Thursday, October 28, 2010

Complete DHS Daily Report for October 28, 2010

Daily Report

Top Stories

• The Washington Post reports that authorities are investigating a nascent plot to carry out a series of terrorist bombings at train stations in the Washington D.C. Metro system, according to federal intelligence and law enforcement sources. (See item 24)

24. October 27, Washington Post – (District of Columbia; Maryland; Virginia) Feds investigate plot to attack Metro. Federal law enforcement authorities are investigating a nascent plot to carry out a series of terrorist bombings at train stations in the Washington D.C. Metro system, according to intelligence and law enforcement sources. The investigation is focused on a naturalized U.S. citizen, originally from Pakistan, who became the target of an undercover sting operation, the sources said. An administration official said the man drew the attention of law enforcement officials by seeking to obtain unspecified materials. The planned attack was not imminent, the sources said. Federal officials stressed the public was never in danger. They said that, as part of the sting, the man was asked to conduct video surveillance; he later turned that material over to federal agents whom he believed to be connected to al-Qaeda. Unlike other U.S. citizens implicated in recent terrorism plots, the man does not appear to have received overseas training from al-Qaeda or any of its affiliates, the sources said. Source:

• According to the Associated Press, the FBI said the same gun was used to shoot at the Pentagon and the National Museum of the Marine Corps in Northern Virginia. Investigators are not sure yet if the weapon was used to shoot at a Marine recruiting station in Chantilly, Virginia October 25. (See item 44)

44. October 26, Associated Press – (Virginia) FBI: Same gun used in Pentagon, museum shooting. The same gun was used to shoot at the Pentagon and the National Museum of the Marine Corps in Northern Virginia earlier this month, the FBI said October 26. A third military office — a Marine Corps recruiting station in Chantilly, Virginia, outside Washington — was shot at overnight October 25; Marines who work there discovered the shooting the morning of October 26, the FBI said. Investigators are conducting ballistics tests to determine whether the recruiting station shooting is related to the previous incidents. No one was injured in any of the shootings. Investigators have not determined a motive or identified a suspect, said a spokeswoman for the FBI’s Washington field office. Though all three shootings have targeted offices with links to the military, the FBI has not issued any specific advisories or warnings to recruiting stations or other military buildings. Source:


Banking and Finance Sector

14. October 27, Associated Press – (International) Venezuelan charged with extortion in U.S. A Venezuelan was jailed in Miami, Florida on charges of attempting to extort $1.5 million from a businessman involved in a securities controversy in Venezuela. Prosecutors said the 61-year-old suspect faced a bail hearing October 27 in Miami federal court. The case involves a businessman and his former securities firm that was taken over by a Venezuelan securities commission. Prosecutors said the suspect was appointed receiver of the company. The suspect allegedly told the businessman if he did not pay, his reputation would be ruined and he might face arrest in Venezuela. Authorities said the suspect was arrested the week of October 18 by the FBI in Miami carrying a $750,000 check, part of the businessman’s payment. Source:

15. October 27, Arizona Daily Star – (Arizona) 2 charged with preying on mortgage investors. The owners of a mortgage investment company in Tucson, Arizona have been indicted on criminal charges in connection with a program that led to $2.9 million in foreclosure losses. The two suspects, both 33, were indicted on charges, including conspiracy, fraud, theft, money laundering, and illegally conducting an enterprise, the state attorney general said October 26. The suspects owned and operated AZI Rent2Own LLC — also known as Arizona Investments or AZI — which claimed to specialize in mortgage investment and rent-to-own programs. Between 2006 and 2008, 25 homes were involved in either straw buyer or investor schemes perpetuated by AZI Rent2Own, the indictment said. About 45 lending institutions and 31 renters were victimized, it said. FBI agents began investigating the suspects about 1 year ago when several consumer complaints were filed against them, the attorney general said. The FBI found the men were defrauding investors and renters of homes in Pima County by using straw-buyers or investors to flip properties — many of which had been rented under rent-to-own agreements. Source:

16. October 26, Wall Street Journal – (International) ASX bond futures platform crashes after data. The Australian Securities Exchange (ASX) bond futures trading platform crashed October 27, just days after Singapore Exchange Ltd. bid 8.2 billion for the stock and futures market operator. The trading platform went down after third quarter inflation data prompted a scramble for front-end bonds as traders bet the central bank would not need to hike rates. ASX Ltd. blamed a system error for the crash, which stopped the ASX 24 trading platform from matching trades. Buy and sell orders are matched in the electronic machine engine in milliseconds to make an official trade. Trading resumed in core products such as bond futures just over 90 minutes later. Traders were scathing at the outage, citing expensive trading costs associated with the ASX, and complaining of previous system crashes. Interest rate futures traders were especially caught given inflation numbers were softer than anticipated, dousing expectations of a rate hike by the Reserve Bank of Australia. Singapore Exchange’s takeover bid for the ASX has sparked an outcry among some key lawmakers in Australia who question whether the deal is in the national interest, citing Singapore’s record on democracy and the freedom of speech. Source:

17. October 26, NAZ Today & Associated Press – (Arizona) Carbon monoxide leak forces evacuation of Bank of America building in Flagstaff. A second-alarm carbon monoxide leak sent at least 15 people to the hospital and forced the evacuation of the Bank of America building in Flagstaff, Arizona October 26. Shortly before 4:30 p.m., firefighters received several calls of a possible gas leak. As the first wave of firefighters arrived, they were met by several people complaining of symptoms consistent with carbon monoxide poisoning, according to a Flagstaff fire department captain. Firefighters determined that it was a carbon monoxide leak and a second alarm was issued as rescuers began evacuating the building. An eyewitness told NAZ Today that most floors were evacuated by 4:45. By 5 p.m., 19 people had reported illnesses to firefighters, and 15 weree transported to Flagstaff Medical Center, according to a firefighter at the scene. The Associated Press is reporting that in all, 25 people were evaluated by paramedics. A Flagstaff Medical Center spokeswoman told the Associated Press that 17 patients had been seen at the hospital. Source:

18. October 26, Ventura County Star – (California; Oregon) Thousand Oaks man arrested in connection with Ponzi scheme. Federal authorities arrested a Thousand Oaks, California man October 26 for allegedly operating a Ponzi scheme that cheated investors out of more than $18 million. The suspect was taken into custody by FBI and Internal Revenue Service agents and charged with wire fraud, mail fraud, and money laundering. The FBI office in Portland and Oregon Division of Finance and Corporate Securities had been investigating the suspect for at least 1 year in connection with his business activities at Sunburst Associates Inc., which he operated for 30 years, the last few at 199 E. Thousand Oaks Blvd., Suite 106, Thousand Oaks, California. The suspect reportedly got people to invest in second mortgages he sold to homeowners, promising high rates of return and a security interest in the property allegedly pledged to secure the investment. Many of the investors are in Oregon and are over 65. According to the indictment, the suspect spent the investors’ money on personal items, including a car and a home. Source:

19. October 26, DarkReading – (International) Emerging Qakbot Exploit Is Ruffling Some Feathers. The Qakbot Trojan has been causing ripples in the IT security pond, researchers said. In a blog posted October 25, researchers at RSA Security offered a closer look at Qakbot and its unusual behavior. Qakbot is different in that it almost exclusively targets U.S. financial institutions, the researchers said. It also is the first Trojan seen to be exclusively targeting business/corporate accounts. “The goal for Qakbot is to siphon out larger sums of money, much more than would generally be available in private online accounts,” RSA saaid. “While Qakbot is not the first and only Trojan to target such accounts, it is the only one that shows this type of strict ‘preference’ by design, and with no exceptions.” How does Qakbot infect its prey? Researchers are not sure. RSA said it has not found HTML or JavaScript code injections, or man-in-the-browser attacks that are typically used to circumvent two-factor authentication mechanisms. “Still, we suspect that Qakbot does have some sort of module for completing real time attacks, since it would otherwise not target business accounts to begin with,” the blog said. Qakbot is designed to spread like a worm — infecting multiple machines at a time — while also stealing data like an ordinary banker Trojan, RSA said. Qakbot targets shared networks, copying its executable file into shared directories, a technique that enables it to propagate on corporate networks, the blog observed. Source:

Information Technology

46. October 27, Help Net Security – (International) Boonana Trojan for Mac OS X spreads via social media. SecureMac has discovered a new Trojan in the wild that affects Mac OS X, including Snow Leopard (OS X 10.6). The Trojan.osx.boonana.a, is spreading through social networking sites, including Facebook, disguised as a video. It is currently appearing as a link in messages with the subject “Is this you in this video?” When a user clicks the infected link, the Trojan initially runs as a Java applet, which downloads other files to the computer, including an installer, which launches automatically. When run, the installer modifies system files to bypass the need for passwords, allowing outside access to all files on the system. Additionally, the Trojan sets itself to run invisibly in the background at startup, and periodically checks in with command and control servers to report information on the infected system. While running, the Trojan hijacks user accounts to spread itself further via spam messages. Users have reported the Trojan is spreading through e-mail as well as social media sites. Source:

47. October 27, IDG News Service – (International) Mozilla scrambles to patch Firefox flaw used in attacks. Mozilla developers are scrambling to fix a new Firefox browser bug being used by criminals to install malicious software on victims’ computers. The flaw was uncovered October 26 by security vendor Norman, which said it learned of the bug after analyzing attack code surreptitiously installed on the Nobel Peace Prize Web site. “If a user visited the Nobel Prize site while the attack was active early October 26 using Firefox 3.5 or 3.6, the malware might be installed on the user’s computer without warning,” Norman said in a press release. In a blog posting, Mozilla confirmed the attack exploited a previously unpatched flaw, and said it had heard from “several security research firms” that the code has been used on the Internet. “We have diagnosed the issue and are currently developing a fix, which will be pushed out to Firefox users as soon as the fix has been properly tested,” Mozilla said in its blog post. Mozilla said the bug affects Firefox 3.5 and 3.6, on all supported platforms — Windows, Linux and Mac OS X. According to Norton, the attack seen on the Nobel site targets Windows. It installs a Trojan program that can then be used by attackers to download more malicious software and essentially take control of the victim’s computer. The attack does not appear to be widespread at this point. Source:

48. October 27, SC Magazine UK – (International) Over half of European companies do not have a uniform approach in place for transferring data securely. Over three-quarters of European companies regularly transfer business critical data, yet most do not have a uniform approach in place. A survey found 77 percent of European companies transfer confidential personal or financial information, inside and outside the company, yet 53 percent of those surveyed state security is the greatest challenge posed by data transfer, and 64 percent said their companies do not have a uniform approach in place for data transfer. Uniform procedures, which ensure compliance with current and future data protection standards, are critical for assuring important file transfer systems, yet 17 percent of employees do not know who in their company is responsible for data transfer security. As such, if an error occurs during data transfer, they do not know who to contact to address the issue. Furthermore, 23 percent of those questioned do not know how to encode or decode data, notify recipients, or how to implement anti-virus procedures after the transfer. The technical services director EMEA at managed file transfer manufacturer Attachmate, who conducted the survey, said: “The survey shows many corporations have yet to adapt security requirements and data transfer procedures to existing standards, even though data size and volume continue to grow worldwide.” Source:

49. October 26, New York Times – (International) Leader of SpamIt investigated by Russian police. On October 26, Russian police officials announced a criminal investigation of a suspected spam kingpin. They said he had probably fled the country. Moscow police authorities said the suspect was a central figure in the operations of, which paid spammers to promote online pharmacies, sometimes quite lewdly. suddenly stopped operating September 27. With less financial incentive to send junk mail, spammers curtailed their activity by an estimated 50 billion messages er day. Why the site closed was unclear until October 26, when Moscow police officials met with reporters to discuss the case. They accused the suspect of operating a pharmacy without a license, and of failing to register a business. On October 26, they searched his apartment and office in Moscow, according to an investigator in the economic crime division of the Moscow police department. The investigator said the search of the apartment turned up seven removable hard drives, four flash cards, and three laptops. Specific, computer-crime related charges may follow after police examine their contents, she said. The investigation began September 21, 6 days before closed. The drop-off in spam since went down had been noted by companies in the United States that monitor the Internet. Source:

50. October 25, IDG News Service – (International) Security company strengthens CAPTCHAs with video. A security company called NuCaptcha is incorporating advertising into a video CAPTCHA system that is much harder for computers to break. CATPCHA stands for “Completely Automated Public Turing Test to Tell Computers and Humans Apart.” It was developed to thwart Web annoyances such as spam and false account registrations, among others. It uses a box of jumbled letters humans must decode to allow, for example, a registration to proceed. When CAPTCHAs were first introduced, it was difficult for optical character recognition (OCR) technologies to break them. Over the last few years, that has changed, and CAPTCHAs are much less effective. In order to halt automated CAPTCHA-solving programs, the puzzles have been made more difficult to solve, so much so that many are nearly unreadable to humans as well. NuCaptcha does CAPTCHAs but with a twist: rather than a static box of text the system runs the text as a streaming banner within a video. The movement of the text throws off automated CAPTCHA-solving software. The text also does not have to be obscured as much, making it much easier for people to read and likely to keep users on the Web site. Source:

Communications Sector

51. October 27, TechWorld – (International) Consumer smartphones to get remote wipes and SIM swap alerts. Consumer smartphone users could soon be given access a range of advanced security features previously offered only to large corporates, after equipment maker Juniper announced new software for mobile networks. Using Juniper’s new beta release Pulse Mobile Security Suite, networks will be able to offer all users — including Android, BlackBerry, Nokia, iPhone, and Windows Phone — the ability to locate lost or stolen devices using GPS, perform remote data wipes, and block spam and malware. Android and BlackBerry support is immediate, Windows Mobile 6.1 will follow next month, Symbian in December 2010, the iPhone in the first half of 2011, and Windows 7 Phone (as opposed to older Microsoft mobile OSes) at an unspecified point in the future. The platform also makes possible sophisticated “big brother” parental controls such as the blocking of messages containing certain terms, and can even warn if a SIM chip has been swapped out. If they want, service providers can also offer cloud-based services including automatic data backup. The service can also be offered to companies as well as consumers, which from the network’s point of view represents a useful convergence of two markets into one technology. Source:

52. October 26, WXIN 59 Indianapolis – (Indiana) Communications tower falls on Bloomington elementary school. On October 26, a communications tower next to a Bloomington, Indiana school fell on top of the building as a result of a round of strong storms and high winds. It happened at Lakeview Elementary on Strain Ridge Road. No one was hurt and the school said the building only sustained minor damage to the roof. The students were in “tornado” mode at the time due to a warning issued by the National Weather Service. Witnesses said they heard a loud bang, like thunder, when the tower hit the building. Source:,0,7797782.story

53. October 26, Lancaster Intelligencer Journal – (Pennsylvania) Blue Ridge customers see half-hour cable glitch. About 14,000 Blue Ridge Communications customers saw a jumbled picture October 26 if they turned on their televisions. The Palmerton, Pennsylvania-based cable company was upgrading equipment to add more high-definition channels to its lineup when a problem occurred, a spokesman said. The problem ended up pixellating some channels for about a half-hour, he said. The outage happened around 5:30 a.m. The affected customers made up less than half of the 33,000 total customers in the Ephrata/Lititz/Adamstown area. Source: