Monday, January 24, 2011

Complete DHS Daily Report for January 24, 2011

Daily Report

Top Stories

• Heavy smoke underneath a train in Boston, Massachusetts, resulted in 40 firefighters having to use small ladders to evacuate about 300 people, according to New England Cable News. (See item 25)

25. January 20, New England Cable News – (Massachusetts) Nearly 300 evacuated after smoke on Orange Line. An Orange Line Massachusetts Bay Transportation Authority (MBTA) train had progressed just 200 feet from the North Station platform in Boston, Massachusetts, when billowing smoke led the driver to bring the 6-car T to a halt just before 11 a.m. January 21. About 40 firefighters ran down into the tunnel to get what firefighters now say was about 300 people off the train. Boston fire said in a tweet that rescuers were using small ladders to get to people. They were all safely brought back to the platform, including a blind man who needed careful attention. Both Boston Fire and the MBTA said nobody was injured, but news reporters did see one man being put into an ambulance in the middle of the rescue. Although some passengers said they saw fire underneath the train, firefighters said there was never any flame to their knowledge. MBTA officials said a small hose that carries grease for the wheels came loose and the grease created the smoke. Source: http://www.necn.com/01/20/11/Nearly-300-evacuated-after-smoke-on-Oran/landing_newengland.html?blockID=394907&feedID=4206

• United Press International reports a Florida man was charged with impersonating a federal agent after deputies found 30 counterfeit badges in his apartment for agencies ranging from the FBI to the Federal Aviation Administration. (See item 46)

46. January 20, United Press International – (Florida) Florida man posing as FBI agent arrested. A Florida man was charged with impersonating a federal agent after deputies found law enforcement badges and weapons in his Weston, Florida apartment. Authorities said the 48-year-old told the apartment manager he was an FBI agent after the manager noticed he was wearing a gun when she went to investigate a water leak in the apartment, the South Florida Sun-Sentinel reported January 19. The manager became suspicious and called sheriff’s deputies, the newspaper said. Prosecutors said he identified himself to deputies as an FBI agent and was carrying a Glock handgun and counterfeit FBI credentials bearing his name and photograph. In the apartment, deputies found two fake FBI badges, and 28 other counterfeit federal badges from agencies including the U.S. Secret Service, U.S. Marshals Service, Drug Enforcement Administration, and the Federal Aviation Administration, authorities said. He was arrested and booked at the Broward County jail and released after posting bond. If convicted, he could face as long as 3 years in prison on each count of impersonation, and 6 months on each count of possession of federal agency badges and credentials. Source: http://www.upi.com/Top_News/US/2011/01/20/Florida-man-posing-as-FBI-agent-arrested/UPI-56361295551401/

Details

Banking and Finance Sector

14. January 21, Fox 5 Atlanta – (Georgia) Armored car guard shot at Wells Fargo Bank. The FBI said an armored car guard was shot at a bank in Stone Mountain, Georgia, January 21. The shooting happened at the Wells Fargo Bank on Redan Road. DeKalb police said the guard was restocking an ATM when an unknown black male approached him and shot the guard several times. The suspect then grabbed a money bag and jumped into a white SUV. The guard was transported to Grady Hospital with non life-threatening injuries. Dekalb police said the guard’s bulletproof vest may have saved his life. DeKalb police also said they had a robbery at a nearby Radio Shack a short time later. They said the suspects were also in a white van. The suspects were quickly apprehended. Police said they may be connected to the armored car robbery and are being questioned. Source: http://www.myfoxatlanta.com/dpp/news/local_news/Armored-Car-Guard-Shot-at-Bank-20110121-am-sd

15. January 21, Sierra Madre Patch – (California) EVG scam hits nearly 500 with losses totalling more than $172,000. Though the number of Sierra Madre, California residents reporting fraudulent credit card charges from the shuttered EVG Quality Gas station on Baldwin Avenue is beginning to decrease, police said they are still receiving reports at a rate of about three to five per day. As of January 20, the total number of victims to file claims with the department has risen to 497, the police chief told the Patch. The total dollar amount lost in the credit and debit card “skimming” scam has now reached $172,437. The number of reports filed in the case have started to taper off, however, with complaints coming in at a slower pace than in the weeks following the initial announcement by police that residents should check their bank statements and report suspicious charges. The week of January 9, the local police department turned over control of the property on which the abandoned EVG station sits to the property owner. The release of the property follows a completed investigation of the premises by Sierra Madre Police and the U. S. Secret Service, who joined the investigation earlier in January.

Source: http://sierramadre.patch.com/articles/evg-scam-hits-nearly-500-with-losses-totalling-more-than-172000

16. January 21, WSB 750AM Atlanta; Associated Press – (Georgia) FBI: Bank robber wanted TARP money back. Federal authorities are seeking a man they say robbed three banks in Atlanta, Georgia. An FBI Special agent told WSB Radio that the man said during one of the robberies, “I just want my TARP money back,’’ apparently referring to taxpayer-funded federal bailout of some financial institutions. During another robbery, he apologized to customers, saying he just wanted the bank’s money. The FBI Special Agent said the man robbed a bank in Atlanta September 30, another bank in Atlanta November 30, and a bank in Chamblee December 3. He got money from tellers during the first two robberies but left the last one empty-handed. The FBI said the man threatened to shoot people during the second robbery. The FBI describes the suspect as a black man between 35 and 45 years old. His height is between 6-feet and 6-feet 4-inches, and he weights between 220 and 250 pounds. Source: http://wsbradio.com/localnews/2011/01/fbi-bank-robber-wanted-tarp-mo.html

17. January 20, H Security – (International) Online banking trojan developing fast. Trojan construction kit Carberp, which first emerged in the autumn, appears to be undergoing rapid development, according to reports from sources that include security services provider Seculert. An F-Secure analyst is already calling it the rising star of the banking trojan world. Where the first versions of Carberp were very simple in their construction, newer versions are equipped with a more impressive list of features. It now runs on all versions of Windows, including Windows 7, where, according to TrustDefender, it is able to do its work without requiring administrator privileges. The latest version encrypts stolen data prior to transfer using a random key, which the client registers with the control server. These functions have been added to Carberp over a period of just a few months. Source: http://www.h-online.com/security/news/item/Online-banking-trojan-developing-fast-1172452.html

18. January 20, Help Net Security – (International) Zeus malware now targets online payment providers. The Zeus malware continues to evolve, diversifying away from its target bank sites and their customers, and over to sites with user credentials that allow assets that have a financial value. Money Bookers is an online payment provider allowing users to make online payments without submitting personal information each time. Twenty-six different Zeus configurations targeting Money Bookers have been found. This number does not fall short of some of the highly targeted banks and brands in the world. Another target is Web Money. This is another online payment solution that claims to have more than 12 million active users. Web Money is targeted by 13 different Zeus configurations, with the last one released January 16. As with all the other online payment providers, Zeus steals log-in information and other sensitive information of Web Money users. Source: http://www.net-security.org/malware_news.php?id=1600

19. January 20, KGET 17 Bakersfield – (California) Crisp and Cole arrested in huge federal mortgage fraud case. After years of investigation, federal agents January 2arrested two male suspects and at least nine others alleged to have been part of a realestate empire that, prosecutors said, systematically cheated banks and mortgage companies out of tens of millions of dollars. One suspect and his wife were arrested their home in San Diego, California. The second male suspect also was arrested January 20 somewhere near his Ventura County home. A major case related announcement, including details on the allegations, was expected to be made Januar21. Source: http://www.kget.com/news/local/story/Crisp-and-Cole-arrested-in-huge-federal-mortgage/83JN9CRS_kWp8HZZbQhhUA.cspx

20. January 19, Softpedia – (International) Brazilian phishing scam targets MasterCareward program. Security researchers warn of a new phishing attack that targets Brazilian credit card owners by spoofing e-mails from MasterCard’s Surpreenda (surprise) program. The new campaign was spotted by spam analysts from Commtouch, who notes that unlike classic phishing schemes where users are threateinto exposing their sensitive information, this attack tries to lure them with rewards. order to achieve this they spoof communications related to MasterCard Surpreenda, advantage program that lets credit card owners earn reward points when making purchases. These points can then be spent in “pay one, take two” promotions, where second product can be sent as a gift to someone. The rogue e-mails purport to come from surpreenda@redecard(dot)com.br and bear a title of “Participate in the MasterCard Surprise Promotion - RedeCard” [translated]. It is likely the phishers hijacked a legit e-mail advertising the program and only changed the destination of tlink inside. Source: http://news.softpedia.com/news/Brazilian-Phishing-Scam-Targets-MasterCaSurprise-Program-179345.shtml

Information Technology

48. January 20, Help Net Security – (International) Fake Facebook password change notification leads to malware. An e-mail purportedly sent by Facebook has been hitting inboxes around the world. An attached .zip file that supposedly contains a new password actually contains a backdoor that downloads a MS Word document and opens it. According to Avira, the document contains a few words in Russian and is written in Cyrillic. While users are preoccupied looking at the document and figuring out what it means, a fake AV solution misappropriating the name of Microsoft’s Security Essentials solution is downloaded, installed on the system, and starts showing false warnings about the computer being infected. Source: http://www.net-security.org/malware_news.php?id=1599

49. January 20, The Register – (International) Chinese Trojan blocks cloud-based security defenses. A Trojan has been released that is specifically designed to disable cloud-based anti-virus security defenses. The Bohu blocks connections from infected Windows devices and cloud anti-virus services. Bohu — which was spotted by anti-virus researchers working for Microsoft in China — is hardwired to block access to cloud-based net services from Kingsoft, Qihoo, and Rising. All three firms are based in China. The malware poses as a video codec. If installed, Bohu applies a filter that blocks traffic between the infected machines and service provider. The malware also includes routines to hide its presence on infected machines. Source: http://www.theregister.co.uk/2011/01/20/chinese_cloud_busting_trojan/

50. January 20, H Security – (International) Hacking with USB keyboard emulators. Modified USB devices can pose as keyboards and immediately pass keystrokes to a victim’s system. Depending on the operating system, just a few emulated keystrokes can be enough to sabotage or infect a system –- mouse emulation is also possible. In contrast to USB flash drives, when a keyboard is connected the operating system will not usually display a window requesting permission to use the device. A user may not even be aware a modified USB device posing as a human interface device (HID) has been connected to the system. Under Windows, a pop-up window is briefly displayed, but under Linux, only a glance at the logs will reveal this has occurred. Until recently, hackers were using micro-controller boards with USB support, such as the Teensy USB Development Board, for such attacks. At a recent Black Hat Conference, however, security specialists presented a talk on how to hack PCs without the aid of specialist hardware. By applying a simple modification to the USB stack on an Android mobile, they were able to make it pose as a keyboard when connected to a computer. Source: http://www.h-online.com/security/news/item/Hacking-with-USB-keyboard-emulators-1172612.html

51. January 20, Computerworld – (International) Trapster hack may have exposed millions of iPhone, Android passwords. Millions of e-mail addresses and passwords may have been stolen from Trapster, an online service that warns iPhone, Android, and BlackBerry owners of police speed traps, the company announced January 19. California-based Trapster has begun alerting its registered users and has published a short FAQ on the breach. “If you’ve registered your account with Trapster, then it’s best to assume that your e-mail address and password were included among the compromised data,” the FAQ stated. Trapster downplayed the threat, saying it was unsure the addresses and passwords were actually harvested. “While we know that we experienced a security incident, it is not clear that the hackers successfully captured any e-mail addresses or passwords, and we have nothing to suggest that this information has been used,” Trapster said. Source: http://www.computerworld.com/s/article/9205660/Trapster_hack_may_have_exposed_millions_of_iPhone_Android_passwords

52. January 19, Government Computer News – (International) PDF vulnerability found in Blackberry Attachment Service. Research In Motion has issued a security alert acknowledging a vulnerability in the PDF distiller of the BlackBerry Attachment Service for the BlackBerry Enterprise Server. The vulnerability is rated 9.3 (out of 10) on the Common Vulnerability Scoring System (CVSS). That is considered “high” in the National Vulnerability Database severity ratings. The advisory is intended for BlackBerry Enterprise Server (BES) administrators, who are the recommended persons to apply the RIM-supplied fix. The vulnerability affects BES Exchange, IMB Lotus Domino and Novell GroupWise versions 4.1.6, 4.1.7, 5.0.0 and 5.0.1. BES Exchange and IMB Lotus Domino versions 5.0.2 and the Exchange-only 5.0.2 are also affected. Source: http://gcn.com/articles/2011/01/19/vulnerability-in-blackberry-attachment-service.aspx

53. January 19, The Register – (International) Bot attacks Linux and Mac but can’t lock down its booty. Researchers from Symantec have detected a Trojan that targets Windows, Mac, and Linux computers and contains gaping security vulnerabilities that allow rival criminal gangs to commandeer the infected machines. Known as Trojan.Jnanabot, or alternately as OSX/Koobface.A or trojan.osx.boonana.a, the bot made waves in October when researchers discovered its Java-based makeup allowed it to attack Mac and Linux machines, not just Windows PCs as is the case with most malware. Once installed, the trojan components are stored in an invisible folder and use strong encryption to keep communications private. The bot can force its host to take instructions through Internet relay chat, perform DDoS attacks, and post fraudulent messages to the victim’s Facebook account, among other things. Now, Symantec researchers have uncovered weaknesses in the bot’s peer-to-peer functionality that allow rival criminals to remotely steal or plant files on the victim’s hard drive. That means the gang that took the trouble to spread the infection in the first place risks having their botnet stolen from under their noses. Source: http://www.theregister.co.uk/2011/01/19/mac_linux_bot_vulnerabilities/

For another story, see item 55 below in the Communications Sector

Communications Sector

54. January 20, Huntington News.Net – (West Virginia) Comcast Internet outages concern Huntington City Council. Internet disruptions January 19 and 20 have three Huntington City Council members in West Virginia complaining about the Comcast service. On January 20, the Internet was working, but went off shortly after 11 a.m. Due to the outage, Huntington City Hall was without e-mail service. The council chairman said, “I had several business owners that rely on Comcast Internet and cannot get Frontier DSL. The Internet connection has been going randomly up and down unpredictable, if you will.” Source: http://www.huntingtonnews.net/987

55. January 20, Mobiledia – (Washington) Source of Windows Phone 7 glitch discovered. Microsoft has pinpointed an unnamed third-party software developer as the source of a recent bug in its Windows Phone 7 smartphone operating system, which racked up “phantom data” charges on the phone bills of some of its users. “We have determined that a third-party solution commonly accessed from Windows Phones is configured in a manner that potentially causes larger than expected data downloads,” a Microsoft spokesperson said. “We are in contact with the third-party to assist them in making the necessary fixes, and are also pursuing potential workarounds to address the configuration issue in case those are needed.” The original “phantom data” glitch was discovered when Windows Phone 7 users were hit with higher-than-usual data charges, resulting from phones transmitting and downloading data without users’ knowledge. The flaw caused some users to run over bandwidth caps on network usage, as much as 50-gigabytes per day in some extreme situations. Source: http://www.mobiledia.com/news/80363.html

56. January 20, The Register – (National) WikiLeaky phone scam targets unwary in U.S. A new voicemail phishing scam uses the threat of non-existent fines for visiting WikiLeaks to pry money out of panicked marks. Prospective marks are robo-dialed by an automated system that states their computer and IP address “had been noted as having visited the Wikileaks site, and that there were grave consequences for this, including a $250,000 or $25,000 fine, perhaps imprisonment.” Potentially panicked victims are given a number to phone to discuss payment options. The scam, which involves the use of spoofed phone numbers, takes advantages of VoIP systems to minimize the cost of calls to crooks, who are probably using stolen access to corporate PBX systems. Source: http://www.theregister.co.uk/2011/01/20/wikileak_vishing_scam/

For another story, see item 51 above in Information Technology

No comments: