Department of Homeland Security Daily Open Source Infrastucture Report

Monday, February 22, 2010

Complete DHS Daily Report for February 22, 2010

Daily Report

Top Stories

 Fox News reports that on February 18 the U.S. Army is investigating allegations that soldiers were attempting to poison the food supply at Fort Jackson in South Carolina. (See item 41)


41. February 18, Foxnews.com – (South Carolina) Army investigates alleged attempt by soldiers to poison food at Fort Jackson. The U.S. Army is investigating allegations that soldiers were attempting to poison the food supply at Fort Jackson in South Carolina. The ongoing probe began two months ago a spokesman for the Army’s Criminal Investigation Division, told Fox News. The Army is taking the allegations “extremely seriously,” the spokesman said, but so far, “there is no credible information to support the allegations.” Five suspects, detained in December, were part of an Arabic translation program called “09 Lima” and use Arabic as their first language, two sources told Fox News. Another military source said they were Muslim. It was not clear whether they were still being held. The spokesman would not confirm or deny the sources’ information. Source: http://www.foxnews.com/story/0,2933,586721,00.html?loomia_ow=t0:s0:a4:g4:r3:c0.000000:b0:z5


 ComputerWorld reports that one of the two Chinese academic institutions identified in a New York times report on February 18 is the apparent source of not only the recent attacks against Google, but has also been linked to a hacker who may have been involved with the takedown of whitehouse.gov in 2001. (See item 48)


48. February 19, ComputerWorld – (International) Chinese school linked to Google attacks also linked to ‘01 attacks on White House site. One of two Chinese academic institutions identified in a New York Times report on February 18 as the apparent source of the recent attacks against Google, has also been linked to a hacker who may have been involved with the takedown of whitehouse.gov in 2001. The Times on February 18 reported that the recent cyberattacks against Google and more than 30 other organizations appeared to have originated from computers at two schools in China. One of the schools was identified as the Shanghai Jiaotong University; the other, as the Lanxiang Vocational School, an academic institution in China’s Shandong Province with apparent ties to the country’s military. A U.S. military contractor attacked in the same manner as Google, has even pointed investigators to a specific computer science class taught by a Ukrainian professor at the vocational school as one source of the attacks, the Times said. The newspaper, quoting unnamed investigative sources, said the attacks on Google and more than 30 other technology companies appear to have begun in April — much earlier than previously believed. If evidence of the schools’ involvement bears out, it could cast doubt on the assumption that the Chinese government or military was directly involved in the attacks, the Times said. Source: http://www.computerworld.com/s/article/9159258/Chinese_school_linked_to_Google_attacks_also_linked_to_01_attacks_on_White_House_site


Details

Banking and Finance Sector

10. February 19, Washington Post – (National) Fed raises interest rate on emergency loans to banks. The Federal Reserve on February 18 took another step toward winding down its expansive efforts to prop up the financial system, raising the interest rate that banks must pay to take out emergency loans. Banks that need emergency funds through the Fed’s “discount window” will now have to pay 0.75 percent, not the 0.5 percent they have been paying. But that higher rate probably would not mean higher borrowing costs for ordinary households and businesses, and the move does not represent an effort by the Fed to drain the money supply. That would be done by raising the federal funds rate, traditionally the Fed’s main tool for managing the economy, above its current level near zero, or by raising the rate it pays on bank reserves, now 0.25 percent. But the step on February 18 was part of an effort to withdraw the Fed’s extraordinary support for the financial system, even as it leaves in place ultra-low interest rates to support the economy more broadly. Source: http://www.washingtonpost.com/wp-dyn/content/article/2010/02/18/AR2010021803791.html?hpid=topnews


11. February 19, Associated Press – (Georgia) 1 arrested in $25 million credit card scheme. Federal agents have arrested a Marietta man believed responsible for a nationwide telemarketing scheme that defrauded consumers out of $25 million. Authorities the 34-year-old suspect voluntarily surrendered at Atlanta Hartsfield Jackson International Airport on February 18 after arriving from the Philippines. He was indicted on the charges January 5 along with two others, also of Marietta. Authorities say they worked through an array of companies, including Economic Relief Technologies and SafeRide Warranty. Prosecutors say the three would promise through telemarketing to save customers thousands of dollars by negotiating lower credit card rates for a fee of at least $749. Authorities say in an affidavit that the three would rarely follow through. Thousands of complaints were filed against businesses run by the three defendants, according to the affidavit. Source: http://www.13wmaz.com/news/local/story.aspx?storyid=75235&catid=52


12. February 19, Ecommerce Journal – (National) Imex-finance is a max scam. Imex-finance is a max scam. The only way an individual can be affect is if they join this scam investment game program. The admin claims that Imex Finance is a private online investment program and they are working with qualified forex traders from different countries of the world. This program has been running since November 2009 and offers a low rate of return within a long period of time frame plan which is 3% daily for 120 days. According to the members, this program has stopped paying since two weeks ago. At first, this program paid selectively only to small amount of withdrawals while those who requested for big amounts only received an error message. Source: http://www.ecommerce-journal.com/news/27017_imex-finance-max-scam


13. February 18, Arizona Daily Star – (National) FBI: ‘High Country Bandits’ target Marana bank, others throughout Southwest. A two-man crew has been holding up rural banks throughout the Southwest over the past five months, including one in Marana, according to the FBI. The duo, dubbed the “High Country Bandits,” by the FBI are believed to be responsible for at least 12 heists in Arizona, Colorado and New Mexico between September and earlier this month, according to an agency news release. The first stickup occurred September 8 in the White Mountains community of Heber, while other Arizona locales allegedly hit include Flagstaff (twice), Gold Canyon, Payson, Phoenix, Pinetop and Prescott Valley, the release said. The Marana swindle included on their list happened on December 15 at a Wells Fargo branch. Source: http://www.azstarnet.com/news/local/crime/article_bc32a98e-1ca9-11df-a415-001cc4c03286.html


14. February 18, Ethiopian Review – (Missouri) Sixteen indicted in Missouri in $10 million bank fraud scheme. The United States attorney for the Western District of Missouri announced on February 18 that two former bank vice presidents and the former branch manager of the Small Business Administration’s office in Springfield are among 16 defendants who have been indicted in five separate but related cases for their involvement in a bank fraud scheme that took advantage of business loans guaranteed by the Small Business Administration. According to the indictments, the bank fraud scheme involved at least 31 fraudulent business loans, ranging from $100,000 to $1.6 million, issued by Mid-America Bank and Trust Company (MABTC) in Pulaski County, Missouri, between January 2005 and January 2007. The fraudulent loans cited in the indictments total more than $10.1 million. Source: http://www.ethiopianreview.com/news/33805


15. February 18, Knoxville News Sentinel – (Tennessee) Anderson credit union missing $100K. More than $100,000 is missing from the Anderson County Employees Federal Credit Union, and the Tennessee Bureau of Investigation has launched a criminal probe. Money was discovered missing on January 19 during a routine audit, said the chairman of the credit union’s board of directors. An office manager was put on supervised leave without pay that day, The chairman said. He declined to pinpoint how much money was missing and only said it was between $100,000 and $200,000. The tiny credit union, housed in the county courthouse, has more than 600 members who are either Anderson County government employees or employees of the county and Clinton school systems. It has about $2 million in assets, said the chairman, who is retired as assistant director of the Clinton School System. Members will be notified soon about the incident in a letter that’s now being drafted for review by the credit union’s board of directors, the chairman said. Source: http://www.knoxnews.com/news/2010/feb/18/credit-union-missing-100k/


16. February 18, Housingwire – (National) FinCEN sees spike in possible foreclosure and mortgage modification scams. Nearly a year after issuing a red flag advisory to servicers in April 2009 to beware of foreclosure scams, the Financial Crimes Enforcement Network (FinCEN), an overseer of financial activities for the US Treasury, says it received hundreds of suspicious activity reports (SARs) regarding the fraud. In data released on February 18, FinCEN also gave information on the more popular forms of mortgage modification fraud. In the third quarter of 2009, depository institution filers submitted 15,697 mortgage loan fraud SARs, a 7.5 percent increase over the same period in 2008. The primary suspicious activity surrounding loan modifications deal with occupancy misrepresentation, social security number discrepancies, and altered or forged documentation, the government agency said. The two most common form of borrower scams involve conning homeowners into signing quit-claim deeds to their properties. Scammers would then sell homes from under the former owners to straw borrowers and the homeowners subsequently received eviction notices. In other instances, scammers falsely claim affiliations with lenders to convince distressed home-owners to pay large advance fees for modification services, but then do nothing to keep the borrowers in their homes. Source: http://www.housingwire.com/2010/02/18/fincen-sees-spike-in-possible-foreclosure-scams/


17. February 16, StockWatch – (International) Toronto stockbroker found guilty of securities fraud. A former Toronto-based stockbroker has been found guilty of securities fraud for leading an international scheme involving the manipulation of several different penny stocks, StockWatch reported. According to U.S. authorities, StockWatch said, The suspect offered an undercover FBI agent lucrative kickbacks in exchange for purchasing shares of three microcap companies – Avicena Group, Northern Ethanol and Hydrogen Hybrid Technologies – through discretionary trading accounts. Investors lost an estimated $30 million, StockWatch said, when those stocks later crashed. The suspect has been ordered to pay $21.5 million in financial penalties, and could face up to 165 years in prison when he is formally sentenced for his crimes. Source: http://thestreetsweeper.org/article.html?c=5&i=242


Information Technology


48. February 19, ComputerWorld – (International) Chinese school linked to Google attacks also linked to ‘01 attacks on White House site. One of two Chinese academic institutions identified in a New York Times report on February 18 as the apparent source of the recent attacks against Google, has also been linked to a hacker who may have been involved with the takedown of whitehouse.gov in 2001. The Times on February 18 reported that the recent cyberattacks against Google and more than 30 other organizations appeared to have originated from computers at two schools in China. One of the schools was identified as the Shanghai Jiaotong University; the other, as the Lanxiang Vocational School, an academic institution in China’s Shandong Province with apparent ties to the country’s military. A U.S. military contractor attacked in the same manner as Google, has even pointed investigators to a specific computer science class taught by a Ukrainian professor at the vocational school as one source of the attacks, the Times said. The newspaper, quoting unnamed investigative sources, said the attacks on Google and more than 30 other technology companies appear to have begun in April — much earlier than previously believed. If evidence of the schools’ involvement bears out, it could cast doubt on the assumption that the Chinese government or military was directly involved in the attacks, the Times said. Source: http://www.computerworld.com/s/article/9159258/Chinese_school_linked_to_Google_attacks_also_linked_to_01_attacks_on_White_House_site


49. February 19, IDG News Service – (International) Adobe working to fix security bug in Download Manager. Adobe Systems is working to fix a glitch in software it uses to speed up downloads of its products that could give hackers a way to push malicious programs onto a victim’s PC. According to a security researcher, Download Manager — a small program Adobe users to speed up the initial installation of its products — can be misused to force victims to install unwanted software on their computers. Because of an undisclosed flaw in the way Download Manager works, the “attacker can force an automatic download and installation of any executable he desires,” Download Manager wrote in a blog post. “So, if you go to Adobe’s Web site to install a security update for Flash, you really expose yourself to a zero-day attack.” Adobe said on February 18 that it was working with the researcher and the third-party developer of the Download Manager product to fix the issue. However, it would be hard for a user to install unwanted software without realizing it, because “the user has to accept a number of prompts before being taken through the installation process,” said an Adobe spokeswoman in an e-mailed statement. Source: http://www.computerworld.com/s/article/9159218/Adobe_working_to_fix_security_bug_in_Download_Manager


50. February 19, SC Magazine – (International) WordPress.com knocked offline for almost two hours after power outage. Blog page WordPress.com was knocked offline by an outage lasting approximately 110 minutes on February 18. The founder of the website called it the ‘worst downtime in four years’ but ruled out any cyber attack involvement. He confirmed that 10.2 million blogs were affected, and those blogs were deprived of around 5.5 million page views. He said that WordPress needed to ‘dig deeper and find out exactly what happened, why, and how to recover more gracefully next time and isolate problems like this so they don’t affect our other locations’. A blogger noted the founder of WordPress.com comments that the outage tripped up all the mechanisms to prevent a total failure, but that luckily no data was lost in the outage, it just simply could not be sent out. Source: http://www.scmagazineuk.com/wordpresscom-knocked-offline-for-almost-two-hours-after-power-outage/article/164075/


51. February 18, The Register – (International) Attack code for Firefox zero-day goes wild, says researcher. A Russian security researcher on February 18 said he has released attack code that exploits a critical vulnerability in the latest version of Mozilla’s Firefox browser. The exploit - which allows attackers to remotely execute malicious code on end user PCs - triggers a heap corruption vulnerability in the popular open-source browser, said the founder of Moscow-based Intevydis. He recently added it as a module to Vulndisco, an add-on to the Immunity Canvas automated exploitation system sold to security professionals. The report comes as Mozilla pushed out a Firefox update that tackles three critical vulnerabilities in version 3.5.7. One of those bugs is also described as a heap corruption vulnerability, but the researcher said the flaw is different from the one his code exploits. If the claim is true, it would be one of the few times in recent memory that a zero-day vulnerability for Firefox has circulated in the wild. Source: http://www.theregister.co.uk/2010/02/18/firefox_zero_day_report/


52. February 18, DarkReading – (International) Czech researchers say ‘Chuck Norris’ kicks bots. Czech security experts say they have uncovered a global botnet that may be redirecting Web surfers to other sites for the purpose of stealing their data. The head of the security project of Masaryk University told the Czech news agency CTK recently that the Czech Defense Ministry discovered the botnet during a project called CYBER, in which several agencies have been researching ways to improve the country’s cyber defenses. The botnet’s creators have dubbed the network “Chuck Norris” after the famous Hollywood actor and martial arts expert. Researchers told the CTK that the botnet could allow operators to breach sensitive user data, such as access details for bank accounts, email boxes, passwords to various services, social networks, and other personal data. The botnet could conceivably be used for attacks on well-secured servers, as well, the head of the project said, but the researchers are uncertain of how many devices it has martialed. The botnet covers all of Europe and South America and reaches as far as China, he said. The central server that controlled the botnet was originally found in Italy, told CTK. Source: http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=223000208


53. February 18, Department of Justice – (California) California man sentenced to prison for selling “Cracked” software online. A California man was sentenced on February 16, 2010 to six months in prison for running a business in which he sold illegally copied software via the Internet. A United States attorney and the special agent in charge of the Federal Bureau of Investigation - Boston Field Division, announced on February 18 that the 51 year old suspect, of Winchester, California, was sentenced on February 16, 2010 before a U.S. district court chief judge to six months in prison, to be followed by three years’ supervised release, ordered to pay a $20,000 fine and forfeit $26,700. The suspect had pled guilty earlier to a one-count Information charging him with criminal copyright infringement. The suspect sold software programs at far below the retail price. He had not bought this software from the manufacturers or through any legitimate channels but rather had illegally downloaded the software from websites or obtained it from other individuals. The software the suspect sold was all “cracked”—meaning that the security devices the manufacturers used to prevent people from illegally copying the software had been broken or circumvented. The suspect downloaded and offered for sale more than 3,000 cracked software programs, which had a combined retail value of more than $2 million. Source: http://boston.fbi.gov/dojpressrel/pressrel10/bs021810a.htm


Communications Sector

Nothing to report.