Wednesday, May 9, 2012

Complete DHS Daily Report for May 9, 2012

Daily Report

Top Stories

• Energy companies must keep up-to-date, complete records to prove they are running pipelines at safe pressures under new federal guidelines developed in response to a deadly California natural gas explosion. – Associated Press

2. May 7, Associated Press – (National) Feds: Pipeline companies must keep safety records. Energy companies will need to keep up-to-date records to prove they are running the nation’s aging pipelines at safe pressures under a new set of guidelines the federal government announced May 7 in response to a deadly natural gas explosion in a San Francisco suburb. If pipeline operators cannot ensure their oil and gas lines are running at safe pressures by 2013, the Pipeline and Hazardous Materials Safety Administration (PHMSA) said they could face penalties or other sanctions. The advisory bulletin the administration issued mentioned the September 2010 gas pipeline explosion in San Bruno that killed 8 people, injured many more and left 38 homes in smoking ruins. Federal and state officials will be responsible for enforcing the new guidelines, a pipeline safety agency spokeswoman said. All companies will be required to keep traceable, verifiable, and complete records about pipelines that ferry hazardous fuels through the nation’s most populated areas. In a later phase, the PHMSA also will direct energy firms on what to do if they cannot find records for all their pipelines, she added. Source:

• Riverside County, California prosecutors filed more than 80 additional counts against a mother and son accused in a $142 million mortgage and investment fraud case. – Riverside Press-Enterprise See item 11 below in the Banking and Finance Sector

• A team of FBI experts were examining a sophisticated, new al-Qa’ida bomb to figure out whether it could have slipped past airport security and taken down a commercial airplane, U.S. officials said. – Fox News; Associated Press

17. May 8, Fox News; Associated Press – (National) CIA thwarts Al Qaeda underwear bomb plot near anniversary of leader’s death. A team of FBI experts were examining a sophisticated, new al-Qa’ida bomb to figure out whether it could have slipped past airport security and taken down a commercial airplane, U.S. officials said. The bomb was confiscated after the CIA unraveled a terror plot by al-Qa’ida in the Arabian Peninsula to destroy a U.S.-bound airliner using an underwear bomb, Fox News reported May 8. The plot involved an upgrade of the underwear bomb that failed to detonate aboard a jetliner over Detroit December 25, 2009. This new bomb was also designed to be used in a passenger’s underwear, but this time al-Qa’ida developed a more refined detonation system, U.S. officials told the Associated Press. “Initial exploitation indicates that the device is very similar to IEDs that have been used previously by Al Qaeda in the Arabian Peninsula in attempted terrorist attacks, including against aircraft and for targeted assassinations,” the FBI said in a written statement. “The FBI currently has possession of the IED and is conducting technical and forensics analysis on it.” Officials said the device did not contain metal, meaning it probably could have passed through an airport metal detector. However, it was not clear whether new body scanners used in many airports would have detected it. It was not clear who built the bomb, but because of its sophistication and its similarity to the Christmas bomb, authorities suspected it was the work of a master bomb maker who constructed the first underwear bomb and two others al-Qa’ida built into printer cartridges and shipped to the U.S. on cargo planes in 2010. Source:

• Abbott Laboratories pleaded guilty and agreed to pay $1.6 billion to resolve its criminal and civil liability arising from the company’s unlawful promotion of the prescription drug Depakote. – CNN

36. May 7, CNN – (National) Abbott Laboratories to pay $1.6 billion over misbranding drug. Abbott Laboratories pleaded guilty and agreed to pay $1.6 billion to resolve its criminal and civil liability arising from the company’s unlawful promotion of the prescription drug Depakote, the U.S. Department of Justice (DOJ) said May 7. The total includes a criminal fine of $700 million and civil settlements with states and the federal government totaling $800 million. Separate from the DOJ settlement, Abbott agreed to pay 45 states a total of $100 million to resolve liability under the state consumer-protection laws. That makes this the second-largest fraud settlement involving a drug company, behind only a $2.3 billion Pfizer settlement in 2010. Abbott pleaded guilty to misbranding Depakote by promoting the drug to control agitation and aggression in patients with elderly dementia, and to treat schizophrenia when neither use was approved by the U.S. Food and Drug Administration. Source:


Banking and Finance Sector

9. May 8, Softpedia – (International) Tatanga malware platform used in fraud insurance scam. Cybercriminals have come up with a new way of duping unsuspecting bank customers into handing over their funds. They promote shady insurance that supposedly protects against losses caused by online banking fraud. Trusteer experts have detailed the way these attacks work and how they leverage the Tatanga malware platform to ensure the success of the malicious campaign. First, the malware informs the victim of the allegedly free offer via Web browser injection. Then, the potential victim is presented with a fake insurance account whose value is purportedly equal to the amount of money currently present in the bank account. To activate the new account, the user is asked to authorize the transaction by entering the one-time password the bank sends via SMS to his/her mobile device. In reality, the “insurance account” is a normal account that belongs to a money mule involved in the scheme. When users authorize the activation, they are actually authorizing a fund transfer from the victim to the mule. Experts have found the crooks steal the entire amount of money from the bank account if the balance is between $1,300 and $6,500. However, if the amount is exceeded, they will only take $6,500. “Once they have compromised an endpoint, the ability of Tatanga and the other cybercrime platforms to commit online fraud is limited only by the imagination of criminals,” Trusteer’s chief technology officer said. Source:

10. May 7, Federal Bureau of Investigation – (Missouri) St. Louis man pleads guilty to fraud, conspiracy, and identity theft charges. A man pleaded guilty May 7 to charges involving his use of customer information to steal money from bank accounts at United States Bank. According to the facts filed with the court, an accomplice was employed by United States Bank in St. Louis County, Missouri. As part of his employment, he had access to customer account data, including account numbers for business accounts and names of persons associated with those accounts. In the spring of 2011, the pair agreed the employee would provide the defendant with account information, including business/commercial customers such as Ameren. After getting the information, the defendant registered phony Internet domain names to make it look as though he was sending e-mail from Ameren. He then used this information and attempted to obtain cash delivery services from an Ameren account at United States Bank. The defendant contacted United States Bank June 20, 2011, and requested about $180,000 in cash pursuant to United States Bank cash vault services. He was arrested June 20, 2011, and the bank fraud scheme was never completed. He pleaded guilty to one felony count of bank fraud, three felony counts of aggravated identity theft, and one count of conspiracy to commit bank fraud. The employee pleaded guilty in December 2011 to conspiracy to commit bank fraud. Source:

11. May 7, Riverside Press-Enterprise – (California; Arizona) Pair handed 80 more felony mortgage fraud counts. Prosecutors in Riverside County, California, have filed more than 80 additional counts against a mother and son accused in a $142 million mortgage and investment fraud case, the Riverside Press-Enterprise reported May 7. The pair were arrested in November 2009 and accused of persuading mom-and-pop investors in California and Arizona to turn over savings and retirement funds as well as max out credit cards and refinance their homes by promising them big returns on investments in things such as real estate, foreign currency, and diamonds. The investors lost most of their money and more than 200 Riverside County homes were pushed into foreclosure, according to allegations. Five others charged in the case have pleaded guilty. The son was originally charged with 247 felony counts, including grand theft, securities fraud, corporate identity theft, and elder abuse. By May 7, prosecutors had added 81 counts, bringing the total to 312. The deputy district attorney handling the case said the new charges are primarily allegations of acting as an investment adviser without proper certification, and commodities fraud counts that are being offered as an alternative to existing securities fraud counts. Source:

Information Technology

45. May 8, The Register – (International) Zombie PCs exploit hookup site in 4Square-for-malware scam. Security researchers discovered a strain of malware that uses the geolocation service offered by an adult dating Web site as a way to determine the location of infected machines. Thousands of infected machines in a zombie network contacted the URL at the adult hookup site, security researchers at Websense discovered. Analysts first thought the adult dating site was abused as a botnet command and control channel. A more detailed look at the traffic from an infected machine revealed JavaScript code built into the malware queried the site’s systems to discover the exact location — state, city, latitude, and longitude — of infected PCs. All indications are the site is unaware of this behavior. Instead, its unsecured geo-location services are being used as a kind of 4Square for zombie PCs. This information is “used by the botmaster for statistics or to give different commands to infected machines in certain countries,” Websense explains. The security firm reports that in more than 4,700 samples of these yet unnamed malware behind the attack were submitted to its security lab to date. Source:

46. May 8, H Security – (International) Node.js update fixes information disclosure vulnerability. The Node.js developers are advising all users to upgrade to the latest stable release of their JavaScript-based, event-driven, application framework as soon as possible. Version 0.6.17 of Node.js closes a security hole in Node’s HTTP implementation that could be exploited by a remote attacker to access private information. This could be done by appending the contents of the HTTP parser’s buffer to spoof a request header to make it appear to come from the attacker; echoing back the contents of such a request is usually safe, but in this case could expose information about other requests. All versions of the 0.5.x and 0.6.x branches up to and including 0.6.16 are affected; versions 0.7.0 to 0.7.7 of the 0.7.x unstable development branch are also vulnerable. Upgrading to 0.6.17 or 0.7.8 fixes the problem. Alternatively, those who cannot or choose not to upgrade can apply a fix. The developers note that the 0.6.17 update also fixes some other important bugs such as a file descriptor leak in sync functions. Source:

47. May 8, H Security – (International) iOS 5.1.1 closes iPhone holes. Apple released an iOS 5.1.1 update that closes four security holes in the iPhone and iPad operating system. Among the flaws is a WebKit problem that could allow a maliciously crafted Web site to crash applications or execute arbitrary code to take control of the device. The memory corruption flaw, discovered by the Google Chrome Security Team, affects iPhone 3GS, iPhone 4 and 4s, third generation, and later iPod Touch and the iPad and iPad 2. Another pair of flaws, one of which was used in Google’s Pwnium contest, allowed the staging of a cross-site scripting attack. The final flaw was a URL spoofing problem that allowed illegitimate domains to visually appear in the address bar as legitimate sites. Source:

48. May 7, Ars Technica – (International) Attackers target unpatched PHP bug allowing malicious code execution. A huge number of Web sites are endangered by an unpatched vulnerability in the PHP scripting language that attackers are already trying to exploit to remotely take control of underlying servers, security researchers warned. The code-execution attacks threaten PHP Web sites only when they run in common gateway interface (CGI) mode, a Web application security consultant with Criticode told Ars Technica. Sites running PHP in FastCGI mode are not affected. It is unknown exactly how many Web sites are at risk, because sites also must meet several other criteria to be vulnerable, including not having a firewall that blocks certain ports. Nonetheless, sites running CGI-configured PHP on the Apache Web server are by default vulnerable to attacks that make it easy for hackers to run code that plants backdoors or downloads files containing sensitive user data. Full details of the bug became public the week of April 30, giving attackers the information they need to locate and exploit vulnerable Web sites. According to a security researcher, exploits are already being attempted against servers that are part of a honeypot set up by Trustwave’s Spider Labs to detect Web-based attacks. While some of the requests observed appear to be simple probes to see if sites are vulnerable, others contain remote file inclusion parameters that attempt to execute code of the attacker’s choosing on vulnerable servers. Source:

For more stories, see items 9 above in the Banking and Finance Sector and 49 and 50 below in the Communications Sector

Communications Sector

49. May 8, Winona Daily News – (Minnesota) Saturday’s Internet outage far from local. Twin Cities construction workers in Minnesota accidentally cut a major trunk fiber-optic line that leads to the Internet collection point for most of Minnesota May 5. About 25 percent of Hiawatha Broadband Communications (HBC) customers lost service for most of the morning, according to a May 7 release. Most service was restored by the afternoon. The cut was repaired 8 hours later, according to the release. Source:

50. May 8, The Hill – (National) FTC looks to force billing company to pay $52 million for bogus charges. The U.S. Federal Trade Commission (FTC) has asked a federal court to force a third-party billing company to pay $52.6 million for allegedly placing unauthorized charges on consumer phone bills, The Hill reported May 8. The practice of putting unwanted third-party charges on phone bills is known as “cramming,” and is the target of potential regulations by the Federal Communications Commission (FCC) and Congress. According to the FTC’s court filing, Billing Services Group (BSG) placed charges on nearly 1.2 million telephone lines on behalf of a serial phone crammer. The charges were for “enhanced services,” such as voice mail, identity theft protection, directory assistance, job skills training, and video streaming. Consumers never asked for the services. BSG continued billing customers despite “voluminous” complaints and the fact that few customers ever used the services they were charged for, the FTC said. According to the government’s motion, BSG billed more than 250,000 consumers for a streaming video service, but only 23 movies were streamed — some of them by the cramming firm’s employees. BSG placed $70 million in bogus charges and only refunded about $17.4 million, according to the FTC. The FCC adopted a rule last month to try to combat cramming. The regulation requires landline telephone companies to notify consumers if they have the option to block third-party charges and strengthens rules requiring companies to list the charges separately on bills.Source:

51. May 8, Adirondack Daily Enterprise – (New York) AT&T cell service on, but customers incensed. AT&T restored cellular phone service to customers in the Tupper Lake, New York area May 7, but the weekend’s problems with service angered many of the provider’s customers. Cell service for AT&T customers went out sometime the night of May 4 or the morning of May 5 by most accounts. Some customers said they were told by AT&T customer service that the fix could take until May 9 or May 11, or even next into the week of May 14. Many customers were glad to see service come back on around 3 p.m. May 7. An AT&T spokeswoman said that while the technical problem was not AT&T’s issue, the company had technicians in the field to help with the fix. “It was actually an issue with the local (telecommunications) provider,” she said. She said the fact that the problem was not with AT&T’s equipment might have been the reason for confusion with customer service workers. Source:

For another story, see item 47 above in the Information Technology Sector