Monday, June 4, 2012

Complete DHS Daily Report for June 4, 2012

Daily Report

Top Stories

• A coal mine run by the former operators of the Kentucky Darby mine, where a 2006 explosion killed five miners, was closed for 9 days in May after a surprise inspection found numerous safety violations. – Louisville Courier-Journal

3. May 31, Louisville Courier-Journal – (Kentucky) Mine run by former Darby operators temporarily closed. A coal mine run by the former operators of the Kentucky Darby mine, where a 2006 explosion killed five miners, was closed for 9 days in May after a surprise Mine Safety and Health Administration (MSHA) safety blitz uncovered dozens of dangerous safety violations, the Louisville Courier-Journal reported May 31. The May 16 inspection of K and D Mining Inc.’s Mine No. 17 in Harlan County, Kentucky, found little or no ventilation where miners were working, thick accumulations of coal dust that can cause black lung and explosions, a broken methane gas warning light, conveyor belts that were covered in coal dust that was as much as 9 inches deep in places and rubbing against metal (a potential fire danger), and a mining machine with 22 electrical violations. In addition, the main track into the mine was not properly maintained, miners were working under unsupported roofs, fire suppression equipment failed to work, the backup power generator for the mine did not start, trash and other combustible material was piled up in one of the mine’s escape routes, and the locations of breathing devices were not properly marked, MSHA inspectors found. Source: http://www.greenbaypressgazette.com/usatoday/article/55318256?odyssey=mod|newswell|text|GPG-News|p

• A day after American Eagle mechanics gave a clean bill of health to a plane that made an emergency return to Chicago’s O’Hare International Airport because of a landing gear problem, the same aircraft was forced to turn around in flight and land at O’Hare again because of a similar issue. – Oklahoma City Oklahoman

16. June 1, Oklahoma City Oklahoman – (Illinois) Tulsa-bound airplane has landing-gear issue. A day after American Eagle mechanics gave a clean bill of health to a plane that had made an emergency return to Chicago’s O’Hare International Airport because of a landing gear problem, the same aircraft was forced to turn around in flight and land at O’Hare again May 31 because of a similar issue. This time it veered off the runway, airline and federal aviation officials said. Nose-wheel problems are the primary focus of the Federal Aviation Administration’s investigation, officials said, adding the pilots involved in the incidents May 30 and 31 reported that the Embraer ERJ-145 regional jet pulled hard to the right after the plane landed and was braking on the runway. Both pilots also reported to air traffic controllers an “unsafe gear indication” warning light on the cockpit display, according to sources at O’Hare. The emergency landings marked the third incident involving an American Eagle commuter plane at O’Hare in 2 days. May 30, another Eagle plane was clipped by a 747 cargo plane on a taxiway. Source: http://newsok.com/tulsa-bound-airplane-has-landing-gear-issue/article/3680300

• Starting June 4, the meat industry will have to test raw beef trimmings for six new strains of E. coli that have been linked to a growing number of illnesses. – Associated Press

19. May 30, Associated Press – (National) Government to expand E. coli testing in beef trimmings next week. The government is expanding E. coli testing in some raw meat, a move expected to prevent more people from contracting the bacteria that can cause severe illness or death. Starting June 4, the meat industry will have to test beef trimmings for six new strains of E. coli that have been linked to a growing number of illnesses. Until now, the meat industry has been required to test for just one strain of the pathogen, known as E. coli O157:H7. That strain was identified after an outbreak at Jack in the Box fast-food restaurants killed four children. However, illnesses from that strain have decreased over the years while more people have been sickened by other strains found in foods such as lettuce and ground beef. The Agriculture Secretary said the change is needed to protect Americans from food-borne illnesses. The new tests will be conducted on beef trimmings — parts of the cow used to make ground beef — and expanded later to ground beef itself, and other cuts. In 2011, the agency collected nearly 2,700 samples for testing from meat processing plants nationwide. That number will not change, but each sample will now be tested for the six additional E. coli strains. Source: http://www.washingtonpost.com/politics/government-to-expand-e-coli-testing-in-beef-trimmings-next-week/2012/05/30/gJQAm57c2U_story.html

• Experts said a Wisconsin study that shows a connection between viruses in drinking water and human illness is likely to have a national impact and could lead to federal rules requiring treatment of all public water systems. – Wisconsin State Journal

20. June 1, Wisconsin State Journal – (Wisconsin; National) New Wisconsin study on viruses in drinking water could have national impact. A Wisconsin study that shows a connection between viruses in drinking water and human illness is likely to have a national impact and could eventually lead to federal rules requiring treatment of all public water systems, according to experts, the Wisconsin State Journal reported June 1. The research, published by the journal Environmental Health Perspectives, was conducted in 14 Wisconsin communities by two microbiologists with the U.S. Department of Agriculture’s Agricultural Research Service. The 2-year study was among the first to closely link the presence of viruses in tap water to sickness in people drinking that water. At least 60 communities in Wisconsin do not treat drinking water with chlorine or ultraviolet light, both of which kill the contaminants, said the State Department of Natural Resources (DNR). The study found the source of viruses contaminating drinking water was likely wastewater coming from leaking sanitary sewers. The director of the DNR Bureau of Drinking Water and Groundwater said May 31 the study prompted the U.S. Environmental Protection Agency (EPA) to begin a nationwide sampling program that could result in a federal rule requiring treatment. The EPA-funded study showed that all 14 communities studied during the 2-year project had human viruses in their tap water. Of 1,204 samples, 24 percent were virus positive. The higher the virus concentration, the higher the rate of illness found in each community. During one part of the study, when norovirus was very common in one community’s tap water, the proportion of illness in children younger than 5 years old attributable to their drinking water could have been as high as 63 percent. Source: http://host.madison.com/news/local/health_med_fit/new-wisconsin-study-on-viruses-in-drinking-water-could-have/article_e8e5eefe-ab87-11e1-95bf-001a4bcf887a.html?comment_form=true

• Thousands of people in three Oregon coastal communities held their first tsunami evacuation drill May 31. Experts have said an earthquake in the area could result in the area being hit by a 40-foot tsunami. – Associated Press

34. May 31, Associated Press – (Oregon) Thousands expected for tsunami drill in Ore. town. Thousands of people in the Oregon coastal communities of Coos Bay, North Bend, and Charleston held their first tsunami evacuation drill May 31. The Coos Bay fire chief said vivid television images of the 2011 tsunami in Japan have made people on the Oregon Coast take the possibility much more seriously than about 10 years ago. The threat facing the Oregon Coast is a megaquake from the Cascadia Subduction Zone, where two plates of the Earth’s crust butt together off the coast. When they slip, they could send a 40-foot surge of water moving at the speed of a jetliner into the Oregon coast, northern California, and Washington. Geologic evidence shows the zone jolts on average every 300 to 600 years, and the last one was 312 years ago. At Coast Guard Air Station North Bend, just 17 feet above sea level, one of the five helicopters was slated to fly to higher ground at Southwest Oregon Community College, where students and staff were to gather at assembly points during the drill. Coast Guard staff were scheduled to stay at their posts in case of a real emergency, but some planned to hike uphill to an assembly point, said a lieutenant. Source: http://abcnews.go.com/US/wireStory/thousands-expected-tsunami-drill-ore-town-16464273#.T8eFqFK1VvB

• The Berkeley County Coroner’s Office confirmed three people were killed May 31 after an explosion and fire destroyed 16 units at an apartment building in Goose Creek, South Carolina. – WCSC 5 Charleston

42. June 1, WCSC 5 Charleston – (South Carolina) Coroner identifies Goose Creek fire victims. The Berkeley County Coroner’s Office confirmed three people were killed May 31 after an explosion and fire destroyed 16 units at an apartment building in Goose Creek, South Carolina. According to the coroner, a third body was found in the fire June 1. During a news conference May 31, authorities said two other bodies were recovered following a fire that broke out in a unit in the Pine Harbour Apartment Complex. Authorities said they were questioning one man about the incident. A Berkeley County Sheriff’s Office spokesman said the fire was being treated as a crime scene. The investigation was turned over to the Drug Enforcement Administration and the State Law Enforcement Division. According to the Red Cross, 16 units were destroyed, affecting a total of 46 people. Source: http://www.live5news.com/story/18667419/emergency-crews-responding-to-apartment-fire-in-goose-creek

• Proposed repairs for Montana’s Fort Peck Dam hammered by Missouri River flooding in 2011 would cost more than $225 million, according to federal cost estimates. However, officials said they are able to afford only $46 million for damage assessments and repair work for now. – Associated Press

50. May 30, Associated Press – (Montana) Corps: Fort Peck Dam repair may cost more than $225 million, but only $46 million available. Proposed repairs for Montana’s Fort Peck Dam following epic flooding along the Missouri River in 2011 would cost more than $225 million, according to cost estimates released May 30 by the U.S. Army Corps of Engineers. Corps officials acknowledged they are able to afford only $46 million for damage assessments and repair work for now, mostly for the dam’s spillway. Record snowfalls and massive spring rains in Wyoming and Montana in 2011 prompted the release of unprecedented volumes of water from the Corps’ six Missouri River dams. The torrent damaged Fort Peck’s spillway gates and eroded areas downstream from the dam, located at the top of the Missouri River system. The most expensive repairs outlined by the Corps’ engineering consultants would bolster the spillway so it could handle releases of 265,000 cubic feet of water per second (cfs), which is more than four times the peak release of almost 66,000 cfs during 2011’s flooding. The Fort Peck project manager said the proposed repairs are needed to ensure the spillway can be used to safely release water. The governor of Montana said the State would support any work that improves safety and storage capacity for the dam. Work on damage to the spillway gates already is underway. The $245 million figure does not include any work that could be needed on a concrete drainage system beneath the spillway. Testing to determine whether that drainage system is working properly is planned for the week of September 4. As part of the testing, the Corps plans to release water at between 3,000 and 30,000 cfs at periodic intervals over 4 days. Source: http://www.therepublic.com/view/story/d7b301126517440a80ebb311f71eff5e/US--Fort-Peck-Dam

Details

Defense Industrial Base Sector

12. June 1, PC Pro – (National) Chipmaker denies inserting backdoor into silicon. Chipmaker Microsemi denied suggestions it deliberately put a backdoor into ProASIC3 chips following the discovery of a weakness by a University of Cambridge researcher, PC Pro reported June 1. The denial follows speculation over the origins and purpose of a backdoor that could allow hackers to alter field programmable gate arrays used in military and other applications. Although Microsemi said it could neither confirm nor deny the details of the attack because the Cambridge researchers had not provided technical details necessary for a full investigation, it said “Microsemi can confirm that there is no designed feature that would enable the circumvention of the user security.” However, the Cambridge research team is sticking by its assertion that the backdoor remains a weakness and that only redesigned silicon would properly fix the problem. Source: http://www.pcpro.co.uk/news/374962/chipmaker-denies-inserting-backdoor-into-silicon

Banking and Finance Sector

13. May 31, Associated Press – (Texas) Harlingen man pleads guilty in cash bank fraud. A man faced up to 30 years in prison in a bank fraud scheme using more than a dozen fake identities, the Associated Press reported May 31. Prosecutors in Brownsville, Texas, said the man pleaded guilty to defrauding USAA Federal Savings Bank. Authorities said the man opened two dozen checking and savings accounts using 19 different IDs during 2011. He used stolen account information from other financial institutions to seek credit card cash advances and fund the USAA accounts. He would then request debit cards for those USAA accounts and withdraw the cash. Investigators said the case involved nearly $187,000 in fraudulent cash advances from several banks and credit unions. Source: http://www.kiiitv.com/story/18667730/harlingen-man-pleads-guilty-in-cash-bank-fraud

14. May 31, Chicago Tribune – (Illinois) Off-duty cop’s 911 call helps nab suspect in 5 bank robberies. An off-duty Chicago police lieutenant in the drive-through lane of a Chicago bank called 9-1-1 when he saw it being robbed by a man also suspected in four previous robberies and an attempted robbery, authorities said May 31. The man was charged in the robbery of $3,480 from a FirstMerit Bank branch in Chicago May 30, and after his arrest admitted to robbing four other banks and trying to rob another one in August 2011, according to an FBI affidavit. The man threatened tellers with a gun, but he later told law enforcement officers that it was a fake. Dye-pack stained cash and a BB gun were found in the man’s garage after he was arrested. Source: http://www.chicagotribune.com/news/local/breaking/chi-offduty-cops-911-call-helps-nab-suspect-in-5-bank-robberies-20120531,0,624991.story

15. May 31, Fort Lauderdale Sun Sentinel – (Florida) Eight charged in $39 million mortgage fraud scheme. According to a U.S. attorney, eight people were indicted in a $39 million mortgage fraud scheme, the South Florida Sun-Sentinel reported May 31. The federal indictment alleged the group fraudulently obtained inflated mortgages for the purchase of condo units in Fort Lauderdale, Florida. The group was accused of preparing false documents to qualify for inflated mortgage loans totaling $39 million from January 2007 through November 2008. Once the loans closed, they would divert portions of the proceeds for their personal use, prosecutors said. The indictment charges them with conspiracy to commit wire fraud and mail fraud. If convicted, they face up to 20 years in prison on each count. Source: http://www.sun-sentinel.com/news/broward/fort-lauderdale/fl-mortgage-fraud-ring-20120531,0,5122119.story

Information Technology Sector

36. June 1, The H – (International) Critical vulnerability derails Ruby on Rails. The developers of the Ruby on Rails Web framework have closed a critical vulnerability that allowed attackers to execute SQL commands on the database server. An “SQL Injection” attack such as this could allow the attacker, for example, to read confidential information without authorization. The vulnerability exists in versions 3.0 and later of Active Record, Rail’s database layer, and is exposed when using nested query parameters. Code that directly passes parameters to a ‘where’ method, is affected. Source: http://www.h-online.com/open/news/item/Critical-vulnerability-derails-Ruby-on-Rails-1588773.html

37. May 31, IDG News Service – (International) Browser feature can be abused to misrepresent download origin, researcher says. Legitimate browser functionality can be abused to trick users into believing that a trusted Web site has asked them to download a file, which is actually being served from a rogue server, a Google security engineer demonstrated May 29. The method removes the need for spoofed pages. His proof-of-concept attack begins with a button on a page that, when clicked, opens the official Flash Player download Web site in a second tab and switches the browser’s focus to it. After a few seconds, the original page serves a file called flash11_updater.exe from the researcher’s server, which causes the browser to display a download dialog. However, because this happens while the active tab is the one with the official Flash Player Web site loaded into it and an adobe.com URL in the address bar, it appears as if the download was initiated by Adobe’s Web site. “All the top three browsers are currently vulnerable to this attack,” he said in a blog post. Source: http://www.pcworld.com/businesscenter/article/256610/browser_feature_can_be_abused_to_misrepresent_download_origin_researcher_says.html

38. May 31, Threatpost – (International) Apple details iOS security features in new guide. Apple released a detailed security guide for its iOS operating system, Threatpost reported May 31. The document lays out the system architecture, data protection capabilities, and network security features in iOS, the operating system that runs on iPhones, iPads, and iPod Touch devices. One of the more-discussed security elements in iOS is the implementation of ASLR (address space layout randomization), an exploit mitigation designed to prevent attackers from using memory corruption bugs. The document also talks in detail about the way that Apple’s code-signing process for iOS apps works. Source: http://threatpost.com/en_us/blogs/apple-details-ios-security-features-new-guide-053112

For another story, see item 12 in the Defense Industrial Base Sector

Communications Sector

39. June 1, Computerworld – (National) Opinion split on authority to shut down wireless in emergency. In April, the Federal Communications Commission (FCC) issued a notice seeking public comments on whether the government and law enforcement should have unchecked authority to initiate a localized or citywide wireless service shutdown for public safety purposes. The 1-month period for filing public comments ended May 30. A review of the responses to the FCC requests over the past month shows that many support the idea of the government having the ability to quickly shut down wireless services, but only as a matter of last resort and only in an extreme emergency. The general manager of Bay Area Rapid Transit (BART) insisted that a temporary interruption of cell phone service is a necessary tool “under extreme circumstances where harm and destruction are imminent.” She noted, “For example, wireless devices may be used to detonate explosives.” Source: http://www.computerworld.com/s/article/9227650/Opinion_split_on_authority_to_shut_down_wireless_in_emergency

40. May 31, Reuters – (National) Text, don’t call when natural disaster strikes. It is better to send text messages than to call when natural disasters strike and networks get congested, a senior U.S. official said May 31, also urging people to add battery-powered cell phone chargers to their storm emergency kits. The head of the Federal Emergency Management Agency (FEMA) told reporters that forecasts for a “normal” Atlantic hurricane season should not keep those in potentially affected areas from getting ready for storms that could make landfall. The U.S. government is working to extend its public alert warning system beyond radio and television to mobile networks, he said, noting that most new and upgraded cell phones have the capacity to receive such emergency notices. Households without fixed-line phones should be ready to charge cell phones during power cuts, the FEMA administrator said, also calling on families to make alternative communication plans for when wireless networks are congested. Source: http://www.reuters.com/article/2012/05/31/uk-usa-weather-storms-idUSLNE84U01D20120531