Wednesday, November 24, 2010

Complete DHS Daily Report for November 24, 2010

Daily Report

Top Stories

· IDG News Service reported a Florida woman has pleaded guilty to charges she helped her employer sell counterfeit computer chips for use by the U.S. military in items ranging from missile programs and radiation detectors to high-speed trains. (See item 13)

13. November 23, IDG News Service – (Florida; National) Woman admits aiding firm in selling fake chips to U.S. military. A Florida woman has pleaded guilty to charges she helped her employer sell counterfeit computer chips for use by the U.S. military. The woman was an administrator at VisionTech Components, a Clearwater, Florida, company that sold military-grade integrated circuits designed to handle extreme temperatures and the shocks and bumps of battlefield use. She pleaded guilty November 19 to a single conspiracy charge. Prosecutors said VisionTech did more than $15.8 million in business over a 3-year period, doctoring and then selling counterfeit integrated circuits imported from Hong Kong and China. The fake chips were sold to many companies, including subcontractors working with big defense suppliers such as Raytheon Missile Systems, BAE Systems, and Northrop Grumman. They were often destined for use in sensitive areas such as missile programs, radiation detectors, and non-military systems such as high-speed trains, the Department of Justice said in court filings. Many of the chips were used in situations where a system failure would be disastrous. Source:

· According to KHOU 11 Houston, copper thieves have hit dozens of transmission towers in two Texas counties, in one instance endangering more than 250,000 people, when they knocked emergency communication systems for firefighters and paramedics offline. (See item 40)

40. November 22, KHOU 11 Houston – (Texas) Copper thieves target radio transmission towers, endanger public. A rash of break-ins at radio transmission towers in northern Harris and southern Montgomery counties in Texas have first responders worried about the impact on public safety. Thieves have broken into and stolen copper wiring from dozens of towers and, in at least one instance, disrupted the communications system dispatchers use to communicate with firefighters and paramedics. He said thieves broke into the fire department’s transmission tower near Spring the week of November 15. They pointed the surveillance camera toward the sky and ripped apart a generator, he said. He said more than a quarter million people were put in danger because a communications outage triggered by the theft left dispatchers without a primary way to reach firefighters and paramedics for nearly 1 hour. According to sources inside various fire departments, thieves have targeted dozens of transmission towers in northern Harris and southern Montgomery counties for months. Thieves have also stolen copper pipes and copper wiring from a fire station under construction in Spring. Source:


Banking and Finance Sector

15. November 23, Reuters – (National) FBI raids three hedge funds in insider trading case. The FBI raided three hedge funds as part of a widening probe into suspected insider trading in the $1.7 trillion hedge fund industry. The November 22 raids come as federal prosecutors prepare to unveil a series of new insider trading cases as soon as this year against hedge fund traders, consultants and Wall Street bankers. Two of the raided funds are Diamondback Capital Management LLC and Level Global Investors LP, each based in Connecticut and run by former managers of SAC Capital Advisors, one of the best-known U.S. hedge funds. A Boston, Massachusetts-based firm, Loch Capital Management, was also raided, a person familiar with the matter said. Loch has close ties with a witness who pleaded guilty in an insider trading probe centered on hedge fund Galleon Group. ―The Justice Department promised a more muscular approach to white-collar crime, and is delivering,‖ said a professor at the City University of New York’s John Jay College of Criminal Justice. Spokesmen for the FBI in New York and Boston said November 22 that the agency had executed search warrants in connection with an ongoing investigation. Source:

16. November 23, Delaware County Times – (Pennsylvania) Marple, Aston probe bank robberies. Police believe a suspect in a November 22 robbery at Sovereign Bank in Marple, Delaware is the same hooded male in sunglasses who pulled off a similar heist in Aston earlier this month. Just as the lone male did November 13 at the Iron Workers Bank in Aston, the suspect in the latest incident implied but did not display a weapon. According to a Marple police detective, the male presented a demand note to tellers when he entered the Sovereign Bank at 3001 West Chester Pike in Broomall, about 2:57 p.m. November 22. A suspect was captured on surveillance video at both banks and appears to be wearing a similar gray hooded sweatshirt and knit gloves. He is described as white, 25 to 30 years old, about 5 feet 10 inches tall, medium build with dark hair, beard and mustache. In Aston, the suspect was the only customer in the bank at 3333 Concord Road, during the robbery. He entered the bank at about 11:14 a.m. At the time, he approached the counter, stood between two tellers, and asked who was available. Police said the suspect’s speech suggested to the tellers that he was from the area. Source:

17. November 22, East County Magazine – (California) Escondido bomb maker had largest stash of home-made explosives ever found in U.S.; suspect also accused of bank robberies. A 54-year-old male from Escondido, California pleaded not guilty to 28 criminal counts November 22. He is accused of possessing destructive explosive devices and the ingredients to make them, as well as robbing two local banks. The deputy district attorney told the judge that the suspect’s home was ―a bomb factory‖ containing ―the largest quantity of these types of homemade explosives at one place in the United States.‖ Those materials pose ―a huge danger to officers and the public,‖ she said. In addition to bombs and explosive materials, authorities found multiple detonators, grenades, and shrapnel. Authorities have not disclosed what the intended target of the bombs may have been, nor whether the man was acting alone or as part of an organization. After a gardener was injured in an explosion in the home’s backyard last week, investigators with the FBI, the Bureau of Alcohol, Tobacco and Firearms, and San Diego County Sheriff’s Department searched the premises. They discovered mason jars containing over 9 pounds of HMTD, an explosive commonly used by suicide bombers and implicated in the foiled Millennium plot to bomb Los Angeles Airport. On November 22, prosecutors revealed, additional explosives known as ETN and PETN were also found. ETN is often mixed with other explosives and is highly volatile and sensitive to friction. Mixed with plasticizers, PETN becomes a plastic explosive. It is one of the most powerful explosives in the world. Source:

18. November 22, Straits Times – (International) M’sian hacker ‘not alone’. The Malaysian accused of hacking into the system of a United States central bank branch in Ohio is believed to be highly skilled and acting in collaboration with others to carry out cybercrimes. The 32-year-old male was described as an ―extremely sophisticated and dangerous computer hacker‖ in documents obtained from the U.S. Justice Department. He allegedly made a career of compromising computer servers belonging to financial firms, defense contractors, and major corporations. He then sold or traded the stolen information to others, according to U.S. prosecutors. He is accused of hacking into the high-security systems of the U.S. Federal Reserve Bank and the Pentagon’s security contractors. He was caught in a New York diner by the U.S. Secret Service October 21 while allegedly selling stolen credit card numbers for $1,000. He had arrived in the city just hours before his arrest. Source:

Information Technology

41. November 23, PC World – (International) iOS 4.2 includes massive security update. Apple has released iOS 4.2. The update fixes more than 80 vulnerabilities in the iPhone, iPod, and iPad. Apple policy dictates that the vulnerabilities not be publicly disclosed until the patch is available. Many of the vulnerabilities had critical security implications. For example, viewing a PDF file was a potentially risky task on pre-iOS 4.2 devices. ―A heap buffer overflow exists in FreeType’s handling of TrueType opcodes [CVE-2010-3814]. Viewing a PDF document with maliciously crafted embedded fonts may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking,‖ Apple said. There is also a vulnerability which reveals surfing history. ―A design issue exists in WebKit’s handling of the CSS :visited pseudo-class. A maliciously crafted website may be able to determine which sites a user has visited. This update limits the ability of web pages to style pages based on whether links are visited.‖ Source:

42. November 23, Network World – (International) Facebook’s Christmas Tree virus only a hoax. Security vendor Sophos said Facebook users can relax and stop warning each other about a supposed computer crashing Christmas tree-themed app disguised as a virus since the whole thing is just a hoax. Thousands of Facebook users have raced in recent days to rescue friends by posting warnings of ―one of the WORST Trojan viruses‖ out there, but Sophos said it has seen no evidence that such a malware-bearing app exists (not that one could not be concocted). Sophos said the warnings of this non-existent app actually appear to have traveled faster than past warnings of real threats. Geek Squad is cited by Facebook users as a source warning of the Christmas Tree app. A senior technology consultant with Sophos noted there was a real Christmas tree virus back in the late 1980s that did infect machines on IBM’s internal network and other networks. Source:

43. November 23, IDG News Service – (International) Is SAP afraid of a Stuxnet-style attack? Enterprise software provider SAP is stepping up its security stance as its once-isolated systems become increasingly connected to the Internet, posing new risks as hackers diversify their targets. “You can now have all your business information directly connected to the Internet,‖ said the director of research and development for Onapsis, which does SAP security evaluations for companies. With SAP, mostly now the concern is a direct attack, such as taking a system offline or modifying business information,” he said. The core of SAP is its Netweaver platform. If an attacker can get inside Netweaver, any of the other applications on top of it can be compromised, he said. SAP has also been evangelizing the importance of better security practices to its customers. In September, it published a white paper, ―Secure Configuration SAP Netweaver Application Server ABAP,‖ that consolidated a set of its existing security recommendations into a succinct document. The recommendations cover SAP systems used on internal networks and are not Internet facing. “While some organizations already have made these configurations, we realized that other customers still underestimate the increased level of threat from inside a company,” an SAP spokesman said. Source:

44. November 23, Help Net Security – (International) Multiply users urged to download disguised malware. Users of the Multiply social networking site have lately been targeted with malicious personal messages coming from accounts opened by cybercriminals. The message implies that the sender and the recipient know each other from somewhere, and the potential victim is urged to see the attached movie in order to jog their memory. But, the movie is just a pretext to get him or her to install a codec that is supposedly needed to see the video. The offered codec is a dropper Trojan in disguise. It is detected by Trend Micro as TROJ_KATUSHA.F, and it is also often sent out as an attachment in bogus e-mails. Source:

45. November 22, Help Net Security – (International) Are malware hybrids the next big threat? Recent encounters with hybridized malware files have left Trend Micro researchers wondering if they have been designed that way or if they are just an undesirable side effect lurking from heavily infected systems. To demonstrate how both malware may benefit from the symbiosis, they took the recently detected attack involving an IRC bot (WORM_LAMIN.AC) infected by a mother file infector (PE_VIRUX.AA-O) as an example. Because of PE_VIRUX’s polymorphic nature, WORM_LAMIN.AC might be harder to detect. WORM_LAMIN.AC returns the favor by spreading PE_VIRUX. Together they change user and system security settings in a way that makes it easier for them to remain undetected, and payloads carried by both are delivered. It is likely that its appearance will spark other malware developers to try that novel approach. Source:

For another story, see item 13 above in Top Stories

Communications Sector

46. November 22, Erictric – (National) There goes Google Voice; down once again. Google Voice was down again. The service has almost been suffering performance or downtime issues on a daily basis in November. When asked for comment, Mountain View, California-based Google Inc. indicated a bug has caused issues. However, they did not elaborate further. Affected users November 22 appeared to be unable to place outbound calls. In addition, some reported seeing ―This Call Cannot Be Completed‖ error messages. Inbound calls also appear to be affected, as they do not get through. Source:

47. November 22, Charlottevile Hook – (Virginia) CenturyLink internet not working for many (or is it?). Many of CenturyLink’s high-speed Internet customers in Virginia were without service November 22, as the provider was experiencing a wide-spread outage. ―We are currently working to resolve this issue,‖ said a recorded voice at the technical support number. ―We apologize for the inconvenience.‖ A phone call seeking further information about the outage was promptly returned — with the information that there may not be any wide outage at all. ―We feel like that [recording] may be in error,‖ said a spokeswoman. ―We don’t have any widespread outages reported. Our load doesn’t show any kind of a spike.‖ Source: