Wednesday, August 22, 2012
Daily Report
Top Stories
• An 80-car CSX train carrying coal derailed
in downtown Ellicott City, Maryland, killing at least 2 people, crushing
several vehicles in a parking lot, and dumping coal into a river. – Washington
Post
10.
August 21, Washington Post –
(Maryland) Two killed as CSX train derails in Ellicott City overnight. An
80-car CSX train carrying coal derailed in downtown Ellicott City, Maryland,
late August 20 killing at least 2 people, authorities said. According to Howard
County police, the derailment happened when an eastbound freight train came off
the tracks of a rail bridge near Main Street. Police said 21 of the train’s 80
cars derailed or overturned about 12 miles outside of Baltimore, falling off
the tracks that run along the Patapsco River to the east. The train was en
route from Grafton, West Virginia, to Baltimore. The 3,000-foot-long train was
carrying 9,000 tons of coal and traveling at 25 miles per hour, officials said.
They said one of the train cars fell off the bridge onto a county-owned lot
beneath the tracks, crushing several parked vehicles. Cranes were brought in to
remove the railcars from the vehicles. Crews were cleaning up the spilled coal,
which also fell into the Patapsco River. The Associated Press reported about
100 pounds of coal spilled into a tributary of the river. A Maryland Department
of the Environment spokesman said they were worried the coal would boost the
acidity of the water or threaten aquatic life. Main Street and Frederick Road
were closed from Ellicott City into Baltimore County. Source: http://www.washingtonpost.com/blogs/post_now/post/two-killed-as-csx-train-derails-in-ellicott-city-overnight/2012/08/21/99d0a810-eb77-11e1-b811-09036bcb182b_blog.html
• An 11-mile stretch of the Mississippi River
near Greenville, Mississippi, was closed August 20 to most vessel traffic
because of low water levels, idling nearly 100 boats and barges. – CNN
12.
August 20, CNN – (Mississippi) Coast
Guard halts traffic on low-water stretch of Mississippi. An 11-mile stretch
of the Mississippi River near Greenville, Mississippi, was closed August 20 to
most vessel traffic because of low water levels, idling nearly 100 boats and
barges, according to the U.S. Coast Guard. “We are allowing a limited number of
vessels based on size” to attempt to pass, said a New Orleans-based Coast Guard
spokesman adding that the closure was affecting 97 vessels and was halting
northbound and southbound traffic. The same area near Greenville, which sees
about 50 vessels pass on an average day, has been closed “intermittently” since
August 12, when a vessel ran aground, he said. The Coast Guard and the U.S.
Army Corps of Engineers have continued surveying the area and deemed it
“dangerous for vessels to travel through,” he said. The Corp also has being
dredging in the area to deepen the channel and help navigation. A historic
drought and excessive heat have reduced water levels and scorched wide sections
of the U.S. Midwest. Flooding in 2011 may have worsened the situation on the
Mississippi by leaving deposits of silt and debris in areas that would normally
be clear. Source: http://www.cnn.com/2012/08/20/us/mississippi-river-traffic/index.html?hpt=hp_t3
• AT&T Wireless partially disabled 16 cell
phone towers after federal investigators found they were disrupting Oakland,
California’s police radio communications systems for months. – San Francisco
Chronicle
22.
August 20, San Francisco Chronicle –
(California) Oakland police radio culprit: cell towers. The San
Francisco Chronicle reported August 20 that Oakland, California officials said
they and federal investigators have discovered a major source of disruption to
the city’s police radio communications system: Interference from cell phone
towers. Specifically, officials said, cell phone towers operated by AT&T
Wireless have been interfering with the city’s public safety communications
frequency and causing radio failures among police and firefighters on city
streets. AT&T, notified by the city of the problem the week of August 13,
is cooperating and has partially disabled 16 towers. The towers constantly
interfered with the radios, but the problems became particularly pronounced
when a police car was within a quarter to a half mile of a tower, said
Oakland’s public safety systems adviser. The city’s public safety radio
communications system has suffered repeated failures. Officers routinely have
been unable to connect to dispatchers or to communicate with other officers. In
addition, the radios do not work in hundreds of buildings, including the
basement of Oakland police headquarters. Source: http://www.sfgate.com/crime/article/Oakland-police-radio-culprit-cell-towers-3802585.php
• Microsoft warned customers about the
availability of the ChapCrack tool a researcher built to crack the VPN
credentials for systems built on MS-CHAPv2 protocol. – Threatpost See item 27 below in the Information Technology Sector
• Security researchers found a new trojan that
tries to covers its tracks by crippling the victim’s computer after stealing
data. They said the malware was used in targeted attacks at specific
individuals or firms, including at least one in the energy sector. – Computerworld See item 27 below in the Information Technology Sector
Details
Banking and Finance Sector
6. August
21, Cleveland Plain Dealer – (Ohio) Ponzi schemer pleads guilty to
securities fraud, gets nine years. A Ponzi schemer pleaded guilty August 20
in Cuyahoga County, Ohio, to 11 felony counts for bilking $60 million from
nearly 900 investors in her failed Parma Heights Cornerstone Project. The woman
ran an investment fraud scheme with her husband which involved a proposed
multimillion-dollar retail and entertainment development that was never built.
Prosecutors said that between 2003 and January 2005, she solicited family
members, friends, and co-workers to invest in many development projects,
including Cornerstone. She promised a high rate of return. A spokesman for the
Ohio Department of Commerce said the scheme unraveled when the department’s
division of securities received a complaint from a family member who became
suspicious after his mother was promised a 16 to 20 percent return on her
investment. After the division investigated, it issued a cease-and-desist order
against the woman in May 2004 for selling unregistered promissory notes. She
continued selling the notes, and the spokesman said the State then obtained a
preliminary injunction against her. A few months later, she was found to have
violated the preliminary injunction by continuing to sell securities without
the court’s permission. A receiver was then appointed to take possession of the
couple’s joint assets and of the woman’s individual assets. The receiver
recovered $10.5 million for the investors. Source: http://www.cleveland.com/metro/index.ssf/2012/08/ponzi_schemer_joanne_schneider.html
7. August
20, Reuters – (National) U.S. broker-dealer audit problems found in Ponzi
scheme-inspired review. Nearly 4 years after a broker-dealer admitted using
his firm for a massive Ponzi scheme, a U.S. audit watchdog group says it is
disturbed by problems that persist in audits of broker-dealers, including a
failure to assess the risk of fraud, Reuters reported August 20. In its first
report on inspections of broker-dealer auditors, the Public Company Accounting
Oversight Board (PCAOB) said it found problems in all 23 audits it reviewed,
including failure to test controls over customer funds. The problems were found
during inspections of small broker-dealer audits conducted between October 2011
and February 2012. In 13 of the 23 audits the PCAOB checked, audit firms did
not do enough to assess and respond to risks of material misstatements due to
fraud, the board said. In two cases, audit firms helped prepare the financial
statements they audited, a violation of Securities and Exchange Commission
independence rules. Source: http://www.reuters.com/article/2012/08/20/us-usa-audits-watchdog-idUSBRE87J0SO20120820
8. August
20, CNNMoney – (International) U.S. seizes $150 million linked to Hezbollah
money laundering. Federal officials said August 20 that they seized $150
million as part of a crackdown on a money laundering scheme linked to the
Lebanese militant group Hezbollah. The seizure came following a complaint filed
in December 2011 alleging that the now-defunct Lebanese Canadian Bank laundered
money for Hezbollah-controlled groups around the world. Officials said that
between 2007 and 2011, Lebanese Canadian Bank and other financial institutions
routed at least $329 million in proceeds from drug sales and other criminal
activity to the United States, where this money bought used cars that were
later sold in West Africa. These proceeds were then funneled back to Lebanon
via Hezbollah-controlled channels. In September 2011, the majority of Lebanese
Canadian Bank’s assets were purchased by Societe Generale de Banque au Liban,
another Lebanese bank. At least $150 million from that sale was being held in
escrow in an account at Lebanon’s Banque Libano Française, so U.S. officials
seized an equivalent amount of money from a U.S. correspondent account of
Banque Libano Française. Neither of the two banks were accused of wrongdoing.
Source: http://money.cnn.com/2012/08/20/news/world/feds-seize-hezbollah/index.html
9. August
20, Dayton Daily News – (Ohio) Local credit card scam may be
part of larger ring. Two men who allegedly used personal information from
consumers to create hundreds of fake credit and debit cards may be part of a
larger ring, officials said. Both men were indicted the week of August 20 in
Warren County, Ohio, after they were arrested at the Franklin Walmart after
they allegedly bought about $2,400 in merchandise and gift cards with credit
and debit cards they created using stolen bank account information, according
to a prosecutor. The prosecutor said the two allegedly obtained credit and
debit card numbers and then used some sort of equipment to make the fake cards
or at least used the bank data to obtain the cards. He said he was not certain
where they obtained the numbers, but since many different banks were involved
it did not appear to be an inside bank job. Alert cashiers apparently noticed
the men were using many different bank cards at the self check-out to purchase
mainly gift cards. Source: http://www.daytondailynews.com/news/news/local-credit-card-scam-may-be-part-of-larger-ring/nRGHS/
Information Technology Sector
25. August
21, The H – (International) Apache Server 2.4.3 fixes over fifty bugs and
two security holes. The Apache Software Foundation released version 2.4.3
of the Apache HTTP Server, fixing over 50 bugs and closing 2 security holes.
The two vulnerabilities are present in the mod_proxy_aip, mod_proxy_http, and
mod_negotiation modules. The two gaps were listed as CVE-2012-3502 and
CVE-2012-2687, but there is little information available on the actual
problems. The first bug happens with mod_proxy_sjp and mod_proxy_http in the
backend when a connection is closing which “could lead to privacy issues due to
a response mixup.” The second problem, in mod_negotiation, concerns a possible
cross-site scripting (XSS) where untrusted users are uploading files; it is
fixed by escaping file names. Source: http://www.h-online.com/security/news/item/Apache-Server-2-4-3-fixes-over-fifty-bugs-and-two-security-holes-1672035.html
26. August
21, The H – (International) Apple Remote Desktop update fixes VNC
security problem. Apple released version 3.6.1 of its Apple Remote Desktop
application for remotely managing Mac OS X systems to fix an information
disclosure vulnerability. According to Apple, the security update addresses a
serious problem when connecting to third-party VNC servers that may result in
data not being encrypted when the “Encrypt all network data” setting is
enabled. Additionally, when this happens, no warning is produced to alert users
that their connection may be insecure. Source: http://www.h-online.com/security/news/item/Apple-Remote-Desktop-update-fixes-VNC-security-problem-1671129.html
27. August
20, Threatpost – (International) Microsoft warns users about ChapCrack tool
availability. Microsoft is warning customers about the availability of the
ChapCrack tool a researcher built to crack the VPN credentials for systems
built on MS-CHAPv2 protocol. The company said that while it is unaware of any
active attacks using the tool, customers can protect themselves by implementing
protected extensible authentication protocol or changing to a more secure VPN
tunnel. In its advisory, Microsoft says that while the ChapCrack tool does not
take advantage of a security vulnerability, it still represents a risk to
users. “An attacker who successfully exploited these cryptographic weaknesses
could obtain user credentials. Those credentials could then be re-used to
authenticate the attacker to network resources, and the attacker could take any
action that the user could take on that network resource,” the company said in
its advisory on ChapCrack. Source: http://threatpost.com/en_us/blogs/microsoft-warns-users-about-chapcrack-tool-availability-082012
28. August
20, Threatpost – (International) Own the email, own the person. For
attackers looking to take control of a victim’s online presence, there is no
better place to start than the target’s email account. New research done by a
member of IOActive shows just how simple it can be to get control of a target’s
email account, and from there, everything else. The researcher started a
research project to see how easily he could access volunteers’ email accounts.
Targeting friends and family members who agreed to the experiment, the
researcher found that with just the data he gathered online from Facebook and
other sites, he had little trouble accessing the target’s inboxes. The best
mechanism for obtaining access, in most cases, was the password-reset function
on various sites and email services Source: http://threatpost.com/en_us/blogs/own-email-own-person-082012
29. August
17, Computerworld – (International) Shamoon malware cripples Windows PCs to cover
tracks. A new trojan tries to covers its tracks by crippling the victim’s
computer after stealing data, a security researcher said August 17. Dubbed
“Shamoon” by most antivirus companies, the malware has been used in targeted
attacks aimed at specific individuals or firms, including at least one in the
energy sector. According to security company Seculert, Shamoon relies on a
one-two punch, first taking control of a system connected to the Internet
before spreading to other PCs on an organization’s network. The second stage
overwrites files and the Master Boot Record (MBR) of the machine. The latter
makes the PC unbootable. Seculert and other security companies, including
Kaspersky Lab and Symantec, have not yet figured out what kind of data Shamoon
is looking for, then stealing. They assume that because the malware uses a
second infected system to communicate with a hacker-controlled
command-and-control (C&C) server, Shamoon is copying files from pillaged
PCs and sending that information to its masters. Malware rarely destroys files
or wipes the MBR. Most threats try to work quietly to avoid detection as long
as possible. Crippling a computer only brings unwanted attention. “Threats with
such destructive payloads are unusual and are not typical of targeted attacks,”
Symantec said August 16. Since a list of overwritten files is transmitted to
the C&C server, Seculert’s CTO speculated that Shamoon’s makers wanted to
“know what and how much got wiped.” Source: http://www.computerworld.com/s/article/9230359/Shamoon_malware_cripples_Windows_PCs_to_cover_tracks?taxonomyId=82
Communications Sector
30.
August 20, WCBD 2 Mount Pleasant –
(South Carolina) SCE&G equipment failure interrupts WCBD-TV newscast. WCBD
2 Mount Pleasant in South Carolina experienced broadcast interruptions August
20 during its evening newscast due to an SCE&G equipment failure. WCBD is
located in the utility service area affected by the power outage. The outage
caused WCBD to periodically lose news content, audio, and lights during its
newscast. A SCE&G spokesperson said power crews were working to fix the
equipment and restore electricity to area homes and businesses that were
impacted. There was no report on what caused the SCE&G equipment to fail.
Source: http://www2.counton2.com/news/2012/aug/20/power-failure-interrupts-newscast-ar-4377509/
For
another story, see item 22 above in Top Stories