Tuesday, November 23, 2010

Complete DHS Daily Report for November 23, 2010

Daily Report

Top Stories

• The Pittsburgh Post-Gazette reported the federal Mine Safety and Health Administration (MSHA) warned 13 mines around the country that they could be cited for a “pattern of violations,” a designation that would open them to stringent penalties and partial shutdowns. (See item 5)

5. November 20, Pittsburgh Post-Gazette – (National) MSHA warns 13 mines of possible ‘pattern of violations’. The federal Mine Safety and Health Administration (MSHA) November 19, warned 13 mines around the country that they could be cited for a “pattern of violations,” a designation that would open them to stringent penalties and partial shutdowns. No company has ever been placed on a pattern of violations status since the power was first given to MSHA in 1977. The bulk of the pattern of violation letters went to coal mines in the Appalachian region, including Upper Big Branch in Montcoal, West Virginia, which is the subject of a separate dispute over MSHA’s claim that representatives of Massey Energy, the mine’s owner, are impeding their investigation into the deadly April blast that killed 29 miners. The pattern of violation warning list also includes two other Massey properties: the Freedom Energy Mine No. 1 in Pike County, Kentucky, and Spartan Energy Co.’s Ruby mine in Mingo County, West Virginia. The list also targets the Left Fork Mining Co.’s Straight Creek No. 1 coal mine in Bell County, Kentucky. During a blitz of targeted inspections at suspect mines, MSHA issued 92 orders closing sections of the Straight Creek mine since 2008, which MSHA called the highest number issued among the roughly 14,500 mining operations in the United States. The largest mine receiving a threat was Willow Lake Portal, an underground coal mine in Saline County, Illinois, owned by Peabody Energy Corp. Source: http://www.post-gazette.com/pg/10324/1104711-113.stm

• According to the Associated Press, the U.S. Energy Department’s watchdog said government agents hired to drive nuclear weapons and components in trucks sometimes got drunk on the job. (See item 11)

11. November 22, Associated Press – (National) Watchdog: Gov’t workers driving nukes got drunk. The U.S. Energy Department’s (DoE) watchdog said government agents hired to drive nuclear weapons and components in trucks sometimes got drunk on the job, including an incident last year when two agents were detained by police at a local bar during a convoy mission. The DoE’s assistant inspector general said her office reviewed 16 alcohol-related incidents involving agents, candidate-agents and others from the government’s office of secure transportation between 2007 through 2009. A November 22 report said the incidents “indicate a potential vulnerability” in what it described as a “critical national security mission.” There are nearly 600 federal agents who ship nuclear weapons, weapon components, and special nuclear material across the United States. The report said when agents drank overnight after checking into local hotels, their trucks were in “safe harbor” status. Source: http://www.cbsnews.com/stories/2010/11/22/national/main7078461.shtml


Banking and Finance Sector

14. November 22, Associated Press – (National) Feds probing mutual funds in alleged insider trading ring: Report. Federal authorities are examining whether multiple insider-trading rings reaped illegal profits totaling tens of millions of dollars, the Wall Street Journal reported November 20, citing people familiar with the matter. The 3-year criminal and civil investigation could result in charges by the end of the year, the Journal reported. A federal grand jury in New York has heard evidence, the paper said. One focus of the investigation is whether independent analysts and consultants who work for companies that provide “expert network” services to hedge funds and mutual funds passed along nonpublic information, the Journal reported. Such companies set up meetings and calls between current and former managers and traders who want an investing edge. The newspaper said one firm under examination is Primary Global Research LLC of Mountain View, California, which connects experts with investors seeking information in the technology, health care, and other industries. The firm’s Web site said the chief operating officer and the firm’s CEO previously worked for Intel Corp. Prosecutors and regulators are also examining whether bankers from Goldman Sachs Group Inc. leaked information about transactions, including health-care mergers, to the benefit of certain investors, the Journal reported. Source: http://www.investmentnews.com/article/20101122/FREE/101129995

15. November 21, Evansville Courier and Press – (Illinois) Zachary E. Richey sentenced to 35 years for bank robbery. A Lawrenceville, Illinois, man faces up to 35 years in federal prison after admitting he was the getaway driver in the December 2009 armed robbery of a bank in Lebanon, Illinois. The 24-year-old male told an FBI agent he participated in the robbery because he was unemployed and needed money to buy Christmas gifts for his 6-year-old son. In pleading guilty to a charge of aggravated bank robbery, he faces up to 25 years in prison, and up to 10 more years for his plea to a charge of using a firearm in relation to a violent crime. Sentencing is set for March 4 in U.S. District Court in East St. Louis. Two other suspects already have entered guilty pleas and have been sentenced for their roles in the holdup of the Regions Bank, which netted the robbers $22,000. A 32-year-old male is serving an 11-year sentence, and a 62-year-old male is serving a 65-year sentence for their roles in the robbery. Source: http://www.courierpress.com/news/2010/nov/21/no-headline---21b00xguiltyplea-brf/

16. November 20, Federal Bureau of Investigation – (New York) Societe Generale trader convicted of stealing high-frequency trading system code. The United States Attorney for the Southern District of New York, announced that a male suspect, a former trader at Societe Generale (SocGen) was found guilty November 20 of theft of trade secrets and interstate transportation of stolen property for stealing the proprietary computer code used in SocGen’s high-frequency trading system. The suspect was found guilty by a federal jury after an 8-day trial before a United States district judge. The Manhattan United States Attorney stated: “As the Manhattan federal jury has now found, he [the suspect] was a thief who hoped to make a small fortune by stealing and copying sophisticated computer code that was the equivalent of gold bullion to his former employers. According to the evidence introduced at the trial and other documents and proceedings in the case: From March 2007 to November 2009, the suspect worked at SocGen’s New York offices, first as a quantitative analyst and then as a trader in SocGen’s High Frequency Trading Group. SocGen is a global financial services company, headquartered in France. Source: http://7thspace.com/headlines/364353/societe_generale_trader_convicted_of_stealing_high_frequency_trading_system_code.html

17. November 19, KOMO 4 Seattle – (Washington) Secret Service: Seattle cyber attack larger than first thought. Federal agents now say the recent Seattle, Washington, cyber attack was a much bigger crime than first thought. A U.S. Secret Service spokesman said more than 1,000 accounts may have been compromised. “We are very close to pinpointing the actual person or persons who perpetrated this crime,” he said. The scheme appears to involve the sale or distribution of the stolen account information to numerous individuals across the country, as well as foreign countries. Those individuals then used the information to make purchases against the consumer accounts. The spokesman said the trail leads overseas, with the data stolen October 22 via a one-day computer hack. At this time, evidence points to only one hacker. And now only one business appears to have been hacked. The popular Broadway Grill said it started working with police as soon as the fraud was uncovered last month, and immediately reinforced it’s computer security. Source: http://www.komonews.com/news/consumer/108568029.html

18. November 19, Hermosa Beach Patch – (California) Police see similarities between Wells Fargo robber and ‘Chimney Sweep Bandit’. There may be a connection between the robbery of the Wells Fargo November 16 ,and other bank robberies across Southern California, according to the Hermosa Beach Police Department. “We suspect it could be the guy who they’re calling the ‘Chimney Sweep Bandit,’ “ a detective said November 19. “There are similarities.” The Chimney Sweep Bandit, so named because officers noticed dirt on his face in surveillance images, is suspected of robbing a Bank of America branch in Torrance November 4. He is also suspected of robbing banks in Ventura and Orange counties. He allegedly robbed a Chase bank in Orange last year. During that incident, he allegedly passed a note to the teller stating he would kill her, and demanded money. In the Torrance holdup, the robber also passed a note to the teller saying that he had a gun. Similarly, the man who robbed the Wells Fargo in Hermosa passed a note to the teller that read, “I have a gun, give me the money.” The FBI is searching for the Chimney Sweep Bandit. Source: http://hermosabeach.patch.com/articles/police-see-similarities-between-wells-fargo-robber-and-chimney-sweep-bandit

19. November 19, Stamford Times – (Connecticut) Man sentenced to 4-plus years for bank robbery spree that included 2 Wilton banks. A Stamford, Connecticut, man was sentenced November 18 to more than 4 years in prison for his role in a 4-month bank robbery spree that included two Wilton banks. According to court documents and statements made in court, between May 2009 and August 2009, the 29-year-old male robbed 12 banks in Norwalk, Westport, Stamford, Darien, Wilton, Fairfield, and West Harrison, New York. The suspect was sentenced November 18 by the U.S. District Judge in Bridgeport to 54 months of imprisonment, followed by 3 years of supervised release. Source: http://www.thestamfordtimes.com/story/494751

Information Technology

47. November 22, V3.co.uk – (International) Kroxxu botnet hits a million web users. Security experts have uncovered a dangerous new botnet which has already infected over 100,000 domains and 1 million systems worldwide, although it is still unclear how the cyber criminals are monetizing their efforts. The Kroxxu botnet has been designed solely to steal FTP passwords but, unlike traditional botnets, it is able to spread through infected Web sites alone rather than individual PCs, according to researchers at Avast Software who have been tracking it for over a year. The stolen passwords enable Kroxxu’s creators to add a script tag to the original Web site content, which then makes it possible to upload and modify files on infected servers and spread to other servers globally. The malware relies heavily on redirects to obfuscate itself, while various components of the network are able to perform different roles, known as “ indirect cross infection”. “Kroxxu’s indirect cross infections are based on all parts being equal and interchangeable,” said the head virus researcher at Avast. Avast has not yet discovered how the botnet organizers are making money from the scam, but the researcher suspects they could be selling stolen credentials or hacked space on infected servers, or using key-loggers to spread other spam. The botnet has infected 1,000 domains a month since its discovery in October 2009, and many of the PHP redirectors and malware distributors placed in the sites have survived for months at a time. By infecting legitimate sites, the botnet could have a serious impact on the success of URL blocking software, warned Avast. Source: http://www.v3.co.uk/v3/news/2273368/kroxxu-avast-botnet-threats

48. November 22, The H Security – (International) Spam hole in Google Mail. Until recently, a security hole in a Google API allowed e-mails to be sent to GMail users without knowing e-mail addresses. As reported by TechCrunch, victims only had to visit a specially crafted Web site while being logged into their Google account. Apparently, the hole could even be exploited while in Private Browsing mode, which does not usually give access to a user’s cookies. The vulnerability allowed e-mails with arbitrary subject lines and message bodies to be sent from the e-mail address noreply@google.com. As the e-mails included an authentic header, it was virtually impossible for users to distinguish them from an authentic e-mail sent by Google. The hole was discovered by a 21-year-old Armenian, who made his demo exploit freely accessible on Google’s Blogspot / Blogger service. Google shut the blog down shortly after the exploit was reported, and confirmed the problem in an e-mail to TechCrunch. Google said the hole in its Apps Script API has now been traced and fixed. Source: http://www.h-online.com/security/news/item/Spam-hole-in-Google-Mail-1139762.html

49. November 20, TechWorld – (International) China Internet ‘hijack’ hugely exaggerated, says researcher. The claimed ‘hijack’ of Internet traffic by China Telecom has been hugely exaggerated in scale and intent, a traffic analysis by Internet security company Arbor Networks has concluded. A blog by the Arbor chief scientist picked apart the speculative claim, attributed to McAfee’s VP of threat research, that the unusual routing diversion through China Telecom April 8, 2010 could have amounted to as much as 15 percent of Internet traffic. According to the chief scientist, this appears to have been calculated by comparing the 40,000 affected BGP routes to the 340,000 in the routing table as a whole, a calculation originally cited by the industry BGPmon Web site. Using numbers culled from the Arbor Atlas traffic monitoring system of 80 global ISPs, however, traffic on that day barely increased beyond normal patterns, at most it amounted to only a few gigabits per second out of an Internet total between 80 and 100 terabits per second. A redirection of a major portion of Internet traffic would have been expected to have either boosted or suppressed traffic volumes, depending on the scale of increase in traffic to China Telecom or the decrease in volume to other ISPs. Neither appeared to happen on any scale. Source: http://www.networkworld.com/news/2010/112110-china-internet-hijack-hugely-exaggerated.html

50. November 19, eWeek – (International) Hackers target Black Friday, Cyber Monday search terms. Attackers have set their sights on holiday shoppers searching for leaked Black Friday ads, creating malicious sites that appear on search engine result pages, according to a November 18 alert by SonicWall. Security experts at SonicWall UTM Research discovered “polluted” results appearing in search engine results for holiday shopping-related terms in advance of Black Friday sales, the company said. These links take users to a malicious site that tricks users into downloading malware. The terms include “Walmart Black Friday Sales 2010,” “Black Friday,” and “Cyber Monday,” according to researchers.The infected machines are sending encrypted data back to a specific site, said a SonicWall researcher, adding that team is still decrypting the data, but it “looks similar” to the InfoStealer Trojan activity. The returned search results have titles like “Walmart Black Friday 2010” and the same phrase embedded in the URL string, according to the screenshot of malicious search results posted on the SonicWall site. Since many of the sites are already known to be malicious, Firefox and Google are able to flag the links accordingly. Hackers are also using Best Buy-related search terms, such as “Best Buy Black Friday 2010 deals,” to push a fake antivirus software called “Internet Security Suite,” according to security company Thirtyseven4. Researchers at Sunbelt Labs also noticed that search terms for free holiday e-cards (“free cards to print”) directed users to a fake antivirus called FakeVimes. Source: http://www.eweek.com/c/a/Security/Hackers-Target-Black-Friday-Cyber-Monday-Search-Terms-347977/

Communications Sector

51. November 20, Kane County Chronicle – (Illinois) Downed lines spark Comcast outage November 20. Downed overhead utility lines knocked out cable television, Internet, and telephone service to many Comcast customers in portions of Kane and DeKalb counties in Illinois, November 20. At about 10:30 a.m. November 20, a garbage truck operating in the area snagged and severed Comcast utility lines, said a Comcast spokeswoman. The resulting telecommunications service outage affected a number of Comcast subscribers throughout the Wasco area of Campton Hills and in portions of Batavia, as well as customers as far west as DeKalb and Rochelle. The outages continued until 2:30 p.m. in the DeKalb area and until shortly after 3 p.m. in the Campton Hills area. Full service was restored throughout the region by 4:30 p.m. Source: http://www.kcchronicle.com/articles/2010/11/20/91341420/index.xml

52. November 19, Associated Press – (Illinois) Line break affects telephone service in Urbana, Illinois. Company spokesmen for AT&T said repair crews continued working around-the-clock to fix a line break that left many Urbana, Illinois customers without phone and Internet service. The outage stretched into its second day November 19. Many Urbana schools were without phone service November 19, but officials said Champaign County’s 911 emergency line service was restored early November 19. The AT&T line break occurred just after 8:30 a.m. November 18 when an augur struck the cables as a contractor was taking core samples on the University of Illinois campus. AT&T spokesmen told the (Champaign) News-Gazette that complete repairs could take days to complete, as crews work on splicing cables to replace the damaged section. Source: http://www.bnd.com/2010/11/19/1483396/line-break-affects-telephone-service.html