Monday, June 25, 2012

Complete DHS Daily Report for June 25, 2012

Daily Report

Top Stories

• Minnesota officials said flooding June 20 damaged 1,400 miles of roads in one county alone. They said repairs to roads, sewers, storm drainage systems, homes, and other property in the Duluth area would cost more than $100 million. – Minnesota Public Radio

14. June 22, Minnesota Public Radio – (Minnesota) After deluge, Duluth will turn to federal government for help. Duluth, Minnesota officials have started taking stock of the devastating damage left behind from historic floods June 20. They said they will need help from the federal government. To that end, Minnesota officials have asked the Federal Emergency Management Agency to assess the damage, a first step in the process of applying for more aid. The numbers so far are staggering — more than $100 million in infrastructure damage, and at least 1,400 miles of roads will need repair in St. Louis County. Local leaders expect the federal government to foot a large portion of the bill. Rebuilding the road can cost $3 million for 1 mile of road, said the public works and utilities director. He said several driveways are inaccessible. About a dozen homes across the city have been knocked off their foundations, said the Duluth police chief. In Fond du Lac, 85 people were evacuated from their homes. City crews and state officials said the flooding also severely damaged sewers and storm drainage systems. Source:

• Experts said a new piece of malware caused hundreds of organizations worldwide to waste reams of paper by causing their printers to print out gibberish until they run out of paper. – Ars Technica See item 44 below in the Information Technology Sector

• More than 70 people were sent to Indianapolis hospitals June 21 after being overcome by fumes from a water-purification chemical at a city pool. – USA Today

50. June 21, USA Today – (Indiana) Chemical fumes sicken 71 in Indianapolis pool. More than 70 people were sent to Indianapolis hospitals June 21 after being overcome by fumes from a water-purification chemical at a city pool. Swimmers at the Garfield Park aquatics center suffered coughing, nausea, and eye irritation after a reported chemical spill, the Indianapolis Star reported. Two buses took 50 people to area hospitals while 21 were taken by ambulance. Most had been treated and released the same day. The chemical — known either as “Acid Magic” or “Magic Acid” — mixed with chlorine to form chlorine gas, the director of Indiana Poison Center at Methodist Hospital said. An investigation will determine whether the chemical actually spilled into the pool or was the result of an improper mixture. The Indianapolis Fire Department said the chemical inadvertently spilled and a spokesman for the city mayor cited a chemical imbalance in the pool. Source:

• Wildfires in Utah, Colorado, and at least four other states destroyed hundreds of buildings and forced hundreds of people to evacuate. Fires also obliterated hundreds of square miles of federal and State land, and threatened campgrounds and utilities. – Associated Press

53. June 22, Associated Press – (Utah; Colorado; National) Hot, windy weather to challenge Colo. fire crews. Residents of about 250 homes in northern Utah were evacuated June 22 after high winds kicked up a fire started by target shooters. The 750-acre blaze started June 21 near the Saratoga Springs landfill. A mix of hot, windy, and extremely dry conditions raised the fire danger across Utah and parts of Colorado, Wyoming, Arizona, and Nevada. Firefighters trying to encircle a 100-square-mile fire burning in Colorado were keeping a lookout for spot fires that could ignite outside the main fire. The mix of conditions that makes it easy for new fires to start and spread and cause existing fires to flare up was expected to last through June 23. A fire west of Fort Collins had destroyed at least 191 homes and killed a woman. Also in Colorado, an 1,150-acre wildfire burning near Lake George was 57 percent contained. In Nevada, a wildfire that charred nearly 12,000 acres of rugged terrain near the Utah line was 60 percent contained. It was started by a planned burn that escaped June 9. In California, residents were allowed to return to homes and cabins near a 385-acre fire near Sequoia National Park, and firefighters fully contained the blaze June 21. In Wyoming, crews were preparing safety zones for firefighters in case a wildfire that scorched more than 4 square miles in Medicine Bow National Forest made a run. It was 10 percent contained. In New Mexico, a fire that destroyed 242 homes and businesses, the largest in State history, burned 463 square miles in the Gila Wilderness and was 80 percent contained. Meanwhile, a 360-acre fire along the Rio Grande on the northern edge of Albuquerque was 50 percent contained. In Arizona, firefighters were maintaining lines around a wildfire that threatened transmission lines owned by two of the State’s largest utilities. That fire near Young had grown to 11,011 acres. A separate fire in the Rincon Mountains east of Tucson was 60 percent contained after charring about 7,500 acres. Source:


Banking and Finance Sector

7. June 22, H Security – (International) Android application reads credit card data over NFC. A German security consultant has published an Android application that is able to read details from contactless credit cards over a near field communication (NFC) connection, H Security reported June 22. The open source application was available in Google’s Play store for a while but was removed. Its code is still hosted on GitHub. The paycardreader application has been successfully tested with a German PayPass Mastercard and it also works on the electronic payment system GeldKarte, which is popular in Germany. The consultant said he wrote the application for demonstration purposes only. The application needs an NFC-enabled smartphone to work and is still considered unstable at the moment. Source:

8. June 22, South Florida Business Journal – (Florida) Thieves disguise wireless camera to swipe ATM PINs. Cameras disguised as speakers on ATMs in south Florida were used to rip off 800 victims at a cost of $112,478 to JPMorgan Chase, the U.S. attorney’s office said. The scheme was described as part of the sentencing of two Bulgarians who pleaded guilty June 22. The charges were access device fraud and aggravated identity theft. The defendants consented to forfeiture of computers and $12,673 in cash. The two men installed a wireless camera disguised as a speaker to record customers typing their PIN numbers and transmitted the footage to a cellphone, a news release from the U.S. attorney’s office said. The defendants then re-encoded this information onto Visa gift or debit cards and store gift cards, which were used to withdraw cash from the customers’ accounts at ATMs throughout south Florida. Source:

9. June 21, San Jose Business Journal – (California; International) Ex-hedge fund manager convicted in Silicon Valley. A federal grand jury convicted a former manager of a Sunnyvale, California hedge fund for stealing millions of dollars through fraud, the San Jose Business Journal reported June 21. The former manager faces up to 5 years in federal prison on seven counts of wire fraud in connection with deals in which investors lost an estimated $5 million. Prosecutors claimed the man, who was arrested in Hong Kong in 2009, falsely claimed his hedge fund was backed by prominent law firms and auditors. He allegedly told his wealthy clients that Asenqua Beta Fund and Fireside LS Fund would bring returns of 20 to 30 percent. Prosecutors accused him of using the money for himself and diverting funds to overseas accounts before fleeing the country. Source:

10. June 21, WWL 4 New Orleans – (Louisiana) Paw-Paw bandit pleads guilty to 5 bank robberies - sentenced to 4 years. The man dubbed the “Paw-Paw” bandit admitted to robbing five banks in Jefferson Parish, Louisiana, in the summer of 2011 and was sentenced to 4 years in prison, WWL 4 New Orleans reported June 21. According to the U.S. attorney’s office, the man was sentenced for his role in the August 5, 2011 robbery of the Whitney National Bank at 4845 Veterans Boulevard. In connection with the plea on that robbery, the man admitted he robbed four other banks in the preceding weeks: 1) Whitney National Bank at 2609 Veterans Memorial Boulevard June 10, 2011, 2) Capitol One Bank at 1501 Veterans Memorial Boulevard June 24, 2011, 3) Whitney National Bank at 3060 North Causeway Boulevard July 8, 2011, and 4) Capitol One Bank at 2200 North Causeway Boulevard July 16, 2011. Source:

11. June 21, Minneapolis Star Tribune – (Minnesota; National) State worker stole IDs for fraud. Applications that psychologists made to the Minnesota Board of Psychology to get or renew their licenses delivered information to a receptionist working with a crime ring to defraud banks and retailers in 14 states, the Minneapolis Star Tribune reported June 21. The receptionist was the latest of several people in a position of trust to plead guilty to the identity fraud ring that involved more than 30 people and at least $2 million in fraudulent purchases and bank withdrawals. In federal court the prosecution described how the receptionist passed along Social Security numbers and bank account data of psychologists to other members of the ring that victimized 42 people. The alleged conspirators would pilfer financial information and identities from cars, businesses, trash cans, and mailboxes, and they obtained some information from employees at certain businesses, including banks, who had access to customer records. The indictment said the ring hit accounts at 29 financial institutions. Source:

Information Technology Sector

40. June 22, Reuters – (International) Twitter double outage blamed on bug. A double outage affected Twitter June 21, as users worldwide reported significant down-time and slow service across the Web site and mobile applications of the microblogging platform. The company blamed the disruption on a “cascading bug” in one of its infrastructure components. “One of the characteristics of such a bug is that it can have a significant impact on all users, worldwide, which was the case today,” a Twitter vice president of engineering said after normal service resumed. “This wasn’t due to a hack or our new office or Euro 2012 or GIF avatars, as some have speculated today.” “We are currently conducting a comprehensive review to ensure that we can avoid this chain of events in the future,” he added. Source:

41. June 22, The Register – (International) Firefox ‘new tab’ feature exposes users’ secured info: Fix promised. Privacy-conscious users raised concern after it emerged the “New Tab” thumbnail feature in Firefox 13 is “taking snapshots of the user’s HTTPS session content.” A reader of The Register discovered the feature after opening a new tab only to be “greeted by my earlier online banking and webmail sessions complete with account numbers, balances, subject lines, etc.” In response to queries on the matter prompted by the reader’s experience, Mozilla acknowledged the behavior was a mistake and promised a patch. In the meantime, the browser and e-mail client firm posted various workarounds. Source:

42. June 22, H Security – (International) Adobe updates Flash Player 11.3 to fix Firefox crashing problem. Adobe released an updated version of its Flash Player 11.3 plugin to address a bug that caused Firefox 13 on Windows to crash for some users. The problem is believed to be related to the recently introduced Protected Mode for the Windows version of Flash Player and the open source Web browser; the new mode is designed to isolate the plugin from the rest of the system by running it in its own sandbox. Following initial reports of the problem from users, Mozilla issued an update for Firefox version 13.0.1 to fix the problem. However, some users continued to experience crashing issues when viewing Flash content with Protected Mode enabled. The new 11.3.300.262 release of the Flash Player plugin should resolve the issue. According to the release notes, there is, however, a known issue that causes audio distortion when streaming some Flash content. Source:

43. June 22, H Security – (International) Critical vulnerabilities closed by Winamp update. With the release of version 5.63 of Winamp, Nullsoft, a division of AOL Music, eliminated four critical security vulnerabilities in the media player. Three of these were heap-based buffer overflows in Winamp’s bmp.w5s component that could be exploited by an attacker to execute arbitrary code on a victim’s system. For an attack to be successful, a user must first open a specially crafted AVI file. It was confirmed the vulnerability affects version 5.622; other builds may also be affected. The update also addresses unspecified errors in the in_mod.dll module that could be used to corrupt memory and could possibly result in arbitrary code being executed. Upgrading to Winamp 5.63, specifically build 3234 (, fixes these problems. Source:

44. June 21, Ars Technica – (International) Printer bomb malware wastes reams of paper, sparks pandemonium. A recently unleashed piece of malware is wreaking havoc in some enterprises by causing all their printers to print gibberish until they run out of paper, researchers from Symantec said. “The impact is global and effecting approximately 80 print servers,” an administrator of one Fortune 500 company wrote in an online forum dedicated to the print bomb explosion. Other participants reported the same phenomenon caused hundreds of their organizations’ printers to run through reams of paper. According to a blog post published June 21 by researchers from antivirus provider Symantec, the nuisance was being spread by Trojan.Milicenso. The worst hit regions are the United States, India, Europe, and South America. Milicenso is a sophisticated backdoor that serves as a for-hire delivery vehicle for other pieces of malware. One of its malicious payloads, known as Adware.Eorezo, is dropping an executable file in printer spooler directories, causing some applications to print representations of the binary code. Source:

45. June 21, Ars Technica – (International) Microsoft contest finalists tackle potent security exploit technique. Microsoft engineers plan to award cash prizes for new security defenses that could help their software better withstand a powerful exploitation technique hackers are increasingly using to install malware on end users’ computers. The technique, known as return oriented programming (ROP), is a regular staple of attacks used at the annual Pwn2Own hacker contest. ROP is also found in real-world attacks that install malicious software by exploiting garden-variety bugs in widely used pieces of software. It works by rearranging benign pieces of code already present in memory to form a malicious payload. The popularity of ROP grew because of its ability to bypass another security mitigation known as data execution prevention, which has been added to software from Microsoft, Apple, and others over the past decade. Microsoft unveiled three possible anti-ROP defenses June 21 in a blog post announcing three finalists to its own competition. Source:

For more stories, see items 7 and 8 above in the Banking and Finance Sector

Communications Sector

46. June 20, Denver Business Journal – (Colorado) Fire knocks radio station KJAC off the air. Radio station KJAC 105.5 FM Timnath was knocked off the airwaves by the High Park fire near Fort Collins, Colorado, but the station’s signal now can be heard again, Denver Westword reported June 20. Front Range Sports Network, which owns the radio station that also goes by Jack-FM, has its transmitter in the fire zone atop Buckhorn Mountain. Westword reported the program director said firefighters saved the antennas — which are also used by the Larimer County Fire Department — but “pretty much everything around the top of the hill was charred to nothing.” A power outage in the area took the station off the air, although firefighters were able to keep their lines of communication open by using a backup generator. Source:

For more stories, see items 7 above in the Banking and Finance Sector and 40 above in the Information Technology Sector