Tuesday, July 17, 2012 

Daily Report

Top Stories

 • Authorities in northwest New Mexico said vandals have used guns and other means to damage many natural gas wells beyond repair. The vandals caused tens of thousands of dollars in damage. – Associated Press
4. July 13, Associated Press – (New Mexico) Gas wells hit by vandals. Authorities in northwest New Mexico said vandals targeting natural gas wells have caused tens of thousands of dollars in damage, the Associated Press reported July 13. A San Juan County sheriff’s detective said that at least seven wells have been vandalized in the past 6 weeks north of Aztec. The companies that own the wells replaced them because they were beyond repair. The companies also are on the hook for environmental damage after some of the wells were riddled with bullets and leaked fluid. The detective said cleanup costs in some cases hit $50,000. Source: http://www.krqe.com/dpp/news/crime/gas-wells-hit-by-vandals

 • A federal grand jury indicted two men, one from Iran and the other from China, on charges of conspiring to send materials from the United States to Iran for the purpose of enriching uranium. – NBC News 

7. July 13, NBC News – (International) Indictment: 2 tried to send U.S. materials to Iran for nuclear program. A federal grand jury indicted two men, one from Iran and the other from China, on charges of conspiring to send materials from the United States to Iran for the purpose of enriching uranium, the U.S. Justice Department said July 13. Using a Chinese company as a go-between to avoid trade sanctions, the men tried for 3 years to obtain U.S. materials, such as high-strength steel, that could be used in an Iranian nuclear program, the department said. The Iranian citizen was arrested in May in the Philippines, while the other man remains at large, the department said. The two men succeeded in illegally exporting lathes and nickel-alloy wire from the United States to China and then to Iran around June 2009, according to the indictment. The Iranian man allegedly also began talking with an undercover U.S. federal agent in 2009, including in emails in which he tried to acquire radioactive source material. The emails continued into 2011, the indictment said. Source: http://usnews.msnbc.msn.com/_news/2012/07/13/12727005-indictment-2-tried-to-send-us-materials-to-iran-for-nuclear-program?lite

 • Shellfish harvesting in the Oyster Bay, New York area was suspended after eight people who ate shellfish were sickened with Vibrio parahaemolyticus infections. – Food Safety News 

24. July 14, Food Safety News – (New York) Oyster Bay shellfish harvest suspended after 8 fall ill. Shellfish harvesting in the area of Oyster Bay, New York, was suspended after eight people who ate shellfish were sickened with Vibrio parahaemolyticus infections. Approximately 1,980 acres on the north shore of Oyster Bay were closed until environmental samples reveal the danger of Vibrio contamination has passed, the New York Department of Environmental Conservation announced July 13. The New York State Department of Health reported three residents of Nassau County — where Oyster Bay is located — and five people from three other States became ill after eating raw or partially cooked shellfish from Oyster Bay Harbor. Laboratory analysis confirmed the infections were caused by the Vibrio bacteria, a naturally occurring organism that thrives in warm marine water environments. Source: http://www.foodsafetynews.com/2012/07/oyster-bay-shellfish-harvest-suspended-after-8-fall-ill/

 • Three men were charged with stealing or possessing guns and other equipment taken from an FBI agent’s government car while it was parked in front of his house. – Associated Press 

38. July 15, Associated Press – (Mississippi) 3 facing charges related to stolen FBI guns. Three men were charged with stealing or possessing guns and other equipment taken from an FBI agent’s government car while it was parked in front of his house, the Associated Press reported July 15. Court records said one man broke into the car in Hattiesburg, Mississippi, June 6, took a submachine gun, an assault rifle, a shotgun, and other equipment and gave the loot to a second man. Authorities said he then spread the weapons out on his bed, took a cellphone photograph, and sent out sales pitches by text message. An alleged gang member is charged with buying two of the guns — an M16 assault rifle and a shotgun — for $120 and an ounce of marijuana. The men were charged the week of July 9 in a four-count federal indictment. Source: http://www.sfgate.com/news/article/3-facing-charges-related-to-stolen-FBI-guns-3708360.php

 • Emergency responders across the country and in Horry County, South Carolina, have resorted to using expired medications or making do without the emergency drugs because of shortages created by manufacturing delays. – WPDE 15 Florence; Associated Press 

39. July 13, WPDE 15 Florence; Associated Press – (South Carolina; National) Drug shortage hurts Horry County paramedics. Emergency responders across the country and in Horry County, South Carolina, reported they are struggling to deal with a shortage of drug supplies created by manufacturing delays and industry changes, WPDE 15 Florence reported July 13. A study from Salem, Oregon, showed some paramedics were injecting expired medications, despite a risk they will not work as intended. Others were scrambling to train paramedics to use alternative medications. In some cases, ambulance crews have simply gone without drugs they cannot buy. One Central Oregon fire department reported using expired supplies of 11 medications at the peak of the crisis earlier in 2012. Another in Arizona went 3 weeks without any drugs to treat seizures. In Horry County, paramedics had to struggle with ordering different concentrations of medications to cope with the shortage of others. They also had to shuffle resources of drugs from ambulances in rural areas to more populated ones. Source: http://www.carolinalive.com/news/story.aspx?id=776241#.UAQUHJFnWtQ

 • Two independent security researchers found a vulnerability that involves over 300,000 instances of Niagara AX Framework, a software platform installed in everything from energy management, to telecommunications and security automation. – U.S. Industrial Control Systems Computer Emergency Response Team See item 50 below in the Information Technology Sector


Banking and Finance Sector

11. July 15, Associated Press – (National) ‘Bucket List Bandit’ robs 4th bank. A man dubbed the “Bucket List Bandit” who robbed a bank in Roy, Utah, the week of July 9 used the same operating procedure at three other banks in Idaho, Colorado, and Arizona in June, the Roy police chief said. The man walked into a Wells Fargo branch July 6 and had a note ordering the teller not to mess with him and to hand over a specific amount of money. The note also said he had just 4 months to live. The police chief said the man was wearing identical clothing in all four robberies. The same man was also suspected of robbing the Ireland Bank in Pocatello just a few hours before the Wells Fargo Bank in Roy. He was also suspected of robbing banks in Arvada, Colorado, June 21 and Flagstaff, Arizona, June 26. Source: http://www.deseretnews.com/article/765590070/Bucket-List-Bandit-robs-4th-bank.html

12. July 13, Associated Press – (Michigan; National) Feds: Fraud totals nearly $300K at Comerica ATMs. Criminals have stolen nearly $300,000 by installing high-tech gadgets on Comerica Bank ATMs in the Detroit area and gleaning personal information off customer cards, federal authorities said July 13. The details were disclosed in a criminal complaint filed against a Detroit man who was caught on surveillance video and admitted he installed and removed so-called skimmers at Comerica ATMs, the U.S. Secret Service said. Counterfeit cards were made with the information and then used for cash withdrawals, the Secret Service said. The Detroit-area fraud began in April but has popped up elsewhere in the country. Source: http://www.sfgate.com/news/article/Feds-Fraud-totals-nearly-300K-at-Comerica-ATMs-3705391.php

13. July 13, KXTV 10 Sacramento – (National) ‘Bad hair bandit’ faces 21 bank robbery charges. A registered nurse suspected in a string of multi-State bank robberies in 2011 was arraigned on 21 counts of robbery in a Sacramento, California federal court July 13. The woman, described by prosecutors as a transient from Washington and Idaho, was caught on Interstate 80 minutes after a bank hold-up in Auburn, California, in August 2011. Law enforcement dubbed the suspect the “bad hair bandit” because of different wigs and disguises worn during the robberies. Besides the Bank of the West in Auburn, she is accused to robbing banks in Sacramento and Davis as well as in Oregon, Washington, and Montana. Source: http://www.news10.net/news/article/200935/2/Bad-hair-bandit-faces-21-bank-robbery-charges

14. July 13, WTMJ 4 Milwaukee – (Wisconsin) ‘Ball Cap Bandit’, another person arrested for Germantown bank robbery. Police in Germantown, Wisconsin, arrested a man July 13 suspected of robbing at least nine banks in southeast Wisconsin since April. The “Ball Cap Bandit” and another person were taken into custody. The two allegedly were involved in a robbery at a U.S. Bank branch that day and their vehicle was identified by a sheriff’s deputy later the same day. Source: http://www.todaystmj4.com/news/local/162371156.html

15. July 13, New Haven Independent – (Connecticut) 2 more plead guilty in $10M mortgage scam. A second lawyer pleaded guilty in connection with a New Haven, Connecticut mortgage fraud ring involving more than $10 million, the New Haven Independent reported July 13. The lawyer pleaded guilty July 12 to charges of conspiracy to commit mail fraud, wire fraud, and bank fraud. His plea came two days after an admission of guilt by another lawyer to the same charges. The fraudsters allegedly swindled lenders by falsely inflating the price of homes with phony appraisals to get inflated mortgages, buying homes for the real (as opposed to inflated) price, and then pocketing the difference. The participants would then walk away from the properties, letting them fall into foreclosure. Source: http://www.newhavenindependent.org/index.php/archives/entry/2_plead_guilty_in_10m_mortgage_scam/

16. July 13, New York Times – (Iowa) Futures executive is arrested after admitting fraud. The chief executive of the futures brokerage Peregrine Financial Group was arrested in Cedar Falls, Iowa, July 13 after confessing to embezzling from clients and defrauding banks over nearly 2 decades. He admitted that he stole more than $100 million from his customers, prosecutors said. The formal charges, brought by federal prosecutors in Iowa, accuse him of lying to government regulators. The chief executive had tried to kill himself, and the criminal complaint contained lengthy excerpts from a suicide note and statement that detailed his crimes. A prosecutor said the executive could face additional charges. In his note, the executive laid out how for nearly 20 years, he had forged false account statements from U.S. Bank to embezzle millions of dollars from his customers at Peregrine, which also did business as PFGBest. The Commodity Futures Trading Commission previously filed civil fraud charges against Peregrine and effectively shut the firm. Source: http://dealbook.nytimes.com/2012/07/13/futures-executive-confesses-to-stealing-millions-from-customers/

17. July 12, Federal Bureau of Investigation – (California; Washington) Four charged in $11 million loan origination scheme, Ramona real estate agent and Seattle businessman enter guilty pleas. An unlicensed loan broker was arrested July 12 in Las Vegas, and an indictment charged her, a Ramona, California real estate agent, and the loan broker’s assistant with devising and executing a $11 million mortgage loan origination fraud and kickback scheme in California and Washington. Straw buyers were used to obtain mortgages with 100 percent financing to avoid making any down payments. The three individuals falsified mortgage applications to obtain the loans, and then convinced sellers to inflate the purchase price of the properties by about $100,000, allegedly to be used for improvements. The defendants pocketed the money and allowed nearly all 16 properties to fall into foreclosure. As a result of the foreclosures and defaults caused by the defendants’ failure to make the mortgage payments they promised, the defrauded lenders suffered losses of approximately $5 million. Source: http://www.fbi.gov/sandiego/press-releases/2012/four-charged-in-11-million-loan-origination-scheme-ramona-real-estate-agent-and-seattle-businessman-enter-guilty-pleas

Information Technology Sector

41. July 16, Softpedia – (International) Trend Micro confirms Yahoo! Mail flaw possible cause of “Android botnet”. Researchers from mobile security firm Lookout identified a security hole in the Yahoo! Mail application for Android, which they believed to be responsible for the so-called mobile spam botnet. July 16, Trend Micro experts confirmed the existence of the flaw. They could not precisely say if the vulnerability is in fact responsible for the spam sent out from mobile phones, but the fact that they independently appoint the same weakness as a possible cause makes this scenario more plausible. The weakness discovered by the researchers allows an attacker to steal a user’s Yahoo! cookies. “This bug stems from the communication between Yahoo! mail server and Yahoo! Android mail client. By gaining this cookie, the attacker can use the compromised Yahoo! Mail account to send specially-crafted messages. The said bug also enables an attacker to gain access to user’s inbox and messages,” a mobile threats analyst said. Currently, the fix for the issue is being coordinated with Yahoo! and the researchers promise a more technical analysis, but in the meantime, users must be extra cautious when receiving shady pharmacy advertisements that appear to be sent from Android devices via Yahoo! Mail. Source: http://news.softpedia.com/news/Trend-Micro-Confirms-Yahoo-Mail-Flaw-Possible-Cause-of-Android-Botnet-281493.shtml

42. July 16, H Security – (International) NVIDIA hackers publish user data. Late the week of July 9, NVIDIA confirmed the database for its forums Web site was broken into by unauthorized third parties, with data from more than 400,000 registered users affected. A hacker group calling itself “Team Apollo” has now claimed responsibility for the breach which caused NVIDIA to take the site down. As proof, they published email addresses and password hashes for about 800 users from the database on Pastebin, with more, apparently, to follow. If the data proves to be genuine, NVIDIA’s statement that the password hashes were salted would be contradicted: the database excerpt includes the hash b018f55f348b0959333be092ba0b1f41 three times in the list, the result of md5(‘nvidia123’). In addition, the hackers stated NVIDIA’s online store was broken into, which NVIDIA did not mention to The H’s associates at heise Security. The hacker group said the break-in occurred “a few weeks ago.” Source: http://www.h-online.com/security/news/item/NVIDIA-hackers-publish-user-data-1643038.html

43. July 16, V3.co.uk – (International) Symantec claims to have fixed PC-crashing anti-virus update. Symantec promised that it fixed a bug in an anti-virus update issued the week of July 9 that caused a number of Windows PCs to crash. The problem occurred July 13 when the company released updates for its widely used Symantec Endpoint Protection 12.1 and Norton anti-virus software for businesses. The updates caused a number of PCs running Microsoft Windows XP software to crash repeatedly, bringing up the “blue screen of death.” Symantec has not said how many users were affected, though according to Reuters it afflicted at least 300 of the company’s corporate customers. Source: http://www.v3.co.uk/v3-uk/news/2191762/symantec-claims-to-have-fixed-pccrashing-antivirus-update

44. July 16, Softpedia – (International) Experts find filter bypass vulnerabilities in Barracuda appliances. Security researchers from Vulnerability Lab identified a serious security hole that could affect a number of companies that rely on Barracuda products. They discovered a high severity validation filter and exception handling bypass vulnerability in Barracuda’s appliances. According to the experts, the input filter designed to block out persistent input attacks is flawed, exposing all security appliances. The vulnerable modules — Account MyResource Display and File Upload — persistently execute the saved URL path (which can be a malicious code). The researchers said the flaw can be fixed by parsing the second input request of the “file upload” function and the path URL request. To demonstrate their findings, the experts published a proof-of-concept video that shows how the input filter in Barracuda SSL VPN can be bypassed by a local attacker to execute code persistently. Barracuda Networks was notified of the issues sometime in May, but so far it is uncertain when a patch will be made available. Source: http://news.softpedia.com/news/Experts-Find-Filter-Bypass-Vulnerabilities-in-Barracuda-Appliances-Video-281458.shtml

45. July 16, H Security – (International) Security hole in Amazon’s Kindle Touch. The Web browser built into Amazon’s Kindle Touch eBook reader contains a serious security hole: when a user navigates to a specially crafted Web page, the Kindle will execute arbitrary shell commands as root. This allows attackers to access the eBook reader’s underlying Linux system at the highest privilege level and potentially steal the access credentials for the Amazon account linked to the Kindle, or purchase books with the Kindle user’s account. This security issue was publicly documented about 3 months ago but did not attract much attention. Recently, a browser-based jailbreak became available that allows users to install software, which was not authorized for the device by Amazon. The issue does not appear to affect any other Kindle models. Amazon’s security department told heise Security that they are working on a patch. Source: http://www.h-online.com/security/news/item/Security-hole-in-Amazon-s-Kindle-Touch-1642718.html

46. July 15, NBC News – (International) Yahoo Voices password vulnerability fixed, company says. Yahoo said it fixed the vulnerability that allowed 450,000 user email addresses and passwords to be stolen from its user-generated content service, Yahoo! Voices. Yahoo said the “compromised information was provided by writers who joined Associated Content prior to May 2010, when it was acquired by Yahoo!. (Associated Content is now the Yahoo! Contributor Network.) This compromised file was a standalone file that was not used to grant access to Yahoo! systems and services.” Source: http://www.technolog.msnbc.msn.com/technology/technolog/yahoo-voices-password-vulnerability-fixed-company-says-883165

47. July 14, SecurityWeek – (International) Following developer site hack, NVIDIA shuts down online store. Following a shutdown of its “NVIDIA Developer Zone” the week of July 9 after the online community for developers was hacked, graphics chip maker NVIDIA also shut down its online store located at store.nvidia.com July 13. The group of hackers behind the attack, going by the handle of “The Appollo Project,” made mention of the claimed compromise in its original post exhibiting its successful attack against the NVIDIA Developer Zone site. While the company shut down the online store, it did not acknowledge that a successful attack took place. But it appears to be reacting proactively based on hacker claims and successful attacks on other sites. Source: http://www.securityweek.com/following-developer-site-hack-nvida-shuts-down-online-store

48. July 13, CNET – (International) Intel OS X binary of latest multiplatform malware discovered. The week of July 9, security company F-Secure uncovered a new Web-based malware attack that uses Java to identify and distribute platform-specific malware binaries to OS X, Windows, and Linux installations. In the company’s first findings, the malware being issued for OS X was a PowerPC binary, which prevented it from running on many Macs using Snow Leopard and Lion; however, new developments unveiled an x86 binary. This new variant of the malware is essentially the same as the previous findings, with the exception that it will run on Lion and Snow Leopard systems without the need for Rosetta. In the attack found the week of July 9, the downloaded binaries would need to continue downloading more components to work properly, but in the more recent findings these steps are packaged together, so once downloaded, the binary is able to immediately function as a backdoor. Source: http://news.cnet.com/8301-1009_3-57471882-83/intel-os-x-binary-of-latest-multiplatform-malware-discovered/

49. July 13, ZDNet – (International) Apple iOS in-app purchases hacked; everything is free. Russian developer ZonD80 figured out how to circumvent Apple’s iOS In-App Purchase program, allowing iPhone, iPad, and iPod touch users to acquire digital game items, upgrade to full versions of applications, and purchase additional content for free. The hack reportedly works on all Apple devices running anything from iOS 3.0 to iOS 6.0 (the In-App Purchase program requires iOS 3.0 or later). This circumvention technique relies on installing certificates for a fake in-app purchase server as well as a custom DNS server. The latter’s IP address is then mapped to the former, which in turn allows all “purchases” to go through. ZonD80 could easily be gathering users’ iTunes log-in credentials (as well as unique device-identifying data) in a man-in-the-middle attack. Source: http://www.zdnet.com/apple-ios-in-app-purchases-hacked-everything-is-free-video-7000000877/

50. July 13, U.S. Industrial Control Systems Computer Emergency Response Team – (International) ICS-Alert-12-195-01—Tridium Niagara directory traversal and weak credential storage vulnerability. Two independent security researchers notified the Industrial Control Systems Computer Emergency Response Team (ICS-CERT) of a directory traversal and weak credential storage vulnerability with proof-of-concept exploit code for Tridium Niagara AX Framework software. According to their research, the vulnerabilities are exploitable by downloading and decrypting the file containing the user credentials from the server. ICS-CERT is coordinating with the researchers and Tridium. Original attempts to coordinate vulnerability information were unsuccessful and ICS-CERT, in coordination with the researchers, was planning a release of the vulnerability data. However, recent communications from Tridium indicated they were working on a solution, resulting in the delayed release of this Alert so mitigations/patches could be prepared. July 12, a public report came out detailing the vulnerabilities and as a result, ICS-CERT shortened its release schedule and issued this Alert to warn of the unpatched vulnerabilities. Tridium released a security alert with instructions on how to implement interim mitigations. Tridium stated they are testing a software update that will resolve the vulnerabilities. ICS-CERT will issue an Advisory when the software update is available. According to the Tridium Web site, more than 300,000 instances of Niagara AX Framework are installed worldwide in applications that include energy management, building automation, telecommunications, security automation, machine to machine, lighting control, maintenance repair operations, service bureaus, and total facilities management. Source: http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-195-01.pdf

Communications Sector

51. July 15, Bay City News Service – (California) Vandals cut wires on Twin Peaks, damage radio network. Vandals attacked a city communications facility on Twin Peaks in San Francisco, cutting several wires, San Francisco police said July 15. It appears that unknown suspects entered a city communications facility and cut several wires, but did not steal any wiring or other items, he said. The vandalism did not affect any essential services, but because it involved the city radio network, the FBI was notified. Source: http://www.sfgate.com/crime/article/Vandals-cut-wires-on-Twin-Peaks-damage-radio-3708988.php

52. July 13, KTVQ 2 Billings – (Montana) Lightning strike shuts down power to local TV and radio transmitters. An apparent lightning strike cut power to multiple transmitter sights near Sacrifice Cliffs overlooking Billings, Montana, KTVQ 2 Billings reported July 13. Sparks from an electric transformer started a small grass fire that temporarily shut down power and transmission for local radio stations, KTVQ-Television and Kulr-8. Lockwood Fire and Yellowstone County sheriff’s deputies assessed the damage to a power pole that snapped in half and was continuing to send sparks to the ground. Radio and TV tower lights were being powered with backup generators, but the stations remained off the air for some time. Source: http://www.ktvq.com/news/lightning-strike-shuts-down-power-to-local-tv-and-radio-transmitters/

For more stories, see items 41, 46, 49, and 50 above in the Information Technology Sector