Monday, April 10, 2012

Complete DHS Daily Report for April 10, 2012

Daily Report

Top Stories

• Health officials in Utah said more than 25,000 Social Security numbers were compromised by hackers who downloaded thousands of medical files from state computers. – Associated Press

29. April 6, Associated Press – (Utah) Utah: Medical records breach more extensive. Health officials in Utah said hackers who downloaded thousands of medical files from state computers stole far more personal information than originally thought. The Utah Department of Health said April 6 that nearly 182,000 recipients of Medicaid and the Children’s Health Insurance Program had their personal information stolen. The department estimates more than 25,000 Social Security numbers were compromised. Agency officials originally thought the hackers stole 24,000 Medicaid claims. Officials said the attack started the week of March 26 and likely came from eastern Europe. The information was on a new server that had security tools installed improperly. Source:

• Software that failed to recognize a community name and a discrepancy between coordinates on mapping systems are blamed for the failure to alert some residents to a deadly Colorado wildfire. – Associated Press

34. April 6, Associated Press – (Colorado) Mapping glitch blamed for no Colo. fire warnings. Software that failed to recognize a community name and a discrepancy between coordinates on Google maps and a mapping system are being blamed for the failure to alert some residents to a deadly Colorado wildfire. A document released April 5 by the Jefferson County Sheriff’s Office indicates mapping software used by FirstCall Network Inc. did not recognize where to map homes listed as being in Morrison. Those homes were placed in an “unknown” category and received no warnings about the fire. They included the home of a woman who died. She was one of the first residents to call 9-1-1 to report smoke over her house and was told it was a small, 5-acre fire. FirstCall provides automated phone warning systems to up to 200 cities, counties, and states across the country. A review by the county and FirstCall also found up to 100,000 records containing errors, leaving county officials to consider using other systems to warn residents of emergencies. Those include sending cruisers through affected neighborhoods with sirens and broadcasting warnings on the Emergency Alert System on television and radio. The county and FirstCall are at odds over who is to blame, with the sheriff’s office saying the company maintains its own database that the county pays for and should work. The FirstCall president said the problem was in the difference between software the company uses and the address data collected from the county’s 9-1-1 system, which lists some homes in Morrison, about 13 miles from the fire. He later issued a statement saying the company and the county are working with other companies that collect the data to ensure addresses match their location. Source:

• Two new studies found ways to eavesdrop on smart phones and tablet PCs to record conversations and listen in as users were banking or linking to a virtual private network. – USA Today See item 35 below in the Information Technology Sector

• Two firefighters were killed and 3 others were injured after a massive fire in an abandoned 6-story Philadelphia factory building engulfed 2 blocks. – Fox News

44. April 9, Fox News – (Pennsylvania) 2 firefighters killed in Philadelphia factory fire. Two firefighters were killed and three others were injured April 9 after a massive fire inside an abandoned 6-story Philadelphia factory building engulfed two blocks. The firefighters were reportedly trapped inside a furniture store that caught fire after embers from the burning warehouse blew onto the site. The injured firefighters were saved by an urban rescue team and taken to the hospital. Fire crews from all over the city responded to the alarm at the Thomas Buck Hosiery Factory in the Kensington area of the city. The fire went to five alarms. Homes were evacuated in the area as embers from the massive fire drifted into the neighborhood, and evacuees were sent to a nearby church. Utility supplier PECO also cut power to the area around the warehouse. Most of the structure collapsed as the fire tore through the building, and flames spread to at least one other warehouse and two nearby homes. Source:

• Dry and windy New Jersey was scorched by dozens of brush fires the weekend of April 7. Weather officials said the state, and at least seven neighboring states, remained at risk into the week of April 9. – Bridgewater Patch

49. April 9, Bridgewater Patch – (New Jersey; National) Fires break out across N.J. as warnings continue. Dry and windy New Jersey has been scorched by multiple brush fires since April 6, and weather officials say the state remains at risk into the week of April 9. Three fires burned more than 400 acres in Camden County April 6, and seven smaller fires had broken out by the next morning. A “red flag” fire warning implemented by the National Weather Service remained in effect in all of New Jersey and Delaware, as well as large portions of Maryland, Pennsylvania, and New York. The warnings extend as far south as Virginia and north into New Hampshire. The warning remained in place until 8 p.m. April 9, as low humidity and wind gusts of up to 40 mph were expected. As of the start of the warning, the New Jersey Forest Fire Service had responded to 315 wildfires that burned 254 acres in 2012, compared with 167 fires that burned 176 acres during the same period in 2011. A fire was reported April 8 in the Pine Barrens, a day after small brush fires snarled traffic on Route 4 in Teaneck. Three brush fires occurred in Mahwah over the weekend of April 7. There were wildfires over the weekend in Somerset, Ocean, Monmouth, Bergen, Sussex, Warren, Morris, Hunterdon, Middlesex, and Cape May counties. Source:


Banking and Finance Sector

15. April 8, Jeffersonville News and Tribune – (Indiana) Five Jeffersonville residents accused of fraud. Five Jeffersonville, Indiana residents and one Louisville, Kentucky resident were accused of mortgage fraud from creating fake loan applications for 19 properties totaling $5 million in Jeffersonville and Louisville, the Jeffersonville News and Tribune reported April 8. The five were accused of submitting fake information on home loan applications between November 1, 2006, and August 30, 2008, according to a press release from the U.S. Department of Justice. According to the release, once those loans were approved, the money was transferred to designated bank accounts in Louisville. In addition, two of the defendants were accused of conspiracy to commit bank fraud in a separate, but similar scheme, against various banks by submitting fake auto loan applications. Between October 22, 2010, and December 31, 2010, the two received $118,000 from their fake loan applications to supposedly purchase four vehicles. Source:

For another story, see item 35 below in the Information Technology Sector

Information Technology

35. April 9, USA Today – (International) New security flaws detected in mobile devices. Findings of two recent examinations of mobile devices highlight how designers of smartphones and tablet PCs failed to fully account for security and privacy implications. In one study, security firm Cryptography Research showed how it is possible to eavesdrop on any smartphone or tablet PC as it is being used to make a purchase, conduct online banking, or access a company’s virtual private network. Cryptography Research is “working with one of the major smartphone and tablet companies right now to put countermeasures in,” Cryptography Research’s chief technology officer said. No known actual attacks have occurred, he said. In another demonstration, researchers at McAfee highlighted several ways to remotely hack into Apple iOS. McAfee’s research team remotely activated microphones on a variety of test devices and recorded conversations taking place nearby. They also showed that it is possible to steal secret keys and passwords, and pilfer sensitive data. “This can be done with absolutely no indication to the device user,” says McAfee’s principal security architect. Source:

36. April 9, IDG News Service – (International) Web attacks use smart redirection to evade URL security scanners. Antivirus vendor ESET has come across new Web-based malware attacks that try to evade URL security scanners by checking for mouse cursor movement, ESET researchers said in a blog post April 6. The new drive-by download attacks were spotted in the Russian Web space and do not require user interaction to infect computers with malware. Rogue JavaScript code is being added to local JS files that get loaded in the “head” section of every HTML page. The code injected into these JavaScript files loads a different JS file from an external location but only if mouse cursor movement is detected. The purpose of the mouse movement detection is to filter out URL scanners and Web crawlers used by security companies or search engines to detect infected sites. If the check determines the request came from a human, the external JavaScript code injects an iframe into the original HTML page, which then loads attack code from an installation of the Nuclear Pack exploit toolkit. In this case, it attempts to exploit the CVE-2012-0507 Java vulnerability and the CVE-2010-0188 Adobe Reader vulnerability. Source:

37. April 9, IDG News Service – (Massachusetts) Former Intel employee pleads guilty to stealing documents. A former Intel employee pleaded guilty to five counts relating to the illegal download of confidential documents from Intel’s servers, states a plea agreement entered the week of April 2 between the man and the U.S. Attorney for the District of Massachusetts. The former employee of Intel’s Massachusetts Microprocessor Development Center, who was working on the design of Itanium processors, is said to have resigned from Intel May 29, 2008, and took leave from Intel up to June 11, purportedly to use accrued vacation time. He joined Intel’s rival Advanced Micro Devices June 2, while still on Intel’s payroll, and continuing to have access to Intel’s servers. From June 8 through June 11, he downloaded 13 “top secret” Intel design documents from the company’s servers in California, the indictment said. He copied them from his Intel-issued laptop to an external drive so he could access the documents after he returned the laptop to Intel. He is said to have tried to access the servers again around June 13. Source:

For more stories, see items 39, 40 and 41 below in the Communications Sector

Communications Sector

38. April 9, WBZ 4 Boston – (Massachusetts) WBZ-TV statement on technical difficulties. Due to technical difficulties at a transmitter site in Needham, Massachusetts, WBZ 4 Boston and My-TV-38’s over the air signals were not working April 9. This problem was affecting other stations as well, the director of broadcast operations and engineering said in a statement. Crews have been working at the tower site since the evening of April 8 to fix the problem. Source:

39. April 6, Mesquite Citizen Journal – (Nevada) Internet interruptions being repaired. According to a marketing coordinator at Reliance Connects, a device that controls all of the Internet traffic for the entire Mesquite, Nevada area failed, causing access outages, the Mesquite Citizen Journal reported April 6. They have the manufacturer monitoring repairs to the device and technicians from out of state have been brought in to aid in repairs to the machine. “We are migrating all of our services to another device that can perform all the necessary functions for complete Internet access,” the marketing coordinator said. Source:

40. April 6, Agri-view – (National) Fake Verizon emails contain malicious links. An e-mail that fraudulently claims to come from Verizon Wireless is making the rounds in Wisconsin and could lead to a serious breach of data for consumers who click the links in its text, Agri-view reported April 6. The fake Verizon Wireless account e-mail has been sent to citizens and to businesses. The sender, subject, graphics, and text are nearly identical to an actual Verizon message. The scam e-mail claims the recipient owes a large amount of money on a Verizon account — current versions say more than $900. When a person clicks any of the links in the e-mail to learn more, they may unintentionally download malicious software onto the computer or be driven to a site that will harvest personal information. Verizon Wireless notes on its Web site that the company does not send e-mail notices asking for customer payment information, usernames, or passwords used to manage accounts. Source:

41. April 6, Bluffton Island Packet – (South Carolina) Highway crews again blamed for cable service outage. Construction workers widening U.S. 278 again knocked out some cable, telephone, and Internet service on Hilton Head Island and in Bluffton, South Carolina, April 6, according to Time Warner Cable. The company’s vice president of communications said crews working along the highway cut a fiber cable. All of Time Warner’s subscribers on Hilton Head and in Bluffton were affected, she said. Service was restored on Hilton Head and in Bluffton after about 4 hours, the vice president said. She said the cable provider had another line cut a few weeks ago by the same workers. Local cable, telephone, and computer provider Hargray has also blamed recent service outages near U.S. 278 on construction workers who are not careful about where they dig. Source:

For another story, see item 35 above in the Information Technology Sector