Tuesday, September 4, 2012

Complete DHS Daily Report for September 4, 2012

Daily Report

Top Stories

• August 31, a day after Hurricane Isaac hammered Louisiana and neighboring States, nearly 800,000 customers in Louisiana, Mississippi, and Arkansas remained without power. – Associated Press; CBS News

2. August 31, Associated Press; CBS News – (National) Isaac: Significant flooding, power outages on Gulf Coast. The storm that was Hurricane Isaac, now a tropical depression, swirled into the central United States August 31, leaving behind a darkened, soggy mess in Louisiana. Neighborhoods were underwater, and even homes that stayed dry did not have lights, air conditioning, or clean water. The storm cut power to nearly half the homes and businesses in Louisiana. By the afternoon of August 31, 632,000 customers were still without power, the Louisiana Public Service Commission said. In neighboring Mississippi, utility companies said they were working to restore power to more than 150,000 customers. Entergy said 10,000 customers in Arkansas were without electricity because of Isaac. Entergy — which serves customers in Arkansas, Louisiana, Mississippi and Texas — said Isaac has been the utility’s fourth-largest storm in terms of power outages. More than 15,000 utility workers were at work in Louisiana and Mississippi, but officials said it would be at least 2 days before power was fully restored. At least five deaths in Louisiana and Mississippi were blamed on the storm. Source: http://www.cbsnews.com/8301-505263_162-57504128/isaac-significant-flooding-power-outages-on-gulf-coast/

• Guards at the Oak Ridge, Tennessee plant for storing weapons-grade uranium failed to spot activists who cut through its fences until they walked up to an officer’s car and surrendered, an official report found. Reuters

12. August 31, Reuters – (Tennessee) Troubling ineptitude in security at US nuclear bomb plant. Guards at the Oak Ridge, Tennessee plant for storing weapons-grade uranium failed to spot activists who cut through its fences until they walked up to an officer’s car and surrendered, an official report said August 31. The report from the Department of Energy’s (DOE) inspector general criticized multiple failures of sophisticated security systems and ―troubling displays of ineptitude‖ at the plant in July. Three anti-nuclear activists were not initially spotted or detained as they cut through three perimeter fences July 28. The officer responding to the alarm did not notice the trespassers until they walked up to his car and ―surrendered.‖ The officer did not draw his weapon nor secure the area, instead letting the trespassers ―roam about and retrieve various items from backpacks,‖ the report said. Another officer hearing alarms did not look outside the building as he was supposed to, and also missed an image of the trespassers on a camera. A third officer turned off the alarm. Others heard the activists hammering on the building’s outside wall, but assumed the sound was from maintenance workers. One camera that would have shown the break-in had been broken for about 6 months, and there was a backlog of repairs needed for security systems at the facility, the report said. The administrator of the National Nuclear Security Administration said changes were underway after the incident. He said that staff members involved with the incident were removed, cameras were fixed, and patrols as well as training were stepped up. Source: http://www.reuters.com/article/2012/08/31/usa-security-nuclear-idUSL2E8JV7PD20120831

• A naturally occurring toxin in corn has emerged that can be fatal to livestock and contaminate milk, and could snarl the U.S. grain-handling system. – Reuters

23. August 29, Reuters – (National) Latest threat to drought-stricken corn: Aflatoxin. The grain industry is on high alert for a naturally occurring toxin in corn that could present a challenge to farmers hit by the worst drought in 56 years, Reuters reported August 29. Trace amounts of aflatoxin were discovered in some of the corn harvested in the United States, with a major dairy company Dean Foods in talks with State officials in Indiana and Iowa about testing milk for the carcinogenic byproduct of mold. Any major outbreak has the potential to snarl the grain handling system in the corn belt region and trigger a scramble — and price spike — for untainted corn, which will be in short supply in 2012 due to the drought. ―We’ve actually seen it this bad before, but this year it’s just a lot more widespread,‖ said the manager of a Missouri Department of Agriculture grain inspection facility in St. Joseph. His office was testing corn samples from Kansas, Nebraska, and Iowa and finding some aflatoxin in most of them. He said most samples were sent by crop insurance adjusters who suspect a problem with the grain. Aflatoxin is the byproduct of a powdery, olive-green mold that has emerged in corn fields from Kansas through Indiana and can be fatal to livestock. The presence of the mold does not necessarily lead to aflatoxin. With the corn harvest only 6 percent complete in the United States, the world’s largest corn producer and exporter, it is too soon to know whether aflatoxin will be a big problem. The U.S. Department of Agriculture’s Risk Management Agency said insured farmers who suspect their fields might have aflatoxin to contact their agents before they harvest the grain to receive compensation. Source: http://articles.chicagotribune.com/2012-08-29/business/chi-latest-threat-to-droughtstricken-corn-aflatoxin-20120829_1_aflatoxin-contamination-corn-harvest-corn-sample

• The Louisiana health department issued boil advisories for 320 water systems in 28 parishes due to damage caused by Hurricane Isaac. – Associated Press

24. August 31, Associated Press – (Louisiana) La. boil advisories in response to Isaac. The Louisiana health department issued boil advisories for 320 water systems in 28 parishes, the Associated Press reported August 31. They range from parish and municipal systems to apartment complexes, truck stops, trailer parks, industrial plants, and individual bars and restaurants. Parish and municipal systems include the East and West Allen Parish Water Works, Waterworks District 2 Of St. Helena Parish, and the municipal systems in Church Point, Pointe a la Hache and Port Sulphur. Until further notice, people in those places should disinfect water before drinking it or cooking, brushing teeth or preparing food with it. Source: http://www.dailycomet.com/article/20120831/APN/1208310806?Title=La-boil-advisories-in-response-to-Isaac

• Oracle has released a rare out-of-band patch to fix zero-day vulnerabilities in Java 7 being exploited by an attacker group based in China that last year targeted the chemical industry and some defense contractors. – Government Computer News See item 39 below in the Information Technology Sector

Details

Banking and Finance Sector

13. August 31, BankInfoSecurity – (National) Curbing card fraud at the pump. Card fraud linked to pay-at-the-pump gas terminals is growing, and that trend will continue until more fraudster convictions are publicized, some security experts say, according to BankInfoSecurity August 31. Meanwhile, in an effort to help prevent fraud, one trade association is testing a system designed to help alert convenience stores and others about potential skimming threats. A fraud expert at Aite said that many card issuers speculate that the increases are linked to crime rings that want to exploit the card data they have in-hand before the U.S. payments infrastructure migrates to chip-card technology, part of a movement to comply with the global Europay, MasterCard, Visa standard. To help combat skimming, the Petroleum Convenience Alliance for Technology Standards (PCATS) is beta-testing a skimming database that logs reports of pay-at-the-pump skimming incidents. PCATS is working with about 10 retail and petroleum brands to collect data that can be used to identify common targets. Once regions or certain terminal brands have been identified as being hit by skimming most often, PCATS notifies other convenience stores and gas stations that are likely to be the next victims. Source: http://www.bankinfosecurity.com/curbing-card-fraud-at-pump-a-5080/op-1

14. August 30, U.S. Department of Justice – (Pennsylvania) Monroe County man indicted for fraud related to false claims of owning billions of dollars worth of oil and negotiable bank instruments. The U.S. Attorney’s Office for the Middle District of Pennsylvania announced August 30 that a man was indicted in a 23-count indictment charging 15 counts of wire fraud, 2 counts of bankruptcy fraud, 5 counts of making false statements on bankruptcy schedules, and 1 count of bank fraud. The indictment alleges the man defrauded various investors and attempted to defraud various financial institutions by soliciting money based on false claims of ownership of 10 million barrels of oil in Texas worth in excess of $1 billion, as well as claiming authority over Federal Reserve instruments worth more than $700 billion. The investigation commenced after a victim sued the man and obtained a judgment against him and his company, RJH, for more than $1 million. Further investigation by the FBI revealed many other people were defrauded and that the man had attempted to deposit two fraudulent $500 million checks into various financial institutions to secure loans. The Indictment also alleges the man filed three petitions in U.S. Bankruptcy Court in 2010, 2011, and 2012, making various false statements relating to his assets and liabilities, as well as RJH’s assets and liabilities, in an attempt to cover-up his schemes. Source: http://www.justice.gov/usao/pam/news/2012/Harley_08_30_2012.htm

15. August 29, Wall Street Journal – (International) Treasury slaps Kingpin Act sanctions on Zetas-linked oil services company. The U.S. Treasury Department said August 29 that it placed Kingpin Act sanctions on an oil-services company owned by a man it says is a drug trafficker linked to the Los Zetas organization. ADT Petroservicios, S.A. De C.V., which is based in Veracruz, Mexico, is owned by the alleged trafficker and was used for money laundering, Treasury said. The man was designated in June under the Kingpin Act for his links to Los Zetas. He is currently in U.S. custody. The man was also previously charged in Texas along with 13 others with money laundering on behalf of the drug network that involved the purchase, breeding, and racing of race horses. Source: http://blogs.wsj.com/corruption-currents/2012/08/29/treasury-slaps-kingpin-act-sanctions-on-zetas-linked-oil-services-company/

16. August 29, Kinston Free Press – (North Carolina) $5.3 million taken in alleged embezzlement scheme. A Lenoir County, North Carolina grand jury indicted four men, including the former vice president of Kinston-based Discovery Insurance, on charges stemming from the allegedly embezzlement of $5.3 million from Discovery over 6 years, the Kinston Free Press reported August 29. The North Carolina Department of Insurance opened a criminal investigation in November 2011 after officials from Discovery Insurance notified the department of financial discrepancies in the company’s claims department. A former employee of Discovery Insurance was accused of fraudulently using company claim funds to write checks to fictitious businesses owned by two co-conspirators. Another man was accused of receiving and cashing checks from Discovery Insurance that the former employee had allegedly made out to names of fictitious individuals. The men were accused of conspiring to split the embezzled funds. Source: http://www.kinston.com/articles/insurance-84623-discovery-department.htm

Information Technology Sector

37. August 31, FierceCIO – (International) Users of laptop fingerprint readers at risk of password hacks. Russian digital forensics firm ElcomSoft has discovered a serious vulnerability in laptops equipped with UPEK fingerprint readers and running the UPEK Protection Suite software. The software suite typically comes preinstalled to manage the underlying fingerprint reading hardware. It appears that users who opt to login via finger swipe are putting themselves at risk. An ElcomSoft spokeswoman wrote in a blog post that the Windows account passwords are stored in the Windows registry in a ―barely scrambled‖ and non-encrypted format. This means that someone who gains physical access to a laptop could conceivably recover the underlying registry key and break into systems protected by Encrypting File System. The fingerprint readers made by UPEK are used by most major manufacturers, including Acer, Asus, Dell, Gateway, Lenovo, Samsung, Sony, and Toshiba, among others. Source: http://www.fiercecio.com/techwatch/story/users-laptop-fingerprint-readers-risk-password-hacks/2012-08-31

38. August 31, IDG News Service – (International) Researchers find critical vulnerability in Java 7 patch hours after release. Security researchers from Poland-based security firm Security Explorations claim to have discovered a vulnerability in the Java 7 security update released August 30 that can be exploited to escape the Java sandbox and execute arbitrary code on the underlying system. Security Explorations sent a report about the vulnerability to Oracle August 31 together with a proof-of-concept exploit, the security company’s founder and CEO said. Oracle broke out of its regular 4-month patching cycle August 30 to release Java 7 Update 7, an emergency security update that addressed three vulnerabilities, including two that were being exploited by attackers to infect computers with malware since the week of August 20. Java 7 Update 7 also patched a ―security-in-depth issue‖ which, according to Oracle, was not directly exploitable, but could have been used to aggravate the impact of other vulnerabilities. Source: http://www.itworld.com/security/292645/researchers-find-critical-vulnerability-java-7-patch-hours-after-release?page=0,0

39. August 30, Government Computer News – (International) Oracle issues patch for Java flaws; attacks tied to China-based Nitro gang. Oracle has released a rare out-of-band patch to fix zero-day vulnerabilities in Java 7 that are being exploited by an attacker group based in China that last year targeted the chemical industry and some defense contractors. After the flaw became known on August 26, some security experts had advised users to just turn off Java, which runs on billions of computers. Symantec said in an August 30 post that it had traced recent exploits of the flaw to the Nitro gang that in 2011 used phishing emails to target mostly chemical companies in attacks that downloaded the Poison Ivy Remote Access Trojan, which Symantec calls Backdoor.Darkmoon and which also is being used in the current attacks. ―In these latest attacks, the attackers have developed a somewhat more sophisticated technique,‖ Symantec said. ―They are using a Java zero-day, hosted as a .jar file on websites, to infect victims.‖ The attackers are using some of the same tools they used last year, including Poison Ivy/ Backdoor.Darkmoon, the same command-and-control infrastructure, and reusing file names such as Flash_update.exe. ―The Nitro attackers appear to be continuing with their previous campaign,‖ Symantec said. Source: http://gcn.com/Articles/2012/08/30/Oracle-patch-for-zero-day-Java-flaw.aspx?Page=1

For more stories, see items 13 above in the Banking and Finance Sector

Communications Sector

40. August 30, Jersey Journal – (New Jersey) Bayonne police say professionals behind theft of $1,000 in copper cable. More than $1,000 worth of copper cable was stolen from a cellphone tower panel stationed behind an apartment building, Bayonne, New Jersey police said. The theft of the 130 feet of copper cable, worth $1,000, occurred sometime between August 13 and August 20, when a technician arrived to perform routine maintenance work, authorities said. A technician explained that the stolen cables connected the main breaker panel to the building where the cell tower is located. He said the thieves are professionals, noting they used a yellow ―dummy‖ cable to keep the cell tower operational. Source: http://www.nj.com/jjournal-weeklies/index.ssf/2012/08/bayonne_police_say_professiona.html