Thursday, April 5, 2012

Complete DHS Daily Report for April 5, 2012

Daily Report

Top Stories

• Hundreds of flights from the Dallas-Fort Worth area were canceled April 4 after two tornadoes caused widespread damage. Dozens were injured, 2 cities declared disaster zones, and approximately 12,000 people were left without power after the tornadoes swept through the area April 3. – NewsCore

8. April 4, NewsCore – (Texas) Hundreds of flights canceled as Dallas counts cost of tornadoes. Hundreds of flights from Dallas-Fort Worth and Love Field airports were canceled April 4 after two powerful tornadoes caused widespread damage. Dozens of people were injured and two cities declared disaster zones after the tornadoes swept through the Dallas-Fort Worth area April 3. More than 100 aircraft at both airports were damaged by baseball-sized chunks of hail, causing more than 200 departures to be canceled. Around 1,400 passengers spent the night in the terminals at Dallas-Fort Worth. The airport distributed cots, blankets, pillows, and toiletry kits. Thousands of other passengers went to area hotels. The storm was expected to move eastward April 4 toward the Lower Mississippi Valley and parts of the Mid-Atlantic, before extending to New Orleans and Tallahassee, Florida. In Texas, Arlington and Lancaster were declared disaster zones April 3 as the tornadoes tore through houses, threw tractor-trailers into the air, and left debris strewn across streets. The Texas governor activated the Texas State Operations Center in San Antonio. Three hundred buildings in Lancaster, 15 miles south of Dallas, were damaged, and the city’s recreation center was used as a shelter. The home of the Texas Rangers in Arlington was also hit as a twister caused significant damage to homes and businesses. One person was critically injured and another six were hurt. At least four people were hospitalized. The National Weather Service spotted “potentially deadly” tornadoes near Greenville, northeast of Dallas. There were no reports of fatalities, but emergency crews still were assessing the impact of the storms, which also lashed the heavily-populated area with rain and baseball-sized chunks of hail. Approximately 12,000 people in the Fort Worth area were left without power. Source:

• An outbreak of Salmonella illnesses, possibly linked to sushi, sickened 90 people in 19 states and Washington, D.C., as of April 2, according to the U.S. Food and Drug Administration. – Food Safety News

13. April 3, Food Safety News – (National) Salmonella outbreak may be linked to sushi. An outbreak of illnesses caused by Salmonella Bareilly poisoning, possibly linked but not confirmed to be associated with sushi, has sickened 90 people in 19 states and Washington, D.C., as of April 2, according to sources within the U.S. Food and Drug Administration (FDA). According to an internal FDA e-mail, the Centers for Disease Control and Prevention (CDC) has characterized this outbreak as “ongoing and rapidly expanding,” particularly due to the prolonged reporting lag time (which can be up to 32 days after a patient’s infection is confirmed by lab analysis). Seven people reportedly were hospitalized. The FDA worked with the CDC in investigating the outbreak and is continuing to eliminate other possible vehicles as the source of the illnesses. CDC officials postulate that sushi is the likely source of this outbreak, with spicy tuna roll sushi “highly suspect.” The FDA source said data collected by the states and the agency’s district offices focuses on six implicated restaurant clusters where diners reported illness. Those clusters are in Texas, Maryland, Rhode Island, and Connecticut, and two are in Wisconsin. Source:

• The lack of rainfall in Kansas in 2011 led to intense declines in ground water levels around the state, according to the Kansas Geological Survey. – Associated Press

17. April 4, Associated Press – (Kansas) Drought drying out Kansas aquifers. According to the Kansas Geological Survey (KGS), the lack of rainfall in Kansas in 2011 led to intense declines in ground water levels around the state, the Associated Press reported April 4. KGS said the Ogallala Aquifer in southwest Kansas usually sees annual declines, but its average drop of 3.78 feet in 2011 was one of the worst in decades, compared to a drop of about 3 feet in 2010 and 1.39 feet in 2009. Much of Kansas received 25 to 50 percent of normal precipitation in 2011. “The growing season was probably the worst since the 1930s,” said a water data manager for the geological survey. In central and south-central Kansas, where ground water levels usually show gains or only modest declines, the water table in the Equus Beds aquifer decreased an average of 3.17 feet. The Big Bend region just west of the Equus Beds had a decline that averaged 3 feet. Farmers in the Big Bend district took out 1,056 emergency permits through the Kansas Department of Agriculture to overpump in 2011, the most out of any district. Source:

• Whooping cough disease reached epidemic levels in Washington state, according to the secretary of health April 3. – Washington State Department of Health (See item 22)

22. April 3, Washington State Department of Health – (Washington) Whooping cough cases reach epidemic levels in Washington. April 3, the state secretary of health announced whooping cough disease has reached epidemic levels in Washington. So far in 2012, 640 cases have been reported in 23 counties as of March 31. This compares to 94 cases during this same time period in 2011, putting Washington on pace to have the highest number of reported cases in decades. The State Department of Health is introducing a new public service radio announcement reminding people how serious whooping cough can be and to get vaccinated. Source:


Banking and Finance Sector

6. April 4, eWeek – (International) Some Zeus bots still active after Microsoft takedown, FireEye says. In March, Microsoft officials said in they and several partners were able to take over a major part of the infrastructure of a Zeus botnet, shutting down command and control (C&C) centers in Illinois and Pennsylvania as part of what they called Operation b71. However eWeek reported April 4 that security experts are saying that while the operation shut down the bulk of the bots, a few remain and are still in operation. According to a researcher FireEye’s Malware Intelligence Lab, three domains remain in operation, including one Zeus variant that partially recovered from Microsoft’s efforts and is known for quickly changing its C&C domains. Since January, according to FireEye’s count, the company found 156 C&C domains used by the Zeus botnet. In Operation b71’s “sinkhole” effort, Microsoft was able to take over 147 of the domains. FireEye listed two domains as dead and four others abandoned. Zeus malware uses keylogging to access user names and passwords from a PC, enabling cyber-criminals to steal people’s online identities. Source:

7. April 3, Federal Bureau of Investigation – (Arizona) Phoenix Valley pair plead guilty to $5.3M mortgage fraud scheme. An Arizona mortgage broker and her former associate each admitted to conspiring to commit a multiple-transaction mortgage fraud that federal law enforcement calculates resulted in a loss to defrauded financial institutions of approximately $5,300,000. She entered a guilty plea to one count of conspiracy to commit wire fraud in federal court April 2. Her accomplice previously entered his guilty plea to one count of conspiracy to commit wire fraud. The woman held herself out to be a mortgage broker, loan officer, and real estate investor. She was president of Golden Opportunity Investments, located in Scottsdale. The accomplice operated a construction and remodeling company, Arizona Cooling Control Plus. Both admitted that between May 2005 and February 2007, they recruited straw buyers with good credit scores to purchase residential properties. In order to qualify for mortgage financing, they had the straw buyers submit loan applications and supporting documents that misrepresented their incomes, assets, liabilities, employment status, and intent to occupy the properties. At the close of escrow, they obtained a portion of the loan proceeds as “cash back” to be used for mortgage payments and for their own personal enrichment. They each admitted their fraudulent scheme resulted in the purchase of at least 17 residential properties, obtaining loans in the total amount of nearly $17 million. All 17 properties went into foreclosure. Source:

Information Technology

33. April 4, H Security – (International) Joomla! 2.5.4 closes more security holes. Two weeks after its last security update, the Joomla! project published another update to the 2.5.x branch of its open source content management system which addresses two vulnerabilities. Version 2.5.4 of Joomla! closes an information disclosure hole that allowed unauthorized access to administrative information and fixes a problem that could have been exploited by an attacker to conduct cross-site scripting attacks. Versions 2.5.0 to 2.5.3 are affected. Source:

34. April 4, Help Net Security – (International) Cybercriminals target Google, LinkedIn and Mass Effect 3 users. During March, GFI Labs documented several spam attacks and malware-laden e-mail campaigns infiltrating users’ systems under the guise of communications purporting to be from well-known companies and promotions for popular products and services. Google, LinkedIn, Skype, and the video game Mass Effect 3 were among the brands exploited by cybercriminals in order to attract more victims. “Taking advantage of the notoriety of companies, celebrities and major events is a tactic cybercriminals continue to use because it works,” said a senior threat researcher at GFI Software. “They know that Internet users are bombarded with countless emails every day, and these scammers prey on our curiosity and our reflex-like tendency to click on links and open emails that look like they’re coming from a company we know and trust,” he added. Source:

35. April 3, Threatpost – (International) Apple issues update to prevent Flashback malware from infecting Mac OS X machines. Less than a day after reports began surfacing that the Flashback trojan was hitting Mac OS X machines, Apple released a fix to stop the latest variant of the password-stealing malware April 3. The update closes numerous vulnerabilities in Java 1.6.0_29, including a serious hole that allowed an untrusted Java applet to help spread the malicious code. The quick turnaround is another indication of the widespread threat posed by the continuously mutating Flashback malware since millions of Web pages run on Java, and computers can become infected merely by a user visiting a malicous page. April 3, Threatpost reported Mozilla blacklisted all but the most recent version of Java to protect users who may not be aware of the flaw and attacks. Flashback is believed to target Safari and Firefox Web browsers. The Apple product update is available for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3, and Lion Server v10.7.3. According to Apple, “the most serious of the vulnerabilities allowed an untrusted Java applet to execute arbitrary code outside the Java sandbox.” The patch also addresses numerous other Java vulnerabilities. Despite taking less than a day to issue the update after security researchers publicly announced the trojan hit the Mac platform, numerous security sites also noted Oracle released a patch to fix the Java flaw for Windows in February. Source:

36. April 3, Computerworld – (International) Path tightens mobile app security. Social networking service Path upgraded the security of its mobile application in apparent response to a recent outcry over its data gathering practices. In a statement, Path said a newly released 2.1.1 version of its software automatically hashes all user contact information in order to protect the privacy of the data. All phone numbers, e-mail addresses, Twitter handles, and Facebook IDs Path collects in order to connect users with their contacts will be hashed in future, according to the statement. Path’s move comes several weeks after the company found itself in the middle of a major privacy row after a programmer described how Path’s journaling application for iOS and Android-powered phones, used by over 2 million users, was secretly collecting user address book data. The disclosure drew widespread attention to the data collection practices of mobile application vendors in general, and the processes platform vendors such as Apple and Google use for vetting those vendors. Source:

For another story, see item 6 above in the Banking and Finance Sector

Communications Sector

37. April 4, CNET News – (International) TomTom releases fix for ‘leap year’ bug. Satellite navigation maker TomTom released an update to fix a software glitch that left customers worldwide complaining about not being able to find their location, CNET News reported April 4. The problem, which began March 31, meant the sat-navs failed to get a GPS position. Instead, users saw a gray screen or a message saying the GPS signal was poor. The Dutch company apologized for the glitch April 4, which it said was caused by a “leap year” bug in the GPS receiver software from a third-party supplier. “A software update fixing the issue is now available via MyTomTom,” it said in a statement, directing owners to a support Web page. While the company did not directly identify which models were affected, its support page gives instructions for installing the update on the Start 20/25, Via 110/120/125, the Via Live 120/125, the Go Live 820/825, and the Go Live 1000/1005 and 1005 World. Source:

38. April 3, KTVI 2 St. Louis; KPLR 11 St. Louis – (Missouri) Cut fiber optic cable causes MetroLink delays. MetroLink customers in St. Louis, Missouri, were told April 3 to expect approximate 30-minute delays throughout the day. A fiber-optic cable was damaged and was affecting communications with MetroLink system and trains. Trains were moving but were behind schedule. The Blue Line was operating only between the Shrewsbury I-44 MetroLink Station and the Forest Park-DeBaliviere MetroLink Station. Blue Line customers traveling east beyond the Forest Park-DeBaliviere MetroLink Station needed to board an eastbound Red Line train. Source: