Friday, May 4, 2012

Complete DHS Daily Report for May 4, 2012

Daily Report

Top Stories

• The number of illnesses linked to the outbreak of Salmonella infection likely caused by raw tuna sushi has grown to 258 in 24 states and Washington D.C., federal officials reported. – Food Safety News

18. May 3, Food Safety News – (National) Salmonella sushi outbreak cases jump to 258. Three more states reported illnesses linked to the outbreak of Salmonella infection likely caused by raw sushi tuna imported from India, and the total number of confirmed cases rose to 258, the Centers for Disease Control and Prevention (CDC) reported May 2. The CDC’s April 26 update on the Salmonella Bareilly and Salmonella Nchanga infections tied to the product called tuna scrape listed 200 cases from 21 states and Washington, D.C. California, Nebraska, and Tennessee have now reported outbreak-related cases. The 58 new cases include 13 reported by Pennsylvania, 8 by Illinois and New Jersey, 7 by Virginia, 6 by New York, 4 by Maryland, 3 by Massachusetts, 2 by California and Tennessee, and 1 each by Connecticut, Georgia, Nebraska, North Carolina, and Wisconsin. Eleven people infected with the outbreak strain of Salmonella Nchanga were reported from five states: five from New York, two from Georgia and New Jersey, and one from Virginia and Wisconsin. Nearly 59,000 pounds of the frozen yellowfish tuna scrape was recalled by the distributor, Moon Marine Corp. of Cupertino, California. Many of the people sickened reported eating “spicy tuna” sushi before they became ill. Source:

• Two farms were quarantined by the U.S. Department of Agriculture as the agency continued to investigate the discovery of mad cow disease at a California dairy farm. – CNN

19. May 3, CNN – (California) USDA quarantines 2 farms in mad cow investigation. Two farms were quarantined by the U.S. Department of Agriculture (USDA) as the agency continued to investigate the April discovery of mad cow disease at a California dairy farm. Authorities launched an investigation at a calf ranch where the initial infected cow was raised 10 years ago, according to a statement released May 2 by the USDA. The week of April 23, the USDA documented the fourth confirmed U.S. case of Bovine Spongiform Encephalopathy (BSE) known commonly as mad cow disease, at a rendering facility in central California. USDA officials said the cow was never presented for human consumption and was not a threat. The farm where the cow was initially discovered has been under quarantine since the discovery, agriculture officials said. The May 2 announcement of a second quarantine involves a farm closely associated with the dairy where the sick cow was discovered, the USDA said. The agency is still trying to determine if any at-risk cattle are present at either of the farms. Source:

• Miami-Dade County’s 7,500 miles of sewage lines are in such decrepit shape and rupture so frequently, federal environmental regulators are demanding repairs and upgrades that could cost upwards of $1 billion. – Miami Herald

25. May 2, Miami Herald – (Florida) Feds file complaint, demand Miami-Dade County fix faulty sewer lines. Miami-Dade County’s 7,500 miles of sewage lines in Florida are in such decrepit shape and rupture so frequently, federal environmental regulators are demanding repairs and upgrades that could cost upwards of $1 billion. Authorities from the U.S. Environmental Protection Agency, the Department of Justice, and Florida Department of Environmental Protection met May 2 with local officials to begin negotiations. The director of Miami-Dade’s Water and Sewer Department acknowledged the string of major ruptures in recent years, saying the aging network is “being held together by chewing gum.” The potential $1 billion overhaul almost certainly means rate hikes for hundreds of thousands of residents who have historically paid some of the lowest fees in the state. The federal complaints were sketched out in a 78-page draft consent decree claiming Miami-Dade County has violated sections of the Clean Water Act, along with terms and conditions of its National Pollutant Discharge Elimination System permits. Miami-Dade has suffered at least three major sewer pipe breaks the past 3 years, and a recent internal report shows that 3 sections of 54-inch pipe under Biscayne Bay are so brittle they could rupture at any time. The director said a break in that pipe, which carries 25 million gallons of raw sewage each day from Surfside, Miami Beach, and Bal Harbour, could be “catastrophic.” Engineers linked many of the worst breaks to defective pipe built by Interpace, a now-defunct company whose products were widely used in the 1970s. Now, some are failing decades earlier than expected because over time, steel reinforcement wires inside the concrete pipes have corroded, broken, and failed. Source:

• A strike force of agents and investigators, led by the Departments of Justice and Health and Human Services, charged 107 persons in 7 cities with Medicare fraud involving more than $452 million in false billings. – Washington Times

30. May 2, Washington Times – (National) Medical professionals charged with fraud involving Medicare. A strike force of federal, state, and local agents and investigators, led by the Departments of Justice and Health and Human Services, has charged 107 persons in 7 cities with Medicare fraud involving more than $452 million in false billings, the U.S. Attorney General said May 2. He described the sweep as the highest amount of apparent false Medicare billings involved in a single takedown in the 5-year history of the government’s Medicare Fraud Strike Force. Those charged included doctors, nurses, social workers, health care company owners, and others — all accused of a range of serious offenses, including health care fraud, conspiracy to commit health care fraud, money laundering, and violation of laws against kickbacks. The arrests were made in Los Angeles, Chicago, Miami, Houston, Detroit, Baton Rouge, Louisiana, and Tampa, Florida. More than 500 agents and investigators took part in the operation. Source:

36. May 2, Houston Chronicle – (Texas) Largest-ever medicare fraud takedown nabs 4 Houston EMS providers. Nearly 100 suspects tied to more than $450 million in phony Medicare billings in Houston and six other cities were arrested May 2 in what is believed to be the largest health care fraud take-down in U.S. history. The arrests, made by investigators with the U.S. Department of Health and Human Services’ Office of Inspector General and FBI agents, included operators of four Houston private ambulance companies responsible for $7 million in phony trips to an outpatient psychiatric clinic. The ambulance owners charged were accused of submitting claims that prosecutors said were not covered because patients were transported to a community mental health center (CMHC), not a hospital or medical facility. CMHCs are a Medicare-created entity that does not require a license in Texas. “Medicare did not cover ambulance transport from a beneficiary’s home to a CMHC because a CMHC was not a hospital, skilled nursing facility or dialysis center,” the indictments said. Source:


Banking and Finance Sector

5. May 3, IDG News Service – (International) Hackers blackmail Belgian bank with threats to publish customer data. Hackers claimed to breach the systems of the Belgian credit provider Elantis and threatened to publish confidential customer information if the bank did not pay $197,000 before May 4, according to a statement posted to Pastebin May 1. Elantis confirmed the data breach May 3, but the bank said it would not give in to extortion threats. The hackers claimed to capture log-in credentials and tables with online loan applications that hold data such as full names, job descriptions, contact information, ID card numbers, and income figures. According to the hackers, the data was stored unprotected and unencrypted on the servers. To prove the hack, parts of what the hackers claimed to be captured customer data were published. The hackers contacted the bank via e-mail April 27, said a spokeswoman for Belfius Bank, Elantis’ parent company. “We assume they possibly captured the data of 3,700 customers,” she said, adding that the compromised data could belong to existing and potential customers. Elantis customers were informed of the data breach, according to the spokeswoman. After finding out what happened, the Elantis site was taken offline and the bank contacted the Belgian Federal High Tech Crime Unit, which is now investigating the case, she said. An unnamed specialized American security firm is also conducting an investigation, she added. Source:

6. May 3, Associated Press – (Virginia) FBI, police investigate bank robberies. The FBI said four recent bank robberies in Sussex and Chesterfield counties in Virginia appear to have been committed by the same suspects. The first robbery occurred March 27 at the Bank of Southside Virginia in Jarratt. It was followed by robberies at the Central Virginia Bank in Midlothian April 3, the BB&T in Wakefield April 19, and the Bank of Southside Virginia in Stony Creek April 23. One armed man held up the first two banks. Two armed men robbed the other banks. The robberies are being investigated by the FBI, the Sussex County Sheriff’s Office, and the Chesterfield County Police Department. Source:

7. May 2, San Gabriel Valley Newspapers – (California) Whittier parolee accused of being ‘Stretch Bandit’ bank robber. Prosecutors charged a Whittier, California parolee who the FBI knows as the “Stretch Bandit” with five San Gabriel Valley bank robberies following his arrest in April at the end of a police chase, San Gabriel Valley Newspapers reported May 2. He was charged with five counts of second-degree robbery, as well as one count of evading police, Los Angeles County district attorney’s officials said in a written statement. “[He] is suspected of robbing a U.S. Bank in Hacienda Heights on July 6, 2011; a Bank of the West in Rowland Heights on July 12, 2011, and again on Jan[uary] 11, 2012; a Citibank in Rowland Heights on Jan[uary] 14; and the First Federal Credit Union in West Covina on April 23,” a district attorney’s office spokeswoman said. He was arrested April 23, just after the West Covina bank robbery, West Covina Police officials said at the time. After robbing the bank, the suspect led officials on a chase in a white van, a West Covina Police lieutenant said the day of the arrest. Source:

8. May 2, ATM Marketplace – (National; International) Crooks in 8 countries tap NZ bank accounts with skimmed ATM card data. Using counterfeit cards striped with data skimmed from New Zealand bankcard holders, thieves withdrew cash at ATMs in the Dominican Republic, Bulgaria, Croatia, Italy, the Netherlands, Thailand, the United States, and South Africa, ATM Marketplace reported May 2. The New Zealand Herald said detectives were still searching for two men who entered the country earlier in 2012 and used skimmers at ANZ and National Bank ATMs in four cities to steal card information. The scam, which was discovered in late March, ultimately affected 500 customers of the 2 banks. All customers were reimbursed for their losses, which totaled $812,400. Police in Auckland, New Zealand, identified two men caught on security cameras whom they believe installed the skimmers. However, they told the New Zealand Herald the two most likely left the country before their scam was discovered. Source:

9. May 2, Associated Press – (National; International) UK arrests 7 on suspicion of funding terror. Seven people were arrested in Great Britain on suspicion of financing terrorism in Somalia by smuggling a leaf that can produce a mild high into the United States, officials said May 1. Scotland Yard said the group was arrested as part of an operation that involved Homeland Security Investigations, the investigative branch of U.S. Immigrations and Customs Enforcement (ICE). It investigated a network suspected of illegally exporting a leaf known as khat from the United Kingdom, where it is legal, to the United States and Canada, where it is a controlled substance, Scotland Yard said. “The proceeds generated by this illegal activity (were) then transferred back to Somalia,” a spokesman for ICE said. He added that the khat mostly originated from Kenya, and U.S. law enforcement officials were working closely with their counterparts overseas on the investigation. British police said one woman and six men were arrested May 1 at four separate residences in London, Coventry, and Cardiff, Wales. Those four homes are being searched along with seven other residential addresses and a business address in Coventry, police added. Police said the seven people arrested are suspected of involvement in funding a terrorist organization and laundering the proceeds of crime for that purpose. Source:

10. May 1, U.S. Federal Trade Commission – (National) FTC wins court judgment against massive get-rich-quick infomercial scam. The U.S. Federal Trade Commission (FTC) won a court judgment against the marketers of three get-rich-quick systems who deceived nearly a million consumers, according to a May 1 press release. The FTC is seeking more than $450 million in monetary relief. A district judge in California granted the FTC’s request for summary judgment April 20 and asked the agency and defendants to submit arguments on the appropriate remedy. The marketers are behind the infomercials for the “Free & Clear Real Estate System,” “Real Estate Riches in 14 Days,” and “Shortcuts to Internet Millions.” The court found the infomercials misled consumers in violation of the FTC Act, and despite the marketers’ easy-money claims for the systems, which cost $39.95 each, nearly all consumers who bought them lost money. Regarding the Free & Clear Real Estate System, the court found the defendants falsely said consumers could purchase homes at tax sales in their own area for pennies on the dollar and they could make money easily with little financial investment. The court found the earnings claims in the Real Estate Riches in 14 Days infomercial were false, and the Shortcuts to Internet Millions infomercial misled consumers. In contrast to the infomercials’ claims, the court found that less than 1 percent of consumers who purchased the systems made any profit whatsoever. In addition, the defendants offered personal coaching services, which cost up to $14,995, to consumers who purchased any of the three systems. The court found that almost all consumers who purchased coaching programs lost money. Source:

For another story, see item 30 above in Top Stories

Information Technology

38. May 3, Help Net Security – (International) RedKit exploit kit spotted in the wild. A new exploit kit Trustwave researchers spotted in the wild is aiming to enter a market practically monopolized by the BlackHole and Phoenix exploit kits. This new kit has no official name, so the researchers dubbed it RedKit due to the red coloring scheme of its administration panel. RedKit’s creators decided to promote it by using banners, and potential buyers are required to share their Jabber username by inputting it into an online form hosted on a compromised site of a Christian church. Equipped with this piece of data, the developers contact the buyers and provide them with a demo account so they can examine the software. The admin panel looks similar to other kits, and offers the usual tools: statistics for incoming traffic and the option to upload a payload executable and scan it with 37 different antivirus programs. As each malicious URL gets blocked by most security firms in the first 24 to 48 hours, the kit developers also provide an API that produces a fresh URL every hour, so customers can set up an automated process for updating traffic sources to point to the new URL. To deliver the malware, RedKit exploits two popular bugs: the Adobe Acrobat and Reader LibTIFF vulnerability (CVE-2010-0188) and the Java AtomicReferenceArray vulnerability (CVE-2012-0507), lately used by the criminals behind the massive Flashback infection. Source:

39. May 3, Help Net Security – (International) ‘Free additional storage’ phishing emails doing rounds. Symantec researchers warned about a variety of fake e-mails supposedly coming from popular e-mail and online storage services, offering “storage quota upgrades.” A click on the offered link takes the potential victims to a bogus page mimicking the service’s legitimate one. The page offers a variety of storage plans — from 20 GB to 1 TB — supposedly free of charge. “Your new plan will automatically renew each year, but you can disable auto-renewal at any time by returning to this page and choosing additional free plan,” says the poorly worded offer. “We will contact you 30 days prior to renewal. Please allow up to 24 hours for your new storage amount to appear in all services,” the scammers conclude, so that the users are not alarmed when they do not see an immediate change. In order to select one of the offered storage plans, users must input e-mail address (username) and password, which are promptly sent to the scammers. In the meantime, the users are redirected first to another bogus page notifying them of a successful storage quota upgrade, then to the service’s legitimate Web sites. Source:

40. May 3, Threatpost – (International) Serious remote PHP bug accidentally disclosed. A serious remote-code execution vulnerability in PHP was accidentally disclosed May 2, leading to fears of an outbreak of attacks on sites built using vulnerable versions of PHP. The bug was known privately since January when a team of researchers used it in a game and then subsequently reported it to the PHP Group. The developers were still in the process of building the patch for the flaw when it was disclosed May 2. The vulnerability is simple, but it has serious consequences — the researchers found when they passed a specific query string containing the -s command to PHP in a CGI setup, PHP would interpret the -s as the command line argument and result in the disclosure of the source code for the application. They extended their testing and found they could pass whatever command-line arguments they wanted to the PHP binary. “A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server,” according to an advisory published May 2 by the U.S. Computer Emergency Readiness Team. The team that found the bug, Eindbazen, said they waited for several months for the PHP Group to release a patch for the vulnerability to publish information about it. However, someone accidentally marked an internal PHP bug as public and it was eventually posted online. As a result, Eindbazen published the details of their findings and how it can be exploited. Source:

41. May 3, Nextgov – (International) Companies increasingly are dissecting malware in the cloud. Companies increasingly are looking at malware as a source of intelligence to learn more about the threats they face, Dark Reading reports. One of the ways to do this is by using products that provide malware analysis in the cloud. Companies that chance on suspected malware on their networks can upload it to an Internet — or cloud-based — service and get an automated report back detailing how malicious the worm is. These products help firms analyze how malware enters their systems if they do not have the expertise to do it on their own. Companies have historically tapped software or hired security consultants to carry out malware analysis. Of course, organizations concerned that others would gain sensitive information about their system vulnerabilities will have to do the analysis in-house, the report notes. Source:

42. May 3, Computerworld – (International) Microsoft plans big May patch slate for next week. May 3, Microsoft said it would ship 7 security updates the week of May 7 to patch 23 bugs in Windows, Office, and its Silverlight and .Net development platforms. Of the seven updates, Microsoft tagged three as “critical,” and the other four as “important.” Four updates will address vulnerabilities in Windows; four will impact Office; and one will affect the Silverlight development framework. That count exceeds seven because one of the updates tackles bugs in all three of those lines. Source:

43. May 2, Krebs on Security – (International) OpenX promises fix for rogue ads bug. Hackers are actively exploiting a dangerous security vulnerability in OpenX — an online ad-serving solution for Web sites — to run booby-trapped ads that serve malware and browser exploits across countless Web sites that depend on the solution. For months, security experts have been warning about mysterious attacks on OpenX installations in which the site owners discovered new rogue administrator accounts. That access allows miscreants to load tainted ads on sites that rely on the software. The bad ads usually try to foist malware on visitors, or frighten them into paying for bogus security software. OpenX is only now just starting to acknowledge the attacks, as more users are coming forward with unanswered questions about the mysteriously added administrator accounts. Source:

44. May 2, ZDNet – (International) A first: Hacked sites with Android drive-by download malware. Cyber criminals often put drive-by download malware on Web sites they have hacked in order to quickly infect visitors’ PCs. For the first time thoughhacked Web sites with Android drive-by download malware were discovered. A new trojan, called NotCompatible, appears to serve as a simple TCP relay while posing as asystem update named “Update.apk.” It does not currently appear to cause any direct harm to a target Android device, but could potentially be used to gain access to privatenetworks by turning an infected smartphone into a proxy. IT administrators should nota device infected with NotCompatible could potentially be used to infiltrate normally protected information or systems, such as those maintained by enterprises or governments. The device needs to be set to approve applications not from the Google Play store, and the user has to agree to install the app. Source:

For another story see item 5 above in the Banking and Finance Sector

Communications Sector

45. May 2, Lake County News – (California) KPFZ off air temporarily due to technical difficulties. Lake County Community Radio KPFZ 88.1 FM in Lakeport, California, went offline for unknown reasons May 2. The station’s manager identified the problems and got the station back on the air at approximately 3:30 p.m. Earlier in the day, the issue was believed to be related to the transmitter site on Buckingham Peak, but it was later found to be a localized issue that was resolved. The station went off the air around 11:30 a.m. Source:

46. May 2, KSEE 24 Fresno – (California) AT&T’s service suffers from copper thefts in Fresno. AT&T’s communications in California are being cut by copper wire thieves and the Fresno County Sheriff’s department and AT&T are teaming up to catch those responsible. The latest copper theft happened May 2. Two severed wires were dangling from the lines; AT&T said 300-feet were missing. Lincoln Avenue was targeted six times. Earlier in 2012, the county began cementing copper telephone boxes in the ground, but the countermeasure has thieves reaching to new heights for the metal. The theft has cost AT&T thousands, and Fresno County has spent over a half a million dollars in 2012 alone. Recently, in Madera, a copper thief cut one pole down and it had a domino effect, bringing eight telephone poles down along with it. There were 30 attacks in Fresno and Madera in the past 2 months; thousands of customers were affected. Source:

For another story, see item 44 above in the Information Technology Sector