Friday, August 31, 2012

Complete DHS Daily Report for August 31, 2012

Daily Report

Top Stories

• About half of the homes and businesses in Louisiana — 903,000 — were without power as Tropical Storm Isaac moved inland August 30. – Associated Press

3. August 30, Associated Press – (Louisiana) About half La. without power as Isaac moves inland. About half of Louisiana was without power as Tropical Storm Isaac moved inland, the Associated Press reported August 30. The Louisiana Public Service Commission said 903,000 homes and businesses around the State — about 47 percent of all customers — were without power. Entergy Corp. said that included about 686,000 of its customers. Another 87,000 were customers of Cleco Corp. Nearly all customers were without power in Plaquemines, St. Bernard, and St. John the Baptist parishes, while at least three-quarters of homes and businesses had power outages in Iberville, East Feliciana, Jefferson, Lafourche, Orleans, St. Charles, St. James, St. Tammany, Tangipahoa, Terrebonne, and West Feliciana parishes. Source: http://www.businessweek.com/ap/2012-08-30/about-half-la-dot-without-power-as-isaac-moves-inland

• Officials were investigating how a man breached security at one of the nation’s busiest ports, boarded a ship, and ended up in the captain’s cabin. – Associated Press

15. August 30, Associated Press – (New Jersey; New York) Man scales fence at NJ port, boards cargo ship. Officials were investigating how a man breached security at one of the nation’s busiest ports, boarded a ship and was found in the captain’s cabin, the Associated Press reported August 30. Authorities believe the man scaled a barbed-wire-topped 6-foot security fence at the Port Newark marine terminal in Newark, New Jersey August 29. A Port Authority of New York and New Jersey official said he wandered around unchallenged before he boarded the cargo ship and was discovered in the captain’s bed about 4 hours later. Port Newark encompasses 180 acres and handles more than 600,000 shipping containers annually. Source: http://www.stargazette.com/viewart/20120830/NEWS01/308300025/Man-scales-fence-NJ-port-boards-cargo-ship?odyssey=mod|newswell|text|FRONTPAGE|s

• Advanced malware that evades signature-based detection has increased nearly 400 percent in the past year, according to research by security firm FireEye. – ComputerWeekly.com See item 41 below in the Information Technology Sector

• Officials began a controlled release of water at a dam that threatened to break near the Louisiana-Mississippi border, flooding a rural area where up to 60,000 residents were evacuated August 30. – USA Today; Associated Press

50. August 30, USA Today; Associated Press – (Louisiana; Mississippi) Evacuations ordered over possible dam break from Isaac. Officials began a controlled release of water at a dam in Tangipahoa Parish that threatened to break near the Louisiana-Mississippi border flooding a rural area where up to 60,000 residents were evacuated August 30. Search-and-rescue teams were assembled and two nursing homes were evacuated. Louisiana’s governor said that if the water had not been released it would have caused significant flooding — with water pouring into the already swollen Tangipahoa River, swamping low-lying areas downstream. Residents had less than 90 minutes to evacuate after the order was given, the governor said. The U.S. Army Corps of Engineers examined the dam. If it were to burst residents could see floodwaters as high as 17 feet. The National Guard was also evacuating 3,000 people trapped by flooding in LaPlace, Louisiana, the governor’s office said. Rising water closed off all main thoroughfares into the parish, about 30 miles west of New Orleans. The hurricane-protection system ringing the New Orleans area continued to hold, keeping storm surge and floodwaters out of the city but in LaPlace and Slidell, rescue crews helped residents evacuate from flooded homes. Area rivers, steadily swelling with Isaac’s rains, were not expected to crest until the weekend of September 1, potentially flooding more homes and making more roads impassable, said a Louisiana State Police captain. Statewide, 6,191 residents — with the number expected to grow — were in shelters, the governor said. Nearly half of Louisiana remained without power. In neighboring Mississippi, utility companies said they were working to restore power to more than 150,000 customers. Louisiana and parish officials were studying the levees in Plaquemines Parish August 30 to determine the best place to punch a holeto relieve trapped floodwaters that overran the enclave of Braithwaite. Source: http://www.usatoday.com/weather/storms/story/2012-08-30/isaac/57434590/1

Details

Banking and Finance Sector

11. August 29, Parsippany Daily Record – (New Jersey) Well-dressed bandit sought by cops. Morris County, New Jersey authorities are looking for a man who appears to be dressed preppy in a sport jacket, dress shirt, and various hats, and is suspected in four bank heists committed between July 20 and August 23, the Parsippany Daily Record reported August 29. Based on surveillance images, police believe the man who held up the four banks in Parsippany, Lincoln Park, and Mount Olive without showing a weapon is the same person who made personnel at a PNC Bank in Kinnelon August 28 suspicious enough to call authorities. The holdups occurred July 20 at the Indus American Bank in Parsippany; July 30 at PNC Bank in Budd Lake; August 10 at Capital One in Lincoln Park; and August 23 at Boiling Springs Savings Bank in Lincoln Park. Source: http://www.dailyrecord.com/article/20120829/NJNEWS/308290063/Well-dressed-bandit-latest-Morris-County-serial-bank-robber

12. August 29, Reuters – (National) Citigroup settles shareholder CDO lawsuit for $590 mln. Citigroup Inc agreed to pay $590 million to settle a shareholder lawsuit accusing it of hiding tens of billions of dollars of toxic mortgage assets, one of the largest settlements stemming from the global financial crisis, Reuters reported August 30. The agreement resolved claims that shareholders ended up with massive losses after the bank failed to take timely writedowns on collateralized debt obligations, many backed by subprime mortgages, and engaged in self-dealing transactions that hid the risks. Citigroup denied wrongdoing in agreeing to settle, and said the $590 million is covered by existing reserves. A U.S. district judge in Manhattan granted preliminary approval of the settlement, and scheduled a January 15, 2013 hearing to consider final approval. Source: http://reuters.com/article/2012/08/29/citigroup-settlement-idINL2E8JT8CA20120829

13. August 29, WHTM 27 Harrisburg – (Pennsylvania) Accused bank robber admitted to other holdups, police say. A man arrested for the robbery of a Shrewsbury, Pennsylvania bank the week of August 20 is facing more charges after admitting to other holdups in York and Lancaster counties and in the Lehigh Valley, police said. WHTM 27 Harrisburg reported August 29 that the man admitted to robbing banks in Newberry Township and Hanover in York County, East and West Hempfield townships in Lancaster County, and in the Allentown and Reading areas, according to southern regional police. The admission came during an interview at the York County Prison, where he remains held with further charges pending, police said. Authorities said they continue to investigate whether anyone else was involved in the crimes. The man was taken into custody August 17 when he surrendered to police on charges that he robbed a Sovereign Bank the previous day. Source: http://www.abc27.com/story/19413272/accused-bank-robber-admitted-to-other-holdups-police-say

14. August 29, WHTM 27 Harrisburg – (Pennsylvania) Suspected bank robber indicted in 3 handkerchief holdups. A federal grand jury has indicted a man suspected of robbing three banks in Harrisburg and York, Pennsylvania, while disguising his face with a handkerchief, WHTM 27 Harrisburg reported August 29. The man is accused of robbing Fulton and Sovereign banks in Harrisburg and the White Rose Credit Union in York, according to a U.S. attorney. The Fulton Bank was robbed March 14, and the Sovereign Bank March 22. The White Rose Credit Union was robbed April 2. The man stole about $2,000 in each of the robberies. In each case, the suspect had a white hanky or tissue covering the lower part of his face and handed over a note demanding money. No weapon was shown. Source: http://www.abc27.com/story/19409740/suspected-bank-robber-indicted-in-3-handkerchief-holdups

Information Technology Sector

39. August 30, Help Net Security – (International) Java 0-day exploit served from over 100 sites. After an exploit for the two unpatched Java zero-day vulnerabilities has been added to the Blackhole exploit kit, the number of sites functioning as entrance points for malware has risen exponentially. According to the director of security research at Websense, the company has already spotted over 100 unique domains serving the Java exploit. ―The number is definitely growing ... and because Blackhole has an updatable framework and already has a foothold on thousands of sites, we anticipate that the number of sites compromised with this new zero-day will escalate rapidly in the coming days,‖ he said. Malware peddlers have also begun their efforts to drive traffic to those domains, as witnessed by a slew of emails purportedly coming from the Dutch branch of the accountancy firm BDO Stoy Hayward, trying to trick people into following the offered link with news that the VAT rate will increase starting October 1, 2012. Source: http://www.net-security.org/secworld.php?id=13507

40. August 29, ZDNet – (International) Cybercriminals impersonate popular security vendors, serve malware. Security researchers from Websense have intercepted a currently circulating spam campaign, impersonating popular antivirus vendors in an attempt to trick end and corporate users into downloading and executing the malicious attachment. According to Websense, the campaign is low-volume, and is currently impersonating Symantec, F-Secure, Verisign, and Sophos. The malicious payload is currently detected by 3 out of 42 antivirus scanners as Trojan.Agent Gen-Banload; TROJ_GEN.R47H1HR. Source: http://www.zdnet.com/cybercriminals-impersonate-popular-security-vendors-serve-malware-7000003433/

41. August 29, ComputerWeekly.com – (International) Explosion in malware bypassing traditional defenses, study shows. Advanced malware that evades signature-based detection has increased nearly 400 percent in the past year, research by security firm FireEye revealed. Companies are being hit by an average of 643 successful infections a week, according to the firm’s latest Advanced Threat Report on cyber attacks that routinely bypass traditional defenses. Such defenses include intrusion prevention systems, firewalls anti-virus, and other signature, reputation, and basic behavior-based technologies. The report, which covers the first half of the year, highlights the intensified danger of email-based attacks, with researchers seeing a 56 percent growth in email-based attacks from the first to the second quarter of 2012. Another trend highlighted by the report is the increased use of dynamic, throw-away domains. Researchers saw a significant increase in dynamic links that were used five times or less. Links that were seen just once grew from 38 percent in the second half of 2011 to 46 percent in the first half of 2012. ―The results of this report make it even more clear that reactive signature-based defenses cannot prevent evasive strains of malware from making their way into the enterprise,‖ said the FireEye founder and CEO. Source: http://www.computerweekly.com/news/2240162366/Explosion-in-malware-bypassing-traditional-defences-study-shows

For another story, see item 42 below in the Communications Sector

Communications Sector

42. August 29, New England Cable News – (Massachusetts) Verizon telecommunications outage causes problems. People in Massachusetts were still dealing with service outages with Verizon, New England Cable News (NECN) reported August 29. Thousands did not have phone, Internet, or TV service because of a fire that knocked out Verizon’s connection. Verizon was working around the clock to repair a complicated network of cables after a homeless man’s mattress caught fire under a bridge in Lawrence August 27, damaging Verizon’s systems. A spokesperson said about 8,000 customers in dozens of communities from the Merrimack Valley all the way up to Cape Anne lost phone, Internet, and cable services. A Verizon spokesperson said late the afternoon of August 29 that 7,000 customers had had services restored. The company hopes to have services back online for the remaining 1,000 customers in the next few days. Source: http://www.necn.com/08/29/12/Verizon-telecommunications-outage-causes/landing.html?blockID=764965&feedID=4213

Thursday, August 30, 2012

Complete DHS Daily Report for August 30, 2012

Daily Report

Top Stories

• A tanker truck carrying liquid butane crashed August 29 in Kane, Pennsylvania, prompting officials to evacuate 1,000 people, shut down major roads, and turn off gas and electricity. – Pittsburgh Post-Gazette

4. August 29, Pittsburgh Post-Gazette – (Pennsylvania) Evacuation in Kane after truck carrying butane overturns. A tanker truck owned by Elkhorn Corp. carrying liquid butane crashed early August 29 in Kane, Pennsylvania, and prompted officials to evacuate a large portion of the McKean County town as a precaution. The truck overturned near the center of town and came to rest against a building. State police said there was no leak. A volunteer with the Kane Volunteer Fire Department said about 250 households were evacuated. That is about 1,000 people, or a quarter of the town’s population, he estimated. He said gas and electricity would also be shut down in the evacuation area before crews from another trucking company, righted the truck and pumped the highly flammable butane from the tank. A spokesman for the State Department of Environmental Protection said a representative was dispatched to Kane to advise local hazardous material crews. He said Pennsylvania Emergency Management Agency officials told him crews estimated the tanker could by early afternoon. The evacuation order would be lifted shortly after. U.S. Route 6, which follows Greeves and North Fraley streets, was expected to remain closed until at least early afternoon. Truck traffic was being kept off of Routes 66 and 321, said a Pennsylvania Department of Transportation spokesman. The Red Cross has set up a temporary shelter at Kane High School for displaced residents. The Kane Area School District canceled classes August 29. An area of as much as a half-mile from the accident is in the evacuation area. Source: http://old.post-gazette.com/pg/12242/1257554-454.stm

• Pennsylvania State Police were investigating a possible security breach at the Shoemakersville water plant that caused officials to warn area residents not to drink tap water for 4 days. – Reading Eagle

20. August 29, Reading Eagle – (Pennsylvania) Fear of security breach prompted tap water ban; probe ongoing. Pennsylvania State Police were investigating a possible security breach at the Shoemakersville water plant that caused officials to warn residents of the borough and Perry Township not to drink the tap water, the borough emergency management coordinator said August 28. The drinking ban went into effect August 24 and was lifted August 27 after a series of tests by the State Department of Environmental Protection and an independent testing firm determined the water met all safety levels for consumption. The steps officials took to warn residents not to drink the water were only a precaution. New security measures were implemented at the plant following the incident. Clean water was made available to residents while the ban was in place. Source: http://readingeagle.com/article.aspx?id=412015

• Park officials contacted 1,700 visitors who stayed at tent cabins in Yosemite National Park this summer, warning them they may have been exposed to a deadly disease that has killed two people. – Associated Press

45. August 28, Associated Press – (California) Yosemite officials say 1,700 visitors risk disease. Tent cabins of Yosemite National Park in California have become the scene of a public health crisis after two visitors died from a rodent-borne disease following overnight stays. August 28, park officials sent letters and emails to 1,700 visitors who stayed in some of the dwellings in June, July, and August, warning them that they may have been exposed to the disease. Four people contracted hantavirus pulmonary syndrome after spending time in one of the 91 ―Signature Tent Cabins‖ at Curry Village around the same time in June. The illness is spread by contact with rodent feces, urine, and saliva, or by inhaling exposed airborne particles. After the first death, the park sanitized the cabins and alerted the public. However, officials did not know for sure the death was linked to Yosemite or the campsite until the Centers for Disease Control determined a second visitor, a resident of Pennsylvania, had died. August 26, health officials with the National Park Service sent out an alert asking public health authorities to be on the watch for more potential rodent-related cases of acute respiratory failure. Yosemite receives 4 million tourists a year from around the world, and national park officials were trying to determine if the warning should be expanded to include foreign countries. Source: http://www.14news.com/story/19391197/2nd-person-dies-of-hantavirus-after-yosemite-visit

• Hurricane Isaac lashed Louisiana and several other States August 28 and 29, overtopping levees and flooding homes and roads, forcing authorities to make hundreds of rescues. The storm also knocked out power to more than 725,000 people in five States. – Raycom News Network

46. August 29, Raycom News Network – (Louisiana; Southeast) Isaac downgrades to tropical storm. Hurricane Isaac was downgraded to a tropical storm the afternoon of August 29, but remained a threat to life and property on the Gulf Coast, said the National Hurricane Center (NHC). Louisiana’s governor said the levee in Plaquemines Parish may be intentionally breached to relieve flooding. He said there was no estimate on when they may breach. The slow-moving storm caused water to start pouring over the top of the parish levee before daybreak August 29. There were around 150 calls for rescue from rising flood waters in the parish, according to CNN. A total of 75 people were rescued in Braithwaite, while at least 25 more waited on rooftops and in attics. The overtopped levee stretches 18 miles from Braithwaite to White Ditch. CNN reported more than 8,000 National Guard personnel were at the ready for relief operations, and at least 4,100 people were in shelters. CNN reported more than 673,000 total had lost power across five States. Additional mandatory evacuations were ordered. The National Weather Service predicted dangerous storm surges and flood threats in southeastern Louisiana to last through August 29 night. The overtopped levee was left out of the federal rebuilding of the levee system, although the parish was fortifying it before Isaac hit. The NHC predicted rainfall totals between 7 to 14 inches for much of Louisiana, southern Mississippi, southern Alabama, and the extreme western Florida panhandle. However, totals could reach 20 inches in harder hit areas. The NHC said high winds could cause isolated tornadoes. It predicted water levels could reach 6 to 12 feet above ground in Mississippi and southeastern Louisiana; 3 to 6 feet in Alabama south-central Louisiana; 2 to 4 feet in the Florida panhandle and Apalachee Bay; and up to 3 feet on in the remainder of the Florida west coast. Storm surges of 11 feet were recorded in southeastern Louisiana. In New Orleans, all levees, pumping stations and flood gates were holding as expected. CNN reported a barge broke loose due to winds reaching over 60 mph. The barge hit three unoccupied passenger ships in the area. A 47-foot boat sunk in the accident. CNN also said at least 12 intersections in New Orleans proper have flooded since the storm first ht the city. Several bridges were also shut down due to storm conditions. Source: http://www.kpho.com/story/19403429/isaac-pours-over-gulf-coast-prompts-flooding

Details

Banking and Finance Sector

9. August 28, KEYT 3 Santa Barbara – (California) FBI looking for ‘Armed & Ready’ bandit. Police are searching for a man they said is responsible for a string of bank heists in the Santa Barbara, California, area, KEYT 3 Santa Barbara reported August 28. The so-called ―Armed & Ready‖ bandit is linked to three bank robberies in Santa Barbara between May 2010 and February 2012. During the robberies, the suspect enters the bank in the morning hours wearing a ski mask and conducts a takeover style robbery. Source: http://www.keyt.com/news/local/FBI-Looking-for-Armed--Ready-Bandit--167770275.html

10. August 28, San Antonio Express-News – (Texas) Woman to plead guilty in large mortgage fraud. A key defendant in a large Texas mortgage fraud ring took a plea deal for her role in a scheme that left lenders holding the bag for more than $50 million in bad loans, the San Antonio Express-News reported August 28. The woman signed an agreement to plead guilty to conspiracy to commit mail fraud and, in a separate case, to one count of preparing a false tax return. The woman is the wife of a man who was the main target in Texas’ part of a 2010 nationwide mortgage fraud sweep called ―Operation Stolen Dreams.‖ An indictment alleged the husband used several title and mortgage brokerage companies in a ―flipping‖ scheme using straw buyers that caused lenders to dole out $50 million in mortgages. Many of the homes were condominiums in the Dallas area, but some of the fake documents for loans were mailed to brokers in San Antonio, the indictment said. The scheme was aided by appraisers, title officers, escrow officers, mortgage processors, and others who helped submit fake documentation and data to lenders. Source: http://www.mysanantonio.com/news/local_news/article/Woman-to-plead-guilty-in-large-mortgage-fraud-3821294.php

11. August 28, The Register – (International) 1 Million accounts leaked in megahack on banks, websites. Hacker collective Team GhostShell leaked a cache of more than 1 million user account records from 100 Web sites over the weekend of August 25, The Register reported. The group, which is affiliated with the hacktivist group Anonymous, claimed they broke into databases maintained by banks, U.S. government agencies, and consultancy firms to leak passwords and documents. Some of the pinched data included credit histories from banks among other files, many of which were lifted from content management systems. Some of the breached databases each contained more than 30,000 records. An analysis of the hacks by security firm Imperva revealed that most of the breaches were pulled off using SQL injection attacks. Source: http://www.theregister.co.uk/2012/08/28/team_ghostshell_megahack/

12. August 24, Washington Post – (District of Columbia) FBI, police hunt for bank burglar who cut through walls in Georgetown, Woodley Park. Washington, D.C. police and the FBI are trying to determine whether one man is responsible for an unusual string of bank break-ins in the northwest part of the District, getting inside by cutting holes in the walls of adjacent, vacant storefronts, the Washington Post reported August 24. Two break-ins occurred at the same Bank of America branch in Woodley Park May 24, 2011, and August 17, which caused significant structural damage. The latest occurred August 24 at a M&T Bank in Georgetown, forcing the branch to close August 24 and possibly August 25, a spokesman said. Police could not say if the same person committed all of the break-ins, but an FBI spokeswoman said the ―methods are very, very similar.‖ The culprit(s) escaped empty-handed each time, police said, unable to get money from the automated teller machines that appeared to be the target. A tool was not recovered, but surveillance photos have twice captured images of a person dressed in a white waterproof jumpsuit. The jumpsuit was described by the FBI as a Tyvek suit, made by DuPont and resembling a decontamination suit. Source: http://www.washingtonpost.com/local/crime/fbi-police-hunt-for-bank-burglar-who-cuts-through-walls-in-georgetown-woodley-park/2012/08/24/93134be0-ee10-11e1-afd6-f55f84bc0c41_story.html

Information Technology Sector

32. August 29, Softpedia – (International) Intuit security tool spam campaign making the rounds once again. Malicious emails claiming to originate from Intuit are attempting to convince recipients they need to install a piece of software to access their QuickBooks accounts, giving them a deadline to comply. The email looks the same as an older variant that made rounds over a year ago. It seems this spam campaign has been reinitialized to steal sensitive data from Intuit customers. The message reads: ―You will not be able to access your Intuit QuickBooks account without Intuit Security Tool (IST) after 31th of August, 2012. You can download Intuit Security Tool here.‖ The links from the email currently lead to a compromised Web site from Denmark on which the cybercriminals planted a phishing Web page. The company has warned users to avoid such emails ever since the campaign started. They highlight the fact that legitimate emails will never contain ―software update‖ or ―software download‖ attachments. Source: http://news.softpedia.com/news/Intuit-Security-Tool-Spam-Campaign-Making-the-Rounds-Once-Again-288864.shtml

33. August 29, InformationWeek – (International) Java zero day attack: Second bug found. The zero-day Java attack recently discovered by security researchers, which appears to have been launched from China, is more complex than previously thought. While researchers had identified a Java 7 security-settings bug exploited in the attack, they have since found it is chained with a second vulnerability. ―Most of the online analysis talks about one vulnerability, where we saw two vulnerabilities being exploited to achieve full execution on a target, according to a blog post from a Python developer and security researcher at the information security firm Immunity. ―The first bug was used to get a reference to sun.awt.SunToolkit class that is restricted to applets, while the second bug invokes the getField public static method on SunToolkit using reflection, with a trusted immediate caller bypassing a security check. He said the bugs had to be chained together to create a working exploit. He also noted the ―getField Java bug was introduced with Java 7.0 — which debuted July 28, 2011 — and suggested a foreign nation state, or states, may have been ―enjoying it non-stop for quite some time now. Source: http://www.informationweek.com/security/vulnerabilities/java-zero-day-attack-second-bug-found/240006431

34. August 29, The Register – (International) ‘First ever’ Linux, Mac OS X-only password sniffing Trojan spotted. Security researchers have discovered a Linux and Mac OS X cross-platform trojan. Once installed on a compromised machine, Wirenet-1 opens a backdoor to a remote command server and logs key presses to capture passwords and sensitive data typed by victims. The program also grabs passwords submitted to Opera, Firefox, Chrome, and Chromium Web browsers, and credentials stored by applications including email client Thunderbird, Web suite SeaMonkey, and chat app Pidgin. The malware then attempts to upload the gathered data to a server hosted in the Netherlands. Wirenet-1 was intercepted by the Russian antivirus firm Dr Web, the same company that carried out much of the analysis of the infamous Flashback trojan. Dr Web describes Wirenet-1 as the first Linux/OSX cross-platform password-stealing trojan. Analysis work on Wirenet-1 is ongoing. Once executed, it copies itself to the user’s home directory and uses AES to encrypt its communications with a server over the Internet. Source: http://www.theregister.co.uk/2012/08/29/linux_mac_trojan/

35. August 28, IDG News Service – (International) Unpatched Java vulnerability exploited in Blackhole-based attacks. Attacks targeting an unpatched vulnerability in the latest versions of Java 7 have become widespread after an exploit for the new flaw was integrated into the popular Blackhole attack toolkit, according to security researchers from antivirus vendor Kaspersky Lab. ―The first victim regions to be hit with the Blackhole stuff were the U.S., the Russian Federation, Belarus, Germany, the Ukraine and Moldova,‖ a Kaspersky researcher said August 28 in a blog post. After a reliable exploit for the new Java vulnerability — now identified as CVE-2012-4681 — was released August 27, many researchers warned that cybercriminals would soon start targeting the flaw on a large scale. Kaspersky’s new report shows that the toolkit’s customers have already started using it. ―Oracle needs to step it up and deliver an OOB [out-of-band] patch, which historically they have failed to do,‖ the Kaspersky researcher said. Source: http://www.pcworld.com/businesscenter/article/261573/unpatched_java_vulnerability_exploited_in_blackholebased_attacks.html

Communications Sector

36. August 28, District of Columbia Hill – (National) FCC prepares for communications outages from storm. The Federal Communications Commission (FCC) was working with federal and local officials to respond to communications outages that might occur as the southeast braces for Hurricane Isaac, the District of Columbia Hill reported August 28. An FCC official explained that cellular and landline phone providers are required to report outages to the FCC. The commission has also set up a voluntary online system, called the Disaster Information Reporting System, for broadcasters, cable providers, and other communications companies to alert officials of outages. In July, the FCC began exploring the possibility of launching flying cellular transmitters after disasters to restore service. The transmitters could be attached to unmanned drones or balloons and would take the place of disabled cell towers. Source: http://thehill.com/blogs/hillicon-valley/technology/246041-fcc-prepares-for-communications-outages-from-storm

Wednesday, August 29, 2012

Complete DHS Daily Report for August 29, 2012

Daily Report

Top Stories

• The U.S. government said 78 percent of oil production in the Gulf of Mexico was stopped as companies prepared for Hurricane Isaac. – Associated Press

1. August 28, Associated Press – (National) U.S: 78 pct. of Gulf oil production shut by storm. The U.S. government stated 78 percent of the oil production in the Gulf of Mexico has been halted in preparation for Tropical Storm Isaac, the Associated Press reported August 27. The Bureau of Safety and Environmental Enforcement reported about 1 million barrels per day of oil production has stopped as companies have evacuated 346 offshore oil and gas production platforms. That is 17 percent of daily U.S. oil production and 6 percent of consumption. The agency said 2 billion cubic feet of natural gas production is also affected. That is about 3 percent of daily U.S. production and consumption. Production was expected to quickly resume after the storm passes. Source: http://www.dailytribune.net/news/state/article_36fae423-0724-5a5d-a580-3c0c11012d1a.html

• Authorities arrested seven people allegedly involved in an extensive bank scam that stole as much as $100 million from several large banks throughout the country, police reported. – KCAL 9 Los Angeles See item 14 below in the Banking and Finance Sector

• Hackers are taking advantage of a zero-day vulnerability in Java 7 that can be exploited through any browser on any system, security experts said. – Computerworld See item 37 below in the Information Technology Sector

• Restoration efforts for thousands of Verizon customers at homes, businesses, and government agencies in the Lawrence, Massachusetts area continued after a fire under the Central Bridge August 27 damaged Verizon cables. – Verizon See item 38 below in the Communications Sector

• Engineers closed the floodgates around the city of New Orleans, hoping to keep water from the Gulf of Mexico out as Hurricane Isaac headed toward the city and its newly reinforced 350-mile flood protection system. – USA Today; Associated Press

47. August 28, USA Today; Associated Press – (Louisiana; Southeast) Isaac barrels in as Category 1 hurricane. Isaac strengthened into a Category 1 hurricane with 75-mph winds as it made its way toward Louisiana, USA Today reported August 28. Forecasters at the U.S. National Hurricane Center upgraded the storm August 28 saying Isaac gained strength as it moved over the warm, open waters of the Gulf of Mexico. Engineers closed the floodgates around the city of New Orleans, hoping to keep water from the Gulf from surging into the area as Isaac moved closer to shore, threatening to cause major flooding. All eyes are on the newly reinforced hurricane protection system which includes 350 miles of levees, floodwalls, and floodgates ringing the greater New Orleans area. Isaac will be the first true test of the $14 billion system, which was bolstered by the U.S. Army Corps of Engineers (USACE) following Katrina in 2005. By August 28, USACE closed 124 of the 127 gates in the city, said the president of the Southeast Louisiana Flood Protection Authority East, a quasi-State agency created after Katrina to monitor Corps projects. Engineers closed the remaining gates at a massive surge barrier east of the city and another large gate near Lake Pontchartrain, sealing the 200 miles of perimeter around the metro area, he said. Isaac was expected to push a storm surge of 6 to 12 feet and dump up to 18 inches of rain in some places. Officials expect the system to hold up fine. States of emergency were in effect in Louisiana, Mississippi, Alabama, and Florida. Source: http://www.usatoday.com/weather/storms/story/2012-08-28/storm-isaac-hurricane/57360044/1?csp=34news

Details

Banking and Finance Sector

13. August 27, Credit Union Times – (National) Credit unions, banks bilked in $16 million Jiffy Lube scam. Credit unions and other lenders were among those allegedly defrauded out of $16 million in a case involving the sale of and leaseback of several businesses in four States, Credit Union Times reported August 27. The U.S. Attorney’s Office for the Middle District of Pennsylvania announced the indictment of a real estate broker/investment consultant. The attorney said that between 2006 and 2008, the man and a co-conspirator allegedly used a group of companies to buy Jiffy Lube stores, automotive service businesses, convenience store/gas stations, and other commercial properties and then sell them to investors in Pennsylvania and California. Financing and commercial loans were allegedly obtained from Indiana First Savings Bank, Bank of the West, California Credit Union, Travis Credit Union, and Great Lakes Credit Union for investors to purchase properties and then used other companies controlled by the co-conspirators to lease and operate the properties. The indicted man allegedly provided investors and lenders with false and fraudulent financial data on the investment properties, which induced loans and investments totaling approximately $16 million. He would then allegedly divert funds from the sale of the properties to cover lease payments and expenses and to buy new properties and also allegedly received approximately $1.9 million in commissions and consulting fees from the sale of properties, authorities said. The co-conspirator was previously charged and pleaded guilty in April 2011. Source: http://www.cutimes.com/2012/08/27/credit-unions-banks-bilked-in-16-million-jiffy-lub?ref=hp

14. August 27, KCAL 9 Los Angeles – (California; National) Secret Service, OC police nab 7 suspects in massive bank scam. Authorities arrested seven people allegedly involved in an extensive bank scam that stole as much as $100 million from several large banks throughout the country, police reported. More arrests would be made as the investigation continues, a Huntington Beach, California police sergeant said August 27. The case started when a woman drained $24,000 from another person’s account at a Chase bank in Huntington Beach. She was caught and pleaded guilty in July to using a counterfeit credit card. More suspects have been accused of the same ―account takeovers‖ and police suspect they had help from bank employees. A task force, which also included Los Angeles County sheriff’s deputies as well as Los Angeles, Irvine, and Huntington Beach police, served five search warrants the week of August 20. ―There are 50 to 55 we have identified or are going to identify, of which seven were arrested last week,‖ the police sergeant said. The thieves struck 300 to 500 bank branches, taking out $5,000 to $7,000 each time, according to the sergeant, who said the losses could be higher than what police have estimated thus far. He noted that Bank of America has lost about $12 million. Investigators planned to meet with Citibank officials August 28. Source: http://losangeles.cbslocal.com/2012/08/27/secret-service-oc-police-nab-7-suspects-in-massive-bank-scam/

15. August 27, USA Today – (National) Cybercrooks fool financial advisers to steal from clients. Cybercriminals are using falsified email messages in attempts to con financial advisers into wiring cash out of their clients’ online investment accounts, USA Today reported August 26. If the adviser falls for it, a wire transfer gets legitimately executed, and cash flows into a bank account controlled by the thieves — leaving the victim in a dispute with the financial adviser over getting made whole. Anecdotal evidence of this ruse — directed at financial planners, estate lawyers, and other advisers who rely on email and online banking to work with clients — has just begun to surface, according to tech security and online banking experts. IDentity Theft 911, a theft-recovery service, is working on a case where a faked email led to a $35,000 transfer. In another caper, a veteran financial planner was fooled by a Gmail message appearing to arrive from an insurance company executive. The email carried instructions to wire $15,850 into an account at PNC Bank, worded in a casual style similar to past emails the adviser had received from the executive. Luckily, the planner phoned his client to clarify which account to pull the money from and discovered the fraud. Cybercriminals have discovered investors now routinely rely on email to authorize personal advisers to execute financial transactions. ―Instead of managing layers of malicious software, all the bad guys need is e-mail and phone skills‖, a vice president at Authentify said. Source: http://www.usatoday.com/tech/news/story/2012-08-26/wire-transfer-fraud/57335540/1

16. August 27, Topeka Capital-Journal – (Kansas; Missouri) Man admits scheme was based on bank, wire fraud. A man has pleaded guilty to swindling banks and investors out of more than $5 million, a U.S. attorney said August 27. The Overland Park, Kansas man pleaded guilty to one count of bank fraud, one count of aggravated identity theft, one count of money laundering, and one count of wire fraud. In his plea, he said he devised a scheme in which he defrauded Kansas City, Missouri area financial institutions including Valley View Bank, Bank of the West, and Marshall & Ilsley Bank by providing them with false financial data to obtain lines of credit and loans. He obtained loans by providing false documentation, and arranged for a person to call a loan officer at Valley View Bank to claim he had more than $2.7 million invested with the caller. One of the loans was obtained for his company, Software4Biz Consulting using fake documents. He also co-founded a company called BlueValley Capital Management LLP. Partners in the venture invested $50,000. When soliciting investors, he made false statements overstating the annual return of the partners’ investments. When one of the co-founders requested an audit, he provided a report with false data. He also falsely claimed to have the ability to purchase pre-initial public offering stock in Facebook. Source: http://cjonline.com/news/2012-08-27/man-admits-scheme-was-based-bank-wire-fraud

17. August 27, U.S. Federal Bureau of Investigation – (Maryland) Man pleads guilty to $163,000 credit card fraud scandal in Maryland. A man pleaded guilty in Greenbelt, Maryland, August 27 to fraud in connection with access devices that cost merchants more than $163,376. According to his guilty plea, from February 20, 2008 to April 2, 2010, he obtained credit cards in his own name and added fictitious names as secondary users on the accounts. He then used the credit cards to order items from merchants on payment plans. He provided multiple different addresses to which the items should be shipped, including addresses for himself, his friends and relatives, and vacant addresses. Merchants charged his credit cards in installments over a period of time. He then reported to the credit card companies that his cards had been lost or stolen. The companies closed those credit card accounts and issued new credit card account numbers. When the merchants tried to charge the man’s credit cards for the subsequent installment payments, they were unable to do so because those accounts had been closed. The man maintained at least three eBay accounts, which he used to sell the items that he had fraudulently obtained from the merchants. Source: http://www.loansafe.org/man-pleads-guilty-to-163000-credit-card-fraud-scandal-in-maryland

18. August 27, MLive.com – (National) Couple accused of $10-plus million Ponzi scheme against Detroit police and fire pension spent frivolously. A Florida couple is accused of initiating a Ponzi scheme that stripped the Detroit Police and Fire Retirement and other creditors of $39.5 million dollars, MLive.com reported August 27. After receiving a $9.9 million loan in 2008 from the pension system for the purposes of investing in distressed properties for resale, a husband and wife who at the time operated South Carolina-based Paramount Land Holdings never made payments in accordance with the agreement, the federal complaint against them reads. Prior to the pension board filing a complaint in April, the couple fled to the Caribbean, during that period spending large sums on expensive works of art. The pair approached the former president of Paramount Limited with the land-purchase-business proposal, which he presented to the pension board. Although the board chose not to invest in the business, it granted a $10 million loan with an 18 percent interest rate. While investigating the potential second loan, the board identified ―numerous substantial breaches‖ related to the initial $10 million and filed for default. The couple allegedly spent $5 million of the loan they received on more than 2,500 properties in 30 States. Based on the costs of litigation, unpaid interest, and other fees, the pension fund claims the couple owes more than $15.3 million to the pension fund. Combined with other creditors, they owe at least $39.5 million, the Detroit News reported. Source: http://www.mlive.com/news/detroit/index.ssf/2012/08/couple_accused_of_10-plus_mill.html

Information Technology Sector

36. August 27, The H – (International) Five 0days: HP in the security dock. In compliance with its policies, the Zero Day Initiative (ZDI) has released five security holes that HP has had more than 6 months to fix. All of the zero-day holes affect products in HP’s enterprise and networking divisions: HP LeftHand Virtual SAN, HP Operations Agent for NonStop, HP Intelligent Management Center, HP iNode Management Center, and HP Diagnostics Server. In all five products, remote attackers can exploit programming flaws to inject and execute arbitrary code via specially crafted requests — sometimes even at system user level, the highest threat level. In all five cases, the ZDI informed the company of the problems at the end of 2011. Source: http://www.h-online.com/security/news/item/Five-0days-HP-in-the-security-dock-1676337.html

37. August 27, Computerworld – (International) Macs at risk from ‘super dangerous’ Java zero-day. Hackers are exploiting a zero-day vulnerability in Java 7, security experts said August 27. The unpatched bug can be exploited through any browser running on any operating system, from Windows and Linux to OS X, that has Java installed, said the engineering manager for Metasploit, an open-source penetration testing framework. The CTO of Errata Security confirmed the Metasploit exploit — which was published less than 24 hours after the bug was found — is effective against Java 7 installed on OS X Mountain Lion. He said he was able to trigger the vulnerability with the Metasploit code in Firefox 14 and Safari 6 on OS X 10.8. Although the exploits now circulating in the wild have been aimed only at Windows users, it is possible Macs could also be targeted. ―What is more worrisome is the potential for this to be used by other malware developers in the near future,‖ said antivirus vendor Intego. ―Java applets have been part of the installation process for almost every malware attack on OS X this year.‖ The engineering manager for Metasploit called the bug ―super dangerous,‖ noting that it was ―totally a drive by,‖ meaning that attackers could compromise computers simply by duping users into browsing to a Web site that hosts the attack code. Security experts have recommended that users disable Java until Oracle delivers a patch. Source: http://www.computerworld.com/s/article/9230656/Macs_at_risk_from_super_dangerous_Java_zero_day

For more stories, see items 15, 16 above in the Banking and Finance Sector and 38 and 39 below in the Communications Sector

Communications Sector

38. August 28, Verizon – (Massachusetts) Verizon restores service for thousands after Lawrence, Mass., fire; restoration efforts. Service was restored for thousands of Verizon customers, and restoration efforts continued for thousands more in the Lawrence, Massachusetts area after a fire under the Central Bridge August 27 damaged Verizon cables. Verizon crews worked to splice new cables and restore service for customers who live and work primarily in the Lawrence and North Andover areas. Verizon trailers were set up at the scene, and crews will work in round-the-clock shifts until all services are restored. Some Verizon customers in Andover, Lawrence, Littleton, Methuen, North Andover, North Reading, and Tewksbury lost some Verizon services as a result of the fire. Also, voice and data services for some business and government customers may be affected. Customers in other communities may have been impacted as well. Verizon was working with its customers, local officials, and other carriers to identify and prioritize service restoration for critical services, including health care facilities, public safety, elderly housing complexes, and individual customers. Source: http://www.prnewswire.com/news-releases/update-verizon-restores-service-for-thousands-after-lawrence-mass-fire-restoration-efforts-continue-167687435.html

39. August 28, Falls Church Patch – (Virginia) Verizon restores service to some Merrifield customers. A third of the affected Verizon landline and Internet customers in the Merrifield are of Fairfax, Virginia, had their services restored August 27, days after a construction company severed three underground communication cables. A Verizon spokesman said crews were working around the clock to restore service to the more than 1,000 affected customers. Crews were working in the intersection of Gallows Road and Lee Highway. Fairfax County officials urged people to avoid the intersection if they can while crews continue to work. August 23, a construction company working in the intersection damaged three Verizon communications cables and the underground ducts they were in. The spokesman said the restoration could take days to finish. Source: http://fallschurch.patch.com/articles/update-verizon-restores-service-to-some-merrifield-customers