Tuesday, March 13, 2012

Complete DHS Daily Report for March 13, 2012

Daily Report

Top Stories

• Pacific Gas & Electric Co. agreed to pay $70 million in restitution to San Bruno, California, for the 2010 pipeline explosion that killed 8 people and destroyed 38 homes. – Associated Press

1. March 12, Associated Press – (California) PG&E to pay $70M for deadly Calif. pipeline blast. Pacific Gas & Electric Co. (PG&E) agreed to pay $70 million in restitution to San Bruno, California for the 2010 pipeline explosion that killed eight people in the San Francisco suburb, company and city officials said March 12. In a joint statement, PG&E and San Bruno said the money will be used to establish a nonprofit organization to help the community recover from the September 9, 2010, blast, which also injured dozens of people and destroyed 38 homes. The agreement does not settle about 90 civil lawsuits victims filed against the San Francisco-based company. A trial has been set for July 23 in San Mateo County Superior Court. The new nonprofit organization will determine how the restitution is spent for the benefit of the community. PG&E will make the $70 million payment within 30 days and will not seek to recover the money through insurance or utility rates, officials said. PG&E officials have said the firm plans to compensate blast victims and hopes to settle the civil lawsuits. Federal investigators blame PG&E for the explosion, saying a litany of failures led to the blast, which they concluded was the result of an “organizational accident,” not a simple mechanical failure. Escaping gas fed a pillar of flame 300 feet tall for more than 90 minutes before workers were able to manually close valves that cut off gas to the ruptured pipeline. Investigators said the damage would have been less severe had automatic valves been in place. State regulators also cited the firm’s woeful record-keeping, haphazard response to emergencies, and failure to follow federal pipeline safety laws and accepted industry practices. Source: http://www.google.com/hostednews/ap/article/ALeqM5hz0OcCr8srPR4Bwa1_Ngs5rs97zw?docId=d5939ddf3e4b42dab4769eb040d019e6

• A dozen earthquakes in Ohio were almost certainly induced by the injection of gas-drilling wastewater into the earth, state regulators said March 9 as they announced a series of tough new rules for drillers. – Associated Press

6. March 9, Associated Press – (Ohio) Ohio: Gas-drilling injection well led to quakes. A dozen earthquakes in northeastern Ohio were almost certainly induced by injection of gas-drilling wastewater into the earth, state regulators said March 9 as they announced a series of tough new rules for drillers. Among the new regulations, well operators must submit more comprehensive geological data when requesting a drill site, and the chemical makeup of all drilling wastewater must be tracked electronically. The state department of natural resources announced the tough new brine injection rules because of the report’s findings on the well in Youngstown, which it said were based on “a number of coincidental circumstances.” They also noted the seismic activity was clustered around the well bore and reported a fault has since been identified in the Precambrian basement rock where water was being injected. Northeastern Ohio and large parts of adjacent states sit atop the Marcellus Shale geological formation, which contains vast reserves of natural gas that energy companies are rushing to drill using a process known as hydraulic fracturing. Source: http://online.wsj.com/article/AP6f04bbcf2fb9418d9a9befaa122c3dbd.html

• The U.S. Nuclear Regulatory Commission ordered all nuclear plants in the country to better protect safety equipment and install enhanced equipment for monitoring spent fuel pool, water levels. – Pottstown Mercury

11. March 11, Pottstown Mercury – (National) New NRC rules aimed at preventing explosions. The U.S. Nuclear Regulatory Commission issued two “Fukushima-related” orders to all nuclear plants in the country March 9. The first order “requires the plants to better protect safety equipment installed after the 9/11 terrorist attacks and to obtain sufficient equipment to support all reactors at a given site simultaneously.” The second order “requires the plants to install enhanced equipment for monitoring water levels in each plant’s spent fuel pool.” Other plants may be issued additional orders. Exelon Nuclear has until the end of 2016 to install a new ventilation system at the Limerick Generating Station in Limerick Township, Pennsylvania, designed to prevent the kind of explosions that blew apart Japan’s Fukushima Dai-ichi nuclear reactor buildings in March 2011. Source: http://www.pottsmerc.com/article/20120311/NEWS01/120319926/-1/BLOGS/new-nrc-rules-aimed-at-preventing-explosions

• A bus driver and a student were killed and 10 other students were injured March 12 when a school bus crashed into a bridge outside of Indianapolis. – MSNBC; Associated Press

18. March 12, MSNBC; Associated Press – (Indiana) Bus driver, student killed in school bus crash. A bus driver and a student were killed March 12 when a school bus crashed into a bridge outside of Indianapolis, WTHR 13 Indianapolis reported. Ten other students were injured after the bus struck a bridge support beam, officials said. Two of the injured students were listed in critical condition. An Indianapolis Fire Department captain said the two critically injured students and eight others whom she characterized as “walking wounded” were taken to nearby hospitals. She said fire department crews spent about 45 minutes extricating 4 people from the bus. The driver of the bus died at the scene, and there is no word yet on what led to the crash. The bus was transporting children to Lighthouse Charter School just north of Beech Grove, Indiana. WISH 8 Indianapolis reported that as many as 50 children ranging from ages 5 to 16 may have been on the bus. The uninjured students were taken to the school about 2 miles away from the accident scene. Source: http://usnews.msnbc.msn.com/_news/2012/03/12/10652099-bus-driver-student-killed-in-school-bus-crash

• Nearly one-third of the student population, about 500 students, was absent March 9 from 2 schools in Algonquin, Illinois, due to norovirus. – Elgin Courier-News

33. March 11, Elgin Courier-News – (Illinois) Norovirus blamed as almost 500 Dist. 300 children absent. Nearly one-third of the student population, about 500 students, was absent March 9 from Westfield Community School, and Community Unit School District 300 in Algonquin, Illinois, alerted parents to numerous reports of the norovirus. More than half — 262 — of all elementary school students and 223 middle school students were absent March 9 from Westfield, a District 300 spokeswoman said. Those numbers jumped from 35 percent of elementary students and doubled in the middle school from the day before, she said. That is when the Carpentersville-area district e-mailed families and staff to let them know about the high rate of students reporting norovirus symptoms. The Kane County Heath Department confirmed norovirus samples from several students who were sick March 9, according to a written statement. The virus is more commonly known as the stomach flu or food poisoning. Source: http://couriernews.suntimes.com/news/schools/11182065-418/norovirus-blamed-as-almost-500-dist-300-children-absent.html

• A nationwide drug shortage has led to ambulance services and other first responders to scramble at the last minute to find life-saving anti-seizure medications. – CNN; WCBS 2 New York

38. March 10, CNN; WCBS 2 New York – (National) Nationwide drug shortage problem increasing. A nationwide drug shortage that is dogging the Food and Drug Administration (FDA) is hitting home with first responders CNN and WCBS 2 New York reported March 10. For emergency medical technicians, shortages can mean the difference between life and death. Nationwide, anti-seizure drugs including intravenous Valium, Versed, and Ativan are among the dozens of drugs — including cancer treatments — that are in short supply. The Monmouth Ocean Hospital Service Corporation Health Services ambulance service said it had to special order a temporary replacement anti-seizure drug to avoid running out the weekend of March 10. The FDA said it tracked at least 220 shortages in 2011, and claims it prevented 114, but admits the problem is far from solved. Source: http://www.wdam.com/story/17126976/nationwide-drug-shortage-problem-increasing

Details

Banking and Finance Sector

14. March 10, Burlington Hawk Eye – (Iowa; National; International) Fraud to hit more than 1,000 cardholders. After all is said and done, there will be more than 1,000 debit/credit cardholders in the southeast Iowa region, particularly in the Burlington area, who will have been affected by a recent wave of fraudulent transactions that surfaced in recent weeks, the Burlington Hawk Eye reported March 10. That figure is estimated based on the current number of customers area banks said have been victimized or have the potential of their card data being illicitly used. The transactions reportedly have occurred at retail stores from California, the East Coast, and as far north as Canada. Local law enforcement and bank fraud detection units are working to pinpoint the common denominator for the breach. Also, there have been reports of many cell phone customers having received a text message about their debit cards. The message indicates there is a problem and to call the number provided. “We’re thinking of reissuing somewhere in the neighborhood of 400 cards,” the president of Two Rivers Bank & Trust said. Officials at First Federal Bank proactively approached the problem, according to its president. “It’s about 400 customers in southeast Iowa,” he said. First Federal got information the past 2 weeks from Shazam, a card services company, about the cards and how many were affected by fraudulent transactions. Source: http://www.thehawkeye.com/story/Fraud-031012

15. March 9, Seattle Times – (Washington; International) Kirkland man pleads guilty in ATM ‘skimming’ scheme. The leader of an ATM “skimming” ring with ties to a Romanian organized crime ring pleaded guilty March 9 in federal court in Seattle to bank fraud, conspiracy, access device fraud, and aggravated identity theft. The man oversaw a ring of fellow Romanians –- some in the country illegally — that stole hundreds of thousands of dollars by using high-tech devices to skim credit card information and secretly capture bank customers’ personal identification numbers, according to the U.S. attorney’s office. Much of that money went overseas to Romania, prosecutors said. The U.S. attorney’s office said a Secret Service investigation showed the man had been involved in credit-card skimming in the Seattle area since 2007. He has agreed to pay $357,256 in restitution, surrender $10,000 in cash seized when he was arrested, and forfeit three vehicles, computer equipment, and three firearms. Source: http://today.seattletimes.com/2012/03/kirkland-man-pleads-guilty-in-atm-skimming-scheme/

For another story, see item 47 below from the Commercial Facilities Sector

47. March 10, Associated Press – (Oklahoma) Credit card numbers stolen at McDonald’s. Federal prosecutors have accused four Ohio men of stealing customers’ credit card numbers from the drive-thru at a McDonald’s in Tulsa, Oklahoma. A McDonald’s worker told authorities he used a handheld skimming device for 3 weeks to capture the card numbers, according to a complaint filed March 8 in federal court. The employee told authorities he sold the numbers to an accomplice. The four defendants are in jail on charges they re-encoded other cards to buy iPads and laptop computers. The complaint said investigators discovered “approximately 282” card numbers on a laptopin a suspect’s vehicle. Ponca City police arrested the men October 16, 2011 on suspicion of using counterfeit cards at a Wal-Mart Supercenter. The four had debit and gift cards encoded with stolen numbers, and inside a vehicle, authorities found a laptop, a magnetic card reader and writer, three iPads, and Wal-Mart receipts, the complaint said. The McDonald’s employee told authorities his accomplice would come to his apartment each night and download the card numbers from the skimmer. He said he was paid $600 and given two laptops and a Nintendo 3DS. Source: http://www.wkyc.com/news/state/article/235111/23/Credit-card-numbers-stolen-at-McDonalds

Information Technology

41. March 12, H Security – (International) Pwn2Own ends with three browsers felled. By the end of the Pwn2Own competition at CanSecWest, Google Chrome, Microsoft Internet Explorer, and Mozilla Firefox were all subject to zero day exploits, the H Security reported March 12. Chrome fell a second time in Google’s own Pwnium contest with an attack that pulled together three zero-day vulnerabilities. The first Chrome exploit by the VUPEN team is thought to have leveraged flaws in the Flash player bundled with the browser, while their Internet Explorer exploit first provoked a buffer overflow on the heap working around DEP and ASLR protections. The team then made use of a memory error to break out of the sandbox (protected mode) of the browser. Mozilla Firefox fell to a team of two. Their zero day vulnerability in Firefox involved a use-after-free problem that evaded DEP and ASLR protections in Windows 7. According to reports, the vulnerability was used to leak data multiple times that was then used to prepare code to be executed, again through the same vulnerability. At Google’s Pwnium contest, Chrome fell a second time after a hacker going by the name of “Pinkie Pie” chained three zero-day vulnerabilities in Chrome together to break out of the sandbox and execute code. Google later patched Pinkie Pie’s vulnerabilities and announced the changes are being distributed in an update to the stable version of Chrome. Further changes are expected to harden the browser against CVE-2011-3046 and CVE-2011-3047, the CVE numbers allocated to Pinkie Pie’s vulnerabilities. Source: http://www.h-online.com/security/news/item/Pwn2Own-ends-with-three-browsers-felled-Update-1469096.html

42. March 9, CNET – (International) Danish firm outlines two unpatched Safari vulnerabilities. The Danish IT security firm Secunia released an advisory March 9 regarding two unpatched vulnerabilities in Apple’s Safari 5 Web browser. The vulnerabilities so far are not known to be actively exploited; however, if done, they could allow an attacker to run malicious software and conduct spoofing attacks. The first vulnerability is in Safari’s plug-in handling system, where in some instances when interacting with the plug-in (such as by accessing its settings or contextual menus), if a user navigates to a new page, the plug-in may be unloaded in a way that allows it to write to freed memory and thereby allow code to be injected into components of memory no longer being controlled by the plug-in process. Secunia was able to exploit this bug in Safari version 5.1.2 (the Windows version) using the RealPlayer and Adobe Flash plug-ins, though the company warns other versions may also be affected. The second vulnerability is a problem with a built-in function called “setInterval,” where when exploited, a malicious attack can display arbitrary contents on the screen when a trusted URL isvisited, potentially allowing for spoofing and misleading people visiting those pages. This bug was found in version 5.0.5 of the Web browser, but was partially fixed in version 5.1.2, though it apparently is still exploitable. Source: http://news.cnet.com/8301-1009_3-57394491-83/danish-firm-outlines-two-unpatched-safari-vulnerabilities/

43. March 9, V3.co.uk – (International) Stricken Kelihos botnet rises from the dead. The Kelihos botnet that Microsoft claimed to have taken down in 2011 re-emerged with new tools aimed at rebuilding and infecting computers, according to security researchers, v3.co.uk reported March 9. They warned the resurgent botnet is being used to steal credentials, install malware, and distribute millions of German stock-related spam messages. According to Swiss researchers at the Abuse.ch blog, the new version of Kelihos is using a .eu domain in combination with so-called fast flux techniques. Fast flux is a DNS technique used by botnet operators to mask malware hosting Web sites behind a constantly-changing network of compromised machines, which act as proxies. Previously, Kelihos used domains associated with the Czech Republic. Security firm GFI also warned a new variant of Kelihos is on the loose, with those behind it seemingly intent on rebuilding the botnet. Microsoft said it shut down the botnet in September 2011. Security firm Kaspersky Labs, which worked with Microsoft on the initial Kelihos takedown reported seeing new variants of the botnet as early as January 2012. Source: http://www.v3.co.uk/v3-uk/news/2158406/stricken-kelihos-botnet-rises-de

Communications Sector

44. March 10, Niagara Gazette – (New York) Thieves try to take copper from Falls cell tower. Two men attempting to steal copper wiring and metal piping from a cell phone tower and generator in Niagara Falls, New York, were interrupted when a technician arrived to determine why power had been cut. Police were called to a warehouse March 9, and were met by a field operations technician for Cricket Communications. The worker said Cricket has a cell tower and generator on top of the warehouse along with copper wiring running behind the building. The technician said he received a call from the network operator informing him power had been lost. When he arrived, he heard someone running and tried to chase the suspects down but was unsuccessful. He then found copper wiring from the tower and generator had been removed and rolled onto spools, and metal piping had been cut and placed on the ground. Police found a pair of bolt cutters nearby. The owner of the warehouse looked at surveillance video and said the footage shows two people with flashlights near the phone generator rolling up copper wiring. Damage to the tower and generator was estimated at $5,000. Source: http://niagara-gazette.com/local/x2029123084/Thieves-try-to-take-copper-from-Falls-cell-tower

No comments: