Friday, November 18, 2011

Complete DHS Daily Report for November 18, 2011

Daily Report

Top Stories

• Tornadoes hammered the Southeast November 16, killing at least six people and damaging numerous homes, businesses, and vehicles in six states. – CNN (See item 49)

49. November 17, CNN – (National) 6 killed as storms sweep across South. Search teams combed through rural South Carolina early November 17 after a storm swept through the Southeast, killing at least six people and causing injuries in several states. At least three people died and five others were taken to hospitals after a November 16 storm hit York County, according to the sheriff's office. Two people died when a home collapsed late November 16 in Davidson County, North Carolina, according a spokesman with the county's emergency operations center. A sixth person died in Forsyth County, Georgia, when a tree fell on a car, the fire department said. Downed trees, damaged homes and buildings, and power outages were reported across Alabama and Georgia. The North Carolina governor confirmed one death in the state. An apparent tornado south of Winston-Salem damaged "multiple structures," according to North Carolina emergency management. Four people were injured in Mississippi, according to the National Weather Service. Homes were also reported damaged near Jones, Mississippi. A possible tornado demolished homes and vehicles near Opelika, Alabama. Alabama's Lee County received "significant reports of damage," said a public information officer with the county emergency management. "We've got reports of damage at an apartment complex, structures at a lake, mobile homes and trees down," she said. Earlier November 16, a suspected tornado in Louisiana's Tangipahoa Parish moved a home with four people inside off its foundation. Source:

• Tens of thousands of demonstrators took to the streets around the United States November 17, taking over buildings, disrupting transportation, and clashing with police in many major cities. – Associated Press (See item 50)

50. November 17, Associated Press – (National) Bands of Occupy protesters march in several cities as movement enters 3rd month. Thousands of Occupy Wall Street demonstrators took to the streets around the United States November 17 to mark 2 months since the movement’s birth and signal they are not ready to quit, despite the breakup of many of their encampments by police. At least 175 people were arrested in New York. More than 1,000 demonstrators gathered near the New York Stock Exchange and staged sit-ins at several intersections. The demonstration around Wall Street failed to disrupt operations at the stock exchange, but brought taxis and delivery trucks to a halt. Police said four officers went to a hospital after a demonstrator threw some kind of liquid in their faces. Many demonstrators were carrying vinegar as an antidote for pepper spray. One man was taken into custody for throwing liquid, possibly vinegar, into the faces of several police officers, authorities said. Helmeted police broke up some of the clusters, but most of the crowd re-assembled in Zuccotti Park, where the encampment that served as the unofficial headquarters of the Occupy movement was broken up by police earlier in the week. Organizers in New York said protesters would fan out across Manhattan later in the day and head into the subways, then march over the Brooklyn Bridge. Police in Los Angeles arrested 23 people. About 500 sympathizers, many of them union members, marched in downtown Los Angeles between the Bank of America tower and Wells Fargo Plaza. In Albany, New York, about 250 protesters from Buffalo, Rochester, and other encampments arrived by bus to join a demonstration in a downtown park. Police in Portland, Oregon, closed a bridge in preparation for a march there, and later detained more than a dozen people who sat down on the span. Demonstrations were also planned or under way in such cities as Washington, D.C., St. Louis, Las Vegas, and Portland, Oregon. In Dallas, police evicted dozens of protesters near city hall, citing health and safety reasons. Eighteen protesters were arrested. Two demonstrators were arrested and about 20 tents removed at the University of California, Berkeley. City officials and demonstrators were trying to decide what to do about an encampment in Philadelphia, where about 100 protesters were ordered November 16 to clear out immediately to make way for a plaza renovation at city hall. Source:


Banking and Finance Sector

13. November 17, Los Angeles Times – (California) San Francisco police arrest 100 in Bank of America protest. Protesters in the Occupy Wall Street movement seized a Bank of America branch in San Francisco’s financial district November 16, a demonstration that forced jittery customers and employees to flee and ended in nearly 100 arrests. It took about 40 police officers in riot gear nearly 4 hours to clear the bank, but no one was injured. Police said many of those arrested were University of California (UC), Santa Cruz students who were protesting fee increases and budget cuts. Police removed the protesters methodically, placing them in plastic handcuffs, citing them for misdemeanor trespassing and sending them off in police wagons. The siege began after several hundred protesters gathered for a rally at a plaza near the waterfront and proceeded to march to the civic center. The route was designed to take marchers past buildings where members of the UC Board of Regents have offices. When the crowd reached the Bank of America branch, organizers opened the door and ushered protesters inside. They jumped on desks and banged drums while bank employees huddled behind a counter. After consulting with the police, bank managers tried to reclaim the lobby. Most of the demonstrators left and continued on their march, but about 100 remained, setting up a tent in the lobby and sitting on the floor. Demonstrators outside pinned a group of police officers attempting to enter the building and tried to grab their guns and batons, a San Francisco Police spokesman said. Once inside, the police waited for reinforcements before arresting the protesters. Source:,0,5764736.story

14. November 17, – (New York) 'Occupy' protestors march on New York Stock Exchange. The "Occupy Wall Street" movement started anew November 17 with a group of about 1,000 protestors marching on the heart of Manhattan's financial district — 2 days after cops rousted the protestors from their home encampment in Zuccotti Park. The marchers headed from the park to the New York Stock Exchange (NYSE). The New York City Police Department (NYPD) did its best to keep the protestors on the periphery of the plaza in front of the exchange, cordoning off the area with metal barricades, scooters, and parked vans. Only a smattering of officers wore helmeted riot gear. But as soon as one of the many side streets leading to the Exchange was blocked by the NYPD, protestors resumed their march and headed for another entry point. Blocked from access to the plaza, the march surrounded the outskirts. The horde held signs and chanted slogans as it wended in a circular pattern around the NYSE plaza. The NYPD set up a checkpoint where NYSE employees could enter the plaza. Some protestors blocked traffic on a roadway. The NYPD responded by peacefully herding the group back to the sidewalk. The day of action had been planned before the city and park owners cracked down on the encampment in Zuccotti Park in lower Manhattan, but took on added importance to the protesters after tents, tarps and sleeping bags were cleared out November 15, and the granite plaza was cleaned for the first time since the group arrived more than 2 months ago. The group announced it would rally near NYSE, then fan out across Manhattan and head to subways, before gathering downtown and marching over the Brooklyn bridge. Similar protests were planned around the country. Source:

15. November 17, Bloomberg – (National) Ex-Madoff trader David Kugel agrees to plead guilty to fraud. A former trader at a convicted con man’s investment firm agreed to plead guilty to fraud, prosecutors said November 16. The trader is expected to enter a guilty plea "pursuant to a cooperation agreement with the government" at a November 21 hearing, prosecutors said November 16 in a letter to a U.S. district judge in Manhattan. The trade was a supervisory trader in the proprietary trading operation of Bernhard L. Madoff Investment Securities, LLC, according to the letter. He is accused of conspiracy to commit securities fraud going back to the early 1970s by helping to create fake trades used to deceive the company's customers. He is also accused of conspiracy to commit bank fraud, as well as securities and bank fraud, and falsifying records. The maximum prison sentence for bank fraud is 30 years. The leader of the company, who pleaded guilty to fraud charges, is serving 150 years in prison for the largest Ponzi scheme in U.S. history. Investors lost about $20 billion in principal, the U.S. trustee liquidating the securities business has said. Source:

16. November 17, Seattle-Tacoma News Tribune – (Washington) JBLM soldier pleads guilty in bank scam. A private from Joint Base Lewis-McChord in Washington who recruited soldiers to join him in swindling money from an Ohio bank recently pleaded guilty to 38 counts of fraud and was sentenced to 4 years in prison, the Seattle-Tacoma News Tribune reported November 17. The private was among 78 Lewis-McChord soldiers who allegedly bilked businesses including Tacoma Public Utilities and the Army and Air Force Exchange Service. The fraud ring involved as many as 1,800 people who allegedly stole $3.5 million from an account at Credit First National of Ohio. The Army believes about $600,000 went to soldiers, and the private was one of the key players in luring other service members to participate. Soldiers and civilians were lured into the scam with a too-good-to-be-true pledge to help them pay down debt. Service members would purchase products at an Army Post Exchange and receive a greater amount of money in return, according to investigative documents. Pierce County prosecutors in May accused a woman of leading the scam. She allegedly used the Credit First National account to pay bills for the scheme’s participants. She allegedly recruited people through MySpace, Facebook, Craigslist, and at barbecues, bars, and other get-togethers. The private pleaded guilty to 38 of the 77 fraud-related counts the Army filed against him at a court-martial October 31. Source:

17. November 16, New York Post – (National; International) Bulgarian pair indicted in $300K ATM skimming scam. A pair of Bulgarian nationals was hit November 16 with an 81-count indictment for using skimming devices and pinhole cameras attached to bank ATM machines in New York City to steal nearly $300,000 from about 1,500 debit card users. The scammers hit ATMs in Manhattan at four Chase branches around Union Square and Astor Place. The two men, both legal residents of Canada, traveled to New York many times in 2011. They would approach the ATMs as if they were customers, and instead use double-sided tape to affix pinhole cameras and skimming devices — spray painted silver to match the color of the machines, prosecutors said. The men would allegedly leave the devices in place for about 4 to 6 hours, typically in broad daylight, prosecutors said. They would then pass the data to unnamed co-conspirators, who used it to encode blank cards used to make purchases and cash withdrawals in Arizona, Illinois, and Canada. Chase has since installed skimming detection technology — and bank officials wound up catching the alleged crooks, alerting cops who staked out a compromised ATM. The pair was arrested in May after removing their devices and loading them into a car, prosecutors said. Source:

18. November 16, Los Angeles Times – (National) Federal financial fraud prosecutions tumble to lowest level in 20 years. Financial criminals are facing the lowest number of federal prosecutions in at least 20 years, according to a new report. The government has filed 1,251 new prosecutions against financial institution fraud so far this fiscal year, according to the Transactional Records Access Clearinghouse at Syracuse University. If the same pace holds, federal attorneys will file 1,365 such cases by the end of the year –- the lowest number since at least 1991. The report, compiled from Justice Department data gleaned through the Freedom of Information Act, considers crimes involving crooked mortgage brokers, bank executives with something to hide, and accounts hiding illegal activity. The expected volume of prosecutions by the end of 2011 would be 2.4 percent smaller than that of last year, 28.6 percent thinner than that of 5 years ago, and less than half the amount from a decade ago. The number of federal bank fraud cases has slipped every year since 1999. Source:

19. November 16, KVVU 5 Las Vegas – (Nevada) 2 indicted in Clark County mortgage fraud scheme. Two mortgage title officers are facing 606 counts related to documents in which they allegedly fraudulently filed in Clark County, Nevada, KVVU 5 Las Vegas reported November 16. According to the Office of the Nevada Attorney General, a grand jury returned indictments for two defendants, who were accused of having employees forge names on foreclosure documents and then notarize them on the same day they were prepared. The pair was charged with counts including offering false instruments for recording, false certification on certain instruments, and notarization of a signature of a person not in the presence of a notary public, the attorney general said. The alleged offenses took place between 2005 and 2008. The defendants allegedly directed the employees under their supervision to file the fraudulent documents with the Clark County Recorder's office. Source:

20. November 16, Associated Press – (National) Government closes mortgage scams tied to Google. The U.S. government has shut down dozens of Internet scam artists who had been paying Google to run ads making bogus promises to help desperate homeowners scrambling to avoid foreclosures, the Associated Press announced November 16. A spokesman for the U.S. Treasury Department said the probe is ongoing. To fight future abuse, Google suspended its business ties with more than 500 advertiser and agencies connected to the alleged scams, according to the U.S. Treasury Department's Office of the Special Inspector General for the Troubled Asset Relief Program (TARP). The evidence collected in the current investigation led to the government's closure of 85 alleged mortgage scams. The con artists are accused of duping people into believing they could help lower their home loan payments under a government-backed mortgage modification program created to reduce the foreclosures that have made it more difficult for the slumping real estate market to recover. The alleged rip-offs typically relied on collecting upfront fees or getting victims to transfer monthly mortgage payments to the scam artists, according to the Office of the Special Inspector General for the TARP. In some cases, swindlers said they were affiliated with the government. Google's name popped up because the scam artists relied on the company's advertising network to bait victims. About two out of every three Internet search requests are made through Google, making its ad network a prime outlet for finding people hoping to save their homes, according to the deputy special inspector general for the TARP. Source:

Information Technology

40. November 17, threatpost – (International) Google fixes high-risk flaw in Chrome. Google issued an update for its Chrome browser, fixing a high-risk vulnerability in the V8 JavaScript engine. The flaw is the only one Google fixed in the update. The vulnerability in the V8 engine is an out-of-bounds error that can cause a memory-corruption condition and lead to remote code execution. Source:

41. November 17, Help Net Security – (International) DevilRobber trojan returns, masquerades as PixelMator. DevilRobber, the latest trojan to target Mac users, was recently updated, Help Net Security reported November 17. The previous incarnation stole Bitcoins from the user's wallet file, used the computer's resources to mine Bitcoins for the malware author, stole log-in credentials, browsing histories, the history of commands run in the terminal, and data regarding the use of Truecrypt software and TOR, and opened a backdoor. It came bundled with the GraphicConverter app, and would fail to install if the user has Little Snitch installed. F-Secure researchers said the new trojan is the third iteration of the malware (as indicated by its dump.txt file), and that it poses as the popular image-editing app PixelMator. "The main point of difference in DevilRobberV3 is that it has a different distribution method — the 'traditional' downloader method ... The DevilRobberV3 sample that we analyzed is an FTP downloader that will download its backdoor installer package from an FTP Server service provider," F-secure said. This version of DevilRobber does not check if Little Snitch is installed before attempting to install itself, and it does not take screenshots. However, it has other features the original version lacked — it tries to harvest the shell command history, the system log file and the contents of 1Password, the popular software for managing passwords. Its Bitcoin mining and stealing capabilities are also still present. Source:

42. November 16, Computerworld – (International) Facebook porn storm used same tactics as May's Bin Laden spam. The attacks against Facebook that planted pornography on users' news feeds relied on the same trickery as a campaign last spring that touted the death of al-Qa'ida's leader, a security researcher said November 16. Facebook confirmed November 15 what it called "a coordinated spam attack" that resulted in sexually explicit images, as well as photos of animal abuse, spreading on member's pages. Facebook identified the hacker tactic used to hijack pages and bombard friends with the photos as an exploit of what it called a "self-XSS browser vulnerability." Self-XSS has been used by other researchers, including those at Commtouch, to describe a ploy where spam messages tell recipients to copy and paste JavaScript into their browser's address bar. The script, however, is in fact malicious and exploits a bug in the browser. To dupe users into doing their dirty work — copying and pasting malicious JavaScript — criminals have used a range of bait, including "exclusive" video and the giveaway of free Starbucks cards. Last May, for instance, a Facebook spam campaign set the trap with the promise of a video supposedly showing the death of al-Qa'ida's leader. In that campaign, Facebook recipients were directed to copy and paste JavaScript into their browser's address bar. More than a year before that scam, a similar self-XSS attack circulated on Facebook that told recipients they could acquire a $25 Starbucks card for free. Facebook did not specify which browsers were vulnerable to the recent attacks. However, a Sophos security researcher said his testing showed Google's Chrome and Mozilla's Firefox 6 and later were immune because they do not allow pasted JavaScript to execute from the address bar. Source:

43. November 16, threatpost – (International) New flaw in BIND causing server crashes. A new vulnerability in the BIND name server software is causing various versions of the application to crash unexpectedly after logging a certain kind of error. The Internet Software Consortium (ISC), which maintains BIND, is investigating. The problem reportedly affects all currently supported versions of BIND, including BIND 9.7x and 9.8x. Currently, it is unknown whether the flaw can be used to run remote code. "Organizations across the Internet reported crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crashed after logging an error in query.c with the following message: "INSIST(! dns_rdataset_isassociated(sigrdataset))." Multiple versions were reported affected, including all currently supported release versions of ISC BIND 9. ISC is investigating the root cause and has produced patches which prevent the crash," the ISC said in an advisory on the BIND flaw. "An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. ISC is working on determining the ultimate cause by which a record with this particular inconsistency is cached. At this time we are making available a patch which makes named recover gracefully from the inconsistency, preventing the abnormal exit," the advisory said. ISC produced patches for each of the vulnerable versions, and is still looking into whether there are any active exploits being used against the vulnerability. Source:

44. November 16, Network World – (International) Mobile devices, virtualization seen as biggest security challenges: Ponemon survey. Increased use of mobile devices, especially smartphones, in addition to the transition to virtualization, are key factors weighing on enterprises trying to sort out security strategy and budgets, according to a survey of 688 information and security managers released the week of November 14. According to the Ponemon Institute's "State of the Endpoint" study, there are signs IT operations and IT security often fail to work as a team. Forty percent said collaboration is "poor or non-existent" and 48 percent called it "adequate, but can be improved." Virtualization, mainly VMware and Microsoft Hyper-V, are increasingly the software platforms their organizations support, and 55 percent said virtualization requires "additional security measures," with most turning for help to the virtualization vendor or vendors with specialized virtualization security components. Forty-one percent indicated responsibility for virtualization security is not clearly defined by department or function. Additionally, 21 percent said IT security was responsible, 15 percent said IT operations was, and 11 percent said it was a job for IT compliance. Mobile devices, especially the use of employee-owned devices for work purposes, are also putting new stress on the IT department, according to the survey. The survey showed mobile devices, especially smartphones, are counted as among "the greatest rise of potential IT security risk." Source:

For another story, see item 20 above in the Banking and Finance Sector

Communications Sector

45. November 17, Mobile TV Examiner – (Alabama; Florida) WHBR-TV announcement includes the cause of recent transmitter failure. According to an announcement posted on the home page of the Web site for WHBR 34 Pensacola, Florida, November 16, the reason the station could not broadcast between November 11 and November 15 was a lightning strike to the transmitter for the station. According to the message, the charge for repairing the transmitter was about $15,000. Source:

46. November 17, Ashland Daily Tidings – (Oregon) KSKQ back on airwaves after outage. Community radio station KSKQ in Eagle Point, Oregon, has re-established power to its FM antenna on Table Mountain near Hyatt Lake and is back on the air, the Ashland Daily Tidings reported November 17. The station's 89.5 FM frequency came back to life at about 2 p.m. November 16 after volunteers restarted the propane-powered generator providing electricity to the antenna on the snow-laden hilltop. Efforts to refuel the generator failed November 11 after the gas truck got stuck in the snow. Two truck drivers from Ferrellgas of Central Point were able to ease a propane truck up the slick, rutted road November 15 to refill KSKQ's 200-gallon tank there. Source:

47. November 16, – (Colorado) Update on KUNC antenna damage. High winds in Northern Colorado severely damaged the KUNC 91.5 Greeley radio tower and antenna November 13. Crews worked November 14 to patch and shore up the antenna and as a result the station was operating at about 10 percent of normal power as of November 16. Since it was operating at below normal power, the station's coverage area was reduced. Listeners may experience a signal that is scratchy or has intermittent static. Customers in the Denver Metro area were encouraged to listen on 91.7 FM which may come in better in that area. Additionally, KUNC streaming and all mobile apps were not affected. A back up antenna, transmission line and temporary tower had been ordered and could be installed in the next 2 weeks, the radio station said. This would allow the station to restore some service, but not at full power levels. Source:

48. November 16, WTOP 103.5 FM Washington, D.C. – (Virginia) Va. Internet users experiencing outages. Customers across Fairfax County, Virginia, and some in Fredericksburg complained about Internet problems November 16. Cox Communications told WTOP 103.5 FM that it is a problem with one of its DNS servers, which affects customers nationwide. A Cox spokesman said the problem occurred late November 14 at their Atlanta headquarters. The spokesman added the problem is serious enough that they have asked for outside assistance to track down and solve the problem. Nearly 10 percent of customers in Fairfax County and Fredericksburg lost service during the height of the outage, late November 15. Cox believed most customers should have their service back, but there will still be sporadic outages as technicians try to fix the core problem. Source:

For another story, see item 44 above in the Information Technology Sector