Wednesday, January 12, 2011

Complete DHS Daily Report for January 12, 2011

Daily Report

Top Stories

• Associated Press reports the U.S. Department of Justice said a former NASA employee in Ohio has been charged with illegally shipping infrared military technology to South Korea. (See item 10)

10. January 10, Associated Press – (International) Ohio ex-NASA worker charged over military exports. The U.S. Department of Justice said a former NASA employee in Ohio has been charged with illegally shipping infrared military technology to South Korea. The 66-year-old of Avon Lake was charged January 10 with one count of exporting defense articles on the U.S. munitions list without getting an export license or written authorization from the federal government. Authorities said he exported infrared focal-plane array detectors and infrared camera engines. They said the man is a former employee at the NASA Glenn Research Center, but noted he is not accused of taking technology from the center. The suspect also is charged with making a false individual income tax return. Source: http://www.washingtonpost.com/wp-dyn/content/article/2011/01/10/AR2011011006532.html

• According to Associated Press, a Colorado man was arrested for threatening to set fire to the office of a U.S. Senator and to shoot members of his staff. (See items 36, 39)

36. January 11, Associated Press – (Colorado) Man accused of threatening Sen. Bennet staffers. A Colorado man is accused of threatening to set fire around the office of a U.S. Senator from Colorado and shoot members of his staff, prompting authorities to step up patrols around the Senator’s home and office. The man faces a charge of assault on a federal employee. If convicted, he faces up to 10 years in prison and a $250,000 fine. He is due in federal court January 17. An FBI agent said in an arrest affidavit that the man called the Democratic Senator’s office January 6 to complain about his Social Security benefits. At one point, according to the document, the man one of the Senator’s staffers that he is schizophrenic and needs help and that he “may go to terrorism.” A spokesman from the U.S. attorney’s office said there were no indications the incident was related to the January 8 shooting of several people — including a U.S. Representative — in Arizona. The man was well known to staffers in the Senator’s office because he had called several times before to complain about his Social Security benefits, the affidavit said. But during one call January 6, a spokesman quotes the man as telling a staffer: “I’m just going to come down there and shoot you all.” The man called again and spoke to another staffer, this time saying: “To get your attention, I will go down there and set fire to the perimeter.” Source: http://www.aurorasentinel.com/hp_metro/article_f0733914-1cf0-11e0-84b7-001cc4c03286.html

39. January 10, Chicago Breaking News Center – (Illinois) Danny Davis receives threat in wake of arizona shooting: email warns ‘Danny Davis is next. An U.S. Congressman from Illinois said his office received an e-mail threat January 9. “It was some person who emailed one of my staff persons and said that ‘[the name of the Representative] is next,’ “ the legislator said. The Democratic Representative said the U.S. Capitol Police and Chicago, Illinois police have been notified. The legislator said he would typically ignore such a threat, but a shooting in Arizona December 8 that critically injured a U.S. Representative, killed six people and injured 14 others, prompted him to be on alert. “You know some things are cranks, some things are pranks. Some things you simply don’t know about, but I think in this climate it pays to be as cautionary as one can be,” he said.The Representatives said the e-mailer is someone from Chicago who “operates around and in the community” and has been known to “do this before.” Source: http://www.chicagobreakingnews.com/2011/01/davis-claims-email-threat.html

Details

Banking and Finance Sector

11. January 11, Torrance Daily Breeze – (California) Alleged `Scanner Bandit’ nabbed. A man alleged to be the so-called Scanner Bandit has been arrested in connection with four bank robberies in southern California, including one in Torrance. The 48-year-old suspect was arrested January 7 following a tip that came after the FBI released his photograph to the media January 6. The suspect is suspected of holding up a Bank of America branch on Sartori Avenue in Torrance December 21, along with a U.S. Bank branch in Norwalk December 15, a U.S. Bank in Whittier December 18 and a Bank of America branch in Orange January 4. The suspect showed an address in Santa Fe Springs, but had been living in residential motels. In crimes attributed to the Scanner Bandit, the robber carried a device that looked like a police scanner. He told tellers he had a bomb, which he partially hid inside a black folder. Source: http://www.dailybreeze.com/news/ci_17059758

12. January 10, Infoworld – (National) Hackers find new way to cheat Wall Street. High-frequency trading networks, which complete stock market transactions in microseconds, are vulnerable to manipulation by hackers who can inject tiny amounts of latency into them. By doing so, they can subtly change the course of trading and pocket profits of millions of dollars in just a few seconds, said a former IBM research fellow and founder of cPacket Networks, a Silicon Valley firm that develops chips and technologies for network monitoring and traffic analysis. The former IBM research fellow, an Israeli-born computer scientist and one-time Intel engineering manager, said the root of the problem is the increasing speed of networks; as they get faster and faster, our ability to actually understand events taking place within them is not keeping up. Network monitoring technology can detect perturbations in network traffic happening in milliseconds, but when changes occur in microseconds, they are not visible, he said. Source: http://www.pcworld.com/article/216425/hackers_find_new_way_to_cheat_wall_street.html

13. January 10, WFMZ 69 Allentown – (Pennsylvania) Feds bust constable in alleged plot to steal millions. An elected Pennsylvania constable is one of two men accused of trying to rob an armored car storage vault. Federal prosecutors said a lead conspirator and an associate conspired to steal millions of dollars from the Garda armored car storage vault on Corporate Drive in Muhlenberg Township, Berks County. The FBI arrested both men at the facility January 8. Prosecutors said the lead suspect is a former employee of Garda, who is currently a constable in Upper Tulpehocken. Source: http://www.wfmz.com/berksnews/26435134/detail.html

14. January 10, Detroit News – (Michigan) FBI warns of serial bank robber. The FBI is looking for a serial bank robber who has hit at least five banks throughout Macomb and Wayne counties in Michigan since October. The man has robbed each of the banks in the same manner, said a FBI Special Agent.The robber is described as a black male in his early to mid-30s, about 5-foot-10 to 6-feet tall with a medium build. In each robbery, he has worn a baseball cap, including hats bearing logos of the Detroit Red Wings and Philadelphia Phillies. Police said he may be driving a maroon or burgundy sport-utility vehicle. The man is suspected in the following robberies: October 28: Chase Bank, 31045 Harper Ave., St. Clair Shores; November 18: Comerica Bank, 30500 Van Dyke Ave., Warren; November 26: Bank of America, 20599 Mack Ave., Grosse Pointe Woods; December 21: PNC Bank, 31320 Harper Ave., St. Clair Shores; January 5: Comerica Bank, 28801 Groesbeck Highway, Roseville. Source: http://www.detnews.com/article/20110110/METRO/101100419/1409/metro

Information Technology

43. January 11, The Register – (International) Spam volumes double as Rustock botnet wakes. Spam volumes have returned to normal following a holiday lull that saw a drastic reduction of junk mail. The Rustock botnet is out of hibernation and back in business, spewing copious volumes of useless junk mail courtesy of hundreds of thousands of compromised Windows machines. Rustock (which specializes in spamvertising unlicensed pharmaceutical Web sites) is the biggest single source of global spam. Its return January 10 resulted in the doubling (98 percent increase) of global junk mail volumes over the course of just 24 hours, MessageLabs reported. Source: http://www.theregister.co.uk/2011/01/11/spam_volumes_return/

44. January 11, AfterDawn – (International) Security researcher uses Amazon cloud to hack WPA-PSK passwords. A security researcher in Germany is warning Amazon’s cloud service can be used to brute force weak passwords used to protect Wi-Fi security. Short and weak passwords would be vulnerable to a brute force attack, especially at the speeds offered by Amazon’s services, which is capable of testing 400,000 potential passwords every second. The researcher claims to have found the key for a network in his neighborhood using his method and Amazon’s service. The brute force attack took about 20 minutes to get the correct key, but he is making changes to his code which he reckons could bring the time down in such a case to about 6 minutes. He will distribute his software publicly and give demonstrations on using it at the Black Hat conference in Washington, D.C. He is releasing it to convince skeptical network administrators that such attacks will often be successful against protected networks. Source: http://www.afterdawn.com/news/article.cfm/2011/01/11/security_researcher_uses_amazon_cloud_to_hack_wpa-psk_passwords

45. January 10, IDG News Service – (International) IBM DeveloperWorks site hacked and defaced. An IBM site for developers was defaced the weekend of January 8 and 9, with attackers replacing some of the Web pages on the site with ones containing their own messages, IBM confirmed January 10. Word of the vandalism, which took place on the IBM DeveloperWorks site, was first posted January 8 on the Full Disclosure security mailing list. IBM restored the original pages within a few hours, though copies of the compromised pages were quickly reposted elsewhere. No data was lost, nor were any user passwords exposed during the breach, an IBM spokesman said. The site was undergoing routine maintenance at the time of the breach. The defaced pages were draped in black and titled “Defaced by Hmei7.” They contained the scrolling message: “You have been Hacked !!!, not because of your stupidity That’s because we love you, and we want to warn you That your web still has large of vulnerability.” Source: http://www.computerworld.com/s/article/9204300/IBM_DeveloperWorks_site_hacked_and_defaced

46. January 10, Softpedia – (International) Aging simulation scam hits Facebook users. Facebook scammers are tricking users into taking surveys by promising them an app that can simulate what their appearance would be 20 years from now. According to Facecrooks, the spam messages associated with this latest scam read “Wow, how creepy, LOL i look scary as an old person! - http[colon]//bit[dot]ly/[censored]” and share a page called “AGE yourself! See what you will look like in 20 years!” Clicking on the link takes users to a page which displays the picture of a girl and how she would allegedly look 20 years into the future. The images seem to have been copied from a real aging simulation service available at in20years.com that scammers deemed interesting enough to attract users. A message on the rogue page instructs users to click on the image to begin the simulation process. However, doing this will prompt a permissions dialog from an app called “OMG - How could this happen?” that wants access to post on people’s walls in order to spam their friends. Source: http://news.softpedia.com/news/Aging-Simulation-Scam-Hits-Facebook-Users-177371.shtml

47. January 10, Switched – (National) Obama drafting online identity system, led by Commerce Department. The U.S. President is looking to create an Internet ID system for American Web surfers, and is counting on the Department of Commerce to make it a reality. As CBS News reports, the so-called “trusted identity” project is part of the National Strategy for Trusted Identities in Cyberspace, which the Presidential administration is currently drafting. The White House Cybersecurity Coordinator sayid the initiative is geared toward creating an “identity ecosystem,” but it remains unclear what that ecosystem will look like, and how it will function. “We are talking about is enhancing online security and privacy and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities,” the Commerce Secretary explained. The White House Cybersecurity Coordinator said an online identification system would still allow users to maintain anonymity and protect their privacy when surfing the Web. He stressed there are no plans to put together “a centralized database” of user information. Source: http://www.switched.com/2011/01/10/obama-drafting-internet-id-all-americans/

Communications Sector

48. January 10, TechWeek.org – (National) Android mobile phone trouble has a solution. Google Inc. said it would soon overcome the bug that has hit the company’s small number of Android mobile phones because of which text messages are delivered to the wrong people and not the desired one. This glitch emerged last year for the first time. Some of the people facing this problem have reported that sometimes messages are delivered to random people. It has been a year since the problem was reported to the company, and the number of such mishaps increased last summer. Google has been investigating, and said it has finally found the source of the problem. An engineer on the Android security team said some of the cell phones can be fixed remotely, but there are others which require a complete software update and need to be plugged in to computers for this purpose. Source: http://techweek.org/19131android-mobile-phone-trouble-has-a-solution.html

No comments: