Monday, December 20, 2010

Complete DHS Daily Report for December 20, 2010

Daily Report

Top Stories

• Voice of America News reports U.S. and Yemeni officials said no one was hurt when an attacker tossed a grenade at a parked vehicle in Yemen that had been carrying American embassy personnel. (See item 36)

36. December 16, Voice of America News – (International) Bomb targets US Embassy vehicle in Yemen. U.S. and Yemeni officials said a group of American embassy personnel came under attack December 15 when a bomb exploded near their vehicle outside a restaurant in Yemen’s capital. A U.S. State Department spokesman said no one was injured in the blast, which took place in a commercial district of Sana’a. An investigation is ongoing. Another U.S. official said the explosion disabled the vehicle, and that the embassy believes it was “likely” an attempt to target U.S. interests. Yemeni officials said police arrested several suspects, including a Jordanian in his 20s. They said the attacker threw a hand grenade at a car carrying a number of Americans as it was parked outside a restaurant frequented by foreign nationals. It is unclear whether the attack is linked to al-Qaida militants in the country. Source: http://www.voanews.com/english/news/middle-east/Bomb-Targets-US-Embassy-Vehicle-in-Yemen-112020384.html

• After the WikiLeaks security leak, the National Security Agency is operating on the assumption foes may have pierced the most sensitive computer networks under its guard, Reuters said. (See item 40)

40. December 16, Reuters – (National) U.S. code-cracking agency works as if compromised. The U.S. government’s main code-making and code-cracking agency now works on the assumption that foes may have pierced even the most sensitive national security computer networks under its guard. “There’s no such thing as ‘secure’ any more,” a spokeswoman with the National Security Agency said December 16 amid U.S. anger and embarrassment over disclosure of sensitive diplomatic cables by the web site WikiLeaks. She heads the NSA’s Information Assurance Directorate, which is responsible for protecting national security information and networks from the foxhole to the White House. “The most sophisticated adversaries are going to go unnoticed on our networks,” she said. More than 100 foreign intelligence organizations are trying to break into U.S. networks, the Deputy Defense Secretary wrote in the September/October issue of the journal Foreign Affairs. Some already have the capacity to disrupt U.S. information infrastructure, he said. Source: http://uk.reuters.com/article/idUKTRE6BF6DN20101216

Details

Banking and Finance Sector

15. December 17, Melrose Patch – (Massachusetts) Robbery, shooting at Main Street Citizens Bank in Malden. Melrose Police and several other police departments combed the area between Oak Grove and Forestdale December 16 for a gunman who robbed a Citizens Bank branch on Main Street in Malden, Massachusetts. The suspect fits the description given in recent robberies in Reading and Lynnfield. Two Malden schools were placed under lockdown. According to a Malden police spokesman, the suspect entered the bank before 1 p.m., and approached a teller with a note demanding money. She complied, and he moved to leave the bank. When he got to the door, however, it was locked. The gun didn’t come out until the man realized he was locked in. At that point, he pulled out a silver handgun and fired five rounds into the door, the police spokesman said. Malden, Melrose and state police swarmed the area and began searching for the man, described as a black male, about 5-feet, 9-inches tall, wearing a dark jacket and a gray Red Sox hat. Source: http://melrose.patch.com/articles/robbery-shooting-at-main-street-citizens-bank-in-malden

16. December 17, WHIO 7 Dayton – (Ohio) State authorities investigate detonation of explosive device. The Ohio fire marshal, Bureau of Alcohol, Tobacco, Firearms and Explosives, Huber Heights fire and police departments and the Dayton Bomb Squad continue to investigate after an incident at the Fifth-Third Bank on Taylorsville Road December 16. Investigators said a homemade explosive device exploded and ignited the base of an ATM between midnight and 12:15 a.m. The device caused superficial damage to the ATM and no one was injured. Authorities said they are trying to determine who made and detonated the device. Pieces of the exploded device are being analyzed and it could be 7 to 10 days before results are available. Source: http://www.whiotv.com/news/26171988/detail.html

17. December 16, Associated Press – (International) Texas couple accused of funneling money to Iran. A Texas couple and the head of an Oregon charity secretly sent millions of dollars to an Iranian bank and to a contact in Iran for 9 years, violating the U.S. embargo on the Middle East country, according to a federal indictment. The indictment describes an alleged scheme in which the Texas couple got tax exemptions for their donations to the Portland-based Child Foundation charity. The head of the charity allegedly funneled money meant for food and other assistance to his cousin, and to a bank controlled by the Iranian government. Working through Iranian corporations and banks in Switzerland and Dubai, the Texas couple and charity head’s cousin masked their transfers by using food shipments and other commodities to cover financial donations intended for a sister charity in Iran run by the cousin, federal prosecutors said. “These defendants are charged with going to extraordinary lengths to conceal the transfer of large sums of money in violation of the Iranian embargo,” the U.S. Attorney for Oregon said in a statement December 16. A 26-page indictment alleged the Texas couple conspired to defraud the government, and laundered money by purporting to transfer charitable donations to Iran while actually keeping control of the money. Source: http://www.foxnews.com/us/2010/12/16/indictment-alleges-texas-couple-broke-iran-embargo/?test=latestnews

18. December 16, El Paso Times – (Texas) The FBI has arrested the ‘Lipstick Bandit’ accused of robbing 2 banks. The FBI Violent Crimes Task Force arrested the man believed to be the bank robber dubbed the Lipstick Bandit. FBI officials December 16 said a tip led to the arrest of a 31-year-old male suspect in the heists in El Paso, Texas. The suspect faces two counts of bank robbery and possession of a firearm. He was jailed on unrelated charges. On December 8, a bank robber wearing lipstick, big sunglasses, and carrying a woman’s vinyl purse used a handgun to rob the Compass Bank at 9870 Gateway North. As the robber fled, a red dye pack that was hidden in a bundle of money exploded in his truck, the FBI said. A week prior, the same man allegedly robbed the Compass Bank at 6044 Gateway East. Source: http://www.elpasotimes.com/ci_16878356?source=most_viewed

19. December 16, KXXV 25 Waco – (Texas) 4 women accused of stealing background check information. Four Waco, Texas-area women were arrested December 16 on accusations they stole personal information from fingerprint applications. The four were indicted by a federal grand jury on one count of conspiracy to commit identity theft. One woman is also charged with six substantive aggravated identity theft counts; two of the others are also charged with one aggravated identity theft count. From March 2008 to July 2008, one of the accused was employed as a Live Scan Operator by Integrated Biometrics Technology in Waco, where applicants provide personal information, such as Social Security numbers and dates of birth. The suspect employee allegedly stole thousands of background check applications when she left the company, and the four women then used them to fraudulently obtain credit cards, open accounts, and purchase items throughout the country. Their hearings are scheduled for December 21 and if convicted, they each face up to 15 years in federal prison. Source: http://www.kxxv.com/Global/story.asp?S=13688249

Information Technology

45. December 17, H Open Source – (International) Google questions results of malicious site protection test. In a test conducted by NSS Labs, the beta version of Internet Explorer 9 warned testers about visiting malicious sites or downloading infected files in 99 percent of cases. Internet Explorer 8 achieved a respectable result of 90 percent. The good result for Internet Explorer 9 was reportedly due to the previously existing SmartFilter URL filtering and the newly added SmartFilter reputation-based filtering. The test by NSS Labs was financed by Microsoft. Google’s Chrome 6 browser reportedly only detected 3 percent of threats, although it had still warned users in 14 percent of cases in a previous test. Google has questioned the validity of the test results, arguing there is no description of the testing methodology that would allow the tests to be independently verified. Although NSS Labs did describe the test set-up in its results publication, there are no details about which set of URLs was used for the test, and which criteria were used to determine potential threats. According to the description, the test only investigated URLs where a link directly lead to an infected file being downloaded — sites containing exploits for drive-by downloads were apparently omitted. Source: http://www.h-online.com/open/news/item/Google-questions-results-of-malicious-site-protection-test-1155534.html

46. December 16, Computerworld – (International) Google adds Flash sandbox to Chrome beta. Two weeks after it debuted a sandbox to isolate Adobe’s Flash Player plug-in, Google pushed the security enhancement to the more reliable beta channel of its Chrome browser December 16. Chrome users already running the beta build will be automatically updated to the version that includes the sandboxed Flash. A “sandbox” isolates processes on the computer, preventing or at least hindering malware from escaping an application to wreak havoc on the machine. That has become increasingly important for Flash, as the popular media player has been aggressively targeted by hackers in 2010. Adobe has had to patch Flash five times since January, and in several cases was forced to scramble to release emergency fixes as new attacks surfaced. Chrome’s Flash sandbox relies on some elements of the already-in-place technology that the browser uses to protect HTML and JavaScript. But much of the new work was created from scratch in cooperation with Google, an Adobe executive said when the two companies announced the inclusion of the sandbox in Chrome’s “dev” channel December 1. Source: http://www.computerworld.com/s/article/9201419/Google_adds_Flash_sandbox_to_Chrome_beta

47. December 16, SC Magazine – (International) Malware targeting Google Android quadruples in 2010. Malware aimed at Google’s Android mobile operating system rose fourfold in 2010, compared to 2009, research has shown. This represented the most significant jump in comparison to other platforms, claimed mobile security specialists AdaptiveMobile. Reported exploits targeting the iPhone fell, as did new Symbian malware, which dropped by 11 percent. However, the overall number of mobile malware infections reported went up 33 percent, again compared with 2009 figures. Source: http://www.securecomputing.net.au/News/241877,malware-targeting-google-android-quadruples-in-2010.aspx

48. December 16, H Security – (International) When a smart card can root your computer. A buffer overflow flaw in the open source smart card library OpenSC can be exploited to inject and execute malicious code on a system. According to UK security company MWR InfoSecurity, the bug in the library is triggered when reading serial numbers from smart cards. The card-atrust-acos.c, card-acos5.c, and card-starcos.c drivers in OpenSC version 0.11.1 are all affected. Starcos and Acos5 cards are used to store private cryptographic keys and are deployed in the Public Key Infrastructure (PKI) field. The bug is unlikely to be exploitable using standard chip cards, although card simulators are able to send a crafted serial number to a terminal. MWR reports that it has developed a proof-of-concept exploit. MWR does not discuss specific targets for such an attack, but attacks on systems which require chip card authentication are conceivable. Under Windows, code injected via the OpenSC vulnerability would be able to run with system privileges. The OpenSC development team has released patches to fix the vulnerabilities in all three drivers. Source: http://www.h-online.com/security/news/item/When-a-smart-card-can-root-your-computer-1154829.html

49. December 15, Social Barrel – (International) Yahoo image search hacked. Yahoo’s image search began to display pornographic images December 14, the same day Yahoo laid off over 600 employees. The pornographic images seemed to appear no matter what someone searched on Yahoo. They would not appear immediately, but if a user clicked on a thumbnail image at the top of the search results, what has been described as a XXX photo would appear. Yahoo first pulled down the image thumbnails to avoid any further appearance of the images, and by December 15 it appeared the issue had been fixed. Many industry observers are suggesting, although there does not appear to be any concrete evidence as of now, that it could have been a disgruntled Yahoo employee who was let go during the series of layoffs. Yahoo released about 4 percent of the company’s workforce December 14 in an attempt to streamline operations and better compete with rivals such as Facebook and Google. Source: http://socialbarrel.com/yahoo-image-search-hacked/1598/

50. December 15, iTnews – (International) Sydney honeypots attract morphing botnet malware. The Sydney, Australia branch of West Coast Labs’ global honeynet was amongst the first to record two new malware variants the week of December 5, as the RBot family continued to wreak havoc on global networks. Of the 41 malware threats detected by West Coast Labs’ Sydney honeypots the week of December 6, 29 were received there for the first time. The honeypots detected a compressed file — generally agreed to be a member of the polymorphic Virut family of viruses. This virus infects files with encrypted code, which spreads further when each infected file is run. The honeypots were also the first in the West Coast Labs network to pick up a worm December 4 thought to be part of the Allaple family. This worm spreads via networks and e-mail, dropping the file urdvxc.exe into the System32 system directory of Windows machines and using this to spread itself further. One in five new malware threats detected by the honeynet were variants of the RBot family. The RBot family of malware uses an exploit in the Windows operating system that leaves open IRC (internet relay chat) channels 24 hours a day. Source: http://www.itnews.com.au/News/241772,sydney-honeypots-attract-morphing-botnet-malware.aspx

Communications Sector

51. December 17, Ecommerce Journal – (National) HDTVs are vulnerable to cyber and hacking attacks. Hackers can potentially use Internet-connected HDTVs to infiltrate malware into home networks, said the latest report by a maker of security software for smartphones, VoIP devices, and TVs. Mocana conducted the tests on a range of inter-connected TVs, during which a security flaw was discovered in the kit of an unspecified manufacturer. The firm does not elaborate on the firm involved or the security weakness, at least until a fix is released. In its press release, Mocana said the security bug is a way to hack into consumers’ home network and potentially intercept and redirect internet traffic to and from the HDTV to mount phishing scams, gain access to backend services from third-party organizations (such as video streaming), or monitor and report on consumers’ private internet usage habits. Mocana’s researchers managed to deploy hacking techniques familiar to the world of PC skullduggery (such as “rogue DNS”, “rogue DHCP server”, or TCP session hijacking techniques) to inject JavaScript onto a vulnerable device “allowing attackers script integrity before running code”. Source: http://www.ecommerce-journal.com/news/30660_hdtvs-are-vulnerable-cyber-and-hacking-attacks

52. December 16, Minneapolis Star Tribune – (Minnesota) FBI seeks victims of ‘cramming’. Two days after it raided a Forest Lake, Minnesota company called Alternate Billing Corp., the FBI announced it wants to hear from people who think the company put unauthorized charges on their phone bills. The practice is called cramming, and charges linked to Alternate Billing could carry many names, including MyIProducts, Safeguard My Credit, My411Connect, and others. Other media outlets reported he investigation is connected to the FBI’s probe into an Indiana businessman, whose investment firm collapsed earlier this year. On its Web site, Alternate said it helps online companies do business with “savvy online browsers” who are reluctant to purchase goods or services over the Internet with a credit card. Instead, Alternate lets those companies put those charges on a customer’s land-line phone bill. Such transactions have earned the ire of many telephone customers, who complain mysterious charges start showing up on their phone bills after filling out online surveys. A U.S. Senator sent a letter to the Federal Communications Commission (FCC) last month urging the agency to consider new rules that would prevent cramming. State law requires phone companies to remove unauthorized third-party charges and reimburse customers for up to 6 months of charges. A former employee of Alternate said he was taking up to 120 calls a day from people complaining about unwanted services that showed up on their phone bills. The worker, who left the company about 3 years ago, said he has spoken to the FBI and the Minnesota attorney general’s office. Source: http://www.startribune.com/investigators/112011079.html?elr=KArksLckD8EQDUoaEyqyP4O:DW3ckUiD3aPc:_Yyc:aUvckD8EQDUF

53. December 14, Wired – (National) Warrant needed to get your e-mail, appeals court says. The government must obtain a court warrant to require internet service providers to turn over stored e-mail to the authorities, a federal appeals court ruled December 14. The decision by the 6th U.S. Circuit Court of Appeals was the first time an appellate court said Americans had that Fourth Amendment protection. “The government may not compel a commercial ISP to turn over the contents of a subscriber’s e-mails without first obtaining a warrant based on probable cause,” the appeals court ruled. The decision — one stop short of the Supreme Court — covers Kentucky, Michigan, Ohio, and Tennessee. The legal brouhaha centered on the founder of an Ohio herbal-supplement company that marketed male-enhancement tablets. As part of a fraud investigation, the government obtained thousands of his e-mails from his ISP without a warrant. He appealed his 25-year conviction on those and other grounds, and the circuit court tossed his sentence on issues unrelated to the court’s language concerning e-mail privacy. At issue in the e-mail flap was a 1986 law that allows the government to obtain a suspect’s e-mail from an ISP or Webmail provider without a probable-cause warrant, once it has been stored for 180 days or more. The appeals court said December 14 this part of the Stored Communications Act is unconstitutional. Source: http://www.wired.com/threatlevel/2010/12/fourth-amendment-email/

No comments: