Friday, June 8, 2012

Complete DHS Daily Report for June 8, 2012

Daily Report

Top Stories

• The May 23 fire that gutted the USS Miami sub started in a vacuum cleaner used by drydock workers, the U.S. Navy said June 6. – Military Times

10. June 6, Military Times – (Maine) Navy: Vacuum cleaner source of $400M Miami fire. The May 23 fire that gutted the fore end of the attack submarine Miami started in a vacuum cleaner used by drydock workers to clean their work sites and stored in an unoccupied space, the U.S. Navy said June 6. The fire, which burned for nearly 10 hours, caused damage that will take at least $400 million to fix, said the spokeswoman for the Portsmouth Naval Shipyard in Kittery, Maine. The 22-year-old sub was about 2 months into a scheduled 18-month engineering overhaul at the shipyard. “Specific details as to the cause and subsequent damage assessment are still being evaluated as part of on-going investigations and will be released at a later date,” the spokeswoman said in a statement. Source: http://www.militarytimes.com/news/2012/06/navy-miami-sub-fire-vacuum-cleaner-060612w/

• A Sandia National Labs scientist was arrested recently because he allegedly stole laboratory research and shared it with China. – redOrbit

11. June 6, redOrbit – (New Mexico) Sandia National Labs scientist arrested. A Sandia National Labs scientist was arrested recently because he allegedly stole laboratory research and shared it with China, redOrbit reported June 6. He was accused of stealing research belonging to the United States that he claimed was his own original research that he shared with several Chinese universities. He went online to share the data with the country’s state-run schools. Sandia National Labs said he did not have access to classified national security information. The lab said the scientist was fired in April for removing a company-owned laptop from the facility. Sandia is known for its nuclear research, as well as the disposal of the U.S. nuclear weapons program’s hazardous waste. The company is a subsidiary of Lockheed Martin Corporation. Five years ago, the scientist started working on nanotechnology at a Sandia Labs research center that focuses on nanotechnology. He was indicted on five counts of federal program fraud, and one count of false statements, court papers said. Lab workers are not allowed to take any lab equipment on international trips without approval. Sandia released a statement June 4 saying it expects all employees to follow procedures. The scientist’s indictment in May was sealed until June 4, and he was arrested for the charges the weekend of June 2. He is scheduled to be arraigned on the charges June 12, and remains in federal custody. Source: http://www.redorbit.com/news/science/1112549346/sandia-national-labs-scientist-arrested/

• A new study found 76 percent of providers that give free vaccines to children through a federal program exposed vaccines to inappropriate temperatures that could reduce potency and efficacy. – U.S. Department of Health and Human Services

33. June 5, U.S. Department of Health and Human Services – (National) Vaccines for children program: Vulnerabilities in vaccine management. The Center of Disease Control and Prevention’s Vaccines for Children (VFC) program provides free vaccines to eligible children through a network of 61 grantees and 44,000 enrolled providers. Although the majority of storage temperatures independently measured during a 2-week period were within the required ranges, in a report released June 5 the U.S. Department of Health and Human Services found vaccines stored by 76 percent of the 45 selected providers were exposed to inappropriate temperatures for at least 5 cumulative hours during that period. Exposure to inappropriate temperatures can reduce vaccine potency and efficacy, increasing the risk that children are not provided with maximum protection against preventable diseases. Thirteen providers stored expired vaccines together with non-expired vaccines, increasing the risk of mistakenly administering the expired vaccine. Finally, the selected providers generally did not meet vaccine management requirements or maintain required documentation. Similarly, none of the five selected grantees met all VFC program oversight requirements, and grantee site visits were not effective in ensuring providers met vaccine management requirements over time. Source: http://oig.hhs.gov/oei/reports/oei-04-10-00430.asp

• More than 60 percent of the unique hashed passwords accessed by hackers from a LinkedIn password database and posted online the week of June 4 were already cracked, according to a security firm. – Computerworld See item 40 below in the Information Technology Sector

40. June 7, Computerworld – (International) Hackers crack more than 60% of breached LinkedIn passwords. More than 60 percent of the unique hashed passwords accessed by hackers from a LinkedIn password database and posted online the week of June 4 were already cracked, according to security firm Sophos. It is very likely the remaining passwords were also cracked, said a security researcher. In all, 6.5 million hashed password believed to belong to LinkedIn members were posted on a Russian hacker forum the week of June 4. The crooks posted the data in an effort to get help in cracking the passwords. Sophos said it identified about 5.8 million hashed passwords as unique. Based on an analysis of the 118MB password dump, the security researcher said close to 3.5 million of the unique passwords were cracked and made available in plain text by June 6. It is only a matter of time before the remaining passwords are similarly cracked using automated password guessing tools, he added. Source: http://www.computerworld.com/s/article/9227869/Hackers_crack_more_than_60_of_breached_LinkedIn_passwords?source=rss_security&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+computerworld/s/feed/topic/17+(Computerworld+Security+News)&utm_content=G

• A survey of the nation’s vulnerability to hurricane-driven storm-surge damage found that more than four million homes worth over $700 billion are at risk along the Atlantic and Gulf coasts. – USA Today

48. June 7, USA Today – (National) Study: Storm surge from hurricanes threatens 4 million homes. A survey of the nation’s vulnerability to hurricane-driven storm-surge damage found that more than four million homes worth over $700 billion are at risk along the Atlantic and Gulf Coasts, USA Today reported June 7. Storm surge — the massive mound of water that builds up and comes ashore as a hurricane moves over the ocean or Gulf of Mexico — is typically the most dangerous aspect of hurricanes. The report, released by research and consulting firm CoreLogic, found Florida is the state most prone to storm-surge damage, with about 1.4 million homes at risk, worth a total value of $188 billion. Louisiana ranked second in total number properties at risk with nearly 500,000, while New York was second in total value of coastal properties possibly exposed at $111 billion. At the city level, the New York City metro area contains the highest number of vulnerable properties and the highest exposure in total property value at risk. Source: http://content.usatoday.com/communities/sciencefair/post/2012/06/storm-surge-hurricanes-corelogic-four-million-homes-at-risk/1?csp=34news#.T9DcQ1JgrNO

Details

Banking and Finance Sector

12. June 7, Delco News Network – (Pennsylvania) Nifty Fifty’s owners plead guilty to tax evasion raps. The three owners and two manager of the Nifty Fifty’s restaurant chain pleaded guilty to federal tax evasion and other charges, according to a plea agreement filed in the U.S. District Court for the Eastern District of Pennsylvania June 5. The owners were indicted in May for allegedly skimming at least $15.6 million in receipts at the restaurants between 1986 and 2010, and failing to pay $2.2 million in federal employment and personal taxes. Two managers were also charged in the indictment. Prosecutors claim two of the owners began skimming from the start, when they partnered in 1986 to open the first Nifty Fifty’s. The restaurant has since expanded to four area locations. Between January 2006 and August 2010, prosecutors say the defendants hid more than $4 million in safe deposit boxes for the owners’ benefit. The defendants allegedly used the unreported cash to pay some suppliers and part of their employees’ wages. They also allegedly inflated expenses and deductions and filed false tax returns that underreported income. Prosecutors claim the owners additionally submitted bogus income tax returns to secure $2.28 million in business loans from Sovereign Bank. The defendants also allegedly hired an accountant to prepare false income tax returns that did not report the millions in skimmed cash. Source: http://www.delconewsnetwork.com/articles/2012/06/07/news_of_delaware_county/news/doc4fd0b87ad68cc802983604.txt?viewmode=fullstory

13. June 6, U.S. Commodity Futures Trading Commission – (South Carolina; National) CFTC charges South Carolina man and his company, Atlantic Bullion & Coin, Inc., with operating a $90 million silver bullion Ponzi scheme. The U.S. Commodity Futures Trading Commission (CFTC) June 6 announced the filing of a federal civil enforcement action charging a defendant and Atlantic Bullion & Coin, Inc. (AB&C), both of Easley, South Carolina, with fraud in connection with operating a $90 million Ponzi scheme, in violation of the Commodity Exchange Act (CEA) and CFTC regulations. The CFTC’s complaint charges violations under the agency’s new Dodd-Frank authority barring the use of any manipulative or deceptive device, scheme, or contrivance to defraud in connection with a contract of sale of any commodity in interstate commerce. According to the complaint, since at least 2001 through February 29, 2012, the defendant and AB&C operated a Ponzi scheme, fraudulently offering contracts of sale of silver. Through their 11-year long scheme, the defendants allegedly fraudulently obtained at least $90.1 million from at least 945 investors for the purchase of silver. From August 15, 2011, through February 29, 2012 — when the CFTC had jurisdiction over the defendants under the provisions of the Dodd-Frank Act — the complaint alleges the defendants failed to purchase any silver whatsoever. Instead, the defendants allegedly misappropriated all of the investors’ funds and to conceal their fraud, issued phony account statements to investors. Source: http://www.cftc.gov/PressRoom/PressReleases/pr6275-12

14. June 6, U.S. Department of the Treasury – (International) Treasury designates Brothers’ Circle members. The U.S. Department of the Treasury June 6 designated five key members and associates of the Eurasian crime syndicate, the Brothers’ Circle. These designations were made pursuant to Executive Order (E.O.) 13581, which targets entities or individuals determined by the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to be significant transnational criminal organizations (TCOs) or to have provided material support for, or to be owned or controlled by, or to have acted for or on behalf of, such organizations. The June 6 designations included the leader of Brothers’ Circle, as well as three Brothers’ Circle members and an accomplice. The U.S. President identified the group as a significant TCO July 24, 2011. The June 6 action froze any assets the designated persons may have within the jurisdiction of the United States and prohibited any transactions with them by U.S. persons. These efforts are designed to protect the U.S. financial system and to expose the individuals who are supporting or acting on behalf of the Brothers’ Circle. It is a criminal group largely based in countries of the former Soviet Union but operating in Europe, the Middle East, Africa, and Latin America. The Brothers’ Circle serves as a coordinating body for several networks, mediating disputes between individual crime networks, and directing member criminal activity globally. Source: http://www.treasury.gov/press-center/press-releases/Pages/tg1605.aspx

15. June 6, Reuters – (New York; National) Nasdaq’s $40 million offer for Facebook losses draws criticism. Nasdaq OMX Group Inc. said it will offer $40 million in cash and rebates to clients harmed by its mishandling of Facebook Inc’s market debut. Nasdaq said June 6 $13.7 million would be paid to its affected member firms and the balance would be credited to members to reduce trading costs, with all benefits expected to be awarded within 6 months. The top four market makers in the $16 billion Facebook IPO — UBS, Citigroup, Knight Capital, and Citadel Securities — together lost upward of $115 million due to technical problems that prevented them from knowing for about 2 hours if their orders had gone through after Facebook began trading. Smaller market makers that might have suffered losses would also receive a part of the $40 million Nasdaq proposes. Two senior executives in the financial industry have said they expect Nasdaq member claims to total $150 million to $200 million. Under the plan, investors who attempted to buy the company’s shares at $42 or less, but whose orders were not executed, would be eligible for compensation. In addition, trades that were executed at an inferior price would also be eligible, as well as trades that did go through successfully but were not confirmed because of Nasdaq’s technical problems. Source: http://www.reuters.com/article/2012/06/06/us-facebook-nasdaq-compensation-idUSBRE85511Q20120606

Information Technology Sector

39. June 7, The Register – (International) Microsoft ‘hardens’ Windows Update from Flame penetration. Microsoft “hardened” its Windows Update system after researchers discovered the Flame virus can infect PCs by offering itself as an update masquerading as official Microsoft software. The worm infected computers in the Middle East and beyond for up to 2 years before being discovered by security experts in late May. Now, it emerged that the malware uses a skeleton-key-like certificate found in Microsoft’s Terminal Services Licensing server to sign its malicious code and trick Windows machines into trusting and installing its executables. June 6, Microsoft said it was continuing to analyze Flame and repeated it would “evaluate additional hardening of both the Windows Update channel and our code signing certificate controls.” It warned any customers who do no have their Windows Update software set to automatic configuration to install the latest patch immediately, which will thwart Flame’s man-in-the-middle attack. Source: http://www.theregister.co.uk/2012/06/07/microsoft_combats_flame_with_additional_hardening/

40. June 7, Computerworld – (International) Hackers crack more than 60% of breached LinkedIn passwords. More than 60 percent of the unique hashed passwords accessed by hackers from a LinkedIn password database and posted online the week of June 4 were already cracked, according to security firm Sophos. It is very likely the remaining passwords were also cracked, said a security researcher. In all, 6.5 million hashed password believed to belong to LinkedIn members were posted on a Russian hacker forum the week of June 4. The crooks posted the data in an effort to get help in cracking the passwords. Sophos said it identified about 5.8 million hashed passwords as unique. Based on an analysis of the 118MB password dump, the security researcher said close to 3.5 million of the unique passwords were cracked and made available in plain text by June 6. It is only a matter of time before the remaining passwords are similarly cracked using automated password guessing tools, he added. Source: http://www.computerworld.com/s/article/9227869/Hackers_crack_more_than_60_of_breached_LinkedIn_passwords?source=rss_security&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+computerworld/s/feed/topic/17+(Computerworld+Security+News)&utm_content=G

41. June 6, Computerworld – (International) LinkedIn confirms ‘some’ passwords leaked. In response to widespread reports of a massive data breach at LinkedIn, the company confirmed June 6 that passwords belonging to “some” members were compromised. In a blog post, LinkedIn’s director said the company confirmed an unspecified number of hashed passwords posted publicly on a Russian hacker forum earlier the week of June 4, “correspond to LinkedIn accounts.” He said LinkedIn is continuing to investigate. “Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid,” the director added. Users of the social networking site for professionals will also receive an e-mail from LinkedIn with instructions on how to reset passwords. The e-mail will not contain links that users must click to reset their password, he noted. Affected customers will receive a note from LinkedIn with more information on what happened and why they are being asked to reset passwords, he said. Earlier, the director posted a note urging LinkedIn members to change passwords and providing tips on how to create strong passwords. He was responding to reports earlier June 6 that hackers accessed 6.5 million hashed passwords from a LinkedIn database and posted them. According to security researchers who saw the compromised data, more than 300,000 of the hashed passwords were already decrypted and posted online in clear text. Source: http://www.computerworld.com/s/article/9227834/LinkedIn_confirms_some_passwords_leaked

42. June 6, Dark Reading – (International) Siemens enhances security in post-Stuxnet SCADA world. Stuxnet was not only a problem for Iran, but also for Siemens, whose process control systems were targeted in the attack that disrupted a nuclear facility in Iran. Since then, Siemens made several security moves in the wake of Stuxnet’s discovery 2 years ago: most recently, new industrial control products that come with built-in security features. The president of the industry automation division for Siemens Industry Inc. said the new Simatic CP and Scalance communications processor products with firewall and virtual private network features help bolster security. Since Stuxnet, Siemens was ridiculed by various security researchers who discovered holes in the manufacturer’s products, forcing Siemens to find security in a staid industry where air gaps traditionally were assumed enough to protect critical infrastructure. Source: http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/240001644/

43. June 6, CNET – (International) eHarmony member passwords compromised. June 6, dating site eHarmony confirmed passwords used by its members were compromised following reports of references to the site among allegedly stolen passwords that were posted to a hacker site. “After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected. We are continuing to investigate but would like to provide the following actions we are taking to protect our members,” a spokeswoman for eHarmony said. “As a precaution, we have reset affected members passwords. Those members will receive an e-mail with instructions on how to reset their passwords.” Source: http://news.cnet.com/8301-1009_3-57448672-83/eharmony-member-passwords-compromised/

44. June 6, SC Magazine Australia – (International) UGNazi builds DoS tool, takes down HostGator. Hacking group UGNazi took down a string of sites including U.S.-based HostGator in live tests of a new denial-of-service (DoS) attack tool. The tool, dubbed #TheHolocaust, targeted undisclosed vulnerabilities and crippled HostGator in seconds from a machine with 2Gb of Ram, via a 10Mbps/2Mbps link, the group told SC Magazine. HostGator and payments company wepay.com remained offline as of June 6. The DoS tool was written in Python and C++ and targeted vulnerabilities that would be easy to patch, group member the “Godfather” said in an e-mail. “We do not want to show the DOS Tool #TheHolocaust to the public yet as it is in development,” they said. “It affects the connection of the [targeted] server, as well as the [targeted] webserver.” Source: http://www.scmagazine.com.au/News/303903,ugnazi-builds-dos-tool-takes-down-hostgator.aspx

45. June 6, ZDNet – (International) Fake Gmail Android application steals personal data. Mobile security researchers from NQ Mobile intercepted a fake Gmail Android application dubbed DDSpy. The SMS based command and control feature of DDSpy is capable of uploading SMS messages, call logs, and vocal records to a remote server. The malware authors behind the fake Gmail Android application included a hard-coded e-mail address that can be easily changed using SMS messages. Moreover, the malicious application automatically starts recording outbound calls, or when instructed to do so over SMS. Source: http://www.zdnet.com/blog/security/fake-gmail-android-application-steals-personal-data/12308

For more stories, see items 15 above in the Banking and Finance Sector and 46 below in the Communications Sector

Communications Sector

46. June 7, Martinsburg Journal – (West Virginia) Phone service disrupted in Jefferson County. An emergency situation involving a fiber optic line in Jefferson County, West Virginia, resulted in portions of the county losing phone and Internet services June 7, according to the director of Jefferson County Homeland Security and Emergency Management. “It has taken down a lot of the phone lines throughout the county, including the 911 center,” she told the Jefferson County Commission. “Normally their plan is to flip over to Berkeley County, but apparently this fiber optic line prevents that from happening as well.” Both landline and mobile phones appeared to be affected by the situation. Source: http://www.journal-news.net/page/content.detail/id/580200/Phone-service-disrupted-in-Jeffe---.html

47. June 6, Easton Express-Times – (Pennsylvania) Bethlehem radio station loses service due to uncontrolled solar concentrator. WDIY 88.1 FM Bethlehem, Pennsylvania was taken off the air for about 4 hours May 31 after an uncontrolled solar concentrator beam melted and charred a cable the station uses to carry its broadcast signal, the Easton Express-Times reported June 6. Broadcast quality was spotty until the damaged cable was repaired June 2. In January, The Stone House Group began making energy efficiency upgrades to the building where WDIY is located, which included mounting a 20-foot-wide solar collector on the roof. Stone House’s founder and managing principal said significant winds damaged the collector a few months ago and removed part of the center collector. “As a result the sunlight was hitting it like a magnifying glass and instead of being focused back into the device, it happened to be focused on a part of the building that had a piece of plywood over a window and it caused the plywood to smolder and the heat caused WDIY’s cable to melt,” he said. The week of May 28, upgrade work was being performed on the solar concentrator, and it was moved from its normal position and did not have the heat exchange unit in place, leaving the focused beam unblocked and uncontrolled. Adverse weather conditions prevented repair work to replace the burnt out cable June 1, causing WDIY to continue using the lower bandwidth Web stream connectivity giving reduced audio quality for all of June 1 and most of June 2. Source: http://www.lehighvalleylive.com/bethlehem/index.ssf/2012/06/bethlehem_radio_station_loses.html

For more stories, see items 40, 41, 43, and 45 above in the Information Technology Sector

Friday, June 8, 2012

Complete DHS Daily Report for June 8, 2012

Daily Report

Top Stories

• The May 23 fire that gutted the USS Miami sub started in a vacuum cleaner used by drydock workers, the U.S. Navy said June 6. – Military Times

10. June 6, Military Times – (Maine) Navy: Vacuum cleaner source of $400M Miami fire. The May 23 fire that gutted the fore end of the attack submarine Miami started in a vacuum cleaner used by drydock workers to clean their work sites and stored in an unoccupied space, the U.S. Navy said June 6. The fire, which burned for nearly 10 hours, caused damage that will take at least $400 million to fix, said the spokeswoman for the Portsmouth Naval Shipyard in Kittery, Maine. The 22-year-old sub was about 2 months into a scheduled 18-month engineering overhaul at the shipyard. “Specific details as to the cause and subsequent damage assessment are still being evaluated as part of on-going investigations and will be released at a later date,” the spokeswoman said in a statement. Source: http://www.militarytimes.com/news/2012/06/navy-miami-sub-fire-vacuum-cleaner-060612w/

• A Sandia National Labs scientist was arrested recently because he allegedly stole laboratory research and shared it with China. – redOrbit

11. June 6, redOrbit – (New Mexico) Sandia National Labs scientist arrested. A Sandia National Labs scientist was arrested recently because he allegedly stole laboratory research and shared it with China, redOrbit reported June 6. He was accused of stealing research belonging to the United States that he claimed was his own original research that he shared with several Chinese universities. He went online to share the data with the country’s state-run schools. Sandia National Labs said he did not have access to classified national security information. The lab said the scientist was fired in April for removing a company-owned laptop from the facility. Sandia is known for its nuclear research, as well as the disposal of the U.S. nuclear weapons program’s hazardous waste. The company is a subsidiary of Lockheed Martin Corporation. Five years ago, the scientist started working on nanotechnology at a Sandia Labs research center that focuses on nanotechnology. He was indicted on five counts of federal program fraud, and one count of false statements, court papers said. Lab workers are not allowed to take any lab equipment on international trips without approval. Sandia released a statement June 4 saying it expects all employees to follow procedures. The scientist’s indictment in May was sealed until June 4, and he was arrested for the charges the weekend of June 2. He is scheduled to be arraigned on the charges June 12, and remains in federal custody. Source: http://www.redorbit.com/news/science/1112549346/sandia-national-labs-scientist-arrested/

• A new study found 76 percent of providers that give free vaccines to children through a federal program exposed vaccines to inappropriate temperatures that could reduce potency and efficacy. – U.S. Department of Health and Human Services

33. June 5, U.S. Department of Health and Human Services – (National) Vaccines for children program: Vulnerabilities in vaccine management. The Center of Disease Control and Prevention’s Vaccines for Children (VFC) program provides free vaccines to eligible children through a network of 61 grantees and 44,000 enrolled providers. Although the majority of storage temperatures independently measured during a 2-week period were within the required ranges, in a report released June 5 the U.S. Department of Health and Human Services found vaccines stored by 76 percent of the 45 selected providers were exposed to inappropriate temperatures for at least 5 cumulative hours during that period. Exposure to inappropriate temperatures can reduce vaccine potency and efficacy, increasing the risk that children are not provided with maximum protection against preventable diseases. Thirteen providers stored expired vaccines together with non-expired vaccines, increasing the risk of mistakenly administering the expired vaccine. Finally, the selected providers generally did not meet vaccine management requirements or maintain required documentation. Similarly, none of the five selected grantees met all VFC program oversight requirements, and grantee site visits were not effective in ensuring providers met vaccine management requirements over time. Source: http://oig.hhs.gov/oei/reports/oei-04-10-00430.asp

• More than 60 percent of the unique hashed passwords accessed by hackers from a LinkedIn password database and posted online the week of June 4 were already cracked, according to a security firm. – Computerworld See item 40 below in the Information Technology Sector

40. June 7, Computerworld – (International) Hackers crack more than 60% of breached LinkedIn passwords. More than 60 percent of the unique hashed passwords accessed by hackers from a LinkedIn password database and posted online the week of June 4 were already cracked, according to security firm Sophos. It is very likely the remaining passwords were also cracked, said a security researcher. In all, 6.5 million hashed password believed to belong to LinkedIn members were posted on a Russian hacker forum the week of June 4. The crooks posted the data in an effort to get help in cracking the passwords. Sophos said it identified about 5.8 million hashed passwords as unique. Based on an analysis of the 118MB password dump, the security researcher said close to 3.5 million of the unique passwords were cracked and made available in plain text by June 6. It is only a matter of time before the remaining passwords are similarly cracked using automated password guessing tools, he added. Source: http://www.computerworld.com/s/article/9227869/Hackers_crack_more_than_60_of_breached_LinkedIn_passwords?source=rss_security&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+computerworld/s/feed/topic/17+(Computerworld+Security+News)&utm_content=G

• A survey of the nation’s vulnerability to hurricane-driven storm-surge damage found that more than four million homes worth over $700 billion are at risk along the Atlantic and Gulf coasts. – USA Today

48. June 7, USA Today – (National) Study: Storm surge from hurricanes threatens 4 million homes. A survey of the nation’s vulnerability to hurricane-driven storm-surge damage found that more than four million homes worth over $700 billion are at risk along the Atlantic and Gulf Coasts, USA Today reported June 7. Storm surge — the massive mound of water that builds up and comes ashore as a hurricane moves over the ocean or Gulf of Mexico — is typically the most dangerous aspect of hurricanes. The report, released by research and consulting firm CoreLogic, found Florida is the state most prone to storm-surge damage, with about 1.4 million homes at risk, worth a total value of $188 billion. Louisiana ranked second in total number properties at risk with nearly 500,000, while New York was second in total value of coastal properties possibly exposed at $111 billion. At the city level, the New York City metro area contains the highest number of vulnerable properties and the highest exposure in total property value at risk. Source: http://content.usatoday.com/communities/sciencefair/post/2012/06/storm-surge-hurricanes-corelogic-four-million-homes-at-risk/1?csp=34news#.T9DcQ1JgrNO

Details

Banking and Finance Sector

12. June 7, Delco News Network – (Pennsylvania) Nifty Fifty’s owners plead guilty to tax evasion raps. The three owners and two manager of the Nifty Fifty’s restaurant chain pleaded guilty to federal tax evasion and other charges, according to a plea agreement filed in the U.S. District Court for the Eastern District of Pennsylvania June 5. The owners were indicted in May for allegedly skimming at least $15.6 million in receipts at the restaurants between 1986 and 2010, and failing to pay $2.2 million in federal employment and personal taxes. Two managers were also charged in the indictment. Prosecutors claim two of the owners began skimming from the start, when they partnered in 1986 to open the first Nifty Fifty’s. The restaurant has since expanded to four area locations. Between January 2006 and August 2010, prosecutors say the defendants hid more than $4 million in safe deposit boxes for the owners’ benefit. The defendants allegedly used the unreported cash to pay some suppliers and part of their employees’ wages. They also allegedly inflated expenses and deductions and filed false tax returns that underreported income. Prosecutors claim the owners additionally submitted bogus income tax returns to secure $2.28 million in business loans from Sovereign Bank. The defendants also allegedly hired an accountant to prepare false income tax returns that did not report the millions in skimmed cash. Source: http://www.delconewsnetwork.com/articles/2012/06/07/news_of_delaware_county/news/doc4fd0b87ad68cc802983604.txt?viewmode=fullstory

13. June 6, U.S. Commodity Futures Trading Commission – (South Carolina; National) CFTC charges South Carolina man and his company, Atlantic Bullion & Coin, Inc., with operating a $90 million silver bullion Ponzi scheme. The U.S. Commodity Futures Trading Commission (CFTC) June 6 announced the filing of a federal civil enforcement action charging a defendant and Atlantic Bullion & Coin, Inc. (AB&C), both of Easley, South Carolina, with fraud in connection with operating a $90 million Ponzi scheme, in violation of the Commodity Exchange Act (CEA) and CFTC regulations. The CFTC’s complaint charges violations under the agency’s new Dodd-Frank authority barring the use of any manipulative or deceptive device, scheme, or contrivance to defraud in connection with a contract of sale of any commodity in interstate commerce. According to the complaint, since at least 2001 through February 29, 2012, the defendant and AB&C operated a Ponzi scheme, fraudulently offering contracts of sale of silver. Through their 11-year long scheme, the defendants allegedly fraudulently obtained at least $90.1 million from at least 945 investors for the purchase of silver. From August 15, 2011, through February 29, 2012 — when the CFTC had jurisdiction over the defendants under the provisions of the Dodd-Frank Act — the complaint alleges the defendants failed to purchase any silver whatsoever. Instead, the defendants allegedly misappropriated all of the investors’ funds and to conceal their fraud, issued phony account statements to investors. Source: http://www.cftc.gov/PressRoom/PressReleases/pr6275-12

14. June 6, U.S. Department of the Treasury – (International) Treasury designates Brothers’ Circle members. The U.S. Department of the Treasury June 6 designated five key members and associates of the Eurasian crime syndicate, the Brothers’ Circle. These designations were made pursuant to Executive Order (E.O.) 13581, which targets entities or individuals determined by the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to be significant transnational criminal organizations (TCOs) or to have provided material support for, or to be owned or controlled by, or to have acted for or on behalf of, such organizations. The June 6 designations included the leader of Brothers’ Circle, as well as three Brothers’ Circle members and an accomplice. The U.S. President identified the group as a significant TCO July 24, 2011. The June 6 action froze any assets the designated persons may have within the jurisdiction of the United States and prohibited any transactions with them by U.S. persons. These efforts are designed to protect the U.S. financial system and to expose the individuals who are supporting or acting on behalf of the Brothers’ Circle. It is a criminal group largely based in countries of the former Soviet Union but operating in Europe, the Middle East, Africa, and Latin America. The Brothers’ Circle serves as a coordinating body for several networks, mediating disputes between individual crime networks, and directing member criminal activity globally. Source: http://www.treasury.gov/press-center/press-releases/Pages/tg1605.aspx

15. June 6, Reuters – (New York; National) Nasdaq’s $40 million offer for Facebook losses draws criticism. Nasdaq OMX Group Inc. said it will offer $40 million in cash and rebates to clients harmed by its mishandling of Facebook Inc’s market debut. Nasdaq said June 6 $13.7 million would be paid to its affected member firms and the balance would be credited to members to reduce trading costs, with all benefits expected to be awarded within 6 months. The top four market makers in the $16 billion Facebook IPO — UBS, Citigroup, Knight Capital, and Citadel Securities — together lost upward of $115 million due to technical problems that prevented them from knowing for about 2 hours if their orders had gone through after Facebook began trading. Smaller market makers that might have suffered losses would also receive a part of the $40 million Nasdaq proposes. Two senior executives in the financial industry have said they expect Nasdaq member claims to total $150 million to $200 million. Under the plan, investors who attempted to buy the company’s shares at $42 or less, but whose orders were not executed, would be eligible for compensation. In addition, trades that were executed at an inferior price would also be eligible, as well as trades that did go through successfully but were not confirmed because of Nasdaq’s technical problems. Source: http://www.reuters.com/article/2012/06/06/us-facebook-nasdaq-compensation-idUSBRE85511Q20120606

Information Technology Sector

39. June 7, The Register – (International) Microsoft ‘hardens’ Windows Update from Flame penetration. Microsoft “hardened” its Windows Update system after researchers discovered the Flame virus can infect PCs by offering itself as an update masquerading as official Microsoft software. The worm infected computers in the Middle East and beyond for up to 2 years before being discovered by security experts in late May. Now, it emerged that the malware uses a skeleton-key-like certificate found in Microsoft’s Terminal Services Licensing server to sign its malicious code and trick Windows machines into trusting and installing its executables. June 6, Microsoft said it was continuing to analyze Flame and repeated it would “evaluate additional hardening of both the Windows Update channel and our code signing certificate controls.” It warned any customers who do no have their Windows Update software set to automatic configuration to install the latest patch immediately, which will thwart Flame’s man-in-the-middle attack. Source: http://www.theregister.co.uk/2012/06/07/microsoft_combats_flame_with_additional_hardening/

40. June 7, Computerworld – (International) Hackers crack more than 60% of breached LinkedIn passwords. More than 60 percent of the unique hashed passwords accessed by hackers from a LinkedIn password database and posted online the week of June 4 were already cracked, according to security firm Sophos. It is very likely the remaining passwords were also cracked, said a security researcher. In all, 6.5 million hashed password believed to belong to LinkedIn members were posted on a Russian hacker forum the week of June 4. The crooks posted the data in an effort to get help in cracking the passwords. Sophos said it identified about 5.8 million hashed passwords as unique. Based on an analysis of the 118MB password dump, the security researcher said close to 3.5 million of the unique passwords were cracked and made available in plain text by June 6. It is only a matter of time before the remaining passwords are similarly cracked using automated password guessing tools, he added. Source: http://www.computerworld.com/s/article/9227869/Hackers_crack_more_than_60_of_breached_LinkedIn_passwords?source=rss_security&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+computerworld/s/feed/topic/17+(Computerworld+Security+News)&utm_content=G

41. June 6, Computerworld – (International) LinkedIn confirms ‘some’ passwords leaked. In response to widespread reports of a massive data breach at LinkedIn, the company confirmed June 6 that passwords belonging to “some” members were compromised. In a blog post, LinkedIn’s director said the company confirmed an unspecified number of hashed passwords posted publicly on a Russian hacker forum earlier the week of June 4, “correspond to LinkedIn accounts.” He said LinkedIn is continuing to investigate. “Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid,” the director added. Users of the social networking site for professionals will also receive an e-mail from LinkedIn with instructions on how to reset passwords. The e-mail will not contain links that users must click to reset their password, he noted. Affected customers will receive a note from LinkedIn with more information on what happened and why they are being asked to reset passwords, he said. Earlier, the director posted a note urging LinkedIn members to change passwords and providing tips on how to create strong passwords. He was responding to reports earlier June 6 that hackers accessed 6.5 million hashed passwords from a LinkedIn database and posted them. According to security researchers who saw the compromised data, more than 300,000 of the hashed passwords were already decrypted and posted online in clear text. Source: http://www.computerworld.com/s/article/9227834/LinkedIn_confirms_some_passwords_leaked

42. June 6, Dark Reading – (International) Siemens enhances security in post-Stuxnet SCADA world. Stuxnet was not only a problem for Iran, but also for Siemens, whose process control systems were targeted in the attack that disrupted a nuclear facility in Iran. Since then, Siemens made several security moves in the wake of Stuxnet’s discovery 2 years ago: most recently, new industrial control products that come with built-in security features. The president of the industry automation division for Siemens Industry Inc. said the new Simatic CP and Scalance communications processor products with firewall and virtual private network features help bolster security. Since Stuxnet, Siemens was ridiculed by various security researchers who discovered holes in the manufacturer’s products, forcing Siemens to find security in a staid industry where air gaps traditionally were assumed enough to protect critical infrastructure. Source: http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/240001644/

43. June 6, CNET – (International) eHarmony member passwords compromised. June 6, dating site eHarmony confirmed passwords used by its members were compromised following reports of references to the site among allegedly stolen passwords that were posted to a hacker site. “After investigating reports of compromised passwords, we have found that a small fraction of our user base has been affected. We are continuing to investigate but would like to provide the following actions we are taking to protect our members,” a spokeswoman for eHarmony said. “As a precaution, we have reset affected members passwords. Those members will receive an e-mail with instructions on how to reset their passwords.” Source: http://news.cnet.com/8301-1009_3-57448672-83/eharmony-member-passwords-compromised/

44. June 6, SC Magazine Australia – (International) UGNazi builds DoS tool, takes down HostGator. Hacking group UGNazi took down a string of sites including U.S.-based HostGator in live tests of a new denial-of-service (DoS) attack tool. The tool, dubbed #TheHolocaust, targeted undisclosed vulnerabilities and crippled HostGator in seconds from a machine with 2Gb of Ram, via a 10Mbps/2Mbps link, the group told SC Magazine. HostGator and payments company wepay.com remained offline as of June 6. The DoS tool was written in Python and C++ and targeted vulnerabilities that would be easy to patch, group member the “Godfather” said in an e-mail. “We do not want to show the DOS Tool #TheHolocaust to the public yet as it is in development,” they said. “It affects the connection of the [targeted] server, as well as the [targeted] webserver.” Source: http://www.scmagazine.com.au/News/303903,ugnazi-builds-dos-tool-takes-down-hostgator.aspx

45. June 6, ZDNet – (International) Fake Gmail Android application steals personal data. Mobile security researchers from NQ Mobile intercepted a fake Gmail Android application dubbed DDSpy. The SMS based command and control feature of DDSpy is capable of uploading SMS messages, call logs, and vocal records to a remote server. The malware authors behind the fake Gmail Android application included a hard-coded e-mail address that can be easily changed using SMS messages. Moreover, the malicious application automatically starts recording outbound calls, or when instructed to do so over SMS. Source: http://www.zdnet.com/blog/security/fake-gmail-android-application-steals-personal-data/12308

For more stories, see items 15 above in the Banking and Finance Sector and 46 below in the Communications Sector

Communications Sector

46. June 7, Martinsburg Journal – (West Virginia) Phone service disrupted in Jefferson County. An emergency situation involving a fiber optic line in Jefferson County, West Virginia, resulted in portions of the county losing phone and Internet services June 7, according to the director of Jefferson County Homeland Security and Emergency Management. “It has taken down a lot of the phone lines throughout the county, including the 911 center,” she told the Jefferson County Commission. “Normally their plan is to flip over to Berkeley County, but apparently this fiber optic line prevents that from happening as well.” Both landline and mobile phones appeared to be affected by the situation. Source: http://www.journal-news.net/page/content.detail/id/580200/Phone-service-disrupted-in-Jeffe---.html

47. June 6, Easton Express-Times – (Pennsylvania) Bethlehem radio station loses service due to uncontrolled solar concentrator. WDIY 88.1 FM Bethlehem, Pennsylvania was taken off the air for about 4 hours May 31 after an uncontrolled solar concentrator beam melted and charred a cable the station uses to carry its broadcast signal, the Easton Express-Times reported June 6. Broadcast quality was spotty until the damaged cable was repaired June 2. In January, The Stone House Group began making energy efficiency upgrades to the building where WDIY is located, which included mounting a 20-foot-wide solar collector on the roof. Stone House’s founder and managing principal said significant winds damaged the collector a few months ago and removed part of the center collector. “As a result the sunlight was hitting it like a magnifying glass and instead of being focused back into the device, it happened to be focused on a part of the building that had a piece of plywood over a window and it caused the plywood to smolder and the heat caused WDIY’s cable to melt,” he said. The week of May 28, upgrade work was being performed on the solar concentrator, and it was moved from its normal position and did not have the heat exchange unit in place, leaving the focused beam unblocked and uncontrolled. Adverse weather conditions prevented repair work to replace the burnt out cable June 1, causing WDIY to continue using the lower bandwidth Web stream connectivity giving reduced audio quality for all of June 1 and most of June 2. Source: http://www.lehighvalleylive.com/bethlehem/index.ssf/2012/06/bethlehem_radio_station_loses.html

For more stories, see items 40, 41, 43, and 45 above in the Information Technology Sector