Thursday, August 30, 2012

Complete DHS Daily Report for August 30, 2012

Daily Report

Top Stories

• A tanker truck carrying liquid butane crashed August 29 in Kane, Pennsylvania, prompting officials to evacuate 1,000 people, shut down major roads, and turn off gas and electricity. – Pittsburgh Post-Gazette

4. August 29, Pittsburgh Post-Gazette – (Pennsylvania) Evacuation in Kane after truck carrying butane overturns. A tanker truck owned by Elkhorn Corp. carrying liquid butane crashed early August 29 in Kane, Pennsylvania, and prompted officials to evacuate a large portion of the McKean County town as a precaution. The truck overturned near the center of town and came to rest against a building. State police said there was no leak. A volunteer with the Kane Volunteer Fire Department said about 250 households were evacuated. That is about 1,000 people, or a quarter of the town’s population, he estimated. He said gas and electricity would also be shut down in the evacuation area before crews from another trucking company, righted the truck and pumped the highly flammable butane from the tank. A spokesman for the State Department of Environmental Protection said a representative was dispatched to Kane to advise local hazardous material crews. He said Pennsylvania Emergency Management Agency officials told him crews estimated the tanker could by early afternoon. The evacuation order would be lifted shortly after. U.S. Route 6, which follows Greeves and North Fraley streets, was expected to remain closed until at least early afternoon. Truck traffic was being kept off of Routes 66 and 321, said a Pennsylvania Department of Transportation spokesman. The Red Cross has set up a temporary shelter at Kane High School for displaced residents. The Kane Area School District canceled classes August 29. An area of as much as a half-mile from the accident is in the evacuation area. Source: http://old.post-gazette.com/pg/12242/1257554-454.stm

• Pennsylvania State Police were investigating a possible security breach at the Shoemakersville water plant that caused officials to warn area residents not to drink tap water for 4 days. – Reading Eagle

20. August 29, Reading Eagle – (Pennsylvania) Fear of security breach prompted tap water ban; probe ongoing. Pennsylvania State Police were investigating a possible security breach at the Shoemakersville water plant that caused officials to warn residents of the borough and Perry Township not to drink the tap water, the borough emergency management coordinator said August 28. The drinking ban went into effect August 24 and was lifted August 27 after a series of tests by the State Department of Environmental Protection and an independent testing firm determined the water met all safety levels for consumption. The steps officials took to warn residents not to drink the water were only a precaution. New security measures were implemented at the plant following the incident. Clean water was made available to residents while the ban was in place. Source: http://readingeagle.com/article.aspx?id=412015

• Park officials contacted 1,700 visitors who stayed at tent cabins in Yosemite National Park this summer, warning them they may have been exposed to a deadly disease that has killed two people. – Associated Press

45. August 28, Associated Press – (California) Yosemite officials say 1,700 visitors risk disease. Tent cabins of Yosemite National Park in California have become the scene of a public health crisis after two visitors died from a rodent-borne disease following overnight stays. August 28, park officials sent letters and emails to 1,700 visitors who stayed in some of the dwellings in June, July, and August, warning them that they may have been exposed to the disease. Four people contracted hantavirus pulmonary syndrome after spending time in one of the 91 ―Signature Tent Cabins‖ at Curry Village around the same time in June. The illness is spread by contact with rodent feces, urine, and saliva, or by inhaling exposed airborne particles. After the first death, the park sanitized the cabins and alerted the public. However, officials did not know for sure the death was linked to Yosemite or the campsite until the Centers for Disease Control determined a second visitor, a resident of Pennsylvania, had died. August 26, health officials with the National Park Service sent out an alert asking public health authorities to be on the watch for more potential rodent-related cases of acute respiratory failure. Yosemite receives 4 million tourists a year from around the world, and national park officials were trying to determine if the warning should be expanded to include foreign countries. Source: http://www.14news.com/story/19391197/2nd-person-dies-of-hantavirus-after-yosemite-visit

• Hurricane Isaac lashed Louisiana and several other States August 28 and 29, overtopping levees and flooding homes and roads, forcing authorities to make hundreds of rescues. The storm also knocked out power to more than 725,000 people in five States. – Raycom News Network

46. August 29, Raycom News Network – (Louisiana; Southeast) Isaac downgrades to tropical storm. Hurricane Isaac was downgraded to a tropical storm the afternoon of August 29, but remained a threat to life and property on the Gulf Coast, said the National Hurricane Center (NHC). Louisiana’s governor said the levee in Plaquemines Parish may be intentionally breached to relieve flooding. He said there was no estimate on when they may breach. The slow-moving storm caused water to start pouring over the top of the parish levee before daybreak August 29. There were around 150 calls for rescue from rising flood waters in the parish, according to CNN. A total of 75 people were rescued in Braithwaite, while at least 25 more waited on rooftops and in attics. The overtopped levee stretches 18 miles from Braithwaite to White Ditch. CNN reported more than 8,000 National Guard personnel were at the ready for relief operations, and at least 4,100 people were in shelters. CNN reported more than 673,000 total had lost power across five States. Additional mandatory evacuations were ordered. The National Weather Service predicted dangerous storm surges and flood threats in southeastern Louisiana to last through August 29 night. The overtopped levee was left out of the federal rebuilding of the levee system, although the parish was fortifying it before Isaac hit. The NHC predicted rainfall totals between 7 to 14 inches for much of Louisiana, southern Mississippi, southern Alabama, and the extreme western Florida panhandle. However, totals could reach 20 inches in harder hit areas. The NHC said high winds could cause isolated tornadoes. It predicted water levels could reach 6 to 12 feet above ground in Mississippi and southeastern Louisiana; 3 to 6 feet in Alabama south-central Louisiana; 2 to 4 feet in the Florida panhandle and Apalachee Bay; and up to 3 feet on in the remainder of the Florida west coast. Storm surges of 11 feet were recorded in southeastern Louisiana. In New Orleans, all levees, pumping stations and flood gates were holding as expected. CNN reported a barge broke loose due to winds reaching over 60 mph. The barge hit three unoccupied passenger ships in the area. A 47-foot boat sunk in the accident. CNN also said at least 12 intersections in New Orleans proper have flooded since the storm first ht the city. Several bridges were also shut down due to storm conditions. Source: http://www.kpho.com/story/19403429/isaac-pours-over-gulf-coast-prompts-flooding

Details

Banking and Finance Sector

9. August 28, KEYT 3 Santa Barbara – (California) FBI looking for ‘Armed & Ready’ bandit. Police are searching for a man they said is responsible for a string of bank heists in the Santa Barbara, California, area, KEYT 3 Santa Barbara reported August 28. The so-called ―Armed & Ready‖ bandit is linked to three bank robberies in Santa Barbara between May 2010 and February 2012. During the robberies, the suspect enters the bank in the morning hours wearing a ski mask and conducts a takeover style robbery. Source: http://www.keyt.com/news/local/FBI-Looking-for-Armed--Ready-Bandit--167770275.html

10. August 28, San Antonio Express-News – (Texas) Woman to plead guilty in large mortgage fraud. A key defendant in a large Texas mortgage fraud ring took a plea deal for her role in a scheme that left lenders holding the bag for more than $50 million in bad loans, the San Antonio Express-News reported August 28. The woman signed an agreement to plead guilty to conspiracy to commit mail fraud and, in a separate case, to one count of preparing a false tax return. The woman is the wife of a man who was the main target in Texas’ part of a 2010 nationwide mortgage fraud sweep called ―Operation Stolen Dreams.‖ An indictment alleged the husband used several title and mortgage brokerage companies in a ―flipping‖ scheme using straw buyers that caused lenders to dole out $50 million in mortgages. Many of the homes were condominiums in the Dallas area, but some of the fake documents for loans were mailed to brokers in San Antonio, the indictment said. The scheme was aided by appraisers, title officers, escrow officers, mortgage processors, and others who helped submit fake documentation and data to lenders. Source: http://www.mysanantonio.com/news/local_news/article/Woman-to-plead-guilty-in-large-mortgage-fraud-3821294.php

11. August 28, The Register – (International) 1 Million accounts leaked in megahack on banks, websites. Hacker collective Team GhostShell leaked a cache of more than 1 million user account records from 100 Web sites over the weekend of August 25, The Register reported. The group, which is affiliated with the hacktivist group Anonymous, claimed they broke into databases maintained by banks, U.S. government agencies, and consultancy firms to leak passwords and documents. Some of the pinched data included credit histories from banks among other files, many of which were lifted from content management systems. Some of the breached databases each contained more than 30,000 records. An analysis of the hacks by security firm Imperva revealed that most of the breaches were pulled off using SQL injection attacks. Source: http://www.theregister.co.uk/2012/08/28/team_ghostshell_megahack/

12. August 24, Washington Post – (District of Columbia) FBI, police hunt for bank burglar who cut through walls in Georgetown, Woodley Park. Washington, D.C. police and the FBI are trying to determine whether one man is responsible for an unusual string of bank break-ins in the northwest part of the District, getting inside by cutting holes in the walls of adjacent, vacant storefronts, the Washington Post reported August 24. Two break-ins occurred at the same Bank of America branch in Woodley Park May 24, 2011, and August 17, which caused significant structural damage. The latest occurred August 24 at a M&T Bank in Georgetown, forcing the branch to close August 24 and possibly August 25, a spokesman said. Police could not say if the same person committed all of the break-ins, but an FBI spokeswoman said the ―methods are very, very similar.‖ The culprit(s) escaped empty-handed each time, police said, unable to get money from the automated teller machines that appeared to be the target. A tool was not recovered, but surveillance photos have twice captured images of a person dressed in a white waterproof jumpsuit. The jumpsuit was described by the FBI as a Tyvek suit, made by DuPont and resembling a decontamination suit. Source: http://www.washingtonpost.com/local/crime/fbi-police-hunt-for-bank-burglar-who-cuts-through-walls-in-georgetown-woodley-park/2012/08/24/93134be0-ee10-11e1-afd6-f55f84bc0c41_story.html

Information Technology Sector

32. August 29, Softpedia – (International) Intuit security tool spam campaign making the rounds once again. Malicious emails claiming to originate from Intuit are attempting to convince recipients they need to install a piece of software to access their QuickBooks accounts, giving them a deadline to comply. The email looks the same as an older variant that made rounds over a year ago. It seems this spam campaign has been reinitialized to steal sensitive data from Intuit customers. The message reads: ―You will not be able to access your Intuit QuickBooks account without Intuit Security Tool (IST) after 31th of August, 2012. You can download Intuit Security Tool here.‖ The links from the email currently lead to a compromised Web site from Denmark on which the cybercriminals planted a phishing Web page. The company has warned users to avoid such emails ever since the campaign started. They highlight the fact that legitimate emails will never contain ―software update‖ or ―software download‖ attachments. Source: http://news.softpedia.com/news/Intuit-Security-Tool-Spam-Campaign-Making-the-Rounds-Once-Again-288864.shtml

33. August 29, InformationWeek – (International) Java zero day attack: Second bug found. The zero-day Java attack recently discovered by security researchers, which appears to have been launched from China, is more complex than previously thought. While researchers had identified a Java 7 security-settings bug exploited in the attack, they have since found it is chained with a second vulnerability. ―Most of the online analysis talks about one vulnerability, where we saw two vulnerabilities being exploited to achieve full execution on a target, according to a blog post from a Python developer and security researcher at the information security firm Immunity. ―The first bug was used to get a reference to sun.awt.SunToolkit class that is restricted to applets, while the second bug invokes the getField public static method on SunToolkit using reflection, with a trusted immediate caller bypassing a security check. He said the bugs had to be chained together to create a working exploit. He also noted the ―getField Java bug was introduced with Java 7.0 — which debuted July 28, 2011 — and suggested a foreign nation state, or states, may have been ―enjoying it non-stop for quite some time now. Source: http://www.informationweek.com/security/vulnerabilities/java-zero-day-attack-second-bug-found/240006431

34. August 29, The Register – (International) ‘First ever’ Linux, Mac OS X-only password sniffing Trojan spotted. Security researchers have discovered a Linux and Mac OS X cross-platform trojan. Once installed on a compromised machine, Wirenet-1 opens a backdoor to a remote command server and logs key presses to capture passwords and sensitive data typed by victims. The program also grabs passwords submitted to Opera, Firefox, Chrome, and Chromium Web browsers, and credentials stored by applications including email client Thunderbird, Web suite SeaMonkey, and chat app Pidgin. The malware then attempts to upload the gathered data to a server hosted in the Netherlands. Wirenet-1 was intercepted by the Russian antivirus firm Dr Web, the same company that carried out much of the analysis of the infamous Flashback trojan. Dr Web describes Wirenet-1 as the first Linux/OSX cross-platform password-stealing trojan. Analysis work on Wirenet-1 is ongoing. Once executed, it copies itself to the user’s home directory and uses AES to encrypt its communications with a server over the Internet. Source: http://www.theregister.co.uk/2012/08/29/linux_mac_trojan/

35. August 28, IDG News Service – (International) Unpatched Java vulnerability exploited in Blackhole-based attacks. Attacks targeting an unpatched vulnerability in the latest versions of Java 7 have become widespread after an exploit for the new flaw was integrated into the popular Blackhole attack toolkit, according to security researchers from antivirus vendor Kaspersky Lab. ―The first victim regions to be hit with the Blackhole stuff were the U.S., the Russian Federation, Belarus, Germany, the Ukraine and Moldova,‖ a Kaspersky researcher said August 28 in a blog post. After a reliable exploit for the new Java vulnerability — now identified as CVE-2012-4681 — was released August 27, many researchers warned that cybercriminals would soon start targeting the flaw on a large scale. Kaspersky’s new report shows that the toolkit’s customers have already started using it. ―Oracle needs to step it up and deliver an OOB [out-of-band] patch, which historically they have failed to do,‖ the Kaspersky researcher said. Source: http://www.pcworld.com/businesscenter/article/261573/unpatched_java_vulnerability_exploited_in_blackholebased_attacks.html

Communications Sector

36. August 28, District of Columbia Hill – (National) FCC prepares for communications outages from storm. The Federal Communications Commission (FCC) was working with federal and local officials to respond to communications outages that might occur as the southeast braces for Hurricane Isaac, the District of Columbia Hill reported August 28. An FCC official explained that cellular and landline phone providers are required to report outages to the FCC. The commission has also set up a voluntary online system, called the Disaster Information Reporting System, for broadcasters, cable providers, and other communications companies to alert officials of outages. In July, the FCC began exploring the possibility of launching flying cellular transmitters after disasters to restore service. The transmitters could be attached to unmanned drones or balloons and would take the place of disabled cell towers. Source: http://thehill.com/blogs/hillicon-valley/technology/246041-fcc-prepares-for-communications-outages-from-storm