Tuesday, January 31, 2012

Complete DHS Daily Report for January 31, 2012

Daily Report

Top Stories

• Heavy smoke from a wildfire caused a massive 19-car pileup on Interstate 75 near Gainesville, Florida, that killed 10 people and intermittently shut the highway down for several days. – Orlando Sentinel (See item 16)

16. January 30, Orlando Sentinel – (Florida) ‘Low visibility’ reported hours before Florida interstate pileup that killed 10. Troopers reopened Interstate 75 January 30 as the investigation continued into the massive pileup that killed 10 people on the highway near Gainesville, Florida the weekend of January 28. The Florida Highway Patrol (FHP) released an accident report January 30 showing there was a three-way crash at 11:55 p.m., involving a tractor-trailer and two SUVs, that preceded the massive pileup early January 29, according to the Associated Press. One person was seriously injured in the January 28 crash. A trooper noted in his report “there was heavy smoke in the area, causing low visibility.” The highway was closed to traffic a short time later. The 19-vehicle crash happened after the smoke- and fog-shrouded highway reopened at about 4 a.m. Besides the 10 people killed, 18 people were hospitalized. Wreckage, some of it burned and twisted, stretched for about a mile along the high-traffic road, the main transit route down the middle of the state. It was closed in both directions for hours. Troopers re-opened lanes the evening of January 29, but shut the interstate down again early January 30 because of smoke and visibility issues, a FHP spokesperson said. All lanes reopened at about 11 a.m. January 30. A 62-acre fire broke out January 28 in Paynes Prairie, a wildlife area that straddles the freeway just south of Gainesville, but a spokeswoman for the Florida Forest Service said it was not clear how it started. Source: http://www.chicagotribune.com/news/nationworld/os-florida-highway-deaths-killed-i-75-20120130,0,2598249.story

• The largest-ever Android malware campaign may have duped as many as 5 million users into downloading infected apps from Google’s Android Market, Symantec said. – Computerworld. See item 44 below in the Information Technology Sector.


Banking and Finance Sector

10. January 30, Coeur d’Alene Press – (Idaho; Oregon) Car dealers face fraud charges. A Post Falls, Idaho man is among three suspects accused of more than $6 million in bank fraud as a former auto dealership owner, the Coeur d’Alene Press reported January 30. The man and his brother owned three now-closed D&R auto dealerships formerly located in Hermiston and Enterprise, Oregon. The indictment alleges that from January 2007 through August 2008, the men conspired to defraud KeyBank in connection with a Floorplan Line of Credit and Security Agreement, known in the auto industry as a “flooring loan.” KeyBank extended a line of credit to the dealerships to purchase new inventory, but the men allegedly failed to repay KeyBank after they sold the inventory. The indictment alleges the three deceived KeyBank into believing the dealerships had not yet sold inventory, including asking customers to return recently purchased vehicles to receive a free service on the day of an audit, and misrepresenting to KeyBank that automobiles not present on the lot were being used as rental cars. The indictment also alleges the defendants submitted false vehicle identification numbers (VINs) to KeyBank to receive funding for inventory the dealerships never purchased, and that defendants “double floored” vehicles with more than one financial institution. Source: http://www.cdapress.com/news/local_news/article_1f155dcb-146c-59e2-ac14-324f674981de.html

11. January 30, Bloomberg – (California) FDIC sues ex-officers of Merced’s County Bank over $42 million in loans. The Federal Deposit Insurance Corp. (FDIC) January 27 sued former officials of County Bank in Merced, California, part of Capital Corp. of the West, claiming their mismanagement caused $42 million in losses through bad loans. Named in the suit, filed in federal court in Fresno, were County Bank’s former chief executive officer, three former vice presidents, and the former chief operating officer and bank president. “[The d]efendants caused or allowed County to make imprudent real estate loans,” the FDIC said in the complaint. The bank ailed in 2009, according to the complaint. The FDIC is receiver for the bank. “Management repeatedly disregarded the bank’s credit policies and approved loans to borrowers who were not credit worthy” or lacked sufficient collateral, the FDIC alleged. Source: http://www.bloomberg.com/news/2012-01-30/fdic-sues-ex-officers-of-merced-s-county-bank-over-42-million-in-loans.html

12. January 30, WLS 7 Chicago – (Illinois) Wicker Park Bandit hits 9th bank. The bank robber dubbed the Wicker Park Bandit struck again in Chicago January 28. No one has been hurt in any of the robberies. Most recently, a Chase Bank was hit. Authorities said it is the ninth bank to be robbed by the Wicker Park Bandit, at least one robbery every week since December 20. The face of the suspect is visible in surveillance photos and with Area 3 police headquarters only 2 blocks away from the latest robbery, it shows just how bold the robber has become. Source: http://abclocal.go.com/wls/story?section=news/local&id=8523865

13. January 28, Associated Press – (Iowa) Bank robber threatens clerk with Molotov cocktail. Authorities in Crawford County, Iowa, are looking for a suspect who they said threatened a teller at the Westside State Bank in Vail with an explosive device before fleeing with an undisclosed amount of cash. The robbery occurred just after 9 a.m. January 28. The Crawford County sheriff said the man threatened a teller with a Molotov cocktail, but did not use the homemade bomb. The sheriff said the suspect took an undisclosed amount of cash and fled on foot. Source: http://www.kcci.com/r/30323507/detail.html

14. January 28, Norwalk Hour – (Connecticut) Stamford bank teller, N.Y. man plead guilty to tax fraud scheme. A Stamford, Connecticut bank teller and a New York City man pleaded guilty January 26 and 27, respectively, in a U.S. district court in Hartford to fraudulently obtaining and cashing dozens of tax return checks. The defendants both played roles in the conspiracy, which defrauded the Internal Revenue Service (IRS) of nearly $200,000. They both pleaded guilty to one count of conspiracy to defraud the IRS. The New York man and his co-conspirators, who were not named, obtained 35 tax return checks under false pretenses, and the employee cashed the checks while working as a teller at a bank in Stamford, prosecutors said. The scheme cost the IRS $120,195.77, according to an indictment. Members of the fraud scheme also cashed $19,000 in fraudulent tax return checks at other locations, according to court documents. Both defendants face 10 years in prison and $400,000 in fines. Source: http://www.thehour.com/story/518719/stamford-bank-teller-n-y-man-plead-guilty-to-tax-fraud-scheme

15. January 27, ABC News – (National) New Fed task force subpoenas 11 in mortgage fraud probe. A new federal and state task force was created January 27 to investigate mortgage fraud that contributed to the 2008 financial crisis, and the panel immediately subpoenaed 11 financial institutions. The U.S. attorney general said the new unit would consist of 55 Justice Department lawyers and analysts and 10 FBI agents to work with state attorney general’s offices to investigate how mortgage backed securities were created, sold, and valued by financial institutions. The creation of the unit was announced by the U.S. President in his State of the Union address January 24. Making the announcement the attorney general disclosed that the Justice Department has sent civil subponeas to 11 financial institutions as part of the investigation. They did not identify the targets of the subpoenas. Although the FBI, U.S. Securities and Exchange Commission, and Justice Department have been investigating numerous aspects of the financial crisis, officials hope the new group may be able to use New York State’s Martin Act, which gives investigators broad powers to investigate fraud. The act allows New York to bring criminal and civil fraud charges without needing to show intent to commit fraud. Source: http://abcnews.go.com/blogs/politics/2012/01/new-fed-task-force-subpoenas-11-in-mortgage-fraud-probe/

For more stories, see items 41 and 42 below in the Information Technology Sector.

Information Technology

41. January 30, BBC News – (International) Technology firms create DMarc to fight phishing. A crackdown on “phishing” scams has been announced by 15 of the top technology companies. E-mail providers such as Google and Microsoft will work with companies like Paypal and the Bank of America to improve authentication. The Domain-based Message Authentication, Reporting and Conformance (DMarc) coalition has released plans to produce a “feedback loop” between e-mail receivers and senders. The initiative is the first significant attempt to bring together e-mail and service providers along with key security organizations. DMarc said this industry-wide involvement — which covers the receivers, senders, and intermediaries of e-mail use — will mean e-mail providers will for the first time be able to reliably filter out unwanted e-mails, rather than use “complex and imperfect measurements” to determine threats. Source: http://www.bbc.co.uk/news/technology-16787503

42. January 28, Dark Reading – (International) New drive-by spam infects those who open email — no attachment needed. Attackers have developed a new way to infect a user’s PC through e-mail. According to researchers at eleven, a German security firm, the new drive-by spam automatically downloads malware when an e-mail is opened in the e-mail client. The user does not have to click on a link or open an attachment — just opening the e-mail is enough. The current wave of drive-by spam contains the subject “Banking security update” and has a sender address with the domain fdic.com. If the e-mail client allows HTML e-mails to be displayed, the HTML code is immediately activated. Source: http://www.darkreading.com/security/attacks-breaches/232500660/new-drive-by-spam-infects-those-who-open-email-no-attachment-needed.html

43. January 27, IDG News Service – (International) Drive-by-download attack exploits critical vulnerability in Windows Media Player. Security researchers from antivirus vendor Trend Micro have come across a Web-based attack that exploits a known vulnerability in Windows Media Player, a threat response engineer said in a blog post January 26. The security flaw can be exploited by tricking the victim into opening a specially crafted MIDI (Musical Instrument Digital Interface) file in Windows Media Player. Microsoft released a security fix for it January 10, as part of its monthly patch cycle. If successful, the exploit downloads and executes a computer Trojan on the targeted system, which Trend Micro detects as TROJ_DLOAD.QYUA. “[So] far we’ve been seeing some serious payload, including rootkit capabilities,” the Trend Micro engineer said. The attack is not widespread at the moment, but it is possible other attackers will start exploiting the same vulnerability in the near future, a senior antivirus researcher said. Source: http://www.computerworld.com/s/article/9223768/Drive_by_download_attack_exploits_critical_vulnerability_in_Windows_Media_Player

44. January 27, Computerworld – (International) Massive Android malware op may have infected 5 million users. The largest-ever Android malware campaign may have duped as many as 5 million users into downloading infected apps from Google’s Android Market, Symantec said January 27. Dubbed “Android.Counterclank” by Symantec, the malware was packaged in 13 different apps from three different publishers, with titles ranging from “Sexy Girls Puzzle” to “Counter Strike Ground Force.” “They don’t appear to be real publishers,” a director with Symantec’s security response team said in an interview. “These aren’t rebundled apps, as we’ve seen so many times before.” Symantec estimated the impact by combining the download totals of the 13 apps, arriving at a figure between 1 million on the low end and 5 million on the high. When installed on an Android smartphone, Android. Counterclank collects a wide range of information, including copies of the bookmarks and the handset maker. Italso modifies the browser’s home page. Source: http://www.computerworld.com/s/article/9223777/Massive_Android_malware_op_may_have_infected_5_million_users

45. January 27, H Security – (International) Cisco Security Appliances at risk from Telnet bug. Cisco has warned of a vulnerability in the telnet server used in its IronPort Email Security Appliances (ESA) and IronPort Security Management Appliances (SMA) monitoring solutions. The vulnerability could be exploited by an attacker to remotely execute code on a system by sending a specially crafted command to the telnet daemon (telnetd). A buffer overflow in the encrypt_keyid() function causes the server to execute the injected code with system privileges. Updates are available for many distributions, including Red Hat and Debian. Kerberos 5 (krb5-appl) up to and including version 1.0.2 and Heimdal up to and including version 1.5.1 are also affected.The vulnerability is already being actively exploited and an exploit for the vulnerabilityis freely available. Source: http://www.h-online.com/security/news/item/Cisco-Security-Appliances-at-risk-from-Telnet-bug-1423741.html

For another story, see item 48 below in the Communications Sector.

Communications Sector

46. January 30, KTBS 3 Shreveport – (Louisiana; Texas) Verizon customers experiencing outages. The work week was off to a bad start for many Verizon Wireless customers in northeast Texas and northwest Louisiana January 30. According to a Verizon Wireless spokeswoman, an outage was impacting both 3G and voice service customers in parts of the Arklatex. As of the afternoon of January 30, there was no word on how many customers were affected or when the problem might be resolved. Source: http://www.ktbs.com/news/30330961/detail.html

47. January 29, Hunterdon County Democrat – (New Jersey) CenturyLink landline telephone service restored to northern Hunterdon County after outage. Phone service in northern Hunterdon County, New Jersey, was back to normal around 11 p.m. January 28, according to a CenturyLink spokesman. At about 8:15 p.m., an electronic card failed, affecting customers in the Clinton, Califon, Hampton, and High Bridge exchanges, he said. Phone calls could be made within those exchanges, but there was no landline communication in or out of those exchanges. Affected exchanges were 537, 638, 238, 328, 735, 730, 713, and 832. Phone service at Hunterdon Medical Center in the Raritan Township-Flemington area had also been disrupted. Hunterdon County Office of Emergency Management officials were advising residents to use cell phones to call 911 if they had an emergency, and fire and rescue companies were advised to have crews standing by, apparently to keep response time low to compensate for any delays in receiving word of emergencies. Source: http://www.nj.com/hunterdon-county-democrat/index.ssf/2012/01/centurylink_landline_telephone.html

48. January 29, TechCrunch – (International) DreamHost’s unhappy January continues: First, a database breach, now an outage. DreamHost, the low-cost hosting provider and domain name registrar found some unauthorized activity in its databases January 20, which they later admitted were a series of attacks that may have led to the theft of some FTP passwords. The company required mandatory password resets for all their Shell/FTP accounts. Dreamhost’s problems continued January 29, as they have been reporting outages, as Web, SSH, and FTP services were down for many of the firm’s virtual private servers (VPS), shared, and dedicated machines. The outage was reported at 4 a.m. Pacific Standard Time January 29, and continued throughout the day. In the company’s initial blog post, the team said “the apache (web), SSH, and FTP services on a subset of our VPS and dedicated servers are currently down. FTP services on some shared servers are also experiencing downtime.” Furthermore, the post said the outage only affected Web VPS/dedicated and shared web server FTP services, while other services or servers were unaffected. Judging from the parade of comments and subsequent updates, users were experiencing problems with MySQL and Webmail services as well. The majority of the large problems seemed to have been addressed as of 6:30 p.m. DreamHost plays host to thousands of small Web sites and personal blogs across the Web. Most of the sites are back up, but from what these site owners have learned from DreamHost, the VPS server was damaged by new software they were installing the morning of January 29, leading to a sizable outage with ripple effects. Even though the outage lasted nearly 24 hours for some, many could not even access files to move to another host. Source: http://techcrunch.com/2012/01/29/dreamhosts-unhappy-january-continues-first-a-database-breach-now-an-outage/

49. January 27, KOSA 7 Odessa – (Texas) Downed power lines cause power, Internet outages. Cableone Internet service was restored to some customers in west Texas after outages January 27. A truck hauling an oil rig was hauling a bigger load than permitted, which downed power lines the morning of January 27. Power was out for several hours but has since been restored. However, a fiber line was also cut. Internet service was affected for Cableone, Grande, and AT&T customers. Source: http://www.cbs7.com/news/details.asp?ID=32137

For more stories, see items 41 and 44 above in the Information Technology Sector.