Monday, November 1, 2010

Complete DHS Daily Report for November 1, 2010

Daily Report

Top Stories

CNN reported suspicious packages found in two locations in the Middle East on planes bound for places of Jewish worship in Chicago, Illinois, October 29, contained explosive material put there by al Qaeda in the Arabian Peninsula, U.S. officials said. (See item 21)

21. October 29, CNN – (International) U.S. alert focuses on cargo after suspicious packages found overseas. Suspicious packages found in at least two locations abroad that were on planes bound for the United States “apparently contain explosive material,” the U.S. President said late in the afternoon October 29, calling the discovery “a credible threat against our country.” The packages led to increased searches of cargo planes and trucks in several U.S. cities, said law enforcement sources with detailed knowledge of the investigation. U.S. officials believe that al Qaeda in the Arabian Peninsula, commonly referred to as AQAP, is behind the incident. The President confirmed that the packages originated in Yemen — the stronghold of al Qaeda in the Arabian Peninsula.”We also know that al Qaeda in the Arabian Peninsula continues to plan attacks against our homeland, our citizens, and our friends and allies,” he said during a press briefing on the incident. One suspicious package found in the United Kingdom contained a “manipulated” toner cartridge and had white powder on it as well as wires and a circuit board, a law enforcement source said. A similar package was discovered in Dubai, in the United Arab Emirates, the source said. Both packages were bound for the United States, “specifically two places of Jewish worship in Chicago,” the President said. Authorities were looking for about 13 other packages shipped from Yemen, a law enforcement source said. The plot could be a dry run to test Western security, another U.S. official told CNN. The furor led to heightened inspection of arriving cargo flights in Newark, New Jersey, and Philadelphia, Pennsylvania, and a UPS truck in New York. Source:

The FBI said October 29 the National Museum of the Marine Corps building in Triangle, Virginia was fired upon for the second time in days, according to CNN. Authorities said previous shots fired at the museum, the Pentagon, and a Marine Corps recruiting station all came from the same weapon. (See item 39)

39. October 29, CNN – (Virginia) Shots fired at Marine Corps museum in suburban Washington. Several shots were fired at the National Museum of the Marine Corps building in Triangle, Virginia, the FBI said October 29. No injuries were reported. It is the second time the Marine Corps museum has been fired upon in recent days. In addition, the Pentagon and a vacant Marine Corps Recruiting Station in Virginia also were shot at recently. All the previous shots came from the same weapon, authorities said. The latest incident occurred October 28, a spokeswoman at the National Museum of the Marine Corps said, noting no one was in the building at the time. Bullet holes were found in the glass and metal structure of the building but not inside, she said. The museum was closed early October 29 while the investigation continued, the spokeswoman said, adding it would remain closed the rest of the day. Source:


Banking and Finance Sector

15. October 29, MetroWest Daily News – (Massachusetts) Hopkinton man charged with $30 million in fraud. A Hopkinton, Massachusetts man has been accused of defrauding more than 1,000 customers out of more than $30 million, authorities said. The FBI arrested the 50-year-old at his Thayer Heights home October 28. He is charged with nine counts of wire fraud, and two tax offenses. The suspect was the owner of the now-defunct Boston Trading and Research. The U.S. Justice Department (DOJ) said the company, co-owned by a partner, used customers’ money in a foreign currency exchange market. The (DOJ) has issued a warrant for the other suspect’s arrest, charging him with 10 counts of wire fraud. Authorities said he left for Turkey in 2009 and is still at large. In the indictment, the DOJ said the two men lied to clients about how the company’s trading platform worked. They said it would automatically shut down if a customer’s account lost more than about 30 percent of their investment. Customers were also told the company was paid by a percentage of profits from the trading. Instead, it is alleged that the two suspects used millions of their clients’ money to pay for company’s operating expenses, as well as purchasing houses, cars and jewelry, federal authorities said. Source:

16. October 29, Raleigh News & Observer – (North Carolina) Suspected repeat bank robber charged in Chapel Hill case. The man arrested the week of October 25 in a string of bank robberies across the Triangle, North Carolina area has been formally charged in another one of the 11 holdups he is suspected of committing over the past month. The 37-year-old appeared before a Wake County magistrate October 28 to be charged with common law robbery in the October 5 holdup of the BB&T on Rosemary Street in Chapel Hill. This is the eighth charge brought against the suspect, a one-time Raleigh plumber who family members said had a long-standing problem with drugs that had driven him to rob a bank in his home state of Maryland in the mid-1990s. On October 25, after being arrested in a Durham neighborhood, the suspect was charged with six counts of common law robbery and one count of attempted common law robbery. All of those cases were related to bank robberies across Wake County. Investigators were considering charges in another Wake robbery, which occurred August 10, 2009, in Raleigh. Source:

17. October 29, Associated Press – (National) Couple accused of running Ponzi scheme. The FBI is seeking a husband and wife accused of running a Ponzi scheme that bilked about $3 million from a dozen investors, nine of whom lived in Hawaii. The couple were indicted October 28 by a federal grand jury in Honolulu on 13 counts of wire and mail fraud relating to the scheme that allegedly operated from 2005 through 2009. Part of the time, the husband was incarcerated in federal prisons in Nevada, Texas, and California. While incarcerated in Nevada, he was housed with a large number of inmates from Hawaii. The indictment alleges the couple marketed their Aloha Trading investment program to inmates and their families. The FBI believes the couple may be living in Nevada, California, or Washington. Source:

18. October 29, HedgeCo.Net – (National) Hedge fund manager charged again in bridge loan scheme. A New York hedge fund manager who was arrested in North Carolina and charged with securities fraud June 2010, has been accused of stealing an additional $690,000, according to Bloomberg. The New York State Supreme Court in Manhattan set bail at $1 million on the new charges, the suspect also received $1 million bail on his previous charges. The suspect, who claimed he was directly related to Belgian royalty, was accused of stealing $6 million from high net worth and institutional investors. He has been charged by the U.S. Securities and Exchange Commission (SEC) with using a bridge-loan facility he set up in order to run a multi-million-dollar Ponzi scheme. The SEC said back in June 2010 that the investor money also was fraudulently used to pay the suspect’s massive credit card bills as well as Chimay Capital’s rent and payroll, and to pay off disgruntled counterparties in the suspect’s other business ventures. In December 2009, the suspect sought a multi-million dollar bank loan on the basis of false representations that he had $13 million in liquid assets in a Bermuda bank account. The account balance was actually zero. Source:

19. October 28, WHSV 3 Harrisonburg – (Virginia) Three Suspects Arrested in Major Credit Card Scam. The Augusta County Sheriff’s Office in Virginia confirms that three suspects, all from New York, were arrested October 26 in connection to credit card scam that operated along the East Coast. The three suspects were taken into custody at the Verona Food Lion on Laurel Hill Road in Verona, Virginia, without incident. Numerous credit cards were seized from the suspects, according to a sheriff’s office spokesperson. Officials report each suspect was charged with nine counts of credit card fraud. Additional charges may be pending. The suspects are being held at the Middle River Regional Jail. Source:

20. October 27, IDG News Service – (National) Fraudsters find holes in debit card fraud detection. Over the last few weeks, criminals have been exploiting weak fraud detection systems used for debit cards with “flash” attacks, where hundreds of withdrawals are made over a very short period of time. Banking executives have noticed a rise in such attacks, where fraudsters withdraw money throughout a wide region within minutes, said a Gartner vice president, who frequently consults with banks about fraud issues. “The fraud happens within 10 minutes in these geographic diverse locations,” she said. The amounts withdrawn are usually within a range that would not immediately raise a red flag, the vice president said. She said a Canadian banker she spoke with noticed withdrawals from 100 ATMs all over Canada within 10 minutes. The pattern shows the criminal gangs are clearly coordinating the timing of the withdrawals using money mules, or people who are hired to do the risky job of taking fraudulent payment cards to ATMs that are often under video surveillance. The fraudsters seem to be targeting debit cards, which have less sophisticated fraud detection systems in place than credit cards, the vice president said. Credit card systems are more likely to catch anomalies such as when a person uses a card in New York, and then just hours later a transaction with the same card shows up in California. Source:

Information Technology

50. October 29, Infosecurity – (International) CSI 2010: Panda Labs analyst labels Mariposa masterminds as ‘cyber idiots’. While detailing Panda Security’s role in taking down the Mariposa botnet, a threat analyst said the crew were hardly criminal masterminds, characterizing their technical skills as somewhat rudimentary. The Panda researcher delivered these comments during his CSI Conference session designed to glean lessons from the Mariposa botnet, whose primary operators were based in Spain, just a short train ride from the company’s labs. Mariposa, Spanish for butterfly, was one of the largest known botnets at the time of its takedown according to the analyst, with more than 13 million unique IP addresses. After authorities seized equipment related to controlling the botnet, the analyst noted that the “cybercriminal was dumb enough to store all of the information unencrypted on his [personal] hard drive”, which made the forensic analysis quite simple. It provided an easy-to-follow roadmap of the crime, including the names of money mules, money transfers, and so on. What the researchers also found were stolen credentials on more than 1 million people, such as banking information, Internet log-ins, and credit card numbers. He also said that over half of Fortune 1000 companies were infected by the Mariposa botnet. Source:

51. October 29, CNET – (International) Hacker shows iOS 4.2 beta for iPad jailbreak. Jailbreaker “iH8sn0w” has released images of an iPad running the MobileTerminal jailbreak application, exposing the command line to users, suggestinthat the iOS 4.2 firmware (still in beta) will be jailbroken upon its release November 2010. Fifteen-year-old hacker iH8sn0w is a proven resource in the jailbreaking world,responsible for Sn0wbreeze, iReb, iDetector, and f0recast. Source:

52. October 28, Computerworld – (International) Hackers exploit newest Flash zero-dabug. On October 28, Adobe confirmed hackers are exploiting a critical unpatched buin Flash Player, and promised to patch the vulnerability in 2 weeks. The company issued a security advisory that also named Adobe Reader and Acrobat as vulnerable. “There are reports that this vulnerability is being actively exploited in the wild againsAdobe Reader and Acrobat,” said Adobe in its warning. The company said it has seenno sign hackers are also targeting Flash Player itself. Those reports came from an independent security researcher who notified Adobe after spotting and then analyzingmalicious PDF file. According to the researcher, the rigged PDF document exploits thFlash bug in Reader, then drops a Trojan and other malware on the victimized machinAdobe said all versions of Flash on Windows, Mac, Linux, and Android harbored the bug, and that the “Authplay” component of Reader and Acrobat 9.x and earlier also contained the flaw. Authplay is the interpreter that renders Flash content embedded within PDF files. Adobe promised to issue a fix for Flash by November 9, and updatefor Reader and Acrobat the following week. Source:

53. October 28, – (International) MS Windows can still be hacked via DLL. According to a security advisory by ACROS Security, Microsoft’s OS Windois still vulnerable to DLL hacking. When loading a fake DLL file, hackers can use theuser’s access to post codes. The only application to prevent hackers from hiding malicious DLL files is SetDllDirectory. However, this application does not guarantee 100 percent security, as it works erratically on most of the currently used Windows versions. Source:

Communications Sector

54. October 29, Top News – (National) 266 Orcon customers lose their emails due to. Internet Service Provider (ISP) Orcon, which recently experienced an “e-mail outage”, has reportedly lost the e-mails of 266 of its customers. The lost e-mails have apparently been deleted as a result of the outage. Acknowledging the fact the company experienced an e-mail outage overnight, Orcon said in an October 29 Twitter statement: “Unfortunately the outage resulted in 266 accounts losing their emails. Our engineers here are working hard to retrieve this mail; however efforts have been unsuccessful so far.” In addition, Orcon said the e-mail accounts of its remaining 200,000 customers remained unaffected by the glitch. According to reports, Orcon has informed affected customers that e-mails they have lost due to the glitch will not be restored. The recent outage at Orcon is not the first glitch reported by the ISP this month. On October 5, the company had to cope with a major outage. Source:

55. October 29, Texarkana Gazette – (Arkansas) Cut cable disrupts Internet, phone service. A severed fiber-optic cable left many De Queen, Arkansas-area residents without Internet and phone service most of the morning of October 28. Workers in a rock quarry about 3 miles west of Lockesburg accidentally cut the cable about 8:30 a.m., said a Windstream spokesman. The outage affected 5,500 to 6,000 customers in De Queen, Horatio, Wickes, and nearby communities. Cell phones, long-distance calling and DSL were disrupted. Land-line calls within the area could still be completed, he said. Source: