Tuesday, June 26, 2012

Complete DHS Daily Report for June 26, 2012

Daily Report

Top Stories

• Many oil and gas producers shut down production and evacuated workers in the Gulf of Mexico June 23, as Tropical Storm Debby led to about 7.8 percent of daily oil and 8.16 percent of daily natural gas production to be shut in. – Reuters

3. June 23, Reuters – (National) Tropical storm threat shuts some U.S. Gulf oil output. Oil and gas producers ramped up production shutdowns and evacuated workers in the Gulf of Mexico June 23 as Tropical Storm Debby became the first named storm of the 2012 Atlantic hurricane season to disrupt operations in the basin. BP said it had issued instructions to shutdown oil and gas production at its seven platforms in the Gulf and stepped up worker evacuations as weather conditions worsened. Anadarko Petroleum Corp had already shut down production and evacuated workers at four of its eight Gulf platforms by the time Debby strengthened into a named storm, including the Independence Hub, which can produce up to 1 billion cubic feet of natural gas a day. Among those seven structures is the world’s largest deepwater platform, Thunder Horse, which is designed to produce up to 250,000 barrels per day of oil, and 200 million cubic feet per day of natural gas. The U.S. Bureau of Safety and Environmental Enforcement, which oversees oil and gas activity in the Gulf, said June 23 that a fraction of the basin’s output was shut in: 7.8 percent of daily oil and 8.16 percent of daily natural gas output. The Gulf accounts for about 20 percent of U.S. oil production and 6 percent of natural gas output. Source: http://in.reuters.com/article/2012/06/24/debby-gulf-energy-idINL2E8HN0NM20120624

• Russian police authorities said the botnet of a hacker they arrested who used banking trojans to steal more than $4.5 million, comprised more than 4.5 million computers — making it the largest publicly known botnet to date. – H Security See item 9 below in the Banking and Finance Sector

• One of the biggest tasks facing Duluth, Michigan, in the aftermath of historic flash flooding will be repairing the city’s 400-mile storm-water removal system. – Minneapolis Star Tribune

35. June 25, Minneapolis Star Tribune – (Minnesota) Duluth eyes rebuilding for a wetter climate. One of the biggest tasks facing Duluth, Michigan, in the aftermath of historic flash flooding will be repairing the city’s 400-mile storm-water removal system, the Minneapolis Star Tribune reported June 25. The city’s network of sewers, culverts, ditches, and basins, in some places more than 100 years old, suffered “extensive damage all over the city,” said the Duluth’s chief engineer of utilities. Climate scientists say increasing precipitation, particularly from intense thunderstorms, is a symptom of ongoing climate warming. The Upper Midwest saw a 31 percent increase in “intense” rainfalls from 1958 to 2007, over previous decades, according to the National Climatic Data Center. Rain during June 18 and 19 in Duluth, measuring from 7 to more than 10 inches, was in some places nearly double what is regarded as the city’s 1 percent-chance rainfall. The task facing Duluth, with its steep hills, clay-over-rock geology, and the need for an immediate fix — is “daunting,” said a coastal communities educator for Minnesota Sea Grant, a research entity funded by the University of Minnesota and the National Oceanic and Atmospheric Administration. In the metro area, more than two dozen communities in the Minnehaha Creek Watershed District launched a study to brainstorm new storm-water management strategies — bigger pipes, more absorbent surfaces, underground storage — in the face of increasing precipitation. Source: http://www.startribune.com/local/160198125.html

• Wildfires moved in on some of Colorado’s most popular summer tourist destinations, destroying nearly two dozen homes near Rocky Mountain National Park and emptying hotels and campgrounds at the base of Pikes Peak. – Associated Press

54. June 25, Associated Press – (Colorado) Tourist destinations, homes destroyed in ongoing disaster. Wildfires moved in on some of Colorado’s most popular summer tourist destinations the weekend of June 23, destroying nearly two dozen homes near Rocky Mountain National Park and emptying hotels and campgrounds at the base of Pikes Peak. A wildfire near Colorado Springs erupted June 23 and grew out of control to more than 3 square miles early June 24, prompting the evacuation of more than 11,000 residents and an unknown number of tourists. A fire destroyed structures near the mountain community of Estes Park, where many visitors stay while visiting the park. The Larimer County Sheriff’s Office said 22 homes and 2 outbuildings were burned. The two fires were among eight burning in Colorado the week of June 25, a key time for family vacations to national parks and other destinations. A Statewide ban on open campfires and private fireworks has been in place for more than a week. Half of the nation’s firefighting fleet is battling fires in Colorado, said the governor. C-130 military transport planes from Peterson Air Force Base in Colorado Springs were slated to begin assisting June 25, he said. Source: http://www.nashuatelegraph.com/news/worldnation/965633-227/tourist-destinations-homes-destroyed-in-ongoing-disaster.html

• A tropical storm damaged apartment complexes, a marina, and many other businesses on Florida’s Gulf Coast. The heavy rains and fierce winds also knocked out power to tens of thousands of homes and businesses and shut down many streets and the sole bridge to St. George Island. – Associated Press

55. June 25, Associated Press – (Florida) Debby soaks Fla.; gov declares statewide emergency. Tropical Storm Debby drenched Florida with heavy rains, flooded low-lying neighborhoods, and knocked out power to thousands as it lingered off the coast June 25. The governor declared a statewide emergency, and a tropical storm warning was in effect for most of Florida’s Gulf coast. In St. Pete Beach, a tornado ripped the roof off a marina and an apartment complex. State officials estimated at least 35,000 homes and businesses were without power. The storm closed the sole bridge to St. George Island, a popular vacation island in Florida. Power was already out on the island and authorities said it could be out for days. Residents in several counties near the crook of Florida’s elbow were urged to leave low-lying neighborhoods because of the threat of flooding. High winds forced the closure of an interstate bridge that spans Tampa Bay and links St. Petersburg with areas to the southeast. In several locations, homes and businesses were damaged by high winds authorities believe were from tornadoes. Source: http://www.sfgate.com/news/article/Debby-s-slow-march-through-Gulf-drenches-Florida-3659905.php

Details

Banking and Finance Sector

9. June 25, H Security – (International) Russian botnet operators infected 6 million computers. Russian police authorities said the botnet of a hacker they arrested June 21 comprised more than 4.5 million computers — making it the largest publicly known botnet to date. Reportedly, the hacker used banking trojans to steal $4.5 million from private individuals and organizations. The man was known as “Hermes” and “Arashi” in online communities and apparently used variants of Carberp and similar trojans to commit the crimes. The trojan stole users’ access credentials and used them to transfer money to bogus companies. Helpers then withdrew the stolen money from cash points. Most of the victims were Russian nationals. Overall, the trojan is believed to have infected more than 6 million computers. On some days, more than 100,000 new computers were recruited. According to a statement by the Russian interior ministry, “Hermes” also rented out the botnet to third parties. Source: http://www.h-online.com/security/news/item/Russian-botnet-operators-infected-6-million-computers-1624906.html

10. June 25, Bloomberg – (National) CFTC data breach risks employees’ Social Security numbers. The U.S. Commodity Futures Trading Commission (CFTC) suffered a data breach in May, putting at risk Social Security numbers and personal information of employees of the country’s top derivatives regulator, Bloomberg reported June 25. A CFTC employee received a “phishing” e-mail May 21 and input information to a fraudulent Web site, according to a copy of an e-mail sent to agency employees that described the incident. The e-mail description was confirmed the week of June 18 by a CFTC spokesman. “The CFTC believes at this time that the data breach is contained to employee information and does not compromise any trading or market data,” the chief information officer at the CFTC said in an e-mail statement June 22. The agency told employees it would be implementing additional security controls for CFTC computer systems and increasing training for staff, including those who handle personal information. Source: http://www.bloomberg.com/news/2012-06-25/cftc-data-breach-risks-employees-social-security-numbers.html

11. June 23, Kansas City infoZine – (National; International) Arizona man pleads guilty to Petro America securities fraud conspiracy. A Globe, Arizona man pleaded guilty in federal court to his role in a $7.2 million securities fraud conspiracy that victimized thousands of investors across the United States and Canada who bought shares in Petro America Corporation, which was purported to be a profitable company with $284 billion in assets, Kansas City infoZine reported June 23. The man admitted he participated in a conspiracy to commit securities fraud and wire fraud. Contrary to claims, Petro America had no oil, no realistic prospects for obtaining, transporting, or storing large amounts of oil, no significant assets, no revenue, and no employees other than the CEO. He admitted he sold Petro America stock to at least 180 investors, receiving at least $400,000 in proceeds, from August 20, 2009, to March 2, 2010. When he sold shares, he relayed inflated expectations, and he did not disclose material negative information to investors, including the existence of cease and desist orders. The man received at least $638,568 into a bank account he opened in the name LFV Management, LLC. The man personally spoke on behalf of Petro during business dealings, and he personally attended at least one investor meeting and one update meeting in Arizona. The man was the seventh defendant to plead guilty in the case. Source: http://www.infozine.com/news/stories/op/storiesView/sid/52280/

12. June 23, Associated Press – (Kentucky) Former president of Plasticon convicted of securities and tax fraud. The U.S. attorney’s office said a jury convicted the former president of a Lexington, Kentucky company of securities and tax fraud. A U.S. attorney’s statement said the former president was convicted June 22 of defrauding investors out of more than $18 million. Prosecutors said he committed the crimes while at Plasticon International, Inc., a penny stock company that made recycled plastic products. They said he convinced more than 8,000 investors to purchase Plasticon stock by telling them it was profitable when he knew the company was losing millions. He was also convicted of filing false tax returns. Prosecutors said he did not report $12 million he stole from the company. Source: http://www.therepublic.com/view/story/4e961e31ab5d476ea1f859a468f905d9/KY--Fraud-Scheme

13. June 23, Associated Press – (National) Texas jury convicts Calif. man in credit card scam. A California man was convicted in Texas for participating in a multi-State skimming ring that planted illegal devices at gas stations, enabling the group to steal 38,000 debit and credit card numbers and then siphon $100,000 from bank accounts, the Associated Press reported June 23. The man was convicted June 22 of four counts of unlawful possession of an electronic intercept device and one count each of unlawful use of electronic communications, engaging in organized criminal activity, and fraudulently possessing or using identifying information. Prosecutors in Fort Worth, Texas, showed evidence the man’s theft ring planted skimmers inside gas pumps in Mojave, California, Las Vegas, Dallas, Fort Worth, and Houston over a few months in 2010. The man then recoded gift cards with those numbers and used the gift cards to withdraw money at ATMs from hundreds of customers’ accounts, prosecutors said. After he was arrested in a Fort Worth suburb, 13 skimmers with the same unique markings were discovered throughout north Texas. Source: http://www.modbee.com/2012/06/23/2254587/texas-jury-convicts-man-in-gas.html

14. June 22, WMAR 2 Baltimore – (National) New email claims to be from FDIC, threatens users confidential and personal data. A fraudulent e-mail purporting to be from the Federal Deposit Insurance Corporation (FDIC) offering cash in return for survey information could obtain access to personal and confidential information, WMAR 2 Baltimore reported June 22. The FDIC issued a warning to computer users that it has received numerous reports of fraudulent e-mails that have the appearance of having been sent by the FDIC. The e-mail contains a subject line “Survey Code: STJSPNUPUT.” It reads “you have been chosen by the FDIC to take part in our quick and easy 5 question survey. In response, will credit $100 dollars to your account just for your time.” The FDIC is warning consumers not to click on the link provided in the e-mail, as it is intended to obtain personal information or load malicious software onto users’ computers. Source: http://www.abc2news.com/dpp/money/consumer/new-email-claims-to-be-from-fdic-threatens-users-confidential-and-personal-data-wews1335873875222

15. June 22, Associated Press – (Iowa) Iowa hog farmer gets 8 years for bank fraud. An Iowa hog farmer who admitted defrauding a bank out of millions of dollars was given 8 years in a federal prison, the Associated Press reported June 22. The farmer pleaded guilty in a Cedar Rapids, Iowa federal court to one count of bank fraud. He must serve 5 years of supervised release when he leaves prison, and he was ordered to make restitution of nearly $8.3 million. The farmer acknowledged that in order to borrow more money he gave Farmers State Bank in Marion false data about the number and weight of his hogs and the amount of money that packing plants owed him. He admitted illegally cashed checks more than once using a remote deposit scanning machine he had gotten from the bank. Source: http://www.whbf.com/story/18856496/iowa-hog-farmer-gets-8-years-for-bank-fraud

16. June 22, U.S. Department of Justice – (Maryland) Walkersville man indicted in a $9.2 million investment scheme. A federal grand jury returned an indictment June 22 charging a Walkersville, Maryland man with offenses arising from an investment scheme. According to the 25-count indictment, the man was the president of IV Capital, Ltd., which he represented to be an investment and trading company. From November 2005 to December 2009, he devised a scheme to obtain about $9.2 million from nearly 70 individuals who agreed to invest in IV Capital. The indictment alleges he falsely represented information on IV Capital to potential investors. It further alleges that out of about $9.2 million invested in IV Capital, he and another individual caused $2.938 million to be lost in trading or consumed by expenses. He also transferred about $1.046 million to his bank account for personal expenses. The remaining $5.2 million in investor funds was used to make “profit” payments to IV Capital investors. The indictment alleges he ceased making “profit” payments to IV Capital’s investors in July 2009, and then falsely advised IV Capital investors that because some investors had failed to pay taxes on their earnings or failed to file appropriate reports, a bank audit had been initiated and IV Capital was temporarily unable to conduct trading activity, receive investments of new funds, or pay returns on existing investments. Source: http://www.justice.gov/usao/md/Public-Affairs/press_releases/Press12/WalkersvilleManIndictedina9.2MillionInvestmentScheme.html

17. June 22, IDG News Service – (International) PayPal to pay security researchers for reported vulnerabilities. Payment services provider PayPal will reward security researchers who discover vulnerabilities in its Web site with money, if they report their findings to the company in a responsible manner, IDG News Service reported June 22. Cross-site scripting (XSS), cross-site request forgery (CSRF), SQL injection (SQLi), and authentication bypass vulnerabilities will qualify for bounties, the amount of which will be decided by the PayPal security team on a case-by-case basis. Researchers must have a verified PayPal account to receive the monetary rewards. PayPal follows in the footsteps of companies such as Google, Mozilla, and Facebook that have implemented security reward programs. Source: http://www.computerworld.com/s/article/9228373/PayPal_to_pay_security_researchers_for_reported_vulnerabilities

18. June 22, KTVK 3 Phoenix – (Arizona) Ten people indicted for mortgage fraud scheme. Ten people were indicted for a Phoenix-area mortgage fraud scheme that allegedly lasted nearly 11 years, KTVK 3 Phoenix reported June 22. May 30, a federal grand jury in Phoenix returned a 43-count indictment that included charges of conspiracy, wire fraud, false statements, false representation of Social Security number, and aggravated identity theft. A total of 10 people were indicted. Between June of 2001 and May the group purchased several homes in the Valley area near Phoenix. Two served as the real estate agents for several of the deals, while three others processed many of the loans. The defendants allegedly conspired to obtain mortgage loans by providing false information to lenders. They then used false data to refinance those loans and receive cash back before defaulting on the loans. The group also obtained commissions from the sale of the homes and sold fraudulently obtained properties to other members of the conspiracy for reduced prices through short sales. Source: http://www.azfamily.com/news/Ten-people-indicted-for-mortgage-fraud-scheme-160079875.html

19. June 22, Hackensack Record – (New Jersey) South Hackensack man arrested in alleged credit card fraud scheme. A South Hackensack, New Jersey man was arrested June 22, accused of manufacturing fake credit cards using real card numbers belonging to customers whose accounts had been compromised, authorities said. The man allegedly obtained the credit card numbers by paying third parties who had “illegally skimmed unsuspecting customers’ credit card information” as they made ordinary purchases, the Bergen County prosecutor said in a statement. The prosecutor’s office White Collar Crimes Squad and the South Hackensack police executed a search warrant at the man’s home and discovered equipment that can be used to manufacture credit cards, blank credit cards, and skimming devices. Hundreds of fraudulent cards with the man’s and other names also were found, the prosecutor said. The suspect was charged with trafficking personal identity information of another, theft by deception, and identity theft. Source: http://www.northjersey.com/southhackensack/South_Hackensack_man_arrested_in_alleged_credit_card_fraud_scheme.html

Information Technology Sector

47. June 25, H Security – (International) Lulzsec’s Topiary and Ni plead guilty to DDoS attacks. Two members of the Lulzsec hacker group pleaded guilty to charges they attacked several well known Web sites. The Guardian reported they confessed to attacks on the United Kingdom’s Serious Organized Crime Agency, National Health Service, and News International, as well as Sony, Nintendo, Arizona State police, and other sites in distributed denial-of-service (DDoS) attacks designed to cause the sites to crash. One of the pair also confessed to four separate charges including hacking into U.S. Air Force Agency computers at the U.S. Department of Defense. Source: http://www.h-online.com/security/news/item/Lulzsec-s-Topiary-and-Ni-plead-guilty-to-DDoS-attacks-1625598.html

48. June 25, H Security – (International) Update for Windows Update has teething troubles. Microsoft released an unscheduled, non-patch day update for Windows to update the Windows Update function itself. However, according to reports from readers, the Windows Update Agent update does not always run smoothly; the H’s associates at heise Security also ran into problems on their test systems. A staggered dissemination of the update took place over the past 3 to 4 days. Users who run Windows Update are confronted with a message that says an update for Windows Update must be installed before the system can check for other updates. On some computers, clicking the “Install Updates” button results in a failed installation with error code 80070057 or 8007041B. On heise Security’s test Windows 7 computer, repeatedly attempting the update (click on “Check for updates” on the left) did eventually result in the update being successfully applied. Microsoft provided a “Fix it” toolDirect download for more stubborn cases in Knowledge Base Article 949104. Source: http://www.h-online.com/security/news/item/Update-for-Windows-Update-has-teething-troubles-1624979.html

49. June 25, H Security – (International) Exploited despite Adobe’s sandbox. Adobe Reader X runs in a sandbox at a very restricted privilege level. Important system calls are supposed to be handled by a special broker process that will subject them to extensive testing. However, a small design flaw allows attackers to escape from this sandbox and execute arbitrary code — despite having both Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP). As described by a researcher, the broker process is at the heart of the exploit as it uses a memory page allocated via VirtualAllocEx to store the overwritten code of system calls that have been redirected to the broker. Despite having ASLR, however, the memory address returned by VirtualAllocEx is not randomized. This means the Windows system function call will end up in a predictable, “nearly constant” location that the exploit can then access directly. Source: http://www.h-online.com/security/news/item/Worth-Reading-Escape-from-Adobe-s-sandbox-1625545.html

50. June 22, SecurityWeek – (International) Vulnerable SAP deployments make prime attack targets. Russian security firm ERPScan, using a combination of TCP scans and Google, found that nearly a quarter of the organizations running vulnerable versions of SAP are taking risk by leaving them exposed to the Internet. This discovery, the research says, dispels the myth that SAP systems are only available from the internal network, leading to the misconception that they are protected by design. “SAP Routers themselves can have security misconfigurations but the real problem is the 8 [percent] that companies also expose, for example, SAP Dispatcher service directly to the Internet circumventing SAP Router,” the report notes. Source: http://www.securityweek.com/vulnerable-sap-deployments-make-prime-attack-targets

51. June 22, PC Magazine – (International) Malware-as-a-service simplifies launching cyber-attacks. Enterprising criminals are offering tools for crafting malicious campaigns, malware hosting, and command and control infrastructure as software-as-a-service, a research engineer at AlienVault said June 22. Called Capfire4, the service provides cyber-criminals who may not have the technical know-how all the necessary skills and knowledge needed to launch a cyberattack. With this cloud service, “clients” pay to access a Web portal where they can generate personalized trojans, manage and control the victims’ systems infected with their malware, and host their own malicious samples, according to the engineer. The portal is promoted as a service to remote control computers and “recover passwords,” he said. Source: http://securitywatch.pcmag.com/none/299448-malware-as-a-service-simplifies-launching-cyber-attacks

For more stories, see items 9, 10, 13, 14, and 17 above in the Banking and Finance Sector

Communications Sector

52. June 24, TVSpy – (California) Power outage knocks KCAL off the air during newscast. A power outage in Studio City knocked KCBS 2 Los Angeles and KCAL 9 Los Angeles off the air June 22 in the middle of a newscast, TV Spy reported June 24. A backup generator kicked in and KCAL was able to start its newscast on time, but then the connection between the generator and the building failed, knocking the stations off the air. The stations returned to the air around just an hour after the power initially went out, and KCAL was able to resume its local newscast with intermittent audio. Two hours after, the broadcast had been fully restored, just in time for KCBS’s late newscast. Source: http://www.mediabistro.com/tvspy/power-outage-knocks-kcal-off-the-air-during-newscast_b52799

53. June 23, Pittsburgh Post-Gazette – (West Virginia) One dead as plane hits tower in state forest. One person died June 22 after a small plane crashed into a radio tower near Morgantown, West Virginia. The person riding in a Hawker Beechcraft BE90 hit a tower in Coopers Rock State Forest, officials said. A spokesman for the Federal Aviation Administration (FAA) said preliminary reports indicated that only the pilot was aboard the plane. The FAA and National Transportation Safety Board are investigating. Source: http://www.post-gazette.com/stories/local/region/one-dead-as-plane-hits-tower-in-state-forest-641569/