Wednesday, December 29, 2010

Complete DHS Daily Report for December 29, 2010

Daily Report

Top Stories

• The U.S. Embassy in London was a target of a group of men arrested in Britain and charged with conspiracy to cause explosions and preparing acts of terrorism, according to Reuters. (See item 39)

39. December 28, Reuters – (International) U.S. says embassy was target of attack. The U.S. Embassy in London was a target of a group of men arrested last week in Britain and charged with conspiracy to cause explosions and preparing acts of terrorism, the U.S. State Department said December 27. Twelve men were arrested December 20 in what British police said were counter-terrorism raids essential to protect the public from the threat of attack. Three were later released without charges, leaving nine who appeared in court December 27 to face the charges. The suspects were from London, the Welsh capital of Cardiff, and the central English city of Stoke. A British police statement said the men had conspired to cause “explosions of a nature likely to endanger life or cause serious injury to property.” It added they had been downloading material from the Internet, researching and discussing potential targets, carrying out reconnaissance, and “igniting and testing incendiary material.” The police statement did not specify what the potential targets were. Source:

CNN reports more than 200 people were trapped and several others were injured when a ski lift broke down at Sugarloaf Ski Resort in Kingfield, Maine, causing several lift riders to fall to the ground. (See item 55)

55. December 28, CNN – (Maine) Ski lift malfunction injures several at Maine resort. More than 200 people were trapped and several others were injured December 28 when a ski lift broke down at Sugarloaf Ski Resort in Kingfield, Maine, causing several lift riders to fall to the ground, a resort manager said. A spokesman for the resort said the derailment on one tower of the Spillway East lift happened around 10:30 a.m. when the lift’s cable skipped over the edge of a pulley. Five of the lift’s chairs fell 25 to 30 feet and hit the ground, he said. He later told CNN the rescue operation was complete around noon. Franklin Memorial Hospital in Farmington, Maine, received three patients and was expecting four more, according to a spokeswoman. Another patient was brought in by ambulance, but was transferred to Maine Medical Center in Portland by helicopter, he said. A CNN employee who initially was trapped on the lift said he saw skiers fall from the lift when it came to an abrupt stop during high winds. High winds were gusting between 30 mph and 50 mph in the area at the time, according to a CNN meteorologist. There were an estimated 220 people on the more than 100 chairs on the lift, and the process of evacuating everyone from the chairs dangling above the resort was under way the afternoon of December 28. Sugarloaf has never had a lift derailment of this nature in its 60-year history. The cause of the accident was under investigation. Source: by bberencz


Banking and Finance Sector

15. December 28, HedgeCo.Net – (Utah: International) Hedge fund manager indicted in $30 million international fraud scheme. A Utah hedge fund manager has been arraigned on multiple counts of mail fraud, wire fraud, and conspiracy, relating to his operation of a Utah-based hedge fund company, “Coadum Capital.” The suspect was indicted December 15, along with an alleged accomplice. “This indictment alleges a major international investment fraud scheme that defrauded over 100 victims around the country out of tens of millions of dollars, most of which was transferred to overseas accounts,” a prosecutor said. Coadum attracted more than $30 million in investments in 2006 and 2007. Coadum offered shares in hedge funds and advertised monthly returns of 5 percent. The indictment alleged money placed in escrow was transferred to accounts in Switzerland and the Mediterranean island of Malta, from where it then disappeared. The indictment said investors lost approximately $30 million. The charges carry a maximum sentence of 20 years in prison and a fine of up to $250,000 each. Source:

16. December 28, Softpedia – (International) Anonymous attacks Bank of America. Anonymous has launched a distributed denial of service attack (DDoS) against Bank of America (BoA), after the U.S.-based financial giant banned transactions destined for WikiLeaks. About 2 weeks ago, BoA joined the list of companies boycotting WikiLeaks by announcing it would block all transactions related to the whistleblower organization. All of the firms became targets of coordinated DDoS attacks by Anonymous, a notorious group of hacktivists. The holiday delayted the attack, but it launched December 27. However, as some previously predicted, a lack of organization failed to cause major problems for Bank of America. Infosec Island reported the primary impediment was technical issues with the “hive mind” feature of the LOIC DDoS tool, which normally forces the user’s computer to join a voluntary botnet. Users had to resort to filling in the target details manually and not all of them managed to do it. Even so, the BoA Web site experienced slowdowns and even went offline for short periods of time. The force of the attacks is expected to increase as the hive mind problem gets resolved and more members return from the Christmas holiday to join the effort. Source:

17. December 28, Associated Press – (National) Former Chicagoan accused of $8M investment fraud. Federal prosecutors have charged a former Chicago, Illinois man of swindling nearly $8 million from more than 50 victims who were led to believe they were buying specially discounted stock in a number of well-known companies, including Google Inc., and Facebook Inc. The U.S. Attorney’s office in Chicago said the 39-year-old suspect, now of Newton, Massachusetts, was charged December 27 with one count of wire fraud, and one count of filing a false federal income tax return. The office said the suspect will be arraigned at a later date, and did not say whether he had an attorney. A spokesman for the U.S. Attorney’s office, said the suspect styled himself as a self-employed securities trader while running the alleged swindle from locations in Chicago, Seattle, Boston, and Newton. Source:

18. December 27, Press Trust of India – (International) Banks to add extra security layer for phone banking. Banks will ask for an additional password from credit card customers from the new year for any transactions conducted over phone, subsequent to a Reserve Bank of India (RBI) direction for making phone banking more secure. According to the RBI guidelines, banks must decline any telephonic banking transactions, including the automated IVR (Interactive Voice Response) services, where the customers do not have a one-time password (OTP) for such services with effect from January 1, 2011. However, OTP will be valid for a single use and would remain in effect for 2 hours. Customers will have to generate a separate OTP for each IVR transaction. The new step has been taken as a safeguard against credit card frauds. There has been an uptick in frauds involving lost or stolen cards. For transactions where cards are needed to be presented physically, RBI has already made it mandatory for an identity verification, and the signature also must match the one on the card. The added security layer for phone banking follows a similar step taken by banks for Internet banking transactions. Banks like Citibank and HDFC Bank have already told their customers to get OTP for phone banking transactions, while others are in the process of doing so. According to banking sector experts, customers who do not get an OTP before January 1, will be prompted to get one whenever they initiate a phone banking transaction. Source:

19. December 27, Softpedia – (International) Santander exposes bank statements of over 22,000 customers. Late during the week of December 20-24, Santander’s United Kingdom branch announced a data breach where bank statements of 22,600 customers were sent to the wrong recipients. According to a bank spokesperson, the incident was the result of a printing equipment error at a third-party company paid to send the statements. “With the bank statement, the first page contains the name and address, the account number and sort code. This was correct,” a Santander spokesperson told eWEEK. The bank will send out corrected statements and will notify all affected customers about the potential privacy breach, but stressed the risk of fraud is very small. The organization has alerted the Financial Services Authority, and the Information Commissioner’s Office also launched its own probe. The printing equipment was reset after producing 35,000 statements. Source:

20. December 27, – (National) Fraud 2011: Beware cross-channel threats. Fraud in all its forms will continue to strike banking institutions across all channels in 2011. And until banks and credit unions increase investments in analytics and channel integration, they will continue to suffer losses. That’s the overall message from the Faces of Fraud: Fighting Back survey, whose results were released in an Executive Summary by Information Security Media Group. The survey, which include responses from more than 230 financial leaders and security officers at financial organizations of all sizes, reveals keen insights into the fraud landscape. The study found credit and debit card fraud ranks No. 1 among current forms of fraud, with 81 percent of respondents saying they were impacted by payment card incidents this year. Check fraud came in second, with 63 percent saying it remains a problem. Phishing and vishing-related fraud was third, getting 48 percent of respondent votes. But only 20 percent of respondents said they are prepared to fight and prevent phishing and vishing attacks. The survey also found cross-channel fraud detection is not being widely implemented, with 55 percent saying they continue to rely on manual techniques. Only 26 percent have a plan or team in place for cross-channel detection; and 63 percent said they either have no cross-channel plan or team, are working on a plan or team, or simply do not know. The study indicated 76 percent of respondents first learn of fraud incidents only when customers and members notify them. To reduce vulnerability to fraud, 63 percent said they improved customer and employee awareness through education, 40 percent said they invested in new technology and 17 percent have increased budgets and/or staff. In 2011, 34 percent of respondents will increase budgetary investments and/or personnel to improve fraud prevention. Source:

21. December 24, La Jolla Patch – (Colorado; California) ‘Ho-Hum Bandit’ may be robbing Colorado banks. After a 5-month bank robbery spree, the “Ho-Hum Bandit” seemed to just disappear from Southern California. It now appears as though he may have moved on to a new market. Investigators said a serial bank robber who is wanted in Colorado matches the description of Ho-Hum Bandit, who hit up 12 banks, including the Citibank in La Jolla, from late February through July. In Colorado, the robber was given a different moniker—the “JV Bandit Gone Bad,” according to a FBI Special Agent. The JV Bandit is wanted for 8 robberies in Boulder, Denver, and Fort Collins. “Just like here, he’s going every two or three weeks,” the FBI Special Agent said. The bandit is described as a white male in his 30s. He is approximately 5 foot 9 and 160 to 170 pounds. The FBI said he is fair-skinned and usually wears some type of hat, faded jeans, and white sneakers. Source:

Information Technology

47. December 28, Softpedia – (International) Trojan distributed in new mass injection attack via Java downloader. Security researchers warn a new mass injection attack is underway directing the visitors of hundreds of Web sites to a malicious Java applet which downloads a Trojan. According to the creator of the Unmask Parasites Web scanner, the malicious code is added at the end of HTML pages on compromised Web sites and takes the form of an obfuscated JavaScript function. When parsed by the browser, this function adds a rogue IFrame to the HTML document, which loads a new(dot)htm page from aubreyserr(dot)com, medien-verlag(dot)de or yennicq(dot)be. According to statistics from Google’s Safe Browsing service, around 2,000 Web sites link to these domains, giving a rough estimation of the attack’s impact so far. The page called by the IFrame loads a Hidden.jar applet deceptively titled “Java Update.” This is a Java OpenConnection-type downloader whose only purpose is to download and execute a file called host.exe. Source:

48. December 28, The New New Internet – (International) Texas-based whistle-blower site attacked. A Texas-based Web designer who runs idontgiveascam(dot)com — a whistle-blower site aimed at exposing online business scams — said a DDoS attack caused him an estimated $10,000 in damages and revenue loss, according to San Antonio Express-News. He said a California-based company hosts the server for his site, and it could not stop the week-long attack. After recovering from the first cyber attack, he found a message on his site from by a poster named USA, RUSSIA, GERMAN HACKERZ that read, “please close this site i give you 2 Days, when you don t close this site, i must take my botnet und we attack you again. i say that here not for funny !!!” “Some of the people on there became agitated that their business is being affected by the site,” he told San Antonio Express-News. “So they hacked the site before and they had threatened to attack.” A clue to the culprit’s identity was detected after a suspected attacker posted a comment on the site. The IP address led to Russia. Source:

49. December 28, Help Net Security – (International) Geolocation, mobile devices and Apple top the list of emerging threats. McAfee unveiled its 2011 Threat Predictions report, outlining the top threats that researchers at McAfee Labs foresee for the coming year. The list comprises 2010’s most buzzed about platforms and services, including Android, iPhone, foursquare, Google TV, and the Mac OS X platform, which are all expected to become major targets for cybercriminals. McAfee also predicts that politically motivated attacks will be on the rise, as more groups are expected to repeat the WikiLeaks paradigm. The report outlines the following top threats: Exploiting Social Media: URL-shortening services; Exploiting Social Media: Geolocation services; Mobile: Usage is rising in the workplace, and so will attacks; Apple: No longer flying under the radar; Applications: Privacy leaks — from your TV; Sophistication Mimics Legitimacy: Your next computer virus could be from a friend; Botnets: The new face of Mergers and Acquisitions; Hacktivism: Following the WikiLeaks path; Advanced Persistent Threats: A whole new category. Source:

50. December 27, eWeek – (International) Tuesday most active day for malware distributors, says SonicWALL. After analyzing the malware and online threats of 2010, SonicWALL security researchers said they found that Tuesday was the most threat-heavy day of the week. Monday was a close second for threat-related traffic, Sonic Wall’s vice-president of e-mail security told eWEEK. It was not clear from the analysis why malware activity was the highest on Tuesdays, but he speculated a connection with Microsoft’s Patch Tuesday announcements. SonicWALL researchers noticed this pattern for China, India, Mexico, South Africa, Taiwan, Turkey, the United States, and several European countries. The researchers also found the most active time for threat-related traffic in the United States was between 10 a.m. and 11 a.m. Pacific time. According to the analysis, Trojans tend to peak in September and December, corresponding with the proliferation of back-to-school offers and holiday greeting cards. However, there was also a “second wave” of threats, as attackers send follow-up scams in January, when bills come due. Source:

51. December 24, ITProPortal – (International) Facebook blocked URLs over spam fears. Facebook temporarily blocked all shortened URL links on its platform owing to spam and malware issues. The social networking platform decided to take action after it discovered that more than 70 percent of links redirected users to spam and other malicious Web sites. The company said in a statement that: “As part of our effort to keep Facebook and the people who use our service secure, we closely monitor the content shared on the site for spam and malicious content.” Facebook also said it was working with parent company in order to resolve the issue. According to TechCrunch, links shortened by are once again accessible from the platform. Source:

Communications Sector

52. December 28, City News Service – (California) SoCal storms damage AT&T system. The recent heavy rainfall in Southern California damaged the telephone system to the point of creating a “natural disaster,” leaving residential and business customers throughout the region without a dial tone, an AT&T spokeswoman said December 27. “We have technicians out there, working around the clock to restore service,” she said. She could not estimate the number of service outages in Riverside or neighboring counties, but said the breadth of the damage had prompted the company to redeploy technicians from Northern to Southern California over the past several days. A spokesman with Verizon California — another major local exchange carrier — said a “significant number” of storm-related repair calls had come in, and the company had crews “working night and day” to restore phone service. He predicted it would take about 2 weeks to fix all the storm-related problems. AT&T customers have lost voice and DSL access, preventing any communication — except by mobile phone. Source:

53. December 26, Bloomington Pantagraph – (National) FBI looking for possible victims of phone scam. The FBI is looking for people who may have been victimized by a phone bill scam. The scam involves charges on phone bills for services related to Alternate Billing Corp., 24078 Greenway Road, Forest Lake, Minnesota, or any of the following: 800VMailbox; BusinessSEOPro; Digital VMail; Durham Technology; eProtectID; eSafeId; Identity Holdings; InfoCall; Instant 411; InstantSEOPro; Matchgamepro; Mobile 411 Plus; My411Connect; MyIDSafe; MyIProducts; NeedTheInfo; ProIdentityProtect; Safeguard My Credit; Streaming Flix; Streaming Flix-FamilyWebSafety; Streaming Flix-Iconz of Rock VIP; Streaming Flix-Mobile; Streaming Flix-National Lampoon; Streaming Flix-No Good TV Digital; Streaming Flix-UBD; Studio 127; Uvolve; VolCoff. According to a statement from the Springfield office, no further information can be released because of an ongoing inquiry. The FBI does want to contact people who believe they were improperly billed. Source:

54. December 24, Winona Daily News – (Minnesota) Blaze destroys Utica Telecommunications shed. The police scanner initially reported December 23 that the water tower in Utica, Minnesota, was on fire. When the Lewiston Fire Department, which covers Utica, arrived, the fire was nearly 200 feet up a hill, with a “minimum service road” mostly covered by 18 inches of snow. More than a dozen firefighters fought the blaze in a shed next to the city’s water tower. The shed housed satellites and cable equipment for Utica Telecommunications, a cable television service provider. The building had about 100 square feet of space. The assistant Lewiston fire chief said the owner of Utica was in the shed using de-icer and heard a pop when the fire broke out. The shed is just several yards away from the city’s well that feeds the water tower, Utica’s mayor said. The city’s water supply was unaffected. “This could have been real bad if it had spread,” he said. Fire crews were able to use a gravity-fed fire hydrant near the tower to put out the fire. It took crews about 10 minutes to extinguish the blaze. Firefighters had to trudge up nearly 200 feet of hill with hoses and nozzles to out the flames. The temperature remained in the low 20s. The building was completely destroyed. Source: