Thursday, December 22, 2011

Complete DHS Daily Report for December 22, 2011

Daily Report

Top Stories

• The Washington Metropolitan Area Transit Authority will inspect the brakes on all of its 5000 series rail cars — about 18 percent of its fleet — after a part fell off a moving train in Washington, D.C., damaged two more trains, and shut down service on two lines for hours. – Washington Post (See item 22)

22. December 20, Washington Post – (District of Columbia) Falling part from Metro train temporarily closes Orange and Blue lines. The Washington Metropolitan Area Transit Authority (Metro) will inspect the brakes on all of its 5000 series rail cars — about 18 percent of its fleet — after a part fell off a moving train outside L’Enfant Plaza in Washington, D.C., December 20, damaged two more trains, and shut down service along the heart of the Orange and Blue lines for hours. Adjacent stations filled with smoke, and hundreds of passengers had to be evacuated after the incident, which occurred about 9:45 a.m. By 1 p.m., service was running on a single track, and by 2 p.m. on both tracks. During a news conference, the Metro general manager said it would be premature to guess why the “friction ring,” similar to a brake disc on a vehicle, became disconnected. He said it is “rare” for one of the parts to fall off. When the friction ring fell off a Blue Line train, there was a spark and smoke. The ring landed between the electrified third rail and the running rails, Metro officials said. Two Orange Line trains that were behind the Blue Line train heading in the direction of Vienna were damaged, the manager said. The Blue Line train kept going and passengers disembarked at the Smithsonian station. That train was taken out of service. Roughly 300 passengers on the Orange Line train behind it were stranded when that train suffered damage to its “collector plates,” which pull power from the third rail, said Metro’s chief spokesman. Passengers were evacuated as emergency personnel made a human chain to guide them to the Smithsonian platform, D.C. Emergency Response officials said. Streets around the L’Enfant Plaza and Smithsonian stops were shut down as crews responded, and shuttle buses were used to move stranded passengers. Source:

• An unpatched critical flaw in 64-bit Windows 7 leaves computers vulnerable to a full system crash, and could allow malicious kernel-level code to be injected into machines, Secunia warned. – The Register See item 39 below in the Information Technology Sector


Banking and Finance Sector

12. December 21, Tri-City Herald – (Washington) Pasco woman accused making fake money facing prison time. A Pasco, Washington woman is looking at federal prison time for helping her father and others bleach $5 bills and reprint them as $50s and $100s to use around the Spokane Valley, federal prosecutors announced December 20. She pleaded guilty earlier in December in federal court to one charge of manufacturing of counterfeit currency. She was part of a large-scale operation allegedly organized by her father. In total, about $5,000 of counterfeit money was passed, court documents said. Prosecutors announced the woman was among five women to recently plead guilty for their role in the scheme, which was discovered when merchants and banks reported the fake cash. Secret Service agents and Spokane County sheriff’s investigators unraveled the scheme involving at least 11 people. The woman was accused of manufacturing money, along with five counts of passing counterfeit currency. The crimes were between Janaury 5 and March 24, 2010. Court documents stated the father manufactured and distributed fake money for at least 4 years by using a digital printer while living at different places in the Spokane Valley. His technique was to “wash” or “bleach” real $5 bills with commercially available chemical products, and reprint them at higher denominations on the genuine currency paper, documents said. He distributed the cash to others who would get to keep a percentage of the profit after using the bad money . “There were a total of at least 80 known passes of $50 and $100 counterfeit notes manufactured by the suspects,” court documents said. The woman was busted after she passed counterfeit bills while staying at a Motel 6 in Spokane in February 2010. She provided her driver’s license as part of the registration, documents said. The maximum penalty for the crime is 20 years in prison and a $250,000 fine. Source:

13. December 20, WTNH 8 New Haven – (Connecticut; Massachusetts; Rhode Island) Woman pleads guilty in ATM scheme. A New London, Connecticut woman pleaded guilty to one count of conspiracy to commit bank fraud December 19 for her part in an ATM skimming scheme. The scheme she was a part of spanned across southern New England. Between February and July, she and others conspired to install skimming devices on ATMs at 11 banks and one credit union in Connecticut, Massachusetts, and Rhode Island. The devices were able to capture information encoded on the magnetic strips of bank cards used by ATM customers. The stolen data allowed the group to create counterfeit bank cards they used to withdraw funds from customer accounts. She helped produce counterfeit ATM cards, wrote pin numbers of backs of cards and, on occasion, used the cards to make unauthorized withdrawals from ATMs. She also served as a lookout. More than 250 bank accounts were victimized and about $336,057.64 was stolen. She faces a 30-year maximum term of imprisonment, and a fine of up to $1 million. Source:

14. December 20, U.S. Department of Treasury – (International) Treasury designates 10 shipping companies and chief executive tied to IRISL and Irano Hind. The U.S. Department of the Treasury December 20 announced the designation of 10 shipping and front companies and one individual based in Malta affiliated with the Islamic Republic of Iran Shipping Lines (IRISL), an entity facing international sanctions for its involvement in Iran’s efforts to advance its missile programs and transport military cargoes. The December 20 action is being taken as IRISL and its subsidiaries have increasingly relied upon multiple front companies and agents to overcome the impact of U.S. and international sanctions and increased scrutiny of their behavior. The entities and individual designated December 20 are owned or controlled by, or acting or purporting to act for or on behalf of, directly or indirectly, IRISL, Irano Hind, or ISI Maritime. Pursuant to Executive Order 13382 –- which is aimed at freezing assets of proliferators of weapons of mass destruction and their supporters, excluding them from the U.S. financial and commercial systems –- Treasury designated: 10 Malta-based IRISL and Irano Hind affiliated shipping companies: BIIS Maritime Limited, ISIM Amin Limited, ISIM Atr Limited, ISIM Olive Limited, ISIM Sat Limited, ISIM Sea Chariot Limited, ISIM Sea Crescent Limited, ISIM Sinin Limited, ISIM Taj Mahal Limited, and ISIM Tour Limited; and the Chief Executive and Managing Director of Irano Hind, who is an Iranian national. The European Union also sanctioned these companies. Source:

15. December 20, Bloomberg – (International) Absolute Poker founder Beckley pleads guilty in U.S. online fraud case. A founder of Absolute Poker of Costa Rica pleaded guilty December 20 in a U.S. illegal-gambling case that seeks at least $3 billion in forfeitures and penalties. He pleaded guilty before a U.S. magistrate judge in Manhattan to conspiracy to commit bank fraud and wire fraud, and conspiracy to violate an Internet gambling law. The sentencing guideline range in his plea agreement is 12 to 18 months in prison, the judge said. “I knew that it was illegal to accept credit cards from players to gamble on the Internet,” he said to the judge before his plea. The founder and other defendants helped conceal money received from U.S. gamblers by disguising it as payments to hundreds of non-existent online merchants purporting to sell items such as jewelry and golf balls, according to prosecutors. Prosecutors allege that after the U.S. enacted a law in 2006 barring banks from processing payments to offshore gambling websites, Absolute Poker, Isle of Man-based PokerStars, and Ireland-based Full Tilt Poker, worked around the ban to continue operating in the United States. Source:

16. December 20, Northern Virginia Daily – (Virginia) Cars, cigarettes and stolen credit cards seized in probe. Two cars and more than 100 stolen credit cards and $21,000 worth of cigarettes were seized December 19 in Woodstock, Virginia, thanks to an alert off-duty officer. The officer noticed a man buying cigarettes, and running multiple credit cards that were being declined at a Sheetz, an investigator said. Three men were arrested, and a search of their Winchester hotel room turned up more than 100 stolen credit cards, and more than $21,000 worth of cigarettes, the investigator said. Those were seized, as were two cars, he said. Woodstock police is investigating, along with the U.S. Secret Service. They were aided in the search by officers with the Frederick County and Shenandoah County sheriff’s offices. Source:

Information Technology

39. December 21, The Register – (International) A simple HTML tag will crash 64-bit Windows 7. An unpatched critical flaw in 64-bit Windows 7 leaves computers vulnerable to a full “blue screen of death” system crash. The memory corruption bug in x64 Win 7 could also allow malicious kernel-level code to be injected into machines, Secunia warned. The 32-bit version of Windows 7 is immune to the flaw, which was pinned down to the win32k.sys operating system file — which contains the kernel portion of the Windows user interface and related infrastructure. Proof-of-concept code showing how to crash vulnerable Win 7 boxes was leaked: the simple HTML script, when opened in Apple’s Safari Web browser, quickly leads to the kernel triggering a page fault in an unmapped area of memory, which halts the machine at a blue screen of death. Although Safari is required to spark the system crash via HTML, modern operating systems should not allow usermode applications to bring down the machine. Microsoft is now investigating the vulnerability, which was first reported by Twitter user WebDEVil, although the company is racing against hackers tracing the code execution path to discover the underlying vulnerability in Windows 7. Source:

40. December 21, H Security – (International) Critical holes in Firefox, Thunderbird and SeaMonkey. Mozilla developers not only gave the Firefox browser a faster JavaScript engine with their update to version 9.0, but they also closed various critical security holes. One critical flaw in previous versions of the browser allows an embedded OGG video element of “extreme” size to cause a crash that can potentially be exploited to inject malicious code. However, Mozilla is currently keeping the specific details of this confidentially disclosed vulnerability a secret. Mozilla closed a hole that allowed attackers to access out-of-bounds memory areas and inject malicious code via specially crafted SVG files. Another critical issue addressed in Firefox 9.0 is a currently unspecified and potentially exploitable crash in the YARR regular expression library. Mozilla also took the opportunity in 9.0 to close other critical memory bugs. The vulnerabilities also exist in previous versions of SeaMonkey and are addressed in the Seamonkey 2.6 update. The Thunderbird e-mail client is vulnerable, but only the first vulnerability mentioned is rated as critical. Version 9.0 of Thunderbird will fix the issues but has not yet been released. Source:

41. December 20, KNTV 11 San Jose – (International) iPad factory explosion may lessen Apple’s supply. An explosion at a iPad supplier in Shanghai, China, that injured 61 workers the weekend of December 17 and 18 may also mean fewer tablets for Apple, reports said December 20. The explosion at the Riteng Computer Accessory Co., a subsidiary of Apple supplier Pegatron Corp., was caused by a blast in dust-collection equipment, Pegatron said in a statement. The New York-based group China Labor Watch said preliminary reports indicated the explosion was caused by aluminum dust from polishing cases. Twenty-seven workers were hospitalized, but none had life-threatening injuries. A similar explosion occurred last May at a Foxconn factory, another Chinese Apple supplier. The explosion is likely to cause a drop in iPad supply for Apple, according to Mobiledia. Apple has been expanding its manufacturing base to keep up with demand, including opening a plant in Brazil, and also readying for its iPad 3 in the spring. A supply-chain disruption now could push back the iPad 3 launch and cost Apple millions. The blast also highlights the safety conditions at Apple’s Chinese suppliers, which will also take time and money away from Apple’s products. Source:

42. December 20, threatpost – (International) Android application allows remote access - no permissions required. Mobile security researchers at the firm Viaforensics said they created a malicious mobile application that requires the phone user to grant no permissions during installation, but could give remote attackers the ability to install and execute malicious code on mobile devices running the Android operating system. The “No-permission Android App Remote Shell,” as they are calling it, does not take advantage of a security hole in Google’s Android. Rather, it exploits legitimate functionality that has been known about for a number of years, Viaforensics claimed in a blog post. The application provides access to a wide range of device features, allowing ViaForensics researchers to extract data about the device, control the application, read data from the SD Card, and potentially download other applications or exploits. Upon installation, once the device is locked, it connects to ViaForensics’s control server. Source:

43. December 19, Computerworld – (International) IBM, HP, Microsoft lead patching laggards, says bug buyer. IBM, Hewlett-Packard (HP), and Microsoft lead the list of companies that failed to patch vulnerabilities within 6 months of being notified by the world’s biggest bug bounty program, according to HP TippingPoint’s Zero-Day Initiative (ZDI). During 2011, TippingPoint — a division of HP — released 29 “zero-day” advisories that provided information on vulnerabilities it reported to vendors 6 or more months earlier. Ten of the 29 were bugs in IBM software, 6 in HP’s own software, and 5 were in Microsoft products. ZDI acquired six SCADA vulnerabilities in 2011 that affected software created by General Electric, Honeywell, and InduSoft. ZDI has not released any zero-day advisories for SCADA bugs it obtained, but the leader of TippingPoint’s security research team said TippingPoint was not above dropping one if a patch was not aggressively pursued. Source:

For more stories, see items 45 and 46 below in the Communications Sector

Communications Sector

44. December 21, WOWK 13 Huntington – (West Virginia) Phone service restored to Fort Gay residents. Wayne County residents in Fort Gay, West Virginia, who have a phone number with 648 exchanges were without phone service December 20, according to the county’s emergency dispatchers. Dispatchers said they were informed by Frontier Communications that service was expected to be restored at about 6 a.m. December 21. Dispatchers said anyone with a 648 exchange who has an emergency should go to the Fort Gay Fire Department for assistance. According to emergency dispatchers in Wayne County, phone service to Fort Gay residents with 648 exchange was restored December 21. Source:

45. December 21, Bloomberg – (National) Verizon Wireless says 4G data service ‘returning to normal’. Verizon Wireless, the largest U.S. mobile phone operator, said engineers are restoring 4G data service after the second disruption of the month occurred December 21. “Verizon Wireless 4G LTE service is returning to normal this morning after company engineers worked to resolve an issue with the 4G network during the early morning hours today,” the company said in an e-mailed statement. The carrier did not disclose the nature of the repairs. Users began reporting a lack of 4G data connections on their phones and sporadic 3G service early December 21, a company spokesman said. Verizon Wireless’ 4G LTE Community forum shows users in Michigan, Virginia, Pennsylvania, Nevada, and New York said they lost service. Source:

46. December 20, – (Florida) AT&T working to ensure some Martin County Internet customers have restored service. Some AT&T Internet customers in Martin County, Florida, lost service during the weekend, and the company is still working to make sure the issue is fully resolved, a company spokeswoman wrote in an e-mail December 20 to Scripps Treasure Coast Newspapers. “AT&T experienced an outage in parts of Martin County [December 23] that resulted in intermittent interruptions in some customers’ Internet service,” she wrote. “Technicians spent the weekend troubleshooting the issue and replaced some bad electronics in one of our central offices [December 19]. We are still testing the fix to ensure the issue has been fully resolved.” The spokeswoman said she did not know how many people experienced outages. Source:

For more stories, see items 41 and 42 above in the Information Technology Sector