Friday, September 7, 2012

Complete DHS Daily Report for September 7, 2012

Daily Report

Top Stories

• A US Airways plane bound for Dallas was ordered back to Philadelphia International Airport after police received a call about explosives on board that they later determined was a hoax. – Reuters

15. September 6, Reuters – (Pennsylvania) Philadelphia police investigating hoax in airplane diversion. A US Airways plane bound for Dallas was ordered back to Philadelphia International Airport in Philadelphia September 6 after police received a call about explosives on board that they later determined was a hoax. The incident began with a phone call to Philadelphia police, when a caller reported that a passenger on board the flight had illegal devices or a hazardous substance, according to authorities. The plane, Flight 1267, which had taken off for Dallas a short time earlier, was diverted back to the airport, authorities said. One passenger was taken from the plane for questioning. Authorities evacuated and searched the plane, found no explosives and later determined the initial call appeared to be a prank being played on the passenger. A spokesman for U.S. Airways said Flight 1267 eventually left for Dallas, after most of the original passengers reboarded the plane. Source:

• A huge fire with two explosions at a new school in Tulsa, Oklahoma, sent eight firefighters to the hospital and caused $8 million in damage. – KOKI 23 Tulsa

28. September 6, KOKI 23 Tulsa – (Oklahoma) Federal fire investigators assist in school explosion. A massive fire with back to back explosions at a new charter school in Tulsa, Oklahoma, sent eight firefighters to the hospital early September 5. The explosions happened at Tulsa School of Arts and Sciences. Six firefighters were released and two are in the burn unit. Firefighters from across the city were rotating in and out to keep an eye on hot spots overnight into September 6. The damage is 40,000 square feet and is an estimated $8 million loss. Firefighters said the explosion happened near the chemistry lab on the northeast end of the building. The Bureau of Alcohol, Tobacco, Firearms and Explosives activated its National Response Team to assist Tulsa fire in the investigation. Magnum Construction said workers installed a 9-inch fume hood in the chemistry lab the night of September 4. The vice president of the company said when workers left for the night they did not notice lit burners or visible flames. Source:

• A chemist accused of failing to follow protocols at a Massachusetts crime lab had been involved in testing 50,000 drug samples, potentially opening the door to a swath of legal challenges, officials said. – CNN

37. September 5, CNN – (Massachusetts) Chemist in Boston lab scandal handled 50,000 drug samples. A chemist accused of failing to follow protocols at a Massachusetts crime lab had been involved in testing some 50,000 drug samples, potentially opening the door to a swath of legal challenges, officials said September 5. The list of samples was turned over to prosecutors and public defenders September 4. The samples were tested during the chemist’s 9-year term at the facility, State authorities said. The samples were from an estimated 34,000 cases she worked on during her career. The forensic services director for the Committee for Public Counsel Services said investigators first learned of a breach in protocol in February over a June 2011 incident in which samples were incorrectly cataloged. The Boston lab certified drug samples for Massachusetts law enforcement before the governor ordered it closed August 30 in the wake of an investigation into the scandal. The State’s Department of Public Health said it had ―placed an additional lab supervisor on leave pending the outcome of our investigation.‖ Source:

• Two Texas prisons that have had serious problems with cellphones being smuggled to inmates are getting electronic help to block phone calls coming from inside the lockups. – Associated Press

39. September 5, Associated Press – (Texas) 2 Texas prisons to get phone restriction devices. Two Texas prisons that have had serious problems with cellphones being smuggled to inmates are getting electronic help to block phone calls coming from inside the lockups, the Associated Press reported September 5. The new ―managed access system‖ will allow calls from inside only to approved numbers, according to the Texas Department of Criminal Justice executive director. The Stiles Unit in Beaumont and the McConnell Unit in Beeville have seen the most contraband phones and will get the blocking system within about 6 months. The new technology intercepts cellphone signals and has the ability to block other unauthorized communication attempts, such as emails, texts, and Internet log-ons, the prison agency said September 5. It does not interfere with radio communications, 9-1-1 calls, or other approved electronic devices. The system works through the vendor that handles pay phone calls made by inmates in all 111 State prisons. Source:

• A new report found that globally, people lost $110 billion to cybercrime in 2011, with about 71 million U.S. consumers losing $20.7 billion. – ZDNet See item 45 below in the Information Technology Sector


Banking and Finance Sector

9. September 6, South Florida Business Journal – (Florida) Five charged in $20M commodities investment fraud. Federal authorities unsealed a 22-count indictment September 5 charging five individuals in south Florida with running a $20 million investment scam based on advertised high returns for investing in commodities trading. According to a news release from the U.S. attorney’s office, they were charged with fraud, money laundering, and conspiracy. The news release alleged the defendants told investors they could make up to 33 percent returns within 105 days by profits from trading on fish, iron ore, and sugar through a company called Commodities Online, LLC. But the government alleges those advertisements were false, and the company had no profitable contracts for trading. The charges allege that the defendants actually siphoned off $1.3 million for themselves, and failed to disclose that one of the company’s principles had a felony record. Source:

10. September 6, Provo Daily Herald – (California) Suspects sought after Hollywood-style bank heist. Two masked gunmen managed to evade authorities after a bizarre bank heist in which they strapped what they said was a bomb to the bank manager’s midsection and forced her to order employees to ―take out all the money‖ from her branch in Los Angeles September 5. The bank robbers got away with an undisclosed amount of cash from the Bank of America when it opened. No arrests had been made as of early September 6. A Los Angeles County sheriff’s bomb squad disabled the device, but investigators said it was not an explosive. The bank manager was snatched in front of her home and arrived at her workplace wearing a device the men had strapped to her stomach. The two men, who were armed with handguns and wore ski masks, took off in a two-door car, possibly a Kia, and remained at large. Businesses near the bank were evacuated for a few hours as a precaution. Source:

11. September 6, The H – (International) Online banking trojan has designs on chipTAN users. The Tatanga trojan has come up with a new way of ripping off online banking users in Germany by deceiving users of the chipTAN system, The H reported September 6. Transaction authentication numbers (TAN), are one-time authentication numbers generated and used to validate banking transactions. Tatanga already had a reputation for attacking mobile TAN systems (mTAN) that use SMS to send through a TAN number. ChipTAN is a different system that requires a bank card to be inserted into a device and then held against the screen. The bank then flashes the display to transfer data about the current transaction to the device, which generates a TAN for the current transaction. According to Trusteer, Tatanga can get the TAN number from a chipTAN user by tricking them into thinking the bank is testing the chipTAN system. When a user logs into their bank account, the trojan checks the user’s account details and selects an account from which it can take the most money. It then begins a transfer, but to complete that transfer it needs a TAN. Tatanga injects code into the user’s bank Web browsing explaining the bank is performing a chipTAN test. If the user follows the instructions, they enter a TAN number into the system that Tatanga uses to complete its transaction. When the transaction is complete, Tatanga takes steps to obscure the transaction in the victim’s transaction history. Source:

Information Technology Sector

40. September 6, The Register – (International) Apple Java update fails to address mega-flaw – researcher. Apple released an update for Java September 5, but it does not tackle a high-profile flaw that has become the target of attacks over recent weeks. Java for OS X 2012-005 and Java for Mac OS X 10.6 Update 10 offer patched versions of Java for OS X Lion and Mountain Lion systems that tackle CVE-2012-0547. However, this is a different problem than the CVE-2012-4681 bug currently targeting Java users, Krebs on Security reports. Source:

41. September 5, Ars Technica – (International) Apple denies giving iOS device identifier list to FBI. Apple denied giving a list of iOS unique device identifiers (UDIDs) to the FBI, according to a statement issued September 5. The statement follows previous claims from an Anonymous-offshoot group named AntiSec that a list of 12 million UDIDs were found on an FBI agent’s laptop, though the FBI itself also denied collecting that information. Regardless of whether the FBI was collecting the data or not, a witch hunt began to find the real culprit of the leak — widely suspected to be a social networking company of some kind. A developer posted a survey for those who found their UDIDs on the leaked list (the UDIDs appear to be valid) in an attempt to find out where the data came from. Source:

42. September 5, Threatpost – (International) New attack uses SSL/TLS information leak to hijack HTTPS sessions. There is a feature supported by the SSL/TLS encryption standard and used by most of the major browsers that leaks enough information about encrypted sessions to enable attackers decrypt users’ supposedly protected cookies and hijack their sessions. The researchers who developed the attack that exploits this weakness said all versions of TLS are affected, including TLS 1.2, and the cipher suite used in the encrypted session makes no difference in the success of the attack. The attack was developed by the same pair of researchers who in 2011 released details of a similar attack on SSL/TLS and wrote a tool called BEAST, which also gave them the ability to decrypt users’ cookies and hijack sessions with sensitive sites such as e-commerce or online banking sites. Source:

43. September 5, Softpedia – (International) Finnish developer demos breaking into the OS X keychain. A software developer from Helsinki, Finland, wrote a comprehensive proof-of-concept regarding a design compromise in Apple’s keychain implementation that sacrifices security over usability. He says Apple knows about it. Because OS X automatically unlocks a user’s keychain for his/her convenience, ―the root user is able to read all keychain secrets of logged-in users, unless they take extra steps to protect themselves,‖ according to the researcher. The open source proof-of-concept confirms that this compromise can be exploited, ―because this is an intentional design decision instead of a security bug.‖ Source:

44. September 5, Threatpost – (International) Facebook Timeline eraser Chrome plugins dupe tens of thousands of users. Nearly 100,000 Facebook users were duped into installing third-party Chrome plugins over the past few weeks that have access to all of their data on every Web site they visit. According to research recently conducted by security firm Barracuda Networks, the unsuspecting users were tricked into thinking the plugins could block Timeline, a new profile feature Facebook first introduced at the end of 2011. While it does not appear the plugins are harvesting users’ credentials, two of the three suspicious ones try to entice Facebook users into filling out a fake survey and joining a fake Facebook event in hopes of further spreading the plugin. Source:

45. September 5, ZDNet – (International) Norton: Cybercrime cost $110 billion last year. The yearly Norton Cybercrime report analyzes how cybercrime affects consumers, and how emerging technology — including mobile and cloud computing — impacts security. As mobile technology and bring your own device (BYOD) schemes insinuate themselves into the corporate sphere — blending personal and professional communication — businesses must take note. The 2012 report consists of more than 13,000 participants across 24 countries, aged 18-64, and says that U.S. consumers lost $20.7 billion in 2011 after falling prey to cybercrime including attacks, malware, and phishing. Globally, the rate rose to $110 billion in direct financial loss. An estimated 71 million people in the United States became cyber crime victims in 2011. Source:

Communications Sector

46. September 5, Contra Costa Times – (California) KVHS radio equipment overheats, knocks programming off the air. Studio equipment overheated, knocking KVHS 90.5 FM Concord off the air at Clayton Valley Charter High in Concord, California, the Contra Costa Times reported September 5. A former teacher was looking for new computer equipment to replace the hard drive that broke down when temperatures in the school studio reached more than 100 degrees. Source:

47. September 5, Austin Daily Herald – (Minnesota) Storm topples KSMQ tower. A quick-moving storm with straight-line winds breezed through Austin, Minnesota, and knocked down a 440-foot transmitter tower. The tower, owned by KSMQ 15 Austin and leased to wireless providers fell down September 5, according to the KSMQ 15 Austin president and CEO. The radio station could be off the air for as long as 2 weeks, he said. Source:

48. September 5, Nogales International – (Arizona) Towerstrike knocks KPUP radio off the air. Lightning is being blamed for damaging a radio tower that was utilized by the Patagonia, Arizona community radio station, Nogales International reported September 5. The president of KPUP 100.5 FM Patagonia said the non-profit station has been off the air for nearly 2 weeks. One of the station’s founders said a team of climbers will have to make the repairs and/or replacements to the 75-foot-high tower located near the town reservoir behind the high school. He said those repairs could take another 4 weeks if all goes well. Source:

For more stories, see items 44 and 45 above in the Information Technology Sector