Tuesday, January 24, 2012

Complete DHS Daily Report for January 24, 2012

Daily Report

Top Stories

• A new review published in Clinical Infectious Diseases stated that shortages of key drugs used to fight infections represent a public health emergency and can put patients at risk. – Infectious Diseases Society of America (See item 31)

31. January 22, Infectious Diseases Society of America – (National) Anti-infective drug shortages pose threat to public health and patient care. A review published in Clinical Infectious Diseases stated that shortages of key drugs used to fight infections represent a public health emergency and can put patients at risk, the Infectious Diseases Society of America stated in a January 20 news release. Frequent anti-infective shortages can substantially alter clinical care and may lead to worse outcomes for patients, particularly as the development of new anti-infectives has slowed and the prevalence of multidrug-resistant pathogens is increasing. First-line treatments for herpes encephalitis, neurosyphilis, tuberculosis, and enterococcal infections, among others, have been hit by shortages, forcing physicians to use other drugs that may not work as well, the authors found. Of the 193 medications unavailable in the United States at the time of the analysis, 13 percent were anti-infective drugs, the authors found. “Anti-infectives often represent irreplaceable life-saving treatments,” the authors noted, and hospitalized patients are particularly vulnerable in an era when such shortages often last months and are occurring more frequently. Source: http://esciencenews.com/articles/2012/01/22/anti.infective.drug.shortages.pose.threat.public.health.and.patient.care

• Severe weather tore across the Southeast January 23, killing at least two people, injuring hundreds, knocking out power to tens of thousands, and damaging hundreds of homes and buildings. – CNN (See item 47)

47. January 23, CNN – (Alabama; Arkansas; Mississippi) Severe weather rakes Southeast; 2 dead in Alabama. Severe weather tore across the Southeast January 23, killing at least two people, injuring more than 100 and spreading damage through several states, emergency officials said. The two fatalities reported were near Birmingham, Alabama, according to a Jefferson County sheriff’s official. At least 100 injuries were reported, from cuts and bruises to broken bones. At least 211 homes were destroyed and 218 suffered major damage in Jefferson County. That number is expected to rise. Emergency crews were working to locate people who may be trapped or injured, and clear roads, several of which were impassable, the sheriff’s office said. Video from the Center Point area showed numerous downed trees, some on top of homes. A photo from one Clay, Alabama subdivision showed many homes heavily damaged or destroyed, with debris strewn across the neighborhood and trees snapped in half. Damage was also reported in Perry and Chilton counties. Damage was reported in Maplesville, according to the Chilton County emergency management agency. A radio studio and transmission tower was reported toppled in Chilton County by a possible tornado, the National Weather Service said. The Alabama governor declared a state of emergency. Seven Alabama counties reported storm damage, with most in Jefferson and Chilton counties. As of 2 p.m. January 23, fewer than 15,000 customers statewide were without power, Alabama Power said on Twitter. The outages peaked at 45,400 about 5 a.m., an Alabama Power spokeswoman said. Several school systems closed for the day. In Arkansas, at least one person was hurt January 23 when a tornado touched down in Fordyce, said an official with the Dallas County emergency management office. About 40 homes were damaged, with 10 of those destroyed, said a spokesman for the Arkansas Department of Emergency management. Power outages, which peaked at 3,700, were down to about 1,300 just before daybreak. An airport in Dewitt, about 90 miles northeast of Fordyce, saw some damage to several buildings, said the airport manager. Possible tornadoes were also reported in Mississippi and Tennessee, according to the National Weather Service. The Mississippi Emergency Management Agency said one person was injured in Bolivar County, several homes were damaged in Bolivar and Quitman counties, and several farm buildings were damaged in Coahoma County. Source: http://www.cnn.com/2012/01/23/us/severe-weather/index.html?hpt=hp_t1


Banking and Finance Sector

10. January 23, U.S. Securities and Exchange Commission – (Connecticut; New York) Diamondback Capital agrees to settle SEC insider trading charges. The Securities and Exchange Commission (SEC) January 23 announced that Diamondback Capital Management LLC agreed to pay more than $9 million to settle insider-trading charges brought by the Commission January 18. The proposed settlement is subject to the approval of a U.S. district court judge in New York. As part of the proposed settlement, the Stamford, Connecticut-based hedge fund adviser also has submitted a statement of facts to the SEC and federal prosecutors, and entered into a non-prosecution agreement with the the U.S. attorney’s office for New York. Under the proposed settlement, Diamondback will give up more than $6 million of allegedly ill-gotten gains and pay a $3 million civil penalty. In addition, Diamondback consented to a judgment that permanently enjoins it from future violations of federal anti-fraud laws. The proposed settlement would resolve charges of insider trading by Diamondback in shares of Dell Inc. and Nvidia Corp. in 2008 and 2009. The week of January 16, the SEC filed insider-trading charges against Diamondback, a second hedge fund advisory firm, and seven individuals, including a former Diamondback analyst and a former Diamondback portfolio manager. Source: http://www.sec.gov/news/press/2012/2012-16.htm

11. January 23, Softpedia – (International) New ZeuS variant ‘Citadel’ comes with customer support. During his expeditions in the hacking underground, a security researcher came across a new variant of the bank-account-stealing ZeuS Trojan called Citadel. Citadel’s developers mainly address customers not satisfied with the support offered by other malware providers. The fact that malware developers rarely make sure bugs in their products are patched up is seen as a business opportunity for Citadel’s owners. This is why they offer a bug reporting and suggestions mechanism via a ticketing system, allowing customers to file as many complaints as they want without having to contact the developer on instant messaging channels. Clients can also submit their own applications in what appears to be a social network. For $2,400 plus a monthly fee, cybercriminals can purchase a Citadel package comprised of a bot builder and a botnet administration panel. Among other features and add-ons that the trojan’s creators offer, there is one that detects if the victim’s keyboard is Russian or Ukrainian. It is known that hackers fear Russian authorities more than anything else because they are known to track down and prosecute those who commit crimes in the virtual environment. This is why this particular variant of ZeuS shuts itself down as soon as it detects the aforementioned keyboards. Source: http://news.softpedia.com/news/New-ZeuS-Variant-Citadel-Comes-with-Customer-Support-248032.shtml

12. January 22, KNSD 7 San Diego – (California) Carlsbad man arrested for. A Carlsbad, California, man was arrested January 21 in connection with a robbery series that spanned over 3 months, according to officials with the FBI. He was taken into custody after Carlsbad police SWAT teams surrounded his home, a special agent with the FBI said. He said the suspect was arrested after a multi-jurisdictional investigation into the ‘Dying Son Bandit’ bank robberies, a series that involved 10 banks. He added that a recent tip helped lead investigators to the suspect. The ‘Dying Son’ name came about because the suspect told bank tellers he was in need of money for his dying son. The suspect followed that up by telling the victims he was armed with a handgun and would shoot them if they did not comply with his demands. Seven robberies were completed and three were attempted, according to the special agent. The most recent robbery was at a Citibank branch in Laguna Hills January 20. Investigators determined the suspect’s claims of a dying son were false. Source: http://www.nbcsandiego.com/news/local/Arrest-Made-in-Dying-Son-Robbery-Series-FBI-137855818.html

13. January 21, Knoxvlle News Sentinel – (Tennessee) FBI allege ‘Ball Cap Bandit’ is meat salesman from North Knox. The FBI identified a meat salesman as a serial robber authorities said robbed three Tennessee banks since August 2011, the Knoxville News Sentinel reported January 21. His wife said he admitted in 2007 to robbing yet another bank using the same method as the man who authorities dubbed the ‘Ball Cap Bandit’ during the recent spree. He was arrested January 20 and charged with three counts of bank robbery. He is being held without bond at the Blount County Jail, the FBI said. Authorities said he robbed Home Federal Bank in Pigeon Forge August 24, Tennessee Bank in Oak Ridge November 14, and Tennessee National Bank in Jefferson City January 4. In each case, FBI agents allege the meat and seafood salesman used only a note demanding cash — usually between $2,500 and $3,000. Officials said when an image of the ball cap-wearing bank robber flashed on electronic billboards around Knoxville January 11, four of the man’s business associates identified him as the man. An FBI task force officer reported the suspect’s wife said that in the fall of 2007, her husband told her he had robbed a West Knoxville SunTrust Bank by using a note that demanded $3,000. Source: http://www.knoxnews.com/news/2012/jan/21/fbi-allege-ball-cap-bandit-is-meat-salesman-from/

14. January 20, Internet Crime Complaint Center; FBI; Financial Services-Information Sharing and Analysis Center – (International) Fraud alert involving e-mail intrusions to facilitate wire transfers overseas. The FBI observed a trend in which cyber criminals are compromising the e-mail accounts of U.S. individuals and businesses and using variations of the legitimate e-mail addresses associated with the victim accounts to request and authorize overseas transactions, according to a January 20 alert. The wire transfers are being sent to bank accounts of individuals typically located domestically or in Australia, and the funds are being sent directly to Malaysia. Investigations found some of the money mules in the United States and Australia are victims of a romance scam and are asked to further transfer the funds to Malaysia. As of December 2011, the attempted fraud amounts were about $23 million; with actual victim losses about $6 million. This type of fraud has affected banks, broker/dealers, credit unions, and other institutions. In a typical scenario, the cyber criminal will send an e-mail to a financial institution, brokerage firm employee, or the victim’s financial adviser pretending to be the victim and request the balance of the victim’s account. When the request is successful, the cyber criminal then sends another e-mail providing a reason why they can only communicate via e-mail and asks that a wire transfer be initiated on their behalf. The excuse is typically based on an illness or death in the family that prevents the account holder from conducting business as usual. Source: http://www.ic3.gov/media/2012/EmailFraudWireTransferAlert.pdf

15. January 20, Credit Union Times – (Florida) SEC charges Florida bank, CEO with CRE portfolio fraud. The Securities and Exchange Commission (SEC) charged the holding company for one of Florida’s largest banks and its chief executive officer (CEO) with misleading investors about growing problems in a loan portfolio, the Credit Union Times reported January 20. The SEC alleged BankAtlantic Bancorp and its CEO and chairman made misleading statements in public filings and earnings calls to hide the declining state of a large portion of the bank’s commercial real estate land acquisition and development portfolio (CRE) in 2007. BankAtlantic and the CEO then allegedly committed accounting fraud when they minimized the bank’s losses by improperly recording loans they were trying to sell from this portfolio in late 2007. According to the SEC’s complaint, BankAtlantic and the CEO knew a large portion of the loan portfolio was deteriorating in early 2007 because many loans required extensions due to borrowers’ inability to meet their obligations. Some loans were kept current only by extending the loan terms or replenishing the interest reserves from an increase in the loan principal, the SEC said. The CEO allegedly knew this negative information in part from participating in the bank’s major loan committee that approved the extensions and principal increases. As a result, BankAtlantic experienced a net loss of more than $45 million in its CRE portfolio. In 2007, the bank had about $1.5 billion in CRE loans. The SEC said BankAtlantic and the CEO also were aware that many of the loans had been internally downgraded to non-passing status, indicating the bank was deeply concerned about them. The SEC alleged that despite this knowledge, BankAtlantic’s public filings in the first two quarters of 2007 made only generic warnings of what may occur in the future if Florida’s real estate downturn continued. The CEO later allegedly made misleading statement to investors during the bank’s earnings calls, according to the SEC. BankAtlantic finally acknowledged the problems in the third quarter of 2007 by announcing “a large unexpected loss.” The SEC’s complaint seeks financial penalties and permanent injunctive relief against BankAtlantic and the CEO to enjoin them from future violations of the federal securities laws. The complaint also seeks an officer and director bar against the CEO. Source: http://www.cutimes.com/2012/01/20/sec-charges-florida-bank-ceo-with-cre-portfolio-fr

16. January 19, Orangeburg Times and Democrat – (South Carolina) Bank ordeal suspect: ‘Fulfilling my destiny’. A man accused of holding more than a dozen people hostage January 17 in an Orangeburg, South Carolina, bank said he was fulfilling his destiny for the Lord, the Orangeburg Times and Democrat reported January 19. He told the court January 18 he needed a platform for attention to fulfill a religious calling. The bank was that platform. He stopped short, however, of explaining precisely what those certain purposes were. Investigators charged the suspect with 13 counts of kidnapping, one count of attempted murder, and one count of resisting arrest with a deadly weapon. He informed the court he had no intention of harming anyone during his stand-off with police. The warrants were served on the suspect a day after police said he held multiple employees and customers hostage at a South Carolina Bank and Trust. More charges are possible, police said. Investigators are still trying to determine why the suspect allegedly entered the bank with several knives. He never demanded money, investigators said. On January 17, someone in the bank tripped a robbery alarm that sent dozens of officers to the 3-story bank. Three police negotiators spent 45 minutes trying to determine what the subject barricaded inside wanted. Negotiators were given no demands, however. Officers moved in through the bank’s doors, including the front door, which was barricaded with chairs. The subject was then tased into submission. Source: http://thetandd.com/news/bank-ordeal-suspect-fulfilling-my-destiny/article_c2a6a0aa-4262-11e1-be19-0019bb2963f4.html

Information Technology

41. January 23, IDG News Service – (International) DreamHost resets passwords after database breach. Los Angeles-based Web hosting firm DreamHost reset the FTP and shell access passwords for all of its customers January 20 after detecting unauthorized activity within a database. “One of DreamHost’s database servers was illegally accessed using an exploit that was not previously known or prevented by our layered security systems in place,” said DreamHost’s CEO. Even though it could not be blocked, the unauthorized access was detected by one of the firm’s intrusion detection systems, allowing its security team to react quickly and take necessary mitigation steps. The company notified its customers about the security breach via e-mail and informed them only passwords used for FTP and shell access were affected. Billing or personal information was not exposed, DreamHost said. Source: http://www.computerworld.com/s/article/9223625/DreamHost_resets_passwords_after_database_breach?taxonomyId=17

42. January 23, Softpedia – (International) Hackers prove EA, IGN, ImageShack, NY Times, Verizon vulnerable. A new hacking collective, TeamHav0k, launched an operation called “#OP XSS” in which they try to find cross-site scripting (XSS) vulnerabilities in major Web sites. The first results of the operation came in and reveals many important sites contain XSS flaws. A Pastebin document reveals Web sites such as the ones belonging to Verizon, Huffington Post, European Organization for Nuclear Research, Electronic Arts (EA), IGN, and New York Times contain design flaws. Some educational institutions were also found to contain XSS security holes, including University of Illinois, Harvard, Yale, and Rockefeller University. Telecoms company Verizon, media hosting company ImageShack, value calculator and traffic estimator tool StatShow, Major League Gaming, and Dr. Pepper complete the list. Even though XSS vulnerabilities are among the most common ones found in commercial Web sites, this does not mean they are not dangerous. Cybercriminals can rely on these weaknesses to execute their own malicious codes and cause damage to the virtual assets of unsuspecting Internet users. Source: http://news.softpedia.com/news/Hackers-Prove-EA-IGN-ImageShack-NY-Times-Verizon-Vulnerable-247952.shtml

43. January 23, H Security – (International) Critical hole in Apache Struts 2 closed. The developers of the Apache Struts 2 Java Web framework released version This closes a critical hole in versions of Struts from 2.0.0 to that allowed for remote command execution. The vulnerability makes it possible for the protection around OGNL, an expression language used for getting and setting properties of Java objects, to be bypassed and arbitrary expressions to be evaluated. Source: http://www.h-online.com/security/news/item/Critical-hole-in-Apache-Struts-2-closed-1419498.html

44. January 20, Computerworld – (International) Anonymous dupes users into joining Megaupload attack. In a message on Twitter and in a blog post, Anonymous claimed its January 20 distributed denial of service (DDoS) attacks against the Web sites of the Department of Justice, the Recording Industry Association of America, the Motion Picture Association of America, and others were its largest ever, and 5,600 people collaborated in the assaults. However, some of the 5,600 who participated may have done so unwittingly, said a senior technology consultant with Sophos. He said members of Anonymous distributed links via Twitter and elsewhere that when clicked, automatically launched a Web version of Anonymous’s DDoS tool, the Low Orbit Ion Cannon (LOIC). The links pointed to a page on PasteHTML.com, a free HTML code-hosting site, which in turn executed some JavaScript to fire LOIC at Anonymous-designated targets. Many of those messages said nothing about LOIC or that clicking the link tricked the user into the DDoS attack, the consultant said. Anonymous is still recruiting people to its campaign. A search of Twitter using a string published on Gawker.com indicated the link was being shared January 20 at the rate of about 10 to 18 times per minute. Source: http://www.computerworld.com/s/article/9223601/Anonymous_dupes_users_into_joining_Megaupload_attack?taxonomyId=17

For more stories, see items 10, 11, and 14, above in the Banking and Finance Sector.

Communications Sector

45. January 21, WCMH 4 Columbus – (Ohio) Verizon customers without service for a time Saturday night. Some Ohioans in the Columbus, Ohio area without landline phone service found themselves isolated when an apparent outage affecting Verizon customers hit January 21. Franklin County Sheriff’s Office personnel confirmed a widespread outage. Columbus police told the communications center the outage was expected to be corrected in about 2 hours. Telephone and text service appeared to have been affected, but Internet access did not appear to have been interrupted. Law enforcement and emergency officials were unaware of any accident that may have precipitated the situation during the outage. Some Verizon customers said they were in the process of talking to the company’s service department, which was treating their problems as specific to the customer’s own service. Source: http://www2.nbc4i.com/news/2012/jan/21/columbus-cell-users-cut-ar-905311/

46. January 20, KTVB 7 Boise – (Idaho) Power outages in Boise County knocks out KTVB signal. KTVB 7 in Boise, Idaho, was back on the air the night of January 20 after a power outage at Bogus Basin knocked it off the air for most of the day. Heavy ice and snow damaged powerlines in the areas of Placerville, Idaho City, and Boise. Idaho Power said the power outage affected more than 500 customers, including Bogus Basin. The KTVB transmitter is located at the top of the mountain, which caused the station to be one of those affected customers. Crews were battling deep snow as they responded to downed power lines, and in many cases they were finding more problems along the way. Source: http://www.ktvb.com/news/KTVB-experiencing-technical-difficulties-137746713.html

For another story see item 47 above in Top Stories.