Thursday, September 13, 2012

Complete DHS Daily Report for September 13, 2012

Daily Report

Top Stories

• An audit found that for 80 percent of the roughly 13,000 abandoned oil and gas wells in West Virginia, regulators did not know who operated them, or the operator had not agreed to plug the wells or restart them. – Associated Press

1. September 11, Associated Press – (West Virginia) Auditors call on W.Va. regulators to step up abandoned oil, gas well oversight. West Virginia regulators are not keeping up with the thousands of oil and gas wells that operators abandoned across the State, a new report found. Legislative auditors counted around 13,000 abandoned wells in a study presented to lawmakers September 11. The audit found that for 80 percent of wells, regulators either do not know who operated them, or the operator has not agreed to plug the wells or restart them. The office of oil and gas at the State Department of Environmental Protection is supposed to oversee these wells. Auditors said the office is not requiring operators to act on abandoned wells or inspecting them. The report warns that unchecked wells pose potential environmental or public safety hazards. The agency said 50 of West Virginia’s 55 counties have wells, and a number of them are in hard-to-reach locations. Source:

• The U.S. Environmental Protection Agency planned to send a team to an abandoned factory in Slinger, Wisconsin, after fumes from tons of toxic chemicals led to the hospitalization of an inspector. – TMJ 4 Milwaukee

5. September 12, TMJ 4 Milwaukee – (Wisconsin) EPA to inspect Slinger factory with tons of chemicals after man hospitalized. The U.S. Environmental Protection Agency planned to send a team to an abandoned factory in Slinger, Wisconsin, September 12 after an inspector was hospitalized following the discovery of tons of toxic chemicals. The team was scheduled to head into the former Niphos Coating metal-plating plant to begin cleanup of 27,000 pounds of chemicals found September 11. The Slinger village president said one inspector who went into the building was hospitalized after exposure to vapors. He said his biggest concern is someone with ill intentions might target the building, and noted police are stationed at the building. He does not believe there is a threat to people who live near the site, but the village president told them to be prepared to evacuate. Source:

• Thunderstorms flooded Las Vegas streets, stranded Navajo families in Arizona, left two mobile home communities in California deep in water, and caused a dike to fail in a Utah town. – NBC News

16. September 12, NBC News – (West) Storms flood parts of Vegas, Navajo land, Calif. desert communities, Utah town. Thunderstorms flooded Las Vegas streets, stranded Navajo families in northern Arizona, left two mobile home communities in Southern California deep in water, and caused a dike to fail in a Utah town, NBC News reported September 12. In the Las Vegas area, the September 11 storms delayed flights, snarled traffic, and prompted helicopter rescues of stranded motorists. A golf course worker was reported missing and a search for the man resumed September 12, KSNV 3 Las Vegas reported. In southeast Las Vegas, authorities urged residents of about 45 homes damaged by flooding to leave in case electrical fires were sparked. Dozens of cars were swamped by water up to their headlights in a parking lot outside the Thomas & Mack sports arena at the University of Nevada, Las Vegas. In California’s Coachella Valley, a thunderstorm September 11 dropped more than the average annual rainfall there in one night alone in desert towns 150 miles southeast of Los Angeles. In Thermal, the downpour flooded the Desert Mobile Home Park better known as Duroville, a community of mostly migrant workers with about 1,500 people, including 900 children. Between 60 and 80 people had evacuated from the park and were spending the night at a high school. On the Navajo Nation reservation in northeastern Arizona, many of Tuba City’s roads were underwater and residents were stuck in their homes. State Route 264, one of two main arteries in and out of town, was closed after a bridge washed out about a mile outside of the community, the Tuba City Chapter manager said. Source:

• A new outbreak of Listeria monocytogenes linked to cheese has killed three people and sickened 14 people in 11 States, federal officials said. – Food Safety News

21. September 12, Food Safety News – (National) Three deaths counted in Listeria outbreak linked to cheese. A new outbreak of Listeria monocytogenes has killed three people, the federal Centers for Disease Control and Prevention (CDC) said September 11. The deaths are being blamed on cheese imported from Italy. According to CDC, 14 persons were infected with the outbreak strain in 11 States and the District of Columbia. All have been hospitalized. CDC said Listeriosis contributed to at least one death. The CDC report on the outbreak came 24 hours after Long Island-based Forever Cheese recalled one of its imported cheese brands for possible contamination. The number of ill persons identified in each State is as follows: California (1), Colorado (1), District of Columbia (1), Maryland (3), Minnesota (1), Nebraska (1), New Jersey (1), New Mexico (1), New York (1), Ohio (1), Pennsylvania (1), and Virginia (1). Forever Cheese, an importer of products from Italy, Spain, and Portugal, September 10 recalled the Ricotta Salata Frescolina brand from one specific production date for possible Listeria contamination. It also said that the U.S. Food and Drug Administration was investigating. Later September 11, Maryland health officials said three people with Listeria illnesses were being treated in area hospitals. The cheese was sold to distributors for retailers and restaurants in California, Colorado, District of Columbia, Florida, Georgia, Illinois, Indiana, Maine, Maryland, Massachusetts, Montana, New Jersey, New Mexico, New York, Ohio, Oregon, Pennsylvania, Virginia, and Washington between June 20-August 9. Source:

• The United States said it was taking measures to protect its citizens worldwide after protesters attacked U.S. diplomatic compounds in Libya and Egypt, killing four U.S. officials. – CNN

31. September 12, CNN – (International) Protesters attack U.S. diplomatic compounds in Egypt, Libya. The United States said it was taking measures to protect its citizens worldwide after protesters attacked U.S. diplomatic compounds in Libya and Egypt, killing four U.S. officials September 11. In Libya, witnesses said members of a radical Islamist group called Ansar al-Sharia protested near the U.S. Consulate in Benghazi and then clashed with security forces in the city, blocking roads leading to the consulate. The U.S. ambassador to Libya, a Foreign Service information management officer, and two other U.S. personnel were killed in the attack, the State Department said. In Cairo, several men scaled the walls of the U.S. Embassy and tore down its American flag. Police and army personnel formed defensive lines around the embassy in an effort to prevent demonstrators from advancing, but not before the protesters affixed a black flag atop a ladder in the American compound. Embassy officials issued a warning to Americans in Egypt, telling them to avoid the demonstrations which ―may gather in front of the U.S. Embassy.‖ The Secretary of State said that following the events the U.S. government was ―working with partner countries around the world to protect our personnel, our missions and American citizens worldwide.‖ Source:

• Santa Clara, Utah, was devastated after an earthen dam broke during heavy rains, sending a surge of flood waters into 30 homes and some businesses. –

54. September 12, – (Utah) Utah dam break sends surge of flood water into dozens of homes, businesses. Santa Clara, Utah, was devastated September 11 after an earthen dam broke during heavy rains, sending a surge of flood waters into 30 homes and some businesses. KSL 5 Salt Lake City reported a breach in a retention basin dam caused the surge of water. According to the National Weather Service, more than 3 inches of rain fell on the small canyon area of Ivins and the runoff drained into a dry wash, forcing pressure on the dam. A police officer spotted water coming through the dike and residents were evacuated before it broke. The county public works director said water began seeping through the top of the dam and as the earthen face eroded and pressure built up behind it, the breach sliced slowly downward to the rock base as it widened. Officials said the breach in the dam reached 60 to 80 feet wide at its base. The high-risk dam was scheduled to be rebuilt, they said. Source:


Banking and Finance Sector

11. September 12, IDG News Service – (International) EMV flaw allows ‘pre-play’ attacks on chip-enabled payment cards. Many ATMs and point-of-sale (POS) terminals fail to properly generate random numbers required by the Europay, MasterCard, and Visa (EMV) protocol to securely authenticate transaction requests, according to a team of researchers from the University of Cambridge. The use of defective random number generation algorithms make those payment devices vulnerable to so-called ―pre-play‖ attacks that allow criminals to send fraudulent transaction requests from rogue chip-enabled credit cards, the researchers said in a paper released September 11. The EMV standard requires the use of payment cards with integrated circuits capable of performing specific cryptographic functions. These cards are commonly known as chip-and-PIN cards, EMV cards, or integrated circuit cards. EMV-compliant devices must generate so-called ―unpredictable numbers‖ (UNs) for every transaction request so card issuers can verify the ―freshness‖ of these requests. Older versions of the EMV specification did not provide clear instructions for how these random numbers should be generated and only required that payment devices generate four different consecutive UNs to be compliant. The researchers found weak UN generation in devices that were easy to predict and thus take advantage of for fraudulent transactions. Source:

12. September 12, WJAR 10 Providence – (Massachusetts; Rhode Island) ‘Bearded Bandit’ strikes another RI bank. Police in Barrington, Rhode Island, suspect that the ―Bearded Bandit‖ may be to blame for a robbery at a TD Bank September 11. So far, the FBI has linked the so-called bearded bandit to a bank robbery in Pawtucket August 25. Authorities said the same man was responsible for six other robberies in southeastern Massachusetts and Rhode Island since February. Source:

13. September 12, – (National) Skimming threatens debit card users, while fraud strikes 1 percent of credit card transactions. Twice as many credit card fraud cases involve phone or online transactions than retail sales, according to new data from FICO, reported September 12. However, researchers found that sophisticated counterfeit rings have raised the stakes for merchants over the most recent 20-month survey period. Researchers reported an increase in skimming. ATMs, grocery stores, and automated fuel pumps topped the list of places where criminals use stolen or cloned debit cards. According to a company spokesman, fraud rings usually test stolen cards with smaller online transactions. In a statement to reporters, he described online tests as a ―relatively safe‖ way for thieves to learn whether victims notice extra purchases on their monthly statements. The theory rings true with researchers at J.D. Power and Associates, where the results of an annual customer satisfaction survey showed that nearly a quarter of reported credit card problems involved fraudulent transactions. Source:

14. September 11, Associated Press – (New York) White Glove Bandit pleads guilty to NY bank heists. A man dubbed the ―White Glove Bandit‖ pleaded guilty to a series of armed bank robberies in New York City, the Associated Press reported September 11. He admitted committing four bank robberies on Manhattan’s Lower East Side earlier this year. Authorities said he wore white gloves and dark sunglasses in each holdup, showing what appeared to be a revolver as he demanded money. Authorities said the weapon was actually a cap gun. In all, he stole more than $32,000. Source:

15. September 11, Reuters – (International) Whistleblower in UBS tax case gets record $104 mln. The whistleblower in a breakthrough tax fraud case against Swiss bank UBS AG won a record-setting $104 million reward from the U.S. Internal Revenue Service, a payout that could entice more informants to come forward, Reuters reported September 11. In a case that shook Swiss banking to its core, UBS in 2009 entered into a deferred prosecution agreement and paid $780 million in fines, penalties, interest, and restitution to settle charges that it helped thousands of wealthy Americans hide billions of dollars in secret Swiss accounts. U.S. authorities are still investigating other Swiss banks. The whistleblower knew the inner workings of UBS and spilled many secrets about his former employer’s dealings with U.S. clients. But he was jailed after the government said that he withheld other information and he spent 30 months in prison. He is scheduled to be freed from home confinement in late November and is continuing to help government tax authorities with their investigations, said his lawyers. Source:

Information Technology Sector

40. September 12, The H – (International) Adobe fixes ColdFusion security vulnerability. September 11, Adobe released an update for ColdFusion to close a security hole in its rapid Web application development software. The hotfix for ColdFusion addresses a vulnerability (CVE-2012-2048), which the company rates as important, that could be exploited by a remote attacker to cause a denial-of-service (DoS) condition. Source:

41. September 11, The Register – (International) Zombie PC herders issue commands from Tor hideout. Security researchers discovered a botnet that uses the Tor anonymizer network to hide its command nodes. The owners of the compromised network of Windows PCs placed their command-and-control server, which uses the common Internet relay chat protocol, as a hidden service inside of the Tor network. This novel approach gives multiple advantages to the zombie PC herders, security firm G-Data explained. Since the server is anonymous, it cannot point towards the botnet owners’ identity. Botnet control traffic is encrypted by Tor, so it cannot be blocked by Intrusion Detection Systems monitors. Blocking Tor traffic in general is problematic because there are legitimate uses for the technology. In addition, Tor servers cannot be taken down easily. Source:

42. September 11, Krebs on Security – (International) Microsoft pushes two security patches. September 11, Microsoft issued security updates to fix at least two vulnerabilities in its software. The fixes are for enterprise components that are not widely installed, meaning Windows home users will likely not have to patch their operating system in September. Microsoft is urging system administrators at organizations to test a soon-to-be mandatory patch (KB2661254) that will change the way Windows handles encryption keys. That patch is in apparent response to the weaknesses exploited by the Flame malware, which used it to successfully spoof the encryption algorithm used by Microsoft’s Remote Desktop and to install itself on Windows PCs. Source:

43. September 11, SecurityNewsDaily – (International) Internet Explorer 10 to get Flash fixes after all. Microsoft is making security fixes for Adobe Flash Player for Windows 8 available before the new operating system’s general availability day. Previously, Windows 8 users were told a new security patch for Internet Explorer (IE) 10’s Flash Player would not be available until October 26, the day Windows 8 is made available to the general public. That left current users of the yet-to-be-officially-released operating system with few alternatives; in a move borrowed from Google Chrome, Microsoft fully integrated Flash into IE10, and the browser can now only be updated by Microsoft, not Adobe. Source:

For more stories, see items 11 and 13 above in the Banking and Finance Sector

Communications Sector

See item 13 above in the Banking and Finance Sector

Department of Homeland Security (DHS)

DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site:

Contact Information

Content and Suggestions: Send mail to or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List: Send mail to

Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure

Coordinating Center at or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at or visit their Web page at v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.