Wednesday, March 14, 2012

Complete DHS Daily Report for March 14, 2012

Daily Report

Top Stories

• A fire at the idled Fort Calhoun nuclear power plant in 2011 briefly knocked out the cooling system for used fuel. Federal regulators said March 12 the incident represented a serious safety threat. – Associated Press

8. March 12, Associated Press – (Nebraska) Feds: Nebraska nuke plant fire was serious threat. A fire that briefly knocked out the cooling system for used fuel at the idled Fort Calhoun nuclear power plant north of Omaha, Nebraska, in June 2011 represented a serious safety threat, federal regulators said in a report March 12. The plant was shut down at the time of the fire, which started in an ill-fitting electrical breaker, and temperatures never exceeded safe levels, according to the Nuclear Regulatory Commission’s (NRC) preliminary findings. However, it said the fire was considered a major concern because it could have happened any time and because workers did not fully investigate an unusual smell in the area 3 days earlier, which could have led them to discover the problem and prevent the fire. The fire started in an electrical breaker that had been replaced about 18 months earlier. A NRC spokeswoman said the new breaker had to be modified to fit the existing switches, and the breaker did not line up properly. That allowed grease to accumulate, which allowed enough heat to build up to start the fire. During the fire, smoke and soot spread into the backup electrical system and knocked that out as well. The NRC said in December 2011 that Omaha Public Power District officials were too slow to notify state emergency response officials about the fire. A serious threat finding typically could mean additional oversight for a nuclear plant, but Fort Calhoun already is under the NRC’s strictest oversight level because of a prolonged shutdown that began last spring and several other reported problems. Source:

• Between December 6, 2011, and February, people used credit card numbers posted to the Web by a hacking group to make at least $700,000 in unauthorized charges, the FBI reported. – CNET News See item 15) below in the Banking and Finance Sector

• Record floodwater inundated parts of southern Louisiana March 13 after intense rains caused flash flooding that deluged homes, closed dozens of roads, and prompted hundreds of rescues. – CNN

19. March 13, CNN – (Louisiana) Rains soak, flood southern Louisiana. Record floodwater inundated parts of southern Louisiana March 13 after intense rains caused flash flooding that deluged homes, closed dozens of roads, and prompted hundreds of rescues. Estimates by the National Weather Service put total rainfall at 12 to 18 inches across the region, with possible amounts of 20 or more inches in some areas. Floodwaters were cresting overnight for Bayou Vermilion at Carencro at 5.5 feet over flood stage and 12 inches above the record set in May 2004. A Lafayette Parish Sheriff’s Office spokesman said, “We’ve done over 150 rescues throughout the day today.” One of those involved 16 middle school students whose bus became stuck after more than 4 feet of water covered the road. Boats and dump trucks were used to reach the children and bring them to safety. The town of Carencro was among the hardest hit communities in Lafayette Parish, according to a captain from the parish sheriff’s office. He noted there were reports of water as high as 8 feet on some roadways. Source:

• Four planes that were struck by lightning in the Houston area March 9 were able to land without incident, said a Federal Aviation Administration representative. – KHOU 11 Houston

20. March 9, KHOU 11 Houston – (Texas) FAA: Four airplanes struck by lightning, land safely. Four planes that were struck by lightning in the Houston area March 9 were able to land without incident, said a representative from the Federal Aviation Administration (FAA). A United Airlines spokesperson said Flight 107, which was en route to Bogota, Colombia, turned around and landed safely. The Boeing 737 was 15 miles east of George Bush Intercontinental Airport (IAH) when it was struck, according to the FAA. Officials with ExpressJet said its flight 4637 was returning to IAH for an unrelated mechanical issue when it was hit by lightning. The aircraft was an Embraer 147, and the strike happened 35 miles northeast of IAH. ExpressJet said it was operating as United Express from Houston to Mobile, Alabama. The plane landed safely with 47 passengers on board. Delta Airlines flight 1832 from Atlanta to William P. Hobby Airport in Houston was also struck and landed safely without incident. The FAA also said AirTran Flight 297, a Boeing 717, which was on its way to Hobby Airport from Atlanta, was also struck by lightning and landed safely without incident. Source:

• A study, ordered by the California legislature, shows chemical fertilizers and livestock manure are the main source of nitrate contamination in groundwater for more than 1 million Californians. – Associated Press

26. March 13, Associated Press – (California) Report: Calif. nitrate contamination spreading. A study, ordered by the California legislature, shows chemical fertilizers and livestock manure are the main source of nitrate contamination in groundwater for more than 1 million Californians in the Salinas Valley and parts of the Central Valley. According to the University of California, Davis study released March 13, nitrate contamination of drinking water is a pervasive problem in California’s agricultural heartland and is bound to intensify in coming years. The study concluded half of the 2.6 million people in those areas live in communities where raw drinking water sources have registered nitrate levels exceeding the standard. Many of those communities blend or treat their water, drill a new well, or provide another alternative source, passing on extra costs to rate payers. The study offers an assessment of how many people are exposed and identifies solutions and costs. The study also found that about 1 in 10 people in the area rely on untreated groundwater that may exceed nitrate standards. If nothing is done, the study concludes, the financial burden on many agricultural communities could increase. By 2050, nearly 80 percent of the population — about 2 million residents — in the study area could have nitrate contamination exceeding the state standard. The study claims cleaning up polluted aquifers would be too difficult, and says improved farming practices and water blending, treatment, and alternative water sources are more cost effective. Addressing current nitrate contamination will potentially cost the state $20 million to $35 million per year. The study proposes a fertilizer tax that would be used by affected communities to mitigate for nitrate contamination. Another funding option is water use fees from affected residents. The study found nitrate leaching from agricultural land is responsible for 96 percent of current groundwater contamination. And while fertilizer use has leveled off in recent years, the amount of dairy manure has increased, making for a net increase over the past decade in nitrates loaded into the ground. Source:


Banking and Finance Sector

12. March 13, Grand Rapids Press – (Michigan) Grand Rapids man, Sparta man accused in $9 million Ponzi scheme targeting elderly. Two west Michigan men have been accused of running a $9 million Ponzi scheme that targeted the elderly. The pair were expected in district court March 13. The state attorney general (AG) said they promised huge returns but actually sold fake securities through API Worldwide Holdings. The investigation, by the office of financial and insurance regulation and the AG’s office, showed there were at least 140 victims whose losses ranged from $3,000 to $600,000. The state AG alleged the two “preyed on elderly victims,” and convinced them to cash in certificates of deposit (CD) and other investments to invest in API Worldwide. He said the two allegedly tracked maturation dates of CDs, then contacted the owners to persuade them to invest in API once CDs matured. The pair are charged with conducting a criminal enterprise (racketeering), six counts of false pretenses over $20,000, and 25 counts of security fraud. API Worldwide Holdings is also facing the same charges. Source:

13. March 13, Reuters – (National) JPMorgan paying $45 million to settle mortgage suit. JPMorgan Chase & Co. is paying the federal government $45 million to settle a lawsuit alleging it charged veterans hidden fees in mortgage refinancing, according to court documents filed March 12. The whistleblower lawsuit, filed in 2006 in Georgia, seeks payments on behalf of the U.S. government by eight banks and mortgage companies, a law firm involved in the case said March 13. JPMorgan is the first bank to reach a settlement. According to court documents, the payment was part of the national mortgage settlement over foreclosure abuses reached with JPMorgan and four other lenders in February. The case is still pending against the other lenders, including Bank of America Corp, Wells Fargo & Co, and Citigroup Inc. Source:

14. March 13, IDG News – (International) Cybercriminals bypass e-banking protections with fraudulent SIM cards, says Trusteer. Cybercriminals are impersonating victims to obtain replacement SIM cards from mobile carriers, which they then use to defeat phone-based Internet banking protections, security vendor Trusteer said in a March 13 blog post. Trusteer researchers have recently seen variants of the Gozi online banking trojan injecting rogue Web forms into online banking sessions to trick victims into exposing their phone’s international mobile equipment identity number, in addition to other personal and security data. The likely explanation for the collection of phone-specific data is it is used to obtain a fraudulent SIM card for the phone number by reporting the phone as stolen, Trusteer’s director of product marketing said. This would allow fraudsters to bypass bank anti-fraud defenses based on one-time passwords (OTPs). OTPs are unique codes online banking customers receive on their phones when money transfers are initiated from their accounts. These codes need to be inputted into the bank’s Web site to authorize those transactions. Fraudsters have developed several techniques to defeat such anti-fraud systems. Impersonating victims to obtain fraudulent SIM cards is a new method that serves the same purpose. Source:

15. March 12, CNET News – (International) FBI says $700K charged in Anonymous’ Stratfor attack. Days after the Antisec branch of Anonymous hacked into security think tank Strategic Forecasting (Stratfor) at the end of December 2011, the group published 860,000 e-mail addresses and 75,000 unencrypted credit card numbers on the Web, CNET News reported March 12 . Now, the FBI stated between December 6, 2011, and February, “at least $700,000 worth of unauthorized charges were made to credit card accounts that were among those stolen during the Stratfor Hack,” according to a March 9 report from Internet security news site Security Week. Stratfor’s list of clients whose information was allegedly compromised in the hack includes the U.S. Army, U.S. Air Force, Department of Defense, Lockheed Martin, and Bank of America. The information was made available the week of March 12 during a court case for-one of the alleged hackers arrested the week of March 5 by the FBI for the Stratfor attack. According to Security Week, the hacker was charged with one count of computer hacking conspiracy, one count of computer hacking, and one count of conspiracy to commit access device fraud. Source:$700k-charged-in-anonymous-stratfor-attack/?tag=mncol;txt

16. March 12, San Diego Union-Tribune – (California) Suspected ‘Insistent Bandit’ arrested. Authorities arrested a man suspected of being the so-called “Insistent Bandit,” who is believed to have struck at least six banks in San Diego, the FBI said March 12. The suspect was arrested March 8, along with a suspected accomplice, federal authorities said. The pair were arrested in El Cajon, California, without incident. They were charged with robbing a Pacific Western Bank February 21 and getting away with $1,432 in cash. The bandit allegedly entered the bank, showed a gun tucked into his waistband, and told a teller he was armed and wanted cash. The teller recognized him from photos from previous robberies. The bandit is suspected of five other robberies starting January 17. The “Insistent Bandit” got his name because of the persistent manner in which he asked for money. Source:

17. March 12, New York Daily News – (New York) FBI on the hunt for bank robber sleuths call the ‘White Glove Bandit’. The feds are on the hunt for a gun-toting robber who has worn white latex gloves while holding up three Manhattan, New York banks since January. Dubbed the “White Glove Bandit” by investigators, the crook has hit the same Citibank branch on two occasions — most recently March 12, the FBI said. The suspect approached a teller’s window and waved a black revolver as he demanded cash. He then fled the branch on foot. The robber hit the same bank February 14, the FBI said. His first-known heist was January 26 at an HSBC Bank branch, some 9 blocks away from the Citibank branch. The bandit made off with a “significant” amount of cash in each robbery, with his total take running into the tens of thousands of dollars, an FBI source said. Source:

Information Technology

36. March 13, H Security – (International) Firefox 11 release postponed due to security issues. The Firefox team announced they are postponing the release of Firefox 11, originally planned for March 13, because of a security report that the team wants to evaluate to make sure the issue will not impact on their code. Mozilla’s senior director of Firefox engineering, cited Microsoft’s monthly Patch Tuesday security update, also scheduled for March 13, as a reason to hold back on releasing the new Firefox version. Source:

37. March 13, H Security – (International) Safari update closes security holes. Apple released version 5.1.4 of its Safari Web browser for Windows and Mac OS X. According to the company, the maintenance and security update addresses more than 80 vulnerabilities. A majority of the security holes closed in 5.1.4 were found in the WebKit browser engine used by Safari. These include several cross-site scripting, cross-origin and HTTP authentication problems, as well as numerous memory corruption bugs that could be exploited by an attacker, for example, to cause unexpected application termination or arbitrary code execution. Source:

38. March 13, Infosecurity – (International) Framesniffing with Chrome, Safari and Internet Explorer. Security consultancy Context produced an analysis of framesniffing, an attack technique that can data mine sensitive data through Web browsers and iFrames. Framesniffing is not a typical cyberattack. It does not seek to deposit a trojan or rootkit on the target computer. Instead, it harvests private data that can subsequently be amalgamated and used for different purposes: for example, to build a detailed personality profile for a potential spear-phishing target, or to determine the likelihood of a potential merger or acquisition. The Context analysis explains the process and demonstrates it in action against both SharePoint and LinkedIn. Chrome, Safari, and Internet Explorer can all be used, although Firefox was patched in 2011 to prevent framesniffing. The technique bypasses Web browsers’ iFrame security defenses by using HTML anchors to determine the presence or absence of specific data on, for example, a target Sharepoint server. All the attacker needs is the Sharepoint URL. “Using Framesniffing, it’s possible for a malicious webpage to run search queries for potentially sensitive terms on a SharePoint server and determine how many results are found for each query,” explained a senior security consultant at Context. “For example, with a given company name it is possible to establish who their customers or partners are; and once this information has been found, the attacker can go on to perform increasingly complex searches and uncover valuable commercial information.” Source:

39. March 13, H Security – (International) Critical vulnerabilities in XnView fixed. Version 1.98.8 of the popular XnView image viewer and converter was released to close security holes in the software. According to an advisory from security service provider Secunia, the update addresses three “highly critical” vulnerabilities that could be exploited by an attacker to execute arbitrary code and compromise a victim’s system. These include a stack-based buffer overflow caused by a boundary error when parsing a directory name while browsing folders such as those from an extracted archive file, and, a heap-based buffer overflow when processing image content using the FlashPix plugin (Xfpx.dll). A second heap-based buffer overflow caused when processing image data in Personal Computer eXchange (PCX) files was also fixed. For an attack to be successful, a user must first open a specially crafted file. The problems are confirmed to affect XnView 1.98.5, however, other versions may also be vulnerable. Source:

40. March 12, IDG News Service – (International) Google’s trap for Chrome exploit writers leads to crashes for users. A limitation built recently into Google Chrome to detect and block Flash Player exploits ended up breaking certain Flash-based applications and games for some users. Suspecting someone would try to hack Chrome via a Flash exploit at 2012’s Pwn2Own contest, the browser’s developers decided to restrict the maximum allowed size of Flash JIT (just-in-time) pages to a value that such exploits would likely exceed. The restriction was written in such a way that when the new limit would be reached the browser would throw an “access violation” exception that referenced memory address “0xABAD1DEA,” a hexadecimal value spelling out “a bad idea.” According to Chrome’s development tracker, the limit was introduced February 23 and was first tested out in the browser’s Canary (nightly build) version. The limit was later tweaked because of a considerable number of crash reports and landed in Chrome stable version 17.0.963.66 March 6. Source:

41. March 12, eWeek – (International) Twitter being used by malware developers: Symantec. Symantec security researchers are seeing cyber criminals increasingly using Twitter as a way of luring mobile device users to their malware. In a March 12 post on Symantec’s blog, a company employee said tweets are becoming a popular way for cyber criminals to bring people to the Android.Opfake malware. “Users can potentially end up infecting their mobile devices with Android.Opfake by searching for tweets on subjects such as software, mobile devices, pornography or even dieting topics, to name a few,” he wrote. “Android.Opfake is not hosted on the Android Market (Play Store) and these tweets lead to malicious Websites developed for the Opfake application.” These tweets, he said, usually have short URLs, and are primarily written in Russian, with some English mixed in. In addition, once the users get to the site, they are prompted to install the malicious code. However, while those are common aspects of most cyber criminals using Twitter, their individual tactics vary, making it difficult to determine which tweets are bad, short of actually clicking on the link. Source:

For more stories, see items 14 and 15, above in the Banking and Finance Sector and 43 below in the Communications Sector

Communications Sector

42. March 13, Arlington Heights Daily Herald – (Illinois) Cable, Internet and phone restored to 17,000 WOW! customers. Service was restored to about 17,000 WOW! cable customers in the northwest suburbs of Chicago who were without service for most of March 12 after a fiber-optic line was severed. Officials announced on their Facebook Web site March 13, that service was restored to customers in Des Plaines, Park Ridge, Arlington Heights, Mount Prospect, Prospect Heights, and Glenview. Officials said March 12 a major fiber-optic line was cut, causing a “catastrophic outage.” Source:

43. March 13, Salisbury Post – (North Carolina) Fibrant down due to cut cable, backup provider sought. Fibrant went down for several hours March 12 after a fiber-optic line was cut between Concord and Salisbury, North Carolina, leaving customers without Internet or phone service. Damage occurred to DukeNet’s line. DukeNet provides Fibrant’s primary transport for Internet and phone services. Service was back up about 4 hours later, after DukeNet worked to manually reroute Fibrant around the cut line. The incident emphasized Fibrant’s need for a second Internet service provider, Salisbury’s city manager said. Called “redundancy,” a second provider would offer back-up service if the primary service fails. Source:

44. March 12, Milwaukee Journal Sentinel – (Wisconsin) Cut fiber optic cable limits AT&T long-distance calls. An unknown number of Milwaukee-area AT&T wireless customers were unable to make some of their calls March 12 after a contractor accidentally cut a fiber optic cable in northern Illinois. The accident happened outside Elk Grove Village, an AT&T spokesman said. He said he did not know when the problem would be fixed. It appeared to be affecting calls placed to locations outside Wisconsin. A contractor for another utility severed the cable while boring into the ground, the AT&T spokesman said. Source:

For more stories, see items 14 above in the Banking and Finance Sector and 41 above in the Information Technology Sector