Wednesday, June 6, 2012

Complete DHS Daily Report for June 6, 2012

Daily Report

Top Stories

• The likelihood that extreme drops in power generation and near-total shutdowns of nuclear and coal-fired power plants in the United States and Europe will triple in the future due to warmer water and reduced river flows, according to a new study. – Reuters

2. June 4, Reuters – (National; International) Nuclear, coal power face climate change risk: Study. Warmer water and reduced river flows will cause more power disruptions for nuclear and coal-fired power plants in the United States and Europe in the future, scientists said, and lead to a rethink on how best to cool power stations in a hotter world. In a study published June 4, a team of European and U.S. scientists focused on projections of rising temperatures and lower river levels in summer and how these impacts would affect power plants dependent on river water for cooling. The authors predict coal and nuclear power generating capacity between 2031 and 2060 will decrease by between 4 and 16 percent in the United States and 6 to 19 percent in Europe due to lack of cooling water. The likelihood of extreme drops in power generation, either complete or almost-total shutdowns, was projected to almost triple. Thermoelectric power plants supply more than 90 percent of electricity in the United States and account for 40 percent of the nation’s freshwater usage, said the study, published in the journal Nature Climate Change. Source:

• Penn Station Inc. confirmed 43 of its 235 U.S. restaurants in 9 states were affected by a payments breach that exposed credit and debit details. – Bank Info Security See item 8 below in the Banking and Finance Sector

• High corn prices will likely lead to corn shortages in the United States and internationally during the summer of 2012, experts said. – Reuters

18. June 4, Reuters – (National; International) Analysis: High U.S. corn prices warn of summer shortage. From Ohio to Kansas, corn is selling at startlingly high prices, so high that they are signaling the United States will run short of corn the summer of 2012, Reuters reported June 4. If it does run short, the impact could be felt worldwide. Sales to export customers such as Mexico, Japan, South Korea, and China could take a hit as America grows 40 percent of the corn sold on the world market. Domestically, sky-high prices could have U.S. millers suspending operations. If corn for feed costs too much then milk, egg, and meat farmers could curtail production leading to higher food prices. Prices on the cash market, where processors and livestock feeders buy corn for use, have been unusually high for months. They are much higher than historically at this time. “Either farmers aren’t selling or the corn isn’t there,” said a co-owner of Hollander-Feuerhaken, a Chicago brokerage and cash merchant. Even with strong basis, it was difficult to buy corn for domestic use, he said in late May. Source:

• Officials in Twin Falls, Idaho, said workers restored power June 5 to four pumps that maintain most of the city’s water supply that were out of service for many hours. They said a state of emergency remained in effect due to dangerously low water levels and asked residents and businesses to refrain from using water. – Associated Press

21. June 5, Associated Press – (Idaho) Power restored for S. Idaho city water supply but emergency declaration remains in place. Officials in Twin Falls, Idaho, said workers restored power June 5 to four pumps that maintain most of the city’s water supply but a state of emergency remains in effect due to dangerously low water levels. City public works officials were notified late June 4 that the pumps that transfer water from the Blue Lakes water supply to the city’s reservoir were not functioning after a windstorm. The pumps do not have backup power. Despite the return of power, city officials asked residents to refrain from using non-emergency water. Source:

• While crews made progress corralling New Mexico’s largest forest fire ever, 11 large uncontained fires burned in 7 Western States as of June 4. – Reuters

42. June 4, Reuters – (National) Some New Mexico fire evacuees return; Utah crash probed. Steady progress corralling New Mexico’s largest ever forest fire allowed some evacuees to return home June 4 as officials in Utah investigated an air tanker crash that caused the first two deaths among crews fighting wildfires in 2012. The airplane, a Lockheed Martin P2V, went down June 3 in the Hamlin Valley area of Utah while on a mission to drop chemical fire retardant on an 8,000-acre fire along the Nevada-Utah border. The cause of the accident was under investigation by the National Transportation Safety Board. As of June 4, firefighters were battling 11 large, uncontained fires, the majority of them in seven Western States — New Mexico, Arizona, California, Nevada, Utah, Colorado, and Idaho. The biggest by far is the so-called Whitewater-Baldy Complex fire, which was ignited by lightning May 16 in the rugged high country of New Mexico’s Gila National Forest and scorched more territory than any other recorded fire in the State’s history, more than 255,000 acres. The fire destroyed a dozen privately owned cabins at the height of its rampage nearly 2 weeks ago as gale-force winds fanned flames from treetop to treetop. By June 4, crews had carved containment lines around 18 percent of the fire’s perimeter and were depriving advancing flames of fresh fuel by clearing smaller trees and brush that had yet to burn. Lightning strikes were blamed for sparking three new fires in New Mexico June 3. Lightning was also blamed for the White Rock Fire that erupted June 1 in southeastern Nevada near the town of Caliente and later burned into Utah, which claimed the lives of the air tanker pilots. Source:


Banking and Finance Sector

8. June 5, Bank Info Security – (National) Restaurant chain reports card breach. Penn Station Inc. confirmed 43 of its 235 U.S. restaurants may have been affected by a payments breach that exposed credit and debit details, BankInfoSecurity reported June 5. In a June 1 statement and list of frequently asked questions (FAQ) posted on Penn Station’s Web site, the restaurant chain identified franchise locations in Illinois, Indiana, Kentucky, West Virginia, Michigan, Missouri, Ohio, Pennsylvania, and Tennessee that may have been affected. Penn Station’s president said the company learned of the breach after a customer called to report his card had been compromised shortly after dining at one of Penn Station’s franchised locations. Penn Station then contacted its processor, Heartland Payment Systems, and the U.S. Secret Service. Industry experts have suggested the breach is likely linked to either a processing hack or tampered point-of-sale devices. Debit and credit cards used during March and April may have been exposed. “Upon learning of the possibility of unauthorized access to credit and debit card information, all of the individual owners of the Penn Station restaurants changed the method for processing credit and debit card transactions,” the FAQ states. Penn Station said only account holder names and card numbers were breached. Whether personal identification numbers or card verification codes were part of that information has not been clarified. Source:

9. June 5, Albany Times Union – (New York) Credit breach at Five Guys hits other cards. Five Guys Burgers and Fries said all credit and debit card users at four New York restaurants had their information exposed to identity thieves, the Albany Times Union reported June 5. Trustco Bank sued the chain after its MasterCard customers were charged for almost $90,000 worth of goods after visiting the chain in November and December 2011. A spokeswoman for Five Guys said the security breach exposed data for all cards used at the eateries, not just Trustco cardholders. “The store’s data was vulnerable for a limited period of time,” she said in an e-mailed statement. She could not say what that time frame was or how much in fraudulent charges were made on other cards. The bank said in its lawsuit filed in Schenectady County that thieves used 376 transactions to buy $89,835.46 worth of merchandise. A spokesman for the U.S. Secret Service said the agency is investigating the breach. In its lawsuit, Trustco named four limited liability corporations that run the affected franchises in four New York capital region communities: Glenmont, Niskayuna, Queensbury, and Saratoga Springs. Trustco had to repay its customers for the false charges, and is suing Five Guys for restitution along with $14,323.57 for having to cancel and reissue the cards. Source:

10. June 4, St. Louis Post-Dispatch – (Missouri; National) Missouri pet food company president accused of investment fraud. The owner of a Missouri pet food company, Spectrum Pet Care, was indicted in a St. Louis court and accused of committing a multi-million dollar investment fraud, federal prosecutors said June 4. The defendant was arrested on three charges of mail fraud. Prosecutors said he sold $7 million of investments in the company to more than 250 investors in Missouri and elsewhere. The defendant said the money would be used for equipment to fund operations but used “substantial portions to repay existing investors and to pay for his personal expenses,” prosecutors said, costing investors millions. In 2011, Missouri securities regulators said the man had been selling unregistered securities for years, had misled investors, and used Spectrum money for satellite TV services, vehicle payments, medical care, and at a cruise ship company. Source:

11. June 4, Chicago Tribune – (Illinois) 4 indicted in Chicago, Country Club Hills mortgage fraud scheme. Four people were indicted June 4 for allegedly obtaining $16.2 million in fraudulent mortgage loans on properties in Chicago and Country Club Hills, Illinois. The indictment charged a loan originator, a mortgage broker, an attorney, and a loan processor with mail fraud and bank fraud. Between 2005 and May 2008, the charges allege, the 4 and others schemed to obtain at least 35 fraudulent mortgages by recruiting straw buyers for properties or by fraudulently purchasing or refinancing properties in their own names. A federal grand jury returned a nine-count indictment against the four May 31. Source:,0,1935743.story

12. June 4, U.S. Securities and Exchange Commission – (Florida; National) SEC charges company officers and penny stock promoters in kickback and market manipulation schemes. The U.S. Securities and Exchange Commission (SEC) June 4 charged several penny stock companies and their officers as well as three penny stock promoters involved in various stock schemes in which bribes and kickbacks were paid to hype microcap stocks and illegally generate stock sales. These charges are the latest in a series of cases in which the SEC has worked closely with the U.S. Attorney’s Office for the Southern District of Florida and the FBI to uncover penny stock schemes. According to the SEC’s complaints, some of these latest schemes involved the payment of undisclosed kickbacks to a pension fund manager in exchange for the fund’s purchase of restricted shares of stock in the various microcap companies. Other schemes involved an undisclosed bribe that was to be paid to a stockbroker who agreed to purchase a microcap company’s stock in the open market for his customers’ discretionary accounts. “The company officers and promoters in many of these schemes disguised their kickbacks as payments to phony consulting companies that performed no actual work,” the director of the SEC’s Miami Regional Office said. “These illegal activities were fully intended to artificially inflate the stock volume and prices of these penny stock companies to the detriment of investors.” Source:

Information Technology Sector

29. June 5, H Security – (International) PostgreSQL security updates released. The PostgreSQL Global Development Group released security updates for all currently supported versions, (9.1.x, 9.0.x, 8.4.x, and 8.3.x) of the open source relational database system. The updates include versions 9.1.4, 9.0.8, 8.4.12, and 8.3.19 of PostgreSQL, which close 2 security holes and include 42 other bug fixes. Users using the crypt function included in the pgcrypto module should update their installations immediately as the update fixes incorrect password transformations which can lead to shorter than desired passwords that are easier to attack. After updating, users will have to regenerate all passwords containing the byte value 0x80 to fix encrypted passwords that were truncated by the faulty code. The other security issue corrected involves a bug in a call handler that could lead to a server crash when applying SECURITY DEFINER and SET attributes. This can be exploited to create denial of service situations. Source:

30. June 5, H Security – (International) Adobe updates arrive after user protests. Adobe released updates that close critical vulnerabilities in Photoshop (CS5 and CS5.1) and Illustrator (CS5 and CS5.5). It was possible for an attacker to get a user of these applications to open a specially crafted TIFF file and infect a system with malicious code. Together the updates fix three critical vulnerabilities in Photoshop and six critical vulnerabilities in Illustrator. When Adobe originally announced the vulnerabilities, it told users the only way to close them would be to upgrade to the latest, and recently released, versions of the software. In the case of Photoshop, that would have been a cost of $199. Adobe argued they did not believe “the real-world risk” warranted an “out of band release to resolve these issues;” this sparked a wave of protest by users. A few days later, May 12, the company announced it was changing its advisories and said it was working on patches and would update the advisories when the patches were available. Source:

31. June 5, Computerworld – (International) Researchers reveal how Flame fakes Windows Update. June 5, security researchers published detailed information about how the Flame cyber-espionage malware spreads through a network by exploiting Microsoft’s Windows Update mechanism. Their examinations answered a question that puzzled researchers at Kaspersky Lab: How was Flame infecting fully-patched Windows 7 machines? Key to the phony Windows Update process was that the hackers located and exploited a flaw in the company’s Terminal Services licensing certificate authority that allowed them to generate code-validating certificates “signed” by Microsoft. Armed with those fake certificates, the attackers could fool a Windows PC into accepting a file as an update from Microsoft when in reality it was nothing of the kind. Source:

32. June 4, Softpedia – (International) MyBB explains: Hackers didn’t access our server and databases. After UGNazi hackers took credit for breaching the systems of MyBB, the popular forum software, the company’s representatives clarified the incident. According to MyBB’s product manager, the company managed to regain control of all their systems, the restoration process being underway. Apparently, the attack began after the hackers gained access to the founder and lead product manager’s Apple ID account. From there, they were able to reset passwords to the domain and hosting accounts. It took 6 hours to address the situation and return the accounts to their rightful owners. During this time, the cybercriminals redirected all visitors to their defacement page and even tried to transfer the domain. As a result of this situation, MyBB was transferred to another domain registrar. The firm’s representatives are confident the hackers were unable to access the server or the databases. Source:

33. June 4, CNET News – (International) Flame malware network based on shadowy domains, fake names. The Flame malware used domain names registered with fake names to communicate with infected computers in the Middle East for at least 4 years, researchers said June 4. Someone began creating the 86 domains and more than 24 IP addresses that host the command-and-control (C&C) servers as early as 2008, using fake identities and addresses in Austria and Germany to register them with GoDaddy and others, a senior researcher at Kaspersky Lab said. He speculated that stolen credit cards were used for the transactions. The IP addresses point to hotels, doctor’s offices, and other non-existent businesses, while the C&C servers are located in Germany, the Netherlands, the United Kingdom, Switzerland, Hong Kong, Turkey, Poland, and Malaysia, according to Kaspersky. Source:

34. June 4, Threatpost – (International) Researchers find methods for bypassing Google’s Bouncer Android security. Google’s Android platform has become the most popular mobile operating system both among consumers and malware writers, and the company introduced the Bouncer system to look for malicious apps in the Google Play market earlier in 2012. Bouncer, which checks for malicious apps and known malware, is a good first step, but as new work from researchers shows, it can be bypassed quite easily and in ways that will be difficult for Google to address in the long term. Source:

35. June 4, Threatpost – (International) Singer bests Adderall as affiliate spammers offer music downloads. Cyber criminals long ago discovered there is a big market for pharmaceuticals online, prompting a tsunami of pharmaceutical spam offering everything from “herbal Viagra” to Prozac and Adderall. However, new data from security firm Webroot suggests scammers are experimenting with new products, namely: pirated musical downloads of Top 40 artists. Writing for Webroot, a blogger and security researcher described a newly launched affiliate network for pirated music. The scammers promise to hook up high-traffic Web sites with downloads of popular songs that will be offered for as little as $.11 each, then offer them a share of the profits, plus a boost in traffic. Source:

For another story, see item 8 above in the Banking and Finance Sector

Communications Sector

36. June 4, WCAX 3 Burlington – (Vermont) Police nab Windham County copper thief. Investigation of a domestic disturbance led State police to a suspected copper thief in West Townshend, Vermont, WCAX 3 Burlington reported June 4. Troopers found 225 feet of commercial-grade telephone line and evidence of another 193 feet of line that had already been stripped and sold as scrap metal. Police said the wire was recently stolen from FairPoint Communications work sites in the area and was valued at $2,400. The suspect was cited for possession of stolen property. Source: