Monday, June 18, 2012

Complete DHS Daily Report for June 18, 2012

Daily Report

Top Stories

• Security technology used by U.S. electric utilities is flawed and could increase the odds of computer intrusions or sabotage, warned the co-chair of the North American Energy Standards Board’s Critical Infrastructure Committee. – CNET

2. June 14, CNET – (National) Disaster awaits U.S. power grid as cybersecurity lags. Security technology used by U.S. electric utilities is flawed and could increase the odds of computer intrusions or sabotage, warns the co-chair of the North American Energy Standards Board’s (NAESB) Critical Infrastructure Committee. NAESB scheduled a committee vote June 14 to decide when the digital certificates it authorizes should expire. Since even carefully designed algorithms have flaws that will be discovered over time, which happened with the MD5 algorithm in 1995 and the SHA-1 algorithm in 2005, a shorter period is considered more secure. Two companies, Open Access Technology International and GlobalSign, which are authorized by the NAESB to issue digital certificates to the industry, argue that a 30-year expiration for digital certificates is sufficient. The co-chair of the NAESB Critical Infrastructure Committee said, “I’d be advocating for something smaller like 10 or 5 (years) but that’s not on the table at the moment.” The president of NAESB said it is unclear whether the revised digital certificate standard will apply to Web interfaces or embedded supervisory control and data acquisition systems — which directly control power and gas transmission — as well. Source: http://news.cnet.com/8301-1009_3-57452863-83/disaster-awaits-u.s-power-grid-as-cybersecurity-lags/

• The U.S. Department of Justice said four check-cashing businesses on the east and west coasts were charged with engaging in money laundering schemes worth more than $50 million. – Associated Press See item 14 below in the Banking and Finance Sector

• A survey of large financial institutions shows they faced more attacks by hackers to take over customer banking accounts in 2011 than in the 2009 and 2010, and approximately one-third of these attacks succeeded. – Network World See item 16 below in the Banking and Finance Sector

• Authorities were trying to determine whether a fire near a Bay Area Rapid Transit station that shut down train service between San Francisco and Oakland, California, June 14 was intentionally set. – Associated Press

17. June 15, Associated Press – (California) Report: Fire near BART station may be suspicious. Authorities were trying to determine whether a fire near a Bay Area Rapid Transit (BART) station that shut down train service between San Francisco and Oakland, California, June 14 was intentionally set. Investigators were looking for three young men seen moments before the fire began at a low-income senior building under construction. A security guard watching the site was apparently chased off by the men. The blaze damaged BART’s electrical equipment and hampered train service for more than 13 hours. The Bureau of Alcohol, Tobacco, Firearms, and Explosives was called in to help with the investigation. BART was running on a normal schedule by June 15. Source: http://www.ktvn.com/story/18796584/report-fire-near-bart-station-may-be-suspicious

• New Hampshire’s attorney general’s office is investigating a hepatitis C outbreak at Exeter Hospital after State health officials determined a hospital worker is likely to blame for infecting at least 20 patients. – Manchester Union Leader

31. June 15, Manchester Union Leader – (New Hampshire) AG joins probe of hepatitis outbreak at Exeter Hospital. The state attorney general’s office is investigating the hepatitis C outbreak at Exeter Hospital in Exeter, New Hampshire, after State health officials determined a hospital worker is likely to blame for infecting at least 20 patients, the Manchester Union Leader reported June 15. Prosecutors were working with State police and the Exeter Police Department, “to determine what, if any, criminal laws have been violated,” the attorney general said in a statement. The outbreak — linked to an employee who used syringes to inject drugs — has set off what is expected to be a flurry of civil litigation. The president and CEO of Exeter Health Resources apologized to patients during an interview with WMUR 9 Manchester June 14 and pledged that if the hospital is responsible for the outbreak, “we will be responsible for that cost.” State health officials have tested hundreds of samples to determine the scope of the outbreak — of the 731 samples tested as of June 13, 629 were determined to be negative. State health officials are working with the Centers for Disease Control in their investigation. Source: http://www.unionleader.com/article/20120615/NEWS07/706149891&template=mobileart

• Authorities arrested a Pennsylvania man on charges he tried to sell secret access information to two U.S. government supercomputers for $50,000 to an undercover FBI agent. – IDG News Service

39. June 15, IDG News Service – (National) What’s the price for secret access to U.S. Gov’t supercomputers? $50,000. Authorities arrested a man, of Devon, Pennsylvania, June 14 on charges he tried to sell secret access to two U.S. government supercomputers for $50,000 to an undercover FBI agent. The supercomputers belong to the National Energy Research Scientific Computing Center (NERSC). The indictment said that he and an as-of-yet unindicted co-conspirator nicknamed “Intel” chatted online with an undercover FBI agent April 16, 2011. The two were part of a hacking group known as the “Underground Intelligence Agency.” The defendant is alleged to have said he and his partner had access to half of the top 500 supercomputers, possessing some “root” access and other access credentials, mostly on “.gov” and “.edu” domains. In July, he “offered to sell” to the undercover FBI agent log-in credentials to nersc.gov for $50,000, the indictment said. He is also accused of installing backdoors and obtaining log-in credentials for other groups including RNKTel.com, a service provider in Massachusetts, and the University of Massachusetts-Amherst. He is charged in federal court in Massachusetts with conspiracy, two counts of computer fraud, and access device fraud. Source: http://www.pcworld.com/businesscenter/article/257703/whats_the_price_for_secret_access_to_us_govt_supercomputers_50000.html

• The National Park Service announced June 14 that potential danger from the unstable 3,000-foot-tall Glacier Point in California’s Yosemite National Park will leave some popular lodging areas permanently uninhabitable. – Associated Press

58. June 15, Associated Press – (California) Rock risk forces Yosemite closures. The National Park Service announced June 14 that potential danger from the unstable 3,000-foot-tall Glacier Point in California’s Yosemite National Park will leave some popular lodging areas permanently uninhabitable. “There are no absolutely safe areas in Yosemite Valley,” said the park’s first staff geologist and the primary author of a new study that assesses the potential risk to people from falling rocks in the steep-sided valley. The move to close parts of historic Curry Village, a camp of canvas and wooden cabins, comes 4 years after boulders hit 17 cabins, flattened 1, and sent schoolchildren scrambling for their lives. The park fenced off 233 of the 600 cabins in the village. Rock falls in and around the village have killed two people and injured two dozen others since 1996. In 2011, 53 rock falls occurred, including a 6-ton boulder that fell from the Yosemite Falls Trail onto an amphitheater. Source: http://www.ajc.com/travel/apnewsbreak-rock-risk-forces-1457806.html

Details

Banking and Finance Sector

11. June 15, Associated Press – (Connecticut; Puerto Rico) Puerto Rican sentenced in 1983 Conn. depot robbery. A Puerto Rican nationalist pleaded guilty June 15 to his role in a 1983 armored car depot robbery of $7 million in West Hartford, Connecticut, under an agreement with prosecutors that calls for a 5-year prison sentence. The suspect, who was captured by the FBI in 2011 in Puerto Rico, was one of the last two remaining fugitives in a record-setting robbery carried out by Los Macheteros, a militant group dedicated to independence for the U.S. Caribbean territory. The suspect acknowledged he was a member of the organizing committee that planned the heist and arranged for the money to be sent to Mexico. He pleaded guilty to two charges from the original indictment — foreign transportation of stolen money and conspiracy to rob federally insured bank funds — as well as a new charge of illegal weapons possession related to an automatic pistol found in his home when he was arrested. The heist was the largest cash robbery in U.S. history at the time. Authorities said it was carried out by a Wells Fargo driver recruited by Los Macheteros, and members of the group helped smuggle the money out of the country. Prosecutors said they believe the money was used to finance bombings and attacks in Puerto Rico. Source: http://columbustelegram.com/news/national/feds-man-to-plead-guilty-in-conn-robbery/article_857f022f-1c5e-5308-86b2-baaf365b33e4.html

12. June 15, St. Louis Post-Dispatch – (Missouri; National) US Fidelis co-owner pleads guilty to fraud and stealing charges. The former co-owner of what was once one of the nation’s largest seller of auto service contracts pleaded guilty June 14 to fraud and stealing charges, admitting he ripped off customers and took millions from the company. The former vice president (VP) of Wentzville, Missouri-based US Fidelis appeared in the same court where in April his brother, the company’s president, pleaded guilty to similar state charges. The Missouri attorney general said that under the plea agreement, a 13-count indictment a grand jury handed down in June 2011 was collapsed into three charges: insurance fraud, consumer fraud, and stealing by deceit. The brothers jointly owned National Auto Warranty Services, which sold vehicle repair coverage under extended service contracts nationwide. Its name was later changed to US Fidelis. The company collapsed in late 2009 amid allegations of widespread consumer fraud. Fidelis used deceptive and misleading marketing campaigns to fool customers into thinking they were talking to auto dealers or manufacturers. They made customers think the contracts were more comprehensive than they actually were. Fidelis staffers were also told to arbitrarily withhold 10 percent to 40 percent of customers’ money, the plea said. The brothers took about $100 million to fund their luxurious personal lifestyles. In May, a proposed liquidation plan was filed in bankruptcy court in St. Louis. It said former customers will split $14.1 million, and creditors will get less than one-third of the $12.4 million owed. Source: http://www.stltoday.com/business/local/us-fidelis-co-owner-pleads-guilty-to-fraud-and-stealing/article_4aa4094b-bd96-5244-82f2-57f0a1c00104.html

13. June 15, CNNMoney – (New York; National) Former Goldman Sachs director convicted of insider trading. A former director at Goldman Sachs was found guilty of insider trading June 15 — the highest-profile conviction yet in a wave of federal cases focused on Wall Street misconduct. A federal jury in New York City, after just more than a day of deliberations, found the defendant guilty of four of six criminal counts. The case was part of a wave of insider trading probes over the past 2.5 years that have yielded 66 indictments and 60 convictions. The defendant, who also served as head of consulting firm McKinsey & Co. and a director at Procter and Gamble (P&G), was accused of passing inside information to an accomplice about Goldman and P&G. Prosecutors argued that in one instance in fall 2008, the defendant called his accomplice just 16 seconds after disconnecting from a conference call in which Goldman’s board approved a crucial $5 billion investment from Berkshire Hathaway. Minutes later, Galleon, where the accomplice worked, bought $27 million worth of Goldman stock. In a conversation the next morning that was recorded secretly by the FBI, the accomplice told an associate he had received a phone call ahead of the share purchase saying “something good might happen to Goldman.” When Goldman’s shares jumped later that day on news of the Berkshire Hathaway investment, Galleon sold them at a profit of $840,000. Source: http://money.cnn.com/2012/06/15/news/companies/gupta-verdict/

14. June 14, Associated Press – (New York; Pennsylvania; California) $50M in criminal check cashing schemes alleged. The U.S. Department of Justice said June 14 that four check-cashing businesses on the east and west coasts were charged with engaging in money laundering schemes worth more than $50 million. Under the Bank Secrecy Act, check cashers and other financial institutions must report any transaction of more than $10,000 in currency to the U.S. Department of the Treasury. Indictments in the separate investigations allege the defendants filed false transaction reports or did not file them at all. Two indictments charging three people and two check-cashing businesses were returned in Los Angeles. Two indictments charging four people and two check-cashing businesses in Philadelphia and Flushing, New York, were returned in New York City. All seven defendants were arrested or surrendered June 14. For the past 6 years, one business in Los Angeles allegedly handled 800 transactions each in excess of $10,000 and paid out more than $20 million in cash without ever filing a report with Treasury. Businesses often convert proceeds of ill-gotten gains to cash by presenting checks to check cashers who will not ask for proof of a customer’s identity and will file false reports or not file reports at all. Source: http://online.wsj.com/article/APdc5e20cd5b32482eb41b2b5f707222d6.html

15. June 14, Las Vegas Sun – (Nevada) FBI seeks help in identifying bank-robbing ‘Weatherman Bandit’. The FBI is seeking the public’s help in identifying the “Weatherman Bandit,” a man suspected in eight Las Vegas-area bank robberies, the Las Vegas Sun reported June 14. The man is suspected in a string of robberies in Henderson and Las Vegas dating to October 2010, according to the FBI. He is most recently suspected of robbing a Chase Bank in Henderson. The man earned the nickname the “Weatherman Bandit” because he always comments on the weather to the teller during the robberies, the FBI said. The man has never shown a weapon during the robberies. Source: http://www.lasvegassun.com/news/2012/jun/14/fbi-seeks-help-identifying-bank-robbing-weatherman/

16. June 14, Network World – (National) Banks: Hackers more aggressive in attacking customer accounts. A survey of large financial institutions shows they faced more attacks by hackers to take over customer banking accounts in 2011 than in the 2009 and 2010, and about one-third of these attacks succeeded, Network World reported June 14. The total number of attacks to try and break in and transfer money out of hacked accounts was up to 314 during 2011, according to the Financial Services Information Sharing and Analysis Center (FS-ISAC), which released findings of its survey of 95 financial institutions and 5 service providers. That number marks an increase from 87 attacks against bank accounts in 2009 and 239 in 2010. The survey was conducted by the American Bankers Association. The actual dollar losses taken by the financial institutions last year was $777,064, down from a high of $3.12 million in 2010. Dollar loss for customers was $489,672 in 2011, as compared with $1.16 million in 2010. Source: http://www.computerworld.com/s/article/9228139/Banks_Hackers_more_aggressive_in_attacking_customer_accounts

Information Technology Sector

44. June 15, H Security – (International) PHP 5.4.4 and 5.3.14 releases fix security vulnerabilities. The PHP developers released updates to both the 5.4 and 5.3 branches of the language. The updates fix 2 security vulnerabilities and more than 30 other bugs. A vulnerability in the DES implementation of the language’s crypt() function was patched along with a heap overflow in PHP’s phar extension. Source: http://www.h-online.com/security/news/item/PHP-5-4-4-and-5-3-14-releases-fix-security-vulnerabilities-1618852.html

45. June 15, H Security – (International) Oracle warns EBS users of auto-update to Java 7. In an urgent bulletin, Oracle advised its E-Business Suite (EBS) customers to immediately disable the automatic software update feature. The company said the auto-update mechanism is distributing version 7 of Java (JRE 7), which has not been certified for use with the suite of business applications and can cause problems. Instead, administrators are advised to manually update all client machines to the latest version 6 release “on an ongoing basis.” For systems already inadvertently upgraded to Java 7, users were advised to uninstall it and reinstall the current Java 6 release. After November 2012, Oracle will no longer be publicly releasing updates for Java 6; the company said it is currently working to certify EBS with Java 7 but did not give a date for when this process will be completed. Source: http://www.h-online.com/security/news/item/Oracle-warns-EBS-users-of-auto-update-to-Java-7-1618753.html

46. June 15, H Security – (International) VMware closes holes in its virtualization products. Visualization specialist VMware warned customers of two security problems in its visualization solutions. The firm said the vulnerabilities affect VMware Workstation, Player, Fusion, ESXi, and ESX. The first of these holes (CVE-2012-3288) is a memory corruption issue when loading Checkpoint files. To be exploited, an attacker must already be able to load a specially crafted Checkpoint in a virtual machine (VM) in order to execute arbitrary code on a host. The other issue (CVE-2012-3289) is a remote denial-of-service vulnerability caused by manipulated traffic from a remote virtual device. Source: http://www.h-online.com/security/news/item/VMware-closes-holes-in-its-virtualisation-products-1619385.html

47. June 15, H Security – (International) Firefox 13 tripped up by Flash patch. The latest release of the Flash Player plugin, version 11.3, is causing frequent crashes in Firefox 13 on Windows. The problem appears to be related to the recently introduced Protection Mode, which is supposed to make the plugin run in a sandbox to isolate it from the rest of the system. The number of users experiencing this problem is now so large that Mozilla and Adobe are both offering differing solutions for a fix. Source: http://www.h-online.com/security/news/item/Firefox-13-tripped-up-by-Flash-patch-1619399.html

48. June 14, Threatpost – (International) Honeynet Project launches ‘Ghost’ to snare USB malware. The Honeynet Project launched a new project June 14 designed to snare malware that spreads by infecting removable universal serial bus (USB) storage drives, citing the increased reliance of malicious programs on portable drives to move from computer to computer. The ghost-usb-honeypot project stems from research conducted by a student at Bonn University in Germany. He first presented the results of work he and others conducted at the University of Bonn’s Institute of Computer Science at a Honeynet Project conference in San Francisco in March. He said propagation via USB drives is increasingly common, as malware authors look for ways to breach machines or networks that are “air-gapped,” or not accessible from other networks. Source: http://threatpost.com/en_us/blogs/honeynet-project-launches-ghost-snare-usb-malware-061412

49. June 14, Threatpost – (International) Microsoft issues FixIt for XML flaw. With attackers exploiting the MSXML zero-day vulnerability, which affects a wide range of products, Microsoft issued a FixIt tool for the bug that it is encouraging users to install as the company prepares a full patch for the flaw. The vulnerability is critical, and because it is present in so many of Microsoft’s products, it is a prime target for attackers. Microsoft warned users about the bug June 12, the same day the company issued its monthly batch of patches. At that time, Microsoft did not have a fix ready for the XML flaw. The bug can be exploited remotely, and attackers have already been exploiting it. Source: http://threatpost.com/en_us/blogs/microsoft-issues-fixit-xml-flaw-061412

50. June 14, Infosecurity – (International) Adobe issues hotfix for ColdFusion flaw. Adobe released a security hotfix for Web application development platform ColdFusion 9.0.1 and earlier versions for Windows, Mac, and Unix. The hotfix resolves an HTTP response splitting vulnerability in the ColdFusion component browser. The vulnerability “could add or modify additional headers, which might cause unexpected behavior,” Adobe explained in its security update. Adobe classified the vulnerability as “important” and gave it a priority rating of 2. Source: http://www.infosecurity-magazine.com/view/26351/

For more stories, see items 2 above in Top Stories, 16 above in the Banking and Finance Sector, 39 above in Top Stories, and 52 and 53 below in the Communications Sector

Communications Sector

51. June 15, Galveston Daily News – (Texas) AT&T customers lose phone service. AT&T customers throughout the greater Houston area were left without phone service for nearly 2 hours June 13, a company spokeswoman said. Details of what caused the outage were not immediately available. Customers from Galveston to League City and in Brazoria County were affected. A company spokeswoman said June 14 that phone service had been fully restored. Service to some customers in the Galveston area was restored shortly after 12 a.m. June 14. Source: http://galvestondailynews.com/story/321910

52. June 14, The Jamestown Sun – (North Dakota) Severed data line repaired after cut stymies communication in Jamestown area. A severed data line east of Jamestown, North Dakota, caused communication problems for the Jamestown area June 14. A Century Link fiber line was cut late in the morning. about 10 miles west of Valley City causing landline telephone problems in the region, according to a marketing manager with Dakota Central Telecommunications. A spokeswoman for Century Link said the cable was completely repaired within 7 hours. She said the cable was cut by a construction crew, and that customers in Jamestown and Valley City were affected. The severed line made it so many Jamestown-area residents could not make calls from landline phones, while calls between cellphones were still able to connect. This meant local residents could not call 9-1-1 from a landline. The assistant Stutsman County emergency manager and 9-1-1 coordinator said 9-1-1 calls from cellphones were immediately rerouted to State Radio in Bismarck and landline 9-1-1 calls were answered in Jamestown by using other seven-digit emergency lines that were dispersed to the public. Source: http://www.jamestownsun.com/event/article/id/163023/

53. June 14, WJBD 1350 AM/101.1 FM Salem – (Illinois) Repairs underway after Charter customers lose services. Repairs were underway in the Salem, Illinois-area after Charter customers lost services June 14. Road crews were working on Illinois Highway 15 in Mt. Vernon when they inadvertently damaged the fiber optic line and cut it. The network outage impacted Charter television, Internet, and phone services. Charter crews were working to restore services. There was no estimated time of repair, or the number of customers impacted. However the outage was impacting customers in Mt. Vernon and Salem. Source: http://www.wjbdradio.com/index.php?f=news_single&id=34097

For more stories, see items 39 above in Top Stories