Friday, January 21, 2011
Complete DHS Daily Report for January 21, 2011
Daily Report
Top Stories
• Nine schools in the Woodland Hills area of Los Angeles, California, were locked down for hours after a school police officer was shot near a campus January 19, according to the Associated Press. (See item 36)
36. January 20, Associated Press – (National) 9 LA schools reopen with extra security after police officer’s shooting; suspect sought. Nine schools in the Woodland Hills area of the west San Fernando Valley in Los Angeles, California, that were locked down for hours after a school police officer was shot near a campus January 19, reopened January 20 under heavy security, a district official said. School district police and city officers patrolled at El Camino Real High School and other campuses in the area. Crisis counselors also were on hand, but normal classes were held. “We feel that our students are safe and secure,” but the extra security presence may comfort anxious pupils, a spokesman for the Los Angeles Unified School District said. The shooting happened January 19 on a street just outside El Camino Real. Some 9,000 students were held in classrooms for hours at area middle, elementary, and high schools as police searched for the suspect. Some were finally allowed to leave long after dark. A school police officer was struck in the chest by a bullet when he confronted a man breaking into cars, but his body armor stopped the round, authorities said. More than 350 police officers, sheriff’s deputies and California Highway Patrol officers scoured 7 square miles around the school. Three schools in the “hot zone” — the immediate area near the shooting — kept students in classrooms for hours without access to food or bathrooms, the spokesman said. Source: http://www.latimes.com/news/nationworld/nation/wire/sns-ap-us-la-school-officer-shot,0,2787380.story
• KGO 7 San Francisco reports police arrested a woman for storing five pipe bombs, including at least one with glass shards, in a storage locker in Pacheco, California. (See item 50)
50. January 19, KGO 7 San Francisco – (California) Woman jailed after pipe bombs found in storage. Police are still trying to figure out why a 40-year-old Concord, California woman had five pipe bombs in a rented storage locker in Pacheco, California. She is being held in the Contra Costa County jail in Martinez, on $500,000 bail. She is charged with possession of an explosive device for the four bombs found inside a backpack inside a locker she rented at Affordable Storage on North 1st Avenue. A fifth bomb was found outside the backpack. “They varied in sizes from 4 or 5 inches to 8 inches. Inside one of the pipe bombs, we are checking to see if they were in more, we found glass shards. Specifically, when it explodes it was meant to hurt someone when those shards come out of the pipe bomb,” a commander with the Contra Costa Narcotic Enforcement Team said. Two others arrested at the storage facility have been released and are not believed to be connected to the explosives. A small amount of methamphetamine was also located at the storage unit. The commander said his agents are trying to determine the purpose of the explosives, and that the suspect is not cooperating with investigators. Source: http://abclocal.go.com/kgo/story?section=news/local/east_bay&id=7907676
Details
Banking and Finance Sector
13. January 20, New York Times – (International) Theft of E.U. emission permits estimated at $37.7 million. European Union (EU) regulators said January 20 that the value of greenhouse gas emission permits stolen in online attacks over recent days was about 28 million euros, and that employees of companies connected to the system might have played a role in the thefts. The European Commission shut down its Emissions Trading System, its main tool to control greenhouse gas emissions, January 19 to stop the spate of thefts, valued at the equivalent of $37.7 million. The commission, the E.U.’s executive arm, initially put most of the blame on computer hackers and on poor computer security. An E.U. official said some companies that regularly use the system admitted their employees could be “implicated” in the thefts. The thefts were carried out at electronic registries in Austria, Greece, the Czech Republic, Poland, and Estonia, according to the commission. The commission said spot trading at all E.U. registries, which track ownership of allowances, would be suspended until at least January 26. Source: http://www.nytimes.com/2011/01/21/business/global/21carbon.html
14. January 20, IDG News Service – (International) Fraudster’s money mules in short supply, says Cisco. A new security report from Cisco Systems estimated the amount of stolen online bank account data far exceeds the number of people fraudsters can get to transfer stolen funds, who are known as “money mules.” A mule is someone who either knowingly helps or is tricked into moving money from a victim’s bank account through their own account and then onto a third party, usually located in another country. Money is transferred from the victim’s account to the mule’s account, and the mule is then instructed to quickly withdraw the money and do a wire transfer or an ACH (Automated Clearing House) transfer. The ACH system is used by financial institutions for exchanging details of direct deposits, checks, and cash transfers made by businesses and individuals. Despite increasing awareness of the schemes, often advertised as “work-at-home” jobs with generous salaries, many people still get caught up in the frauds. Cisco said in its 2010 Annual Security Report that the ratio of stolen account credentials — which can be acquired through phishing or hacking — to available mule capacity could be as high as 10,000 to 1. Source: http://www.computerworld.com/s/article/9205625/Fraudster_s_money_mules_in_short_supply_says_Cisco_
15. January 19, Internet Crime Complaint Center – (National) E-mails containing malware sent to businesses concerning their online job postings. Recent FBI analysis revealed cyber criminals engaging in ACH/wire transfer fraud have targeted businesses by responding via e-mail to employment opportunities posted online. Recently, more than $150,000 was stolen from a U.S. business via unauthorized wire transfer as a result of an e-mail the business received that contained malware. The malware was embedded in an e-mail response to a job posting the business placed on an employment Web site and allowed the attacker to obtain the online banking credentials of the person authorized to conduct financial transactions within the company. The malicious actor changed the account settings to allow the sending of wire transfers, one to the Ukraine, and two to domestic accounts. The malware was identified as a Bredolab variant, svrwsc.exe. This malware was connected to the ZeuS/Zbot Trojan, which is commonly used by cyber criminals to defraud U.S. businesses. Source: http://www.ic3.gov/media/2011/110119.aspx
16. January 19, Asbury Park Press – (New Jersey) Highlands man charged in bomb threat at Rumson bank. A Highlands, New Jersey man threatened to blow up a borough bank as he was leaving it January 18, prompting a lockdown and a call for the New Jersey State Police Bomb Squad, officials said. The 63-year-old suspect — from Portland Road — shouted “I will blow this (expletive) bank up” as he and another man left the Bank of America branch on West River Road around 4:20 p.m., according to Monmouth County’s administrative assistant prosecutor. Rumson police arrived on scene after a bank employee alerted them to the threat and found the men in a car in the parking lot. Both men were detained, and the suspect was later charged with third-degree making terrorist threats and causing false public alarm, the assistant prosecutor said. The second man has not been charged with any offenses. Source: http://www.app.com/article/20110119/NEWS/110119108/Highlands-man-charged-in-bomb-threat-at-Rumson-bank
17. January 18, WJW 8 Cleveland – (Ohio) 8 arrested in identity theft ring ran from federal prison. Eight individuals from the Cleveland, Ohio, area have plead guilty to their roles in an identity-theft ring ran by a man locked up in a federal prison. According to officials with the office of the U.S. Attorney, Northern District of Ohio, a 34-year-old suspect, who resides in Atlanta, Georgia, was sentenced to 14 additional years in prison January 18 for running the identity theft ring out of Fort Dix Federal Correctional Institution. He ran the scheme from August 2009 to April 2010. Federal prosecutors said the suspect was able to get personal information communicated to him while in the prison, including names, addresses, and Social Security numbers of credit card holders at various department stores. He would then contact the stores and add additional users to the accounts or open new accounts in the person’s name. Prosecutors said the suspect then communicated with his co-conspirators, all eight of whom lived in the Cleveland area, and the cards were used to purchase $254,000 in merchandise. Source: http://www.fox8.com/news/wjw-news-eight-cleveland-arrests-identity-thefts,0,7030183.story
18. January 18, KTRK 13 Houston – (National) Four suspected in sophisticated ID theft ring. Police are searching for four suspects accused of operating a massive identity theft ring. They said it is a far reaching investigation, with victims across the United States. Police said the suspects are still at large. So far, they have identified at least 28 victims from Houston, Richmond, and Cypress, Texas, and even as far away as California. Police said surveillance video shows a male suspect purchasing gift cards more than 1 year ago. Investigators said he orchestrated the ID theft, along with his girlfriend, her brother, and her daughter. Detectives said they lived in two homes in Pearland, Texas, where police reportedly found $30,000 in cash last July. Detectives said the suspects had an accomplice, likely a cashier at another business who skimmed legitimate credit card data from unsuspecting customers. The suspects would then allegedly transfer that information to the magnetic strips on the back of blank cards and then emboss the cards with their own names and bogus numbers. The credit cards were then used to purchase gift cards, repeatedly. Police said the cards were either used by the suspects or sold. The male suspect was arrested in July, but bonded out and has since disappeared. Police believe he and the other three suspects are still somewhere in the Houston, Texas, area. Source: http://abclocal.go.com/ktrk/story?section=news/local&id=7905020
For another story, see item 41 below in Information Technology
Information Technology
41. January 20, IDG News Service – (International) Soundminer Trojan horse steals Android phone data. Researchers have developed a low-profile Trojan horse program for Google’s Android mobile OS that steals data in a way that is unlikely to be detected by either a user or antivirus software. The malware, called Soundminer, monitors phone calls and records when a person, for example, says their credit card number or enters one on the phone’s keypad, according to the study. Using various analysis techniques, Soundminer trims the extraneous recorded information down to the most essential, such as the credit card number itself, and sends just that small bit of information back to the attacker over the network, the researchers said. The study was done by researchers from the City University of Hong Kong and Indiana University. Source: http://www.computerworld.com/s/article/9205627/Soundminer_Trojan_horse_steals_Android_phone_data
42. January 19, Computerworld – (International) Researcher releases attack code for just-patched Windows bug. Attack code for a Windows vulnerability that Microsoft patched the week of January 9 was released by a researcher one day after the company fixed the flaw. The bug, which Microsoft rated “critical” — its highest threat ranking — was first reported more than 9 months earlier when its discoverer used it in a one-two punch against Internet Explorer 8 (IE8) that won him $10,000 in a hacking challenge. The researcher used the vulnerability to sidestep one of Windows 7’s most important anti-exploit defenses, ASLR (address space layout randomization). “I used this to get rid of ASLR, and another vulnerability to bypass DEP,” he said. DEP, or data execution prevention, is another protection technology Microsoft relies on to make it difficult for attackers to execute their malicious code on Windows. He posted one version of the exploit he used at Pwn2Own on his own Web site January 12. That was the day after Microsoft patched the vulnerability in Microsoft Data Access Components (MDAC), a set of components that lets Windows access databases such as Microsoft’s own SQL Server. The flaw is in the MDAC ActiveX control that allows users to access databases from within IE. Source: http://www.computerworld.com/s/article/9205522/Researcher_releases_attack_code_for_just_patched_Windows_bug
43. January 19, Computerworld – (International) Oracle patching fewer database flaws as it adds more products. Oracle Corp.’s ability to address vulnerabilities in its core database technologies may be hampered by the vast number of products the company now must manage, security experts say. For example, the list of Oracle’s quarterly security updates released January 18 includes only six patches for security flaws in the company’s flagship database products. The other 60 patches released fix bugs in Oracle’s Fusion middleware technologies, its supply chain and CRM software, and products gained from its acquisition of Sun Microsystems early in 2010. The small number of database patches does not necessarily mean Oracle technology is becoming more secure, the director of security at Application Security Inc.’s Team Shatter vulnerability assessment group said. Rather, it likely shows the company does not have the capacity to fix the full list of Oracle database flaws reported to it in a timely fashion, said the director, whose team of researchers discovered three of the six database flaws addressed in an update released the week of January 16. “The number of database fixes from Oracle has really gone down,” he said. “But that’s not because of a lack of vulnerabilities. They have apparently reassigned their priorities and are choosing not to fix all the database vulnerabilities that are reported to them. It appears that they are losing some of the DBMS focus and are getting spread too thin on other stuff.” Source: http://www.computerworld.com/s/article/9205560/Oracle_patching_fewer_database_flaws_as_it_adds_more_products
44. January 19, IDG News Service – (International) Obama, Ballmer urge China to step up IP enforcement. The U.S. President and the CEO of Microsoft pressed the President of China January 19 to step up enforcement of intellectual property rights in his country. In a move that indicates China’s decade of efforts to crack down on software piracy has failed in the eyes of foreign businesses, Microsoft’s CEO met with the U.S. President and the Chinese leader at the White House in Washington, D.C. to push the issue. “So we were just in a meeting with business leaders, and [the CEO] of Microsoft pointed out that their estimate is that only 1 customer in every 10 of their products is actually paying for it in China,” the U.S. President told a press conference. The U.S. President said the Chinese President had agreed to take action. Under pressure from foreign business leaders over the past 10 years, China periodically arrests the manufacturers and sellers of counterfeit DVDs and CDs. Some discs, often sold on street corners or in public markets, are Microsoft operating systems sold at fractions of the market price. Source: http://www.computerworld.com/s/article/9205599/Obama_Ballmer_urge_China_to_step_up_IP_enforcement
Communications Sector
45. January 19, San Bernardino Press-Enterprise – (California) AT&T and Verizon work on rain damage. At least 500 residents in Riverside County, California, are still without telephone, Internet, or television service a month after persistent rainstorms ravaged the inland region. AT&T and Verizon are still in the thick of repairing underground cable and telephone lines damaged by flooding during December’s severe storms. As of 2 weeks ago, about 4,500 customers still had problems with AT&T service in Riverside County after the precipitation. Statewide, the telecommunications company reported having 70,000 “trouble tickets” pending at that time from customers reporting outages and issues related to the rain. Verizon, which serves San Bernardino County, would not say how many of its customers were affected by flooding to its underground cables. As of January 19, the number of affected AT&T customers within Riverside County who were still reporting problems with their wired phone service, Internet, and television had dropped to 500. Statewide, the number had dropped to 21,000. Source: http://www.pe.com/localnews/stories/PE_News_Local_D_cable20.12494aa.html
46. January 19, NetworkWorld – (International) At Black Hat, fake GSM base station trick targets iPhones. While his Black Hat DC Conference demonstration was not flawless, a University of Luxembourg student January 19 showed it is possible to trick iPhone users into joining a fake GSM network. The student showed how to cobble together a laptop using open-source software OpenBTS and other low-cost gear to create a fake GSM transmitter base station to locate iPhones in order to send their owners a message. A number of iPhone users in the room expressed surprise they had gotten a message asking them to join the network. The student, who is researching vulnerabilities in cellular networks, said that with the right equipment, the range for the rogue GSM station he built can be 35 kilometers. The student’s attack would allow him to take advantage of iPhones lured into his rogue base station to “enable and disable auto-answer on the iPhone” he said, or with an attack payload to record the audio on the iPhone, store it in RAM and then transmit the data that was sniffed. The student said he does not want to encourage data theft, but he does want to get carriers and vendors to improve security in the wireless networks. He noted technology such as femtocells could be used to replace the OpenBTS software, which would only amplify the types of attacks he is investigating. Source: http://www.computerworld.com/s/article/9205559/At_Black_Hat_fake_GSM_base_station_trick_targets_iPhones
No comments:
Post a Comment