Thursday, June 21, 2012

Complete DHS Daily Report for June 21, 2012

Daily Report

Top Stories

• Sheriff’s officials in Weld County, Colorado, are investigating several cases of suspected vandalism that resulted in 17 oil spills and 1 release of natural gas from tanks south of Kersey. – Associated Press

2. June 20, Associated Press – (Colorado) Oil, gas vandalism, spills reported near Kersey. Sheriff’s officials in Weld County, Colorado, are investigating several cases of suspected vandalism that resulted in 17 oil spills and 1 release of natural gas from tanks, plus several damaged road signs and mailboxes south of Kersey, the Associated Press reported June 20. Sheriff’s officials said victims included Noble Energy, Merit Energy, and Aka Energy. Authorities said “large quantities” of oil and gas were released between June 18-19, but it is not known exactly how much spilled. The oil releases were mostly contained within berms surrounding the tank batteries, although an unknown amount of oil from one spill escaped a berm and was being cleaned up. Sheriff’s officials said there were no known health or safety issues in the affected areas. Source: http://www.9news.com/news/article/273324/222/Oil-gas-vandalism-spills-reported-near-Kersey

• A man was charged with playing a central role in a money-laundering operation that funneled about $31 million in proceeds from a Medicare fraud scheme into Cuban banks. – Reuters

28. June 19, Reuters – (Florida; International) U.S. healthcare fraud scheme funneled money to Cuba. A man described as “a financier for fraudsters” was arrested by the FBI and appeared at a detention hearing in federal court in Miami June 18 after being charged with playing a central role in a money-laundering operation that funneled about $31 million in proceeds from a Medicare fraud scheme into Cuban banks in Havana. A grand jury indictment, unsealed June 13, charged the Cuban-born U.S.citizen with conspiracy to commit money laundering through a syndicate with links from Montreal and Trinidad to Cuba from about April 2005 through October 2009. He faces up to 20 years in prison on the conspiracy charge. Prosecutors are also seeking forfeiture of more than $22 million in Florida real estate and other property purchased in his name, according to court documents. The Miami Herald said it was the first case that directly traced money stolen from Medicare into the Cuban banking system. Miami has long been described by law enforcement officials as a hub for healthcare fraud in the United States, and many suspects arrested for Medicare fraud schemes there have been Cuban Americans. Source: http://www.chicagotribune.com/news/sns-rt-us-usa-cuba-fraudbre85i1sk-20120619,0,6358126.story

• Major flooding in and around Duluth, Minnesota, shut down city offices, closed two college campuses, isolated neighborhoods, drowned zoo animals, and closed State parks, pushing the mayor to declare a state of emergency. – St. Paul Pioneer Press; Associated Press

32. June 20, St. Paul Pioneer Press; Associated Press – (Minnesota) Duluth flooding: Travel dangerous; I-35 closed; evacuations advised in some areas. Major flooding in and around Duluth, Minnesota, shut down city offices, closed two college campuses, isolated neighborhoods, drowned zoo animals, and closed State parks, pushing the mayor to declare a state of emergency after more than 9 inches of rain fell across areas of northeastern Minnesota. Steady, torrential rain closed Interstate 35 and downtown tunnels in Duluth. Police said sinkholes and washouts made travel dangerous. Emergency management officials said half of the Fond du Lac area, and part of Thomson were under evacuation orders because of the rising St. Louis River. The governor declared a state of emergency and directed the adjutant general of Minnesota to direct any needed personnel and equipment to the region. Officials opened two evacuation sites: Copper Top Church in Duluth and Carlton High School. The Red Cross sent three emergency-response vehicles in case mass feeding was necessary. Duluth city offices shut down early June 20 and were slated to reopen by June 21. Lake County 9-1-1 was not available early June 20, but Itasca County was handling their emergency calls. Firefighters and police officers helped Lake Superior Zoo staff track down animals lost when their enclosures apparently flooded. About 11 animals died and a few were not accounted for. With roadways impassable and rain continuing, the police chief and mayor asked residents to stay off roads. The flooding forced the University of Minnesota-Duluth and the University of Wisconsin-Superior campuses to close June 20. The Minnesota Department of Natural Resources (MDNR) reported June 20 that Savanna Portage and Jay Cooke State parks, west of Duluth, would be closed until further notice. The Cuyuna Country State Recreation Area had major washouts, mud slides, and downed trees, and the trail system for mountain bikes was closed. A fiber optic cable broke in the Knife River area, disrupting communications, said the MDNR’s northeast region information officer. Source: http://www.twincities.com/allheadlines/ci_20897705/flooding-around-duluth-causes-evacuations-closures

• A riot involving more than 150 inmates at Salinas Valley State Prison in Soledad, California, left at least 18 men seriously injured and the facility on lockdown, corrections officials said. – Monterey County Herald

36. June 20, Monterey County Herald – (California) 18 seriously injured in riot at Salinas Valley State Prison. A riot involving more than 150 inmates at Salinas Valley State Prison in Soledad, California, left at least 18 men seriously injured June 19, corrections officials said. Eleven inmates suffered injuries, ranging from stab and slash wounds to head trauma, were taken to outside hospitals, said a corrections spokeswoman. One man was airlifted to a trauma center, while the other 10 were taken away in ground ambulances. Seven more were treated in the prison’s medical facility.The violence erupted shortly after 11 a.m. while the inmates were out on their facility’s yard. The spokeswoman said one staff member suffered a back injury, but no staffers were hurt by any inmates. A police lieutenant said 159 prisoners took part in the riot, but it was quickly quelled with pepper spray and “less-than-lethal force.” However, dealing with the ensuing medical emergency took most of the day. He said the prison remained on lockdown while the cause of the riot was investigated. Source: http://www.contracostatimes.com/california/ci_20891415/riot-breaks-out-at-salinas-valley-prison

• The massive six-alarm fire that destroyed the warehouse of a Gilbert, Arizona plumbing supply company June 18 caused about $8 million in damage and was caused by a discarded cigarette, fire officials said. – Arizona Republic

50. June 19, Arizona Republic – (Arizona) Gilbert warehouse fire caused by discarded cigarette. The massive six-alarm fire that destroyed the warehouse of a Gilbert, Arizona plumbing supply company June 18 caused an estimated $8 million in damage and was caused by a discarded cigarette, a Gilbert Fire Department spokesman said June 19. The fire destroyed the outdoor warehouse of Farnsworth Wholesale. A fire captain said someone apparently threw a cigarette into an area where there were cardboard boxes containing fiberglass bathtubs. No charges are planned because there is no evidence the fire was intentional, he said, adding the fire occurred in a public area and it is unclear if it was started by an employee or a visitor. The fire was fought by 193 firefighters from 4 fire departments. An official said the Union Pacific Railway shut down a line as a safety precaution as thick black smoke enveloped the area. Railroad ties also were damaged and crews were dispatched to begin repairs about 3 hours after the fire started. A police official said residents on one street east of the fire site were voluntarily evacuated as a precaution. The evacuation lasted for about 2 hours so that air quality readings could be obtained to assure the safety of residents. Embersfrom the fire, whipped by high winds, also ignited palm trees in the neighborhood. Source: http://www.azcentral.com/12news/news/articles/2012/06/19/20120619gilbert-fire-caused-8-million-damage-brk.html

Details

Banking and Finance Sector

10. June 20, Associated Press – (Nebraska) Nebraskan pleads guilty to mail fraud. One of three former Grand Island, Nebraska-based insurance agents accused of defrauding more than 250 investors out of $29 million pleaded guilty. The Grand Island Independent reported the man pleaded guilty to mail fraud the week of June 11. The man and two others were the principals of First Americans Insurance Service, which had been under investigation since a 2009 bankruptcy filing. The Nebraska attorney general likened First Americans’ alleged fraud to a Ponzi scheme, in which investors are promised unusually high returns and early investors are paid out with money from later investors. The two other principals pleaded not guilty. Source: http://www.theindependent.com/news/state/nebraskan-pleads-guilty-to-mail-fraud/article_c50df385-5a36-5905-b066-fc0ed4ca938d.html

11. June 19, CNET – (International) Hackers grab customer data, demand cash from payday lender. Hackers released consumer data stolen from an online loan provider after the company refused to pay an extortion fee, CNET News reported June 19. “On June 12, AmeriCash Advance received a fax, telling us that part of our Web site had been hacked. The letter went on to demand initial payment of $15,000 from us,” AmeriCash Advance, an online payday cash advance provider, said in a statement. “We immediately notified the appropriate authorities and promptly took steps to ensure that no other data could be accessed. We will not cave in to blackmail, and are cooperating fully with the authorities to protect our customers and bring these criminals to justice.” The breach was limited in scope, and the main concern was the data exposed, whichconsists of names, e-mail addresses, last four digits of Social Security numbers, and names of customers’ financial institution, could be used for phishing attacks, AmeriCash Advance said. A group of hackers calling themselves “RexMundi” announced the data dump on Twitter. RexMundi also said it released data stolen from Belgian firms AGO-Interim and Dexia Bank, after they failed to pay extortion fees, threatening to release more data and increasing the amount of money demanded. Source: http://news.cnet.com/8301-1009_3-57456330-83/hackers-grab-customer-data-demand-cash-from-payday-lender/

For more stories, see items 28 above in Top Stories and 45 below in the Communications Sector

Information Technology Sector

40. June 20, Softpedia – (International) Kayak.com customer identifies security breach, firm investigates. While trying to find trip reservation details on Kayak.com, a user found he was able to access the bookings made by other people that shared his last name. According to the Toronto Star, he posted the issue on the FlyerTalk forum. A few hours after the user made the incident public, Kayak.com’s chief technology officer (CTO) and co-founder joined the conversation, but by that time many users already posted sensitive data on the forum. “We have made a fix to our production servers. I will give more info soon. I would appreciate it if you would not post any personal information on this forum or elsewhere,” the CTO and co-founder wrote. “Protocol for security breaches is to contact them company and give them time to respond before you go public, as doing so will contribute to risk of someone’s info being taken. We’ve made a fix to production, and we’re doing more testing and locking down,” he added. Shortly after, he posted an update on Kayak.com to detail the incident and reassure customers their financial details were not exposed. Source: http://news.softpedia.com/news/Kayak-com-Customer-Identifies-Security-Breach-Firm-Investigates-276578.shtml 41. June 19, Ars Technica – (International) Google bots detect 9,500 new malicious websites every day. Google adds 9,500 new Web sites every day to its running list of malicious Internet destinations so the company can warn end users before they visit the sites, a member of the company’s security team said. But attackers have adapted, and Web addresses for many phishing sites remain active for less than an hour so they will not be detected. Many sites distributing malware similarly try to avoid detection by rapidly changing their location using free Web hosting services, dynamic DNS records, and automated generation of new domain names. Source: http://arstechnica.com/security/2012/06/google-detects-9500-new-malicious-websites-daily/

42. June 19, CNET – (International) Face.com plugs Facebook, Twitter hijacking hole. A hole in the Face.com mobile app KLIK was closed after a researcherdiscovered it could be used to hijack Facebook and Twitter accounts. KLIK allows users to tag faces in photos using Facebook, which recently acquired Face.com. However, a privacy and security researcher found it also allowed anyone to hijack a KLIK user’s accounts on Facebook and Twitter to obtain access to photos that were private. The problem arose because Face.com was storing Facebook and Twitter OAUTH authorization tokens on servers insecurely. The researcher said he waited to disclose the problem publicly until after it was resolved. Source: http://news.cnet.com/8301-1009_3-57456614-83/face.com-plugs-facebook-twitter-hijacking-hole/

43. June 19, Dark Reading – (International) Advanced JavaScript attack threatens SOHO routers. A technique for sending requests to devices on an internal network could be used by online attackers to compromise home and small-business routers, according to two AppSec Consulting researchers who plan to demonstrate the attack at the Black Hat security conference in July. The two researchers build on a technique demonstrted at the Black Hat conference in 2006, using a combination of JavaScript and cross-site request forgery to send requests to devices on an internal network from an external Web site. “With this attack, you can actually start compromising network devices with little to zero user intervention,” said one of the researchers. Source: http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240002367/

44. June 18, SC Magazine – (International) iTunes vulnerability may enable remote code execution. Researchers unveiled a flaw in iTunes that could allow cyber criminals to execute remote code on target machines. A researcher at Zero Science Lab, a Macedonian information security company, announced in a blog post that the heap buffer overflow vulnerability is caused by a boundary error that occurs while playlist files are processed. Attackers who exploit the weakness to bait victims can do so through downloaded malicious data veiled as music. The defect, which affects versions 10.6.1 and 10.6.0 of iTunes, was patched the week of June 11 in version 10.6.3 of the music player. Source: http://www.scmagazine.com/itunes-vulnerability-may-enable-remote-code-execution/article/246207/

For more stories, see items 11 above in the Banking and Finance Sector and 45 below in the Communications Sector

Communications Sector

45. June 19, IDG News Service – (National; International) Cloud failures cost more than $70 million since 2007, researchers estimate. A total of 568 hours of downtime at 13 well-known cloud services since 2007 had an economic impact of more than $71.7 million, said the International Working Group on Cloud Computing Resiliency (IWGCR) June 18. The average unavailability of cloud services is 7.5 hours per year, amounting to an availability rate of 99.9 percent, according to the group’s preliminary results. As a comparison, the service average unavailability for electricity in a modern capital is less than 15 minutes per year,” the researchers noted in their paper. It is the first time the group, formed in March 2012 by Telecom ParisTech and Paris 13 University, published what it calls the Availability Ranking of World Cloud Computing (ARWC). As cloud services appeal more and more to government agencies and global businesses, it becomes more important the provided services are reliable, especially when the systems are mission critical, the researchers said. The lack of cloud reliability is not commonly known by the industry, they added. Their research is based on press reports of cloud outages at services such as Twitter, Facebook, Amazon, Microsoft, Google, Yahoo, and Paypal, among others. Source: http://www.pcworld.com/businesscenter/article/257860/cloud_failures_cost_more_than_70_million_since_2007_researchers_estimate.html

For more stories, see items 32 above in Top Stories and 42 above in the Information Technology Sector