Wednesday, June 27, 2012

Complete DHS Daily Report for June 27, 2012

Daily Report

Top Stories

• ExxonMobil reported a benzene release from a Baton Rouge, Louisiana chemical plant June 25. This is the same plant that is under investigation by State environmental officials after it vented tens of thousands of pounds of benzene and other cancer-causing chemicals June 11. – Baton Rouge Advocate

2. June 26, Baton Rouge Advocate – (Louisiana) ExxonMobil reports another benzene release. ExxonMobil’s Baton Rouge Refinery in Baton Rouge, Louisiana, reported a benzene release as the result of a leak in a supply line, according to a report filed with the National Response Center. The amount of benzene that escaped from the chemical plant in the June 25 leak was not known. The refinery said the leak took about an hour to repair. This report was issued 11 days after another benzene release. A company report issued a week after the June 14 leak said as much as 28,700 pounds of benzene, which is known to cause cancer, may have escaped. It also said thousands of pounds of volatile organic compounds and other hazardous chemicals such as toluene, cyclohexane, and hexane, may have spewed out. The Louisiana Department of Environmental Quality is investigating that release. Source:

• A new wave of automated hacking of online bank accounts might have stolen $78 million in the past year from customers in Europe, Latin America, and the United States, according to researchers who peered into the computers of the hacking gangs. – Reuters See item 11 below in the Banking and Finance Sector

• Tropical Storm Debby weakened as it drifted slowly eastward over Florida, bringing heavy rains and high winds that closed major highways and bridges, damaged many businesses and homes, and knocked out power to tens of thousands of customers June 26. – Reuters

15. June 26, Reuters – (Florida; Georgia) Tropical Storm Debby rains misery on flooded Florida. Tropical Storm Debby weakened as it drifted slowly eastward over Florida June 26, with the heavy rains closing many roads, including major highways. After stalling in the Gulf of Mexico, the storm was finally moving but was expected to take 2 more days to cross Florida. Pasco County emergency managers ordered a mandatory evacuation for 14,000 to 20,000 people living between the Anclote and Pithlachascotee Rivers. The Anclote rose from 9 feet before Debby’s approach to more than 27 feet June 26, well above major flood level, a Pasco County spokesman said. Emergency crews had to use boats to reach stranded residents in some areas, and 106 Pasco County homes had been damaged. Nearly 20 inches of rain fell in 2 days on Wakulla County. Roads were under water in many parts of the surrounding “Big Bend” area where the Florida Panhandle meets the peninsula. Parts of Interstate 10 were closed between Tallahassee and Jacksonville. The storm left 29,000 people without power, emergency managers said. National Hurricane Center forecasters said Debby could bring another 4 to 8 inches of rain and possibly tornadoes to north Florida and southeast Georgia in the next 2 days. Debby’s top winds weakened to 40 miles per hour, just above the threshold to remain a tropical storm. Source:

• The city of Denton, Texas, elevated its mosquito threat level to Risk Level 5 June 25 after multiple human cases of West Nile virus in a short, 1-2 week time frame. – KXAS 5 Dallas-Fort Worth

31. June 25, KXAS 5 Dallas-Fort Worth – (Texas) Denton elevating mosquito risk level to 5. The city of Denton, Texas, elevated their mosquito threat level to Risk Level 5 June 25 after multiple human cases of West Nile virus in a short, 1-2 week timeframe. The Denton City Council held a special meeting to discuss treating positive mosquito pools with adulticide to curb the spread of West Nile. Should the use of adulticide be approved, it will be the first time the city has undertaken such measures to treat mosquitoes. Spraying would only be done in the vicinity of areas where positive human cases were detected, according to the city’s mosquito response plan. The mosquito risk level was increased to Risk Level 4 only 2 weeks ago and since that time the city has been treating active pools with larvicide. Denton County confirmed their first case of West Nile virus this year in May. Source:


Banking and Finance Sector

11. June 26, Reuters – (International) New bank theft software hits three continents. A new wave of automated hacking of online bank accounts might have stolen $78 million in the past year from customers in Europe, Latin America, and the United States, according to researchers who peered into the computers of the hacking gangs, Reuters reported June 26. The groups used recent improvements to two families of existing malicious software, Zeus and SpyEye, which lodged on the computers of clients at 60 banks. The latest variants automate the subsequent transfer of funds to accounts controlled by accomplices. The findings, to be released by security firms McAfee and Guardian Analytics, confirmed and expanded on research from Japan-based Trend Micro Inc that was first reported the week of June 18. The software is sophisticated enough to defeat “chip and PIN” and other two-factor authentication and to avoid transferring the entire contents of an account at one time, which can trigger review, according to the study. McAfee said the same technology, while still emerging, had been used by a dozen gangs against consumers and business clients of financial institutions. “Someone designing this system has insider knowledge as to what the banks are looking for,” said a research director at McAfee Labs. Source:

12. June 26, Bloomberg – (International) BOE’s governor says FSA should investigate RBS computer failure. The Bank of England’s governor said the U.K. Financial Services Authority should investigate a computer failure at Royal Bank of Scotland Group Plc (RBS) that left some of the lender’s 17 million customers unable to withdraw cash recently, Bloomberg reported June 26. Britain’s biggest government-owned bank said the glitch may drag into the week of July 2 and is extending hours at more than 1,200 branches in Great Britain and Ireland following what it said was a “systems outage” that started June 19. The ability of some of the bank’s customers to make cash withdrawals, money transfers, and payments was curtailed by the breakdown. RBS said June 26 most transactions have been cleared for its NatWest and RBS customers. Ulster Bank clients continued to experience “unacceptable delays” and may have to wait until the week of July 2 for their service to fully resume. Source:

13. June 25, South Florida Business Journal – (Florida; National) Florida tops mortgage fraud index, hits $260M in Q1. Florida was number one in Mortgage Daily’s mortgage fraud index in the first quarter of 2012, as the dollar volume of fraud uncovered doubled from the previous period, the South Florida Business Journal reported June 25. The index tracks mostly criminal cases where lenders were defrauded into approving a loan or a short sale. The higher the index, the more active cases. Florida led the nation with $260 million in mortgage fraud reported and an index score of 163. That was ahead of North Carolina, with $226 million in mortgage fraud, and California, with an index score of 160. Florida had the highest score in four of the past five quarters. Source:

14. June 25, Salt Lake Tribune – (Utah; National) Utah company was $100M Ponzi scheme, SEC says. Federal regulators June 25 accused a Utah businessman of running a Ponzi scheme that took in $100 million from 600 investors across the country, while guaranteeing 12 percent returns on real estate investments. A man and his firm, National Note of Utah, were named in a lawsuit filed by the Securities and Exchange Commission (SEC). Utah has been hit with a series of Ponzi schemes in the past 5 years, several involving more than $100 million and two of them nearly $200 million. A federal judge issued a temporary restraining order, froze the assets of National Note, and appointed an attorney as a receiver to take over the company’s operations. The man accused in the lawsuit told potential investors National Note had “a perfect record,” having never missed a payment of principal or interest since it was formed in 1992, the SEC said. However, he failed to tell them that in recent years all of his company’s business was conducted with companies he owned, that National Note was insolvent, and that payments to initial and early investors were being made with funds from new investors, according to the lawsuit. The agency alleges National Note had been violating securities laws since at least 2009. Source:

Information Technology Sector

39. June 26, Softpedia – (International) RSA SecurID cracked, experts access cryptographic keys in 13 minutes. Researchers released the results of a study which demonstrates that flaws present in many of the popular security devices, such as the RSA’s SecureID 800, can be leveraged to obtain the cryptographic keys. In a paper titled “Efficient padding oracle attacks on cryptographic hardware,” the researchers detail the vulnerabilities that expose the imported keys from various cryptographic devices that rely on the PKCS#11 standard. They describe the method they used, the padding oracle attack, as a “particular type of side channel attack where the attacker is assumed to have access to an oracle which returns true just when a chosen ciphertext corresponds to a correctly padded plaintext under a given scheme.” By creating an optimized version of Bleichenbacher’s attack, the researchers were able to prove that tokens such as the RSA SecurID, the Aladdin eTokenPro, the Gemalto Cyberflex, the Safenet Ikey 2032, and the Siemens CardOS can be cracked in a short period of time. The initial variant of the Bleichenbacher attack required millions of decryption attempts, explained a research professor at Johns Hopkins University. However, the new version only requires thousands or tens of thousands of attempts. Tokens that rely on this technology are utilized by numerous organizations to access restricted networks and perform other sensitive operations. Source:

40. June 26, H Security – (International) WordPress modules holed by Uploadify. ”Uploadify,” a jQuery plugin used by many WordPress themes and plugins, is opening up systems that use it to unrestricted uploading of files and, in turn, allows execution of arbitrary code on the server. A Metasploit module already exists for one plugin, FoxyPress, that uses Uploadify. The Uploadify problem is not restricted to FoxyPress, however: IT Pixie produced a list of plugins and themes that were rendered vulnerable. A security researcher noted that numerous exploits being published on PacketStorm and Exploit-DB were related to WordPress plugins and were, in turn, enabled by the use of Uploadify. Source:

41. June 26, – (International) Malware writers adopt ‘a la carte’ development approach. Researchers with security firm Trusteer said that over the last several months, malware writers have begun to adopt an “a la carte” pricing system in which custom features and behaviors can be bundled into malware attacks. According to researchers, the pricing options can add or remove hundreds of dollars to the cost of a piece of malware and can allow criminals to create specialized payloads that are highly focused and targeted in nature. The result, say researchers, is a new class of customized and more affordable malware infections on the market and in the wild. Source:

42. June 25, Dark Reading – (International) Researchers beat up Google’s Bouncer. Two security researchers from security firm Trustwave submitted increasingly malicious versions of an Android application to Google Play, Dark Reading reported June 25. Each variant of the application was scanned by Bouncer, Google’s security-checking application, and it failed to flag them as malicious, the researchers plan to report at the Black Hat security conference in July. They limited the attack so no users were impacted, but they could have stolen photos, contacts, and passwords from the phone. At the end of their experiment, they created a botnet capable of a denial-of-service attack, similar to the Low-Orbital Ion Cannon software used by hacktivists. Source:

For more stories, see items 11 and 12 above in the Banking and Finance Sector

Communications Sector

43. June 25, WVNS 59 Lewisburg – (West Virginia) Copper theft to blame for downed service in McDowell County. Leaders with Frontier Communications said phone service was knocked out to hundreds in McDowell County, West Virginia the weekend of June 23 due to copper theft. Residents within the 938 exchange had to go to their nearest fire department if they needed help due to the lines being down. Source: