-parsing engine, the component targeted by the trojan's attacks. Source:

Communications Sector

42. November 9, Wichita Eagle – (Kansas) Federal indictment: Man knocked Pittsburg radio station off air by cutting copper wiring. A southeast Kansas man was indicted November 8 by a grand jury on federal charges he knocked a Pittsburg, Kansas radio station off the air by cutting copper wiring from a transmission tower. The suspect was charged with one count of attempted damage to a communications system and one count of attempted damage to an energy facility, a U.S. attorney said. The indictment alleged that September 7, the suspect damaged equipment used by radio station KKOW 860, which serves as part of the Emergency Alert System, a national public warning system. The indictment also alleged that the same day, he damaged equipment belonging to Heartland Rural Electric Co. of Girard. Source: