Tuesday, November 2, 2010

Complete DHS Daily Report for November 2, 2010

Daily Report

Top Stories

• Bloomberg reports 9 years after the September 11 terrorist attacks, less than 1 percent of the 14.5 million cargo boxes reaching U.S. shores are scanned abroad for nuclear material, the federal government said. (See item 6)

6. October 29, Bloomberg – (International) U.S. nuclear-bomb scan ignored by truckers, boxes go unchecked. Two years after South Korea’s busiest port installed a $3.5 million scanner to check U.S.- bound shipping containers for nuclear weapons, the machine sits idle because truckers will not drive through it due to fears of radiation exposure. That means about 1.9 million containers left Busan for American harbors last year without U.S.-mandated screening. Singapore and Hong Kong, the world’s busiest and third-busiest ports, also do not participate. Nine years after the September 11 attacks, less than 1 percent of the 14.5 million cargo boxes reaching U.S. shores are scanned abroad, the government said. A goal to screen all containers is opposed by the Retail Industry Leaders Association, a group representing Wal-Mart Stores Inc., Apple Inc., and Nike Inc. “Prohibitive challenges” involving cost and technology mean a July 1, 2012, deadline for 100 percent inspections will be delayed by at least 2, the DHS Secretary said. “The system remains very vulnerable,” said the president of the Washington-based Center for National Policy, which studies security issues. “If I were an adversary who wants to cause mass destruction to the global economy, this is the system to target.” Source: http://www.bloomberg.com/news/2010-10-30/u-s-nuclear-bomb-detector-ignored-by-truckers-leaves-shipping-vulnerable.html

• U.S. counter terrorism officials are warning local law enforcement and emergency personnel to be on the lookout for mail that could have dangerous substances hidden inside, according to the Associated Press. The warning comes after mail bombs designed to either blow up planes headed to or targets in the United States made it onto foreign flights originating in the Middle East. (See items 15, 17, 20)

15. November 1, USA Today – (National) Bomb plot shows gaps in screening of air cargo. The Transportation Security Administration (TSA) boasted that every piece of cargo carried on domestic passenger flights is screened for bombs before being put in the belly of an airliner. However, when it comes to ensuring the security of cargo packages on foreign flights heading to the United States, the TSA makes no such proclamations. Despite federal law requiring all cargo on U.S.-bound passenger flights to be screened as of August 2010, authorities still are not close to meeting the requirement. A reminder of that gap in airline security — and of the daunting challenge officials face in closing it — came last week, when terrorists in Yemen linked to al-Qaeda slipped bombs into cargo packages addressed to synagogues in Chicago. The discovery of the explosives in cargo shipments at airports in northern England and Dubai reflected how the complexities in shipping cargo by air can leave passengers on commercial airliners vulnerable to such security breaches: By the time the explosives were detected, both shipments had made part of their journey from Yemen on passenger jets. That is why investigators are trying to determine whether the Yemen plot was about sending explosives to the USA, blowing up cargo jets, or even trying to attack passenger jets that happened to pick up the packages from Yemen. Source: http://www.usatoday.com/news/nation/2010-11-01-1Acargo01_CV_N.htm?csp=34news

17. November 1, Associated Press – (International) Mail bombs may have been planned to explode in mid-flight. The mail-bomb plot stretching from Yemen to Chicago may have been aimed at blowing up planes in mid-flight and was only narrowly averted, officials said October 31, acknowledging that one device almost slipped through Britain, and another seized in Dubai was unwittingly flown on two passenger jets. Senior U.S. officials met to develop a U.S. response to the al Qaeda faction linked to the powerful explosives addressed to synagogues in Chicago that would have gone via Philadephia. Investigators were still studying the two bombs they believed were designed by the top explosives expert working for al Qaeda in the Arabian Peninsula, the Yemen-based militant faction thought to be behind the plot. Yemeni authorities released a woman engineering student arrested earlier, saying someone else had posed as her in signing the shipping documents. Authorities admitted how close the terrorists came to getting their bombs through, and a senior U.S. official said investigators were still trying to figure out if there were other devices in the pipeline. Source: http://www.philly.com/dailynews/national/20101101_Mail_bombs_may_have_been_planned_to_explode_in_mid-flight.html

20. November 1, Associated Press – (International) Feds warn local law enforcement about more possible mail bombs. Counter terrorism officials are warning local law enforcement and emergency personnel to be on the lookout for mail that could have dangerous substances hidden inside. The FBI and Homeland Security Department said packages from a foreign country with no return addresses and excessive postage need to be scrutinized, according to an advisory sent to local officials around the country and obtained November 1 by the Associated Press. Mail bombs believed to have been designed by the top explosives expert working for al-Qaida in the Arabian Peninsula were sent in packages addressed to Jewish synagogues last week. While officials caught two bombs in the United Arab Emirates and the United Kingdom, U.S. officials said there may be more in the system. Source: http://www.foxnews.com/us/2010/11/01/feds-warn-local-law-enforcement-possible-mail-bombs/

Details

Banking and Finance Sector

10. November 1, Quincy Patriot Ledger – (National) Canton man charged in mortgage scam. A Canton, Massachusetts, man has been arrested on wire fraud charges involving an alleged mortgage fraud scam. He is facing eight counts of wire fraud as a result of his indictment in U.S. District Court. Authorities allege the suspect committed fraud in connection with condominium sales in two Dorchester buildings in 2006 and 2007. The suspect paid straw buyers to buy individual units in buildings he controlled. He allegedly promised the straw buyers they would not have to make down payments, pay funds at closing, or be responsible for mortgage payments. The straw buyers’ financing was obtained from mortgage loan applications that falsely represented key information, such as the buyers’ income, assets, and/or intention to live in the condominiums, authorities alleged. The deals were closed with federal Housing and Urban Development settlement statements that falsely represented that buyers had made substantial down payments, authorities noted. If convicted, the suspect faces a maximum sentence of 20 years in prison to be followed by 3 years of supervised release, and a $250,000 fine on each of the counts. Source: http://www.patriotledger.com/news/cops_and_courts/x1673647946/Canton-man-charged-in-mortgage-scam

11. November 1, XETV 6 San Diego – (California) Two marines arrested for La Mesa armed robbery. Two active duty Marines were behind bars November 1 on suspicion of robbing a La Mesa, California credit union at gunpoint, after one of them allegedly led police on a chase that included gunfire and the evacuation of a Rolando neighborhood. The suspects are suspected of robbing the California Coast Credit Union at 8002 La Mesa Blvd. about 2 p.m. October 30, according to a FBI Special Agent. They wore masks and one of them was armed with a handgun, he said, adding they jumped over the counter and held up several tellers at gunpoint. A short time later, a San Diego police sergeant saw the robbers’ getaway car — a black Chevrolet Monte Carlo — in the 4600 block of Mataro Drive. The FBI Agent said the sergeant attempted to stop one suspect as he was walking away from the vehicle, but he fled behind Clay Elementary School. Another police officer then allegedly spotted the suspect at Catherine and Stanley avenues, and a pursuit ensued, according to the special agent, who added that the suspect reached for his waistband during the pursuit, prompting the officer to fire several rounds. Both men were apprehended. The suspects were expected to be arraigned November 1 or November 2. Source: http://www.sandiego6.com/news/local/story/Two-Marines-Arrested-for-La-Mesa-Armed-Robbery/JC5zYqTj4kuOI02zA2GTSA.cspx

12. October 31, AOMID – (Illinois) Mortgage loan modification scam discovered by local Chicago neighborhood council. A mortgage loan modification scam was discovered by a Chicago, Illinois neighborhood council. Based on information received from the Brighton Park Neighborhood Council, the Chicago Mortgage Fraud Task Force successfully shut down 11 companies who were charging Chicago homeowners thousands of dollars in up front fees to modify their home loans. Accepting fees before even attempting loan modifications is considered fraud, and the 11 companies were told to immediately cease and desist operations, and all were fined $25,000 for “illegal and predatory” activities. The task force additionally found that not one of the loans had actually been modified, and several of the homeowners were not allowed to reapply for loan modification, because the window of opportunity to reapply had been closed. Additionally, none of the 11 companies were licensed by the state of Illinois, which is required by law, and they all failed to meet the minimum requirements of a loan originator in the state as well. Recent reports show that 10 percent of homes in Illinois either missed or were late on a mortgage payment during the second quarter of 2010, which makes the state highly susceptible to loan modification programs, and by extension, fraud. Source: http://aomid.com/mortgage-loan-modification-scam-discovered-by-local-chicago-neighborhood-council/224171/

13. October 30, Coos Bay World – (Oregon) FBI seeks local teller in bank fraud probe. Coos Bay, Oregon police and FBI agents raided the home of a bank teller October 28 with a search warrant. The raid was part of an investigation into charges the suspect stole money from customers’ accounts at the Wells Fargo Bank branch at 200 N. Broadway, where she worked. A Special Agent of the FBI’s Eugene office said October 29 the suspect eluded arrest October 28, but police and FBI agents are searching for her. According to the FBI Agent’s affidavit requesting a warrant from the U.S. Magistrate Judge, the suspect worked at Wells Fargo from August 9, 2006, until August 25, 2010, rising to the position of assistant store manager. She was terminated when Wells Fargo personnel discovered she had opened bank accounts for customers without their knowledge in order to obtain commissions for the new accounts. After the suspect was terminated, two of her regular customers reviewed their accounts and discovered the suspect had made unauthorized withdrawals. Wells Fargo investigators then discovered that using transfers, telephone banking system withdrawals and ATM withdrawals, the suspect had taken as much as $740,000 from the accounts of several customers. Further investigation showed the suspect may have taken as much as $1,200,000 in funds and gold coins from account holders. The affidavit requested a search warrant for digital media, data, financial records, currency, precious metals, and monetary instruments. Source: http://www.theworldlink.com/news/local/article_15dac508-e3f5-11df-a202-001cc4c03286.html

14. October 30, Baltic Times – (International) Police expose Estonian hacking ring. German police are seeking to extradite four Estonians who were allegedly involved in disseminating a computer virus that stole millions of euros from online banking transactions. The Katusha virus sat dormant on its victims computers until they used online banking. When the customers tried to transfer money, the virus changed the amount of the transfer and the recipient. Online bank statements were also changed to cover the crime. The scam reportedly affected 2.5 million private computers worldwide and diverted at least 1.65 million euros. Source: http://www.baltictimes.com/news/articles/27268/

Information Technology

39. November 1, IDG News Service – (International) Facebook hits developers that passed user IDs to data broker. Facebook is punishing several application developers for passing certain information to a data broker in the latest move by the social networking site to control growing concerns over privacy. Facebook will deny those application developers access to “communication channels” for 6 months, wrote a spokesman, on Facebook’s blog, October 29. The developers number fewer than a dozen, he said. The developers were being paid by a data broker for user IDs, unique numerical identifiers assigned to the site’s users, which can appear in a URL when they use the site. After an investigation into online privacy by the Wall Street Journal, Facebook said last month that in some cases user IDs were inadvertently being passed on to applications, which is against Facebook’s policy. The situation was due to a Web standard called referral URLs that lets a Web site know where a person was previously browsing. The user IDs do not contain personal information, but could lead to information that the person has chosen to display publicly. The latest revelation, however, shows that some application developers were then passing those user IDs to a data broker. Those brokers typically compile information to sell to advertising networks so users can be targeted with ads that are related to their personal interests. Source: http://www.computerworld.com/s/article/9194199/Facebook_hits_developers_that_passed_user_IDs_to_data_broker

40. November 1, Register – (International) RIAA and Anonymous sites both downed by DDoS assaults. Hacktivists briefly took out the two main Recording Industry Association of America (RIAA) Web sites October 29 as revenge for the organization’s long-running legal offensive against Limewire, which led to the closure of the controversial P2P service earlier in the week. Denizens from the loosely-affiliated Anonymous collective used its Low-Orbit Ion Cannon (LOIC) tool to swamp the Web sites of RIAA.org and RIAA.com with spurious traffic. The assault began around 5 p.m., Slyck.com reported. The assault was originally coordinated from the Operation Payback site (http://tieve.tk), which helped coordinate an ongoing series of distributed denial of service (DDos) attacks against entertainment industry Web sites that began last month. The campaign is designed to support The Pirate Bay and came in response to the Bollywood film industry’s use of hired guns prepared to launch DDoS attacks against file-sharing sites in cases where legal action failed to bear fruit. However, after tieve.tk itself came under attack, the attackers moved shop to anonops.net. Service to tieve.tk has largely been restored. The riaa.com and riaa.org sites remained unavailable from Europe, possibly as a deliberate defensive measure aimed at containing the latest in a long line of hack attacks against RIAA. Source: http://www.theregister.co.uk/2010/11/01/riaa_anon_ddos/

41. November 1, Softpedia – (International) Communist hackers build botnet to attack Vietnamese dissidents. A new Trojan, created by a group of hackers sympathizing with the Vietnamese Communist Party, was specifically built to attack dissident Web sites and bloggers. The malware, which has been dubbed Vecebot by Atlanta-based security vendor SecureWorks, was created and released around October 13. The Trojan drops several files called wuauclt.exe, wuauserv.dll, and UsrClass.ini in a folder and installs itself as a service called Windows Update Components. The configuration file is downloaded from remote servers and defines parameters for HTTP DDoS against Web sites used by Vietnamese anti-establishment bloggers and civil rights activists. The list of targets includes x-cafevn.org, a popular dissident community Web site, which commonly criticizes the actions of the Vietnamese Communist Party. In addition to DDoS attacks, the server hosting x-cafevn.org and the administrator’s computer were broken into. The hackers stole private e-mails and the forum’s member database and published it online. The Vecebot botnet is believed to be comprised of between 10,000 and 20,000 infected computers at the moment, the majority of which are located in Vietnam. It is likely that this new Trojan is related to a different botnet called Vulcanbot, which targeted Vietnamese dissidents earlier this year. Source: http://news.softpedia.com/news/Communist-Hackers-Build-Botnet-to-Attack-Vietnamese-Dissidents-163992.shtml

42. October 30, KXTV 10 Sacramento – (California; National) Citrus Heights man arrested in nationwide computer hacking case. After using Facebook as a way to survey people and their private information from California to Connecticut, a 23-year-old was arrested October 29 on counts of computer intrusion, identity theft, and child pornography, according to the California Highway Patrol (CHP). The suspect was taken into custody from his home in Citrus Heights. The CHP said the suspect hacked into more than 170 e-mail and Facebook accounts nationwide. He was able to get access to private accounts by surveying Facebook pages, narrowing down password information, and ultimately breaking in, according to an investigator. The suspectis accused of using that data to obtain nude and semi-nude photos from those accounts, then distributing them. The CHP said he was also in possession of child porn. “Some of (the pictures) were extremely sexually explicit-natured that would shock the conscience of any parent who might receive them,” said a sergeant of the California Highway Patrol’s Computer Crimes Investigation unit. “I think the damage that’s been done to victims throughout the country, it’s irreparable.” Source: http://www.news10.net/news/story.aspx?storyid=103310&catid=2

43. October 29, IDG News Service – (Virginia) IT director gets jail term for hacking former employer’s site. A man fired as IT director for a Richmond, Virginia, seller of telecom equipment has been sentenced to 27 months in prison for hacking into his former employer’s Web site and deleting files, the U.S. Department of Justice (DOJ) said. The convict pleaded guilty to one count of intentionally damaging a protected computer without authorization June 29. He was sentenced October 29 in U.S. District Court for the Eastern District of Virginia and, in addition to the prison time, he was ordered to pay $6,700 in restitution to Trans Marx, which sells discounted telecom equipment and supplies. The convict, of Richmond, worked at Trans Marx from February to June 2008, according to court documents. Before he was fired, he had access to the Trans Marx computer network, including the company Web site hosted in Georgia, the DOJ said. On July 25, the convict used a personal computer and an administrator account to access the computer hosting the company’s Web site, and he deleted about 1,000 files related to the Trans Marx site, the DOJ said. Source: http://www.computerworld.com/s/article/9194027/IT_director_gets_jail_term_for_hacking_former_employer_s_site

44. October 29, Canadian Press – (International) Student creates tool to fight Facebook hacking on WiFi. A student at the University of Iceland has programmed a potential antidote to Firesheep, a hacking tool that can access social networking accounts over unsecured WiFi networks. It is called FireShepherd and it aims to stop Firesheep, which was apparently created with good intentions but has the potential to wreak havoc. A Seattle-based software developer released Firesheep as a way of informing Internet users about the dangers of using public WiFi networks that are not password protected. Hackers have long been able to intercept data that crosses open WiFi networks, but Firesheep makes it simple for virtually anyone to do it. The Icelandic student said FireShepherd is a way to protect against Firesheep while using public WiFi; it will also guard the other users on the same network. He said the program floods the network with data that should stop Firesheep from working. But he warns that FireShepherd will not protect against other more-sophisticated hacking methods, and users should still be cautious about what they do on a public network. Source: http://www.thestar.com/business/article/883046--student-creates-tool-to-fight-facebook-hacking-on-wifi

45. October 28, Ocala.com – (Florida) Former employee charged in Internet hacking of business computer. Police said a man who hacked into his former Ocala, Florida employer’s computer and deleted 10 orders worth more than $5,000 turned himself in October 27 to authorities. The suspect was booked into the Marion County Jail at 9 p.m. October 27 and charged with offenses against intellectual property. He was released at 1:49 a.m. October 28 on $1,000 bail. An employee at Florida Hydraulic Industrial at 4130 S.W. 13th St. told an officer that between 10:56 a.m. and 11:29 a.m. September 26, someone accessed their Web site and erased 10 orders worth $5,348 in Internet sales. An Ocala police detective discovered the computer used to illegally enter the business site belonged to the suspect. The detective went to the suspect’s home with a search warrant and seized computers that had evidence showing they were used to access the site. Source: http://www.ocala.com/article/20101028/ARTICLES/101029692/1001/NEWS01?Title=Former-employee-charged-in-Internet-hacking-of-business-computer

Communications Sector

46. October 31, Financial Times – (International) Android faces critical security study. An analysis of the most critical part of the Android smartphone operating system has turned up programming errors, some of which could allow hackers or malicious applications to access users’ e-mail or other sensitive information. The study examined the publicly disclosed version of the Android kernel — heart of Google’s open-source software for phones — that shipped inside the HTC Droid Incredible phones. But the study said it is likely other Android phones have the same programming flaws. Android software could be updated wirelessly, so Google would be able to issue the fixes if it confirmed they were needed, a spokesman said. The study by Coverity, the code analysis group, serves as a reminder that smartphones are vulnerable to attacks even as the phones are welcomed more extensively in big companies. Research in Motion, maker of the BlackBerry, and Apple, maker of the iPhone, have also fixed critical security issues in their software through updates. While the number of Android kernel flaws Coverity turned up per 1,000 lines of code is lower than the average for open-source projects, 88 of the Android problems are “high-risk defects”. They include improper memory access and memory corruption, and have “significant potential to cause security vulnerabilities, data loss, or quality problems such as system crashes.” Source: http://www.ft.com/cms/s/2/10b955ba-e519-11df-8e0d-00144feabdc0.html

47. October 30, 2theadvocate.com – (Louisiana) AT&T works on cut cable on Comite Drive. A construction crew working on Comite Drive off of Plank Road in Baton Rouge, Louisiana apparently cut a telephone cable October 29 causing up to 400 customers to lose service, an AT&T spokesman said. An executive director for AT&T Corporate Communications, said repair crews had been working several hours to restore service. Apparently crews working to widen Comite Drive cut what is known as a “400 pair cable,” which can service as many as 400 lines, he said. The president of the Comite Drive Property Owners Association said October 29 construction crews working on the road-widening project had caused telephone service to be interrupted several times. “Twice in two months we’ve been without telephone service for an $18 million, totally unnecessary center lane,” he said. An outage August 24 lasted 5 days and affected 800 people, the association president said. Source: http://www.2theadvocate.com/news/106357478.html

48. October 30, Gloucester County Times – (New Jersey; National) Lawmakers call for a clear emergency signal for New Jersey. Politicians and various branches of the Gloucester County, New Jersey emergency response team rallied October 29 to call for the Federal Communications Commission to intervene in new digital television signals that interfere with emergency communications frequencies. Broadcast stations from North Carolina, Connecticut and Massachusetts are being influenced by an atmospheric condition called Tropospheric Ducting, in which a digital signal gets trapped in a duct of cold air being overrun by warm air. Most common during periods of stable, anticyclonic weather, authorities said the summer and autumn months create ideal conditions for this phenomenon, with temperature inversions occurring most frequently along coastal areas bordering large bodies of water. The broadcast signal gets trapped within these ducts created by overlapping channels of air, and follows a path sometimes up to 250 miles away, where it drops into and begins interfering with other signals carried on the same wavelength to which the DTV signal is broadcast. The digital signals are supposed to be restricted to a 50-mile radius based on their signal strength, but these air ducts cause them to travel much farther. As a result, radio signals between dispatch and emergency response teams such as the police and fire departments and EMS squads will become scratchy, garbled, or cut out altogether when these signals drop into the channel. Source: http://www.nj.com/gloucester/index.ssf?/base/news-6/1288427128298280.xml&coll=8

49. October 29, Associated Press – (West Virginia) Fibernet to develop notification procedures. Fibernet officials said they will work to develop procedures for notifying emergency officials when it has a widespread outage in West Virginia. The company experienced two service interruptions in October 2010. Customers across the state lost telephone and Internet service for about 4 hours October 25. Another outage occurred in at least six counties October 10. The Charleston Gazette reported the state public service commission is investigating Fibernet’s recent outages. Fibernet said it does not provide service to emergency services centers in West Virginia, but its customers include first responders such as the Charleston Fire Department. The Kanawha County Commission president said Fibernet must notify 911 centers in a timely manner when service is interrupted. Source: http://www.wtap.com/news/headlines/Fibernet_To_Develop_Notification_Procedures_106303788.html?ref=788