Friday, August 31, 2012

Complete DHS Daily Report for August 31, 2012

Daily Report

Top Stories

• About half of the homes and businesses in Louisiana — 903,000 — were without power as Tropical Storm Isaac moved inland August 30. – Associated Press

3. August 30, Associated Press – (Louisiana) About half La. without power as Isaac moves inland. About half of Louisiana was without power as Tropical Storm Isaac moved inland, the Associated Press reported August 30. The Louisiana Public Service Commission said 903,000 homes and businesses around the State — about 47 percent of all customers — were without power. Entergy Corp. said that included about 686,000 of its customers. Another 87,000 were customers of Cleco Corp. Nearly all customers were without power in Plaquemines, St. Bernard, and St. John the Baptist parishes, while at least three-quarters of homes and businesses had power outages in Iberville, East Feliciana, Jefferson, Lafourche, Orleans, St. Charles, St. James, St. Tammany, Tangipahoa, Terrebonne, and West Feliciana parishes. Source:

• Officials were investigating how a man breached security at one of the nation’s busiest ports, boarded a ship, and ended up in the captain’s cabin. – Associated Press

15. August 30, Associated Press – (New Jersey; New York) Man scales fence at NJ port, boards cargo ship. Officials were investigating how a man breached security at one of the nation’s busiest ports, boarded a ship and was found in the captain’s cabin, the Associated Press reported August 30. Authorities believe the man scaled a barbed-wire-topped 6-foot security fence at the Port Newark marine terminal in Newark, New Jersey August 29. A Port Authority of New York and New Jersey official said he wandered around unchallenged before he boarded the cargo ship and was discovered in the captain’s bed about 4 hours later. Port Newark encompasses 180 acres and handles more than 600,000 shipping containers annually. Source:|newswell|text|FRONTPAGE|s

• Advanced malware that evades signature-based detection has increased nearly 400 percent in the past year, according to research by security firm FireEye. – See item 41 below in the Information Technology Sector

• Officials began a controlled release of water at a dam that threatened to break near the Louisiana-Mississippi border, flooding a rural area where up to 60,000 residents were evacuated August 30. – USA Today; Associated Press

50. August 30, USA Today; Associated Press – (Louisiana; Mississippi) Evacuations ordered over possible dam break from Isaac. Officials began a controlled release of water at a dam in Tangipahoa Parish that threatened to break near the Louisiana-Mississippi border flooding a rural area where up to 60,000 residents were evacuated August 30. Search-and-rescue teams were assembled and two nursing homes were evacuated. Louisiana’s governor said that if the water had not been released it would have caused significant flooding — with water pouring into the already swollen Tangipahoa River, swamping low-lying areas downstream. Residents had less than 90 minutes to evacuate after the order was given, the governor said. The U.S. Army Corps of Engineers examined the dam. If it were to burst residents could see floodwaters as high as 17 feet. The National Guard was also evacuating 3,000 people trapped by flooding in LaPlace, Louisiana, the governor’s office said. Rising water closed off all main thoroughfares into the parish, about 30 miles west of New Orleans. The hurricane-protection system ringing the New Orleans area continued to hold, keeping storm surge and floodwaters out of the city but in LaPlace and Slidell, rescue crews helped residents evacuate from flooded homes. Area rivers, steadily swelling with Isaac’s rains, were not expected to crest until the weekend of September 1, potentially flooding more homes and making more roads impassable, said a Louisiana State Police captain. Statewide, 6,191 residents — with the number expected to grow — were in shelters, the governor said. Nearly half of Louisiana remained without power. In neighboring Mississippi, utility companies said they were working to restore power to more than 150,000 customers. Louisiana and parish officials were studying the levees in Plaquemines Parish August 30 to determine the best place to punch a holeto relieve trapped floodwaters that overran the enclave of Braithwaite. Source:


Banking and Finance Sector

11. August 29, Parsippany Daily Record – (New Jersey) Well-dressed bandit sought by cops. Morris County, New Jersey authorities are looking for a man who appears to be dressed preppy in a sport jacket, dress shirt, and various hats, and is suspected in four bank heists committed between July 20 and August 23, the Parsippany Daily Record reported August 29. Based on surveillance images, police believe the man who held up the four banks in Parsippany, Lincoln Park, and Mount Olive without showing a weapon is the same person who made personnel at a PNC Bank in Kinnelon August 28 suspicious enough to call authorities. The holdups occurred July 20 at the Indus American Bank in Parsippany; July 30 at PNC Bank in Budd Lake; August 10 at Capital One in Lincoln Park; and August 23 at Boiling Springs Savings Bank in Lincoln Park. Source:

12. August 29, Reuters – (National) Citigroup settles shareholder CDO lawsuit for $590 mln. Citigroup Inc agreed to pay $590 million to settle a shareholder lawsuit accusing it of hiding tens of billions of dollars of toxic mortgage assets, one of the largest settlements stemming from the global financial crisis, Reuters reported August 30. The agreement resolved claims that shareholders ended up with massive losses after the bank failed to take timely writedowns on collateralized debt obligations, many backed by subprime mortgages, and engaged in self-dealing transactions that hid the risks. Citigroup denied wrongdoing in agreeing to settle, and said the $590 million is covered by existing reserves. A U.S. district judge in Manhattan granted preliminary approval of the settlement, and scheduled a January 15, 2013 hearing to consider final approval. Source:

13. August 29, WHTM 27 Harrisburg – (Pennsylvania) Accused bank robber admitted to other holdups, police say. A man arrested for the robbery of a Shrewsbury, Pennsylvania bank the week of August 20 is facing more charges after admitting to other holdups in York and Lancaster counties and in the Lehigh Valley, police said. WHTM 27 Harrisburg reported August 29 that the man admitted to robbing banks in Newberry Township and Hanover in York County, East and West Hempfield townships in Lancaster County, and in the Allentown and Reading areas, according to southern regional police. The admission came during an interview at the York County Prison, where he remains held with further charges pending, police said. Authorities said they continue to investigate whether anyone else was involved in the crimes. The man was taken into custody August 17 when he surrendered to police on charges that he robbed a Sovereign Bank the previous day. Source:

14. August 29, WHTM 27 Harrisburg – (Pennsylvania) Suspected bank robber indicted in 3 handkerchief holdups. A federal grand jury has indicted a man suspected of robbing three banks in Harrisburg and York, Pennsylvania, while disguising his face with a handkerchief, WHTM 27 Harrisburg reported August 29. The man is accused of robbing Fulton and Sovereign banks in Harrisburg and the White Rose Credit Union in York, according to a U.S. attorney. The Fulton Bank was robbed March 14, and the Sovereign Bank March 22. The White Rose Credit Union was robbed April 2. The man stole about $2,000 in each of the robberies. In each case, the suspect had a white hanky or tissue covering the lower part of his face and handed over a note demanding money. No weapon was shown. Source:

Information Technology Sector

39. August 30, Help Net Security – (International) Java 0-day exploit served from over 100 sites. After an exploit for the two unpatched Java zero-day vulnerabilities has been added to the Blackhole exploit kit, the number of sites functioning as entrance points for malware has risen exponentially. According to the director of security research at Websense, the company has already spotted over 100 unique domains serving the Java exploit. ―The number is definitely growing ... and because Blackhole has an updatable framework and already has a foothold on thousands of sites, we anticipate that the number of sites compromised with this new zero-day will escalate rapidly in the coming days,‖ he said. Malware peddlers have also begun their efforts to drive traffic to those domains, as witnessed by a slew of emails purportedly coming from the Dutch branch of the accountancy firm BDO Stoy Hayward, trying to trick people into following the offered link with news that the VAT rate will increase starting October 1, 2012. Source:

40. August 29, ZDNet – (International) Cybercriminals impersonate popular security vendors, serve malware. Security researchers from Websense have intercepted a currently circulating spam campaign, impersonating popular antivirus vendors in an attempt to trick end and corporate users into downloading and executing the malicious attachment. According to Websense, the campaign is low-volume, and is currently impersonating Symantec, F-Secure, Verisign, and Sophos. The malicious payload is currently detected by 3 out of 42 antivirus scanners as Trojan.Agent Gen-Banload; TROJ_GEN.R47H1HR. Source:

41. August 29, – (International) Explosion in malware bypassing traditional defenses, study shows. Advanced malware that evades signature-based detection has increased nearly 400 percent in the past year, research by security firm FireEye revealed. Companies are being hit by an average of 643 successful infections a week, according to the firm’s latest Advanced Threat Report on cyber attacks that routinely bypass traditional defenses. Such defenses include intrusion prevention systems, firewalls anti-virus, and other signature, reputation, and basic behavior-based technologies. The report, which covers the first half of the year, highlights the intensified danger of email-based attacks, with researchers seeing a 56 percent growth in email-based attacks from the first to the second quarter of 2012. Another trend highlighted by the report is the increased use of dynamic, throw-away domains. Researchers saw a significant increase in dynamic links that were used five times or less. Links that were seen just once grew from 38 percent in the second half of 2011 to 46 percent in the first half of 2012. ―The results of this report make it even more clear that reactive signature-based defenses cannot prevent evasive strains of malware from making their way into the enterprise,‖ said the FireEye founder and CEO. Source:

For another story, see item 42 below in the Communications Sector

Communications Sector

42. August 29, New England Cable News – (Massachusetts) Verizon telecommunications outage causes problems. People in Massachusetts were still dealing with service outages with Verizon, New England Cable News (NECN) reported August 29. Thousands did not have phone, Internet, or TV service because of a fire that knocked out Verizon’s connection. Verizon was working around the clock to repair a complicated network of cables after a homeless man’s mattress caught fire under a bridge in Lawrence August 27, damaging Verizon’s systems. A spokesperson said about 8,000 customers in dozens of communities from the Merrimack Valley all the way up to Cape Anne lost phone, Internet, and cable services. A Verizon spokesperson said late the afternoon of August 29 that 7,000 customers had had services restored. The company hopes to have services back online for the remaining 1,000 customers in the next few days. Source: