Monday, July 30, 2012
Daily Report
Top Stories
• Powerful storms knocked out power to more
than 100,000 homes and businesses in New York, Ohio, and Pennsylvania,
cancelled more than 900 flights, and killed two people. – Reuters
2.
July 27, Reuters – (New York; Ohio;
Pennsylvania) Two dead, over 100,000 without power after fierce storms. Two
people were dead and more than 100,000 homes and businesses in New York, Ohio,
and Pennsylvania were without electricity July 27 after severe thunderstorms
swept through the region July 26. The storms spawned a tornado that touched
down in Elmira, New York, toppling trees and tearing off roofs, the National
Weather Service said. Officials in Pennsylvania and New York reported two
storm-related deaths. A woman camping in Genesee, Pennsylvania, near the New
York State line was killed when she took refuge from the storm in her car and a
tree fell on it, the director of emergency services for Potter County said.
Pennsylvania accounted for a majority of those still without power, with more
than 85,000 customers in the dark July 27, according to electric companies
serving the region. Roughly 34,000 people in New York were without power, most
of them in the southern tier region near Elmira, according to NYSEG. About
13,500 customers in eastern Ohio were still offline, according to AEP Ohio. The
storm activity forced the cancellation of over 900 flights July 26, according
to FlightAware, a Texas-based company that tracks the status of flights. The
highest number of cancellations was at LaGuardia Airport in New York City.
Source: http://www.cnbc.com/id/48352437
• Ford Motor Company announced July 27 the
recall of more than 400,000 model year 2001-2004 Escape vehicles because of
problem with the throttle cable that could lead to uncontrolled acceleration
and make it difficult to stop or slow down. – U.S. Department of
Transportation
8. July 27,
U.S. Department of Transportation – (National) NHTSA recall
notice - Ford Escape speed control cable connector. Ford Motor Company
announced July 27 the recall of 423,634 model year 2001-2004 Escape vehicles
equipped with 3.0L V6 engines and speed control manufactured from October 22,
1999 through January 23, 2004. Inadequate clearance between the engine cover
and the speed control cable connector could result in a stuck throttle when the
accelerator pedal is fully or almost-fully depressed. This risk exists
regardless of whether or not speed control (cruise control) is used. A stuck
throttle may result in very high vehicle speeds and make it difficult to stop
or slow the vehicle, which could cause a crash, serious injury, or death. Ford
will notify owners, and dealers will repair the vehicles by increasing the
engine cover clearance. Remedy parts are expected to be available in
mid-August. Until then, dealers will disconnect the speed control cable as an interim
remedy, if parts are not available at the time of an owner’s service
appointment. Source: http://www-odi.nhtsa.dot.gov/recalls/recallresults.cfm?start=1&SearchType=QuickSearch&rcl_ID=12V353000&summary=true&prod_id=203264&PrintVersion=YES
• A peer-to-peer botnet targeting banking
customers has infected more than 675,000 systems, including those at 14 of the
top 20 Fortune 500 companies, according to research released at the Black Hat
security conference. – eWeek.com See item 16
below in the Banking and Finance Sector
• Authorities found more than 20 rifles and
handguns and 40 boxes of ammunition at the home of a man they arrested who
threatened to shoot people at a Prince George’s County, Maryland facility of
computer software and hardware manufacturer Pitney Bowes. – Washington Post See item 34 below in the Information Technology Sector
Details
Banking and Finance Sector
13. July 26,
Associated Press – (New Mexico) Fallout from fake audit causing NM financing
authority to scale back loans for governments. Cities, counties, and other
local governments could find it harder to get low-cost loans from the New
Mexico Finance Authority during the next several months because of fallout from
a scandal over a fake audit of the agency’s finances, the Associated Press
reported July 26. The authority’s governing board reviewed a proposal for
limiting a loan program that finances projects such as sewers, roads, and other
infrastructure in communities. The authority can only make loans using $37
million in cash reserves because it is unable to issue new bonds without a
final audit or unless it taps into a $50 million line of credit previously
arranged with a bank. Bonds are the primary way the authority finances projects
and has money to lend. At issue in the unfolding scandal are the authority’s
financial statements, which were faked to indicate they had been audited by an
outside accounting firm. Investors may have relied on the data in considering
whether to buy the authority’s bonds. Officials blamed a former controller for
the fake audit, which was disclosed earlier in July. The former employee
acknowledged putting together the fake audit but said no money was missing and
the financial figures in the report were correct. Source: http://www.therepublic.com/view/story/5c3a7527f2b84285aa99fcdaa469779a/NM--Fake-Audit
14. July 26,
Sacramento Bee – (California) Three accused of identity theft in skimming
operation. Three people were arrested on suspicion of identity theft in a
case involving the use of skimming devices in the Sacramento, California area,
the Sacramento Bee reported July 26. After a month-long investigation,
sheriff’s detectives along with officers from the California Highway Patrol,
Sacramento Police Department, San Joaquin County Sheriff’s Department, and the
FBI, recovered thousands of credit card numbers, hundreds of counterfeit
California ID cards, numerous counterfeit credit cards, and skimming devices.
Authorities said they believed the majority of the skimming devices were
installed inside gas pumps. The devices could not be detected from the outside
of the pump but would be easily recognizable if the pump panel were opened.
Installing the skimming devices would take only seconds, and opening the gas
pump panel would not disrupt service or activate alarms, they said. Source: http://blogs.sacbee.com/crime/archives/2012/07/three-accused-of-identity-theft-in-skimming-operation.html
15. July 26,
KPTV 12 Portland – (Oregon) ‘Bling Bandit’ suspect arrested. Police took
into custody a suspect thought to be the “Bling Bandit” who committed multiple
armed robberies in the Portland, Oregon area, KPTV 12 Portland reported July
26. The man was arrested for a parole violation. Federal bank robbery charges
against him are pending. According to Portland police, further investigation
including a fingerprint left at the scene and the execution of a search
warrant, identified the man as the suspect. The three bank robberies occurred
within 4 months with the bandit robbing the same U.S. Bank twice April 26 and
July 16 as well as a Wells Fargo bank June 29. Source: http://www.kptv.com/story/19123121/bling-bandit-suspect-arrested
16. July 25,
eWeek.com – (International) ‘Gameover’ financial botnet compromises
nearly 700,000 victims. A peer-to-peer botnet targeting banking customers
has infected more than 675,000 systems, including those at 14 of the top 20
Fortune 500 companies, according to research released July 25 at the Black Hat
security conference. The Gameover botnet uses a private version of the Zeus
framework and targets the customers of banks in the United States, Europe, and
Asia. To infect more systems, the bot operators used a third-party spam botnet,
known as Cutwail, to send out copies of legitimate emails that were modified to
spread malware. People who click on a link in the email will be sent to a
server that redirects them to another system hosting the Blackhole exploit kit.
“The Blackhole kit is not dropping the malware itself,” a researcher said.
“Instead, it is dropping a downloader known as Pony, which is interesting in
that it is not just a loader, but it steals your HTTP, FTP, and email
credentials.” Once Pony installs Zeus on the compromised system, the software
establishes a communications channel back to the attackers using peer-to-peer
networking, which makes the botnet harder to dismantle because there are no
central command-and-control servers to shut down. Infected machines then
contact a hard-coded list of peers to get updates and commands. Source: http://www.eweek.com/c/a/Security/Gameover-Financial-Botnet-Compromises-Nearly-70000-Victims-304658/
Information Technology Sector
34. July 27,
Washington Post – (Maryland) Maryland police may have thwarted shooting. Authorities
have arrested a man who referred to himself as “a joker” and threatened to
shoot people at his former workplace in Prince George’s County, Maryland,
investigators said July 27. Investigators said that the man called Pitney Bowes
the week of July 23 and threatened to carry out a shooting there. He later
called back and acknowledged that it was not smart to be making such threats
over the phone. Pitney Bowes called Prince George’s police July 25. The man
lives in Crofton, and he was taken into custody there by Anne Arundel County
police. Police found more than 20 rifles and handguns and 40 steel boxes of
ammunition at his home, investigators said. The suspect was being held at an
Anne Arundel hospital for medical evaluation, authorities said. Pitney Bowes
said in a statement that the suspect arrested was an employee of a
subcontractor to Pitney Bowes. He has not been on any Pitney Bowes property in
more than 4 months. “What we believe was a significant threat has been
averted,” the Prince George’s police chief said. Authorities wrote in an
affidavit that they believed that the suspect was referencing the movie theater
shootings in Colorado when he called himself a joker. Source: http://www.washingtonpost.com/blogs/crime-scene/post/maryland-police-may-have-thwarted-shooting/2012/07/27/gJQAC6AuDX_blog.html
35. July 26,
IDG News Service – (International) Twitter blames two-hour failure on dual
data-center crashes. A Twitter outage July 26 that lasted as long as 2
hours for some users was caused by separate data centers failing at nearly the
same time, the company said in a blog post. Twitter went down between about
8:20 a.m. and 9 a.m. Pacific Time and was back in action by about 10:25 a.m.,
wrote the vice president of engineering. Two data centers that operate in
parallel for redundancy both failed, in what the vice president called an
“infrastructural double whammy. What was noteworthy about today’s outage was
the coincidental failure of two parallel systems at nearly the same time,” he
wrote. “We are investing aggressively in our systems to avoid this situation in
the future.” It was Twitter’s second outage in about 6 weeks. The company
blamed the June 21 outage on a cascading bug, a type of problem that spreads
from one software element to others. Source: http://www.computerworld.com/s/article/9229705/Twitter_blames_two_hour_failure_on_dual_data_center_crashes
36. July 26,
Network World – (National) Study: Microsoft repeatedly ranks as top U.S.
spammer. Microsoft has topped a list of biggest U.S. spammers for 5 out of
the past 15 months, and for some of those months it ranked No. 1 in the world,
according to a University of Texas (UT) study to flag the worst offenders in an
effort to get them to improve their security. Based on results culled from spam
block lists, researchers found that Microsoft IP addresses were responsible for
a big enough volume of spam to top their SpamRankings list for the United
States in April and May 2011, and in March, April, and June 2012, said a
researcher with the project at McCombs School of Business, UT Austin. The
project analyzes raw data about where spam traffic comes from and tracks down
what organization owns the offending IP addresses. The raw data gathered by
groups outside UT, and the Microsoft rankings are based on those compiled by
Passive Spam Block List. The researcher said one factor in the high volume of
Microsoft spam may be that part of it is MSN, the Microsoft portal that
includes its ISP. “Its purpose is to let people have access to the Internet, and
that means people have their own computers, which may have all sorts of
security problems,” he said. Outbound spam from an organization indicates a
security problem, he said, sometimes because machines have been compromised by
botnets and sometimes because users have fallen for phishing ploys. Source: http://www.networkworld.com/news/2012/072512-microsoft-spammer-261183.html?page=1
37. July 25,
Network World – (International) Black Hat: Cyber-espionage operations vast
yet highly focused, researcher claims. Cyber-espionage operations across
the Internet are extensive yet highly targeted, said a research director at
Dell SecureWorks, speaking at the Black Hat Conference in Las Vegas. His paper,
titled “Chasing APT” released July 25, pinpoints 200 unique families of custom
malware used in cyber-espionage campaigns that many refer to as “advanced
persistent threats.” It is not just governments targeting other governments or
trying to steal corporate secrets — private security companies also are
involved in these break-ins even while claiming to offer “ethical hacking
services.” In terms of its technical analysis of APTs, SecureWorks stated it
believes that along with the 200 unique families of custom malware used in
cyber-espionage intrusions, there appear to be more than 1,100 domain names
registered by cyber-espionage actors for use in hosting malware
command-and-control or spear-phishing, and nearly 20,000 subdomains or purposes
such as “malware C2 resolution.” But unlike other types of criminal botnets
that “can contain millions of infected computers,” cyber-espionage is far more
focused, with “tens of thousands of infected computers spread across hundreds
of botnets, each of which may only control a few to a few hundred computers at
a time,” the Dell SecureWorks report said. Source: http://www.computerworld.com/s/article/9229658/Black_Hat_Cyber_espionage_operations_vast_yet_highly_focused_researcher_claims?taxonomyId=82&pageNumber=1
For more stories, see items 16 above in
the Banking and Finance Sector
and 38 below in the Communications Sector
Communications Sector
38. July 26,
Door County Daily News – (Wisconsin) Fiber problem causes
Internet outage. Quite a bit of Door County, Wisconsin, had to do without
Internet service for a time early July 26. The network administrator for Online
Door County, a local Internet service provider said, it appeared that Charter
Communications’ data network to Door County went down early July 26 and was
down for about an hour and a half. The outage affected more than 1,000
customers of Online Door County and an undetermined number of Charter
customers. He stated his company has taken steps to prevent future outages. He
said they placed an order with Nsight 9 weeks ago to have more fiber optic installed
but that installation had not yet taken place. Source: http://www.doorcountydailynews.com/news/details.cfm?clientid=28&id=40505
For another story, see item 35 above in the Information Technology Sector