Thursday, March 31, 2011

Complete DHS Daily Report for March 31, 2011

Daily Report

Top Stories

WSAZ reports Kanawha County, West Virginia, emergency responders destroyed more than 1,600 pounds of explosives found in a trailer near a trash fire. (See item 5)


5. March 29, WSAZ 3 Huntington/Charleston – (West Virginia) Explosive-type material found in Sissonville, chief deputy says. Kanawha County, West Virginia, emergency responders said they successfully destroyed more than 1,600 pounds of explosives after they were discovered near a trash fire March 29. But, the move was just one of a series of incidents that kept officials busy all day. A West Virginia Department of Environmental Protection spokesman said during the weekend of March 26 and 27, a person was caught burning tires. Crews returned March 29 to the site near Sissonville to clean up two methamphetamine dumping sites found where the tires were burned. As emergency responders were working on that, Sissonville fire officials got a call about a trash fire at a home off Walker Drive, about 3 miles from where the dumping sites were being cleaned. The fire burned near a trailer that was left at the site of an abandoned mine. Inside the trailer, there was more than 1,600 pounds of explosives, including 128 10-pound explosive charges and eight 50-pound bags of ammonium nitrate. The property owner said he did not think it was that big of a deal. A sergeant said, “Anytime you’re dealing with explosives, you’re dealing with a hazard to the public.” Officials brought in a bomb squad and set up a nearby staging area. They spent hours handling the explosive material and did a controlled burn to destroy it. Officials said nobody was hurt. Source: http://www.wsaz.com/news/headlines/BREAKING_NEWS__Investigators_Find_Explosives_Meth_Lab_Near_Sissonville_Dispatchers_Say_118861684.htm

l

According to Bloomberg, the National Security Agency has joined a probe of the October 2010 cyber attack on Nasdaq OMX Group Inc. amid evidence the intrusion was more severe than first disclosed. See item 11 below

Details

Banking and Finance Sector

11. March 30, Bloomberg – ( National) U.S. spy agency is said to probe hacker attack on Nasdaq. The National Security Agency (NSA) has joined a probe of the October 2010 cyber attack on Nasdaq OMX Group Inc. amid evidence the intrusion by hackers was more severe than first disclosed, according to people familiar with the investigation. The involvement of NSA, may help the initial investigators — Nasdaq and the FBI — determine more easily who attacked and what was taken. It may also show the attack endangered the security of the nation’s financial infrastructure. “By bringing in the NSA, that means they think they’re either dealing with a state-sponsored attack or it’s an extraordinarily capable criminal organization,” said the former head of U.S. counterintelligence. NSA’s most important contribution to the probe may be its ability to unscramble encrypted messages hackers use to extract data, said a former NSA analyst and chief security strategist at Technodyne LLC. The probe of the attack on the second biggest U.S. stock exchange operator, disclosed in February, is also being assisted by foreign intelligence agencies, said one of the people involved in the investigation. Investigators have yet to determine which Nasdaq systems were breached and why, and it may take months for them to finish their work, two of the people familiar with the matter said. Disclosure of the attack prompted the U.S. House Financial Services Committee in February to begin a review of the safety of the country’s financial infrastructure, according to the committee’s chairman. Source: http://www.bloomberg.com/news/2011-03-30/u-s-spy-agency-said-to-focus-its-decrypting-skills-on-nasdaq-cyber-attack.html

12. March 29, BankInfoSecurity.com – (National) Pay-at-the-pump scams targeted. As pay-at-the-pump skimming scams grow in the United States and Europe, police in Camarillo, California, have taken the unique step of enlisting help from civilians to fight skimming crimes. Known as the citizen patrol unit, the group of 30 civilian volunteers has been tasked with monitoring pay-at-the pump terminals throughout Camarillo, looking for signs of tampered terminals or the installation of illegal skimming devices. It is not the first time a community has enlisted help outside law enforcement to curb card skimming at gas pumps. In July 2010, the Arizona governor directed the state department of weights and measures to increase gas pump inspections. Card-skimming attacks at pumps in Utah and Florida captured headlines in 2010. So far in 2011, new attacks have cropped up in Arizona and Europe. And late the week of March 21, police in Ormond Beach, Florida, warned locals that skimming devices at stations along U.S. 1 could have been hitting cards for more than a month. Source: http://www.bankinfosecurity.com/articles.php?art_id=3481

13. March 29, New York Times – (New Jersey; New York) ‘Holiday Bandit’ suspect held after 9 bank holdups. A Ukrainian man who federal authorities said robbed a string of banks, earning him a place among the FBI’s most wanted and the nickname the “Holiday Bandit,” was arrested March 29 in Queens, New York. The suspect is accused of robbing nine banks in New York and New Jersey, many of them during the 2010 holiday season. Investigators said they believed the suspect had robbed nine banks since December 2010, when he passed a note demanding cash to a teller at a Sovereign Bank in Queens. The series ended, officials said, when he walked out of a Cathay Bank in Edison, New York, March 28, armed with a handgun. The suspect managed to elude authorities for more than 2 months even after the FBI identified him as a suspect in January, distributing surveillance camera images that clearly showed his face. During that time, the suspect did not keep a low profile: instead, he robbed six more banks, authorities said. Little is known about the suspect. Investigators believe he lived in California for a time, and settled in New York about a year ago. They believe he is a heroin user, and suspect that he robbed banks to obtain enough money to keep his drug habit going, one person briefed on the investigation said. The FBI said the suspect planned his robberies very carefully, and until this week proved better at avoiding detection than most. His arraignment in federal district court in Brooklyn was postponed March 29 because he needed medical attention, a law enforcement official said. Source: http://www.nytimes.com/2011/03/30/nyregion/30bandit.html?partner=rss&emc=rss

14. March 29, Federal Bureau of Investigation – (Florida; International) Jamaican citizen pleads guilty to $220 million Ponzi fraud and money laundering charges. A U.S. attorney announced March 29 that a 41-year-old Jamaican citizen who was living in the Turks and Caicos Islands pleaded guilty to 4 counts of wire fraud, 1 count of conspiracy to commit money laundering, and 18 counts of money laundering. The wire fraud counts carry a maximum penalty of 20 years in federal prison, a fine of $250,000, and a term of supervised release of not more than 3 years. In addition, for each count of wire fraud, the fine may be assessed at twice the amount of gross gain or loss. According to the plea agreement, for more than 3 years, the man executed a Ponzi scheme to defraud more than 6,000 investors located in the Middle District of Florida and elsewhere out of more than $220 million. The convict led investors to believe he was investing their money in foreign currency trading, earning 10 percent per month on average. In fact, he was not trading their funds. He also conspired with others to launder about $128 million of proceeds obtained through a wire fraud scheme. The convict’s operation of the Ponzi scheme effectively ended on July 15, 2008, when the Royal Turks and Caicos Police Force, Financial Crimes Unit, executed search warrants at his place of business and residence in Providenciales, Turks and Caicos Islands. Source: http://tampa.fbi.gov/dojpressrel/pressrel11/ta032911.htm

15. March 29, Media Newswire – (Ohio) Columbus man pleads guilty to robbing eight banks in four counties. A Columbus, Ohio, man pleaded guilty in U.S. district court to robbing eight banks across Ohio in Franklin, Madison, Montgomery, and Delaware counties between October 2010 and January 2011. The man pleaded guilty to six counts of unarmed bank robbery in connection with the robberies of the Security National Bank in Springfield October 13; a Key Bank on East Dublin-Granville Road in Columbus October 26; a Huntington Bank on East Dublin-Granville Road in Columbus November 30; a Huntington Bank in London December 30; and an LCNB in Oakwood and a Key Bank on Miamisburg-Centerville Road in Dayton January 3. Each count of unarmed bank robbery is punishable by up to 20 years in prison. The man also pleaded guilty to armed bank robbery for robbing the First Merit Bank in Powell January 10, and a PNC Bank in Whitehall January 11. Each armed robbery count is punishable by up to 25 years in prison. The man also pleaded guilty to one count of brandishing a weapon during the Powell robbery. That crime carries a mandatory sentence of 7 years in prison consecutive to any time served for the robberies. Columbus police officers arrested the convict after the Whitehall robbery. He has been in custody since his arrest. Source: http://media-newswire.com/release_1146836.html

Information Technology

42. March 30, The Register – (International) Comodo admits 2 more resellers pwned in SSL cert hack. Comodo has admitted an additional two registration authorities tied to the digital certificates firm were hit by a high-profile forged digital certificate attack earlier in March. No forged certificates were issued as a result of the assault on the other victims. Comodo previously admitted the compromise of one of its partners in southern Europeallowed a hacker to generate bogus SSL certificates for many popular Web sites. These certificates were revoked hours after they were issued, but the incident only became public after browser developers, such as Microsoft and Mozilla, published updates. The certificates create a means to mount convincing man-in-the-middle or phishing attacks. Earlier the week of March 28, an Iranian hacker claimed responsibility for the assault. Comodo has now discovered two more registration authorities (also unnamed) were hit by the same attack. Comodo’s CTO said the company was in the process of rolling out two-factor authentication products to its registration authorities, as a safeguard against future attacks, which will take about 2 weeks. In the meantime, Comodo has promised to review validation work by resellers before issuing certificates, rather than trusting the entire process to resellers. Source: http://www.theregister.co.uk/2011/03/30/comodo_gate_latest/

43. March 30, IDG News Service – (International) Texas Instruments sees 6 month disruption at Japan plant. Texas Instruments (TI) anticipates between 4 and 6 months of disruption to its chip manufacturing operations in Japan following the massive earthquake March 11, IDG News Service reported March 30. The company’s factory in Miho was closed by the quake and suffered damage to infrastructure and its production line. It was responsible for about 10 percent of the company’s output by revenue in 2010, TI said in a statement. It was an important base for TI’s DLP projector chip technology. Repairs to the infrastructure systems at the plant were completed the weekend of March 26 and 27, as water, gas, chemical, and air delivery have been restored, the company said. Work remains on the equipment at the plant, a portion of which has not been checked. TI said it expects initial production to resume in mid-April with full production achieved about 3 months after that. The plant will be back to full shipment capability in September, which translates to roughly a 6-month break in full shipment ability. Source: http://www.pcworld.idg.com.au/article/381538/texas_instruments_sees_6_month_disruption_japan_plant/

44. March 30, Softpedia – (International) New mass SQL injection attack infects thousands of pages. A new mass injection attack has infected over 28,000 pages and even made its way to iTunes according to security researchers from Websense. Dubbed LizaMoon, after the domain hosting the malicious code, the attack uses SQL injection techniques to insert a rogue script element. Users who land on one of the compromised pages get redirected through several domains and finally land on a scareware site. These sites mimic antivirus scans and tell visitors their computers are infected with malware in an attempt to convince them to download fake security programs. The programs display even more false warnings and ask users to pay for a license in order to clean their machines. In the attack, malicious code also landed on iTunes podcast pages, although in a form that is harmless. Mass injection attacks are a common malware infection vector. Source: http://news.softpedia.com/news/New-Mass-SQL-Injection-Attack-Affects-Thousands-of-Websites-192079.shtml

45. March 29, Softpedia – (International) Comodo hacker claims SQL injection used to hack reseller. The Iranian hacker who compromised a Comodo reseller and used its credentials to obtain rogue SSL certificates for high-profile domains claims the original point of entry was an SQL injection vulnerability. When asked by the CEO of Errata Security of how he broke into the first machine at globaltrust.it, the hacker said: “SQL injection, then privilage [sic] escalation, got SYSTEM shell, remote desktop, investigation and I discovered trustdll.dll.” A new message posted on pastebin.com by the hacker as a result of people doubting his claims, describes in more detail how the hack occured. He claimed that after exploiting the SQL injection vulnerability, he set up a remote desktop (RDP) connection to their server, but this was relatively quickly detected by the firewall and blocked. The hacker said 2 days later, he managed to work his way around the firewall restriction and gained access to the system again. This is problematic, because Global Trust should have taken the server offline immediately after realizing someone accessed it without authorization. Source: http://news.softpedia.com/news/Comodo-Hacker-Claims-SQL-Injection-Used-to-Hack-Reseller-191915.shtml

46. March 28, IDG News Service – (International) Japanese DRAM makers’ woes echo rest of industry after quake. According to new reports, the earthquake and resulting tsunami in Japan continue to affect production at key factories making 12-inch silicon wafers, the raw materials that chips are etched onto. Market researcher IHS iSuppli estimates that damage to these factories could reduce the supply of silicon wafers globally by 25 percent, which “could have a major effect on worldwide semiconductor production,” particularly DRAM chips. Other chip factories are being hurt by rolling blackouts meant to share electricity made scarce because several power plants were knocked offline in the disaster. DRAM is required for nearly every PC, laptop, smartphone and tablet produced, while all gadgets need a host of chips to run different internal functions. At least three major suppliers of silicon wafers, Sumco, Shin-Etsu Chemical and MEMC Electronic Materials, lost some output due to the disaster. Sumco and Shin-Etsu alone account for 72 percent of all 12-inch silicon wafers, according to Credit Suisse. Sumco, the world’s biggest supplier of 12-inch wafers, said March 28 it has begun repairs at a factory in Yonezawa, although the company did not say when the plant may be running again. Shin-Etsu, the world’s second-biggest supplier of 12-inch silicon wafers, said March 25 that production at two of its factories remains “wholly halted.” MEMC, a U.S. company, shut operations at its factory in Utsunomiya, after the earthquake and said it expected “shipments from this facility will be delayed over the near term.” Without reliable power and with transportation still disrupted by earthquake and tsunami damage, the supply of wafers from these companies will continue to be affected. Renesas Technology said March 28 that it does not expect production at its chip fabrication plant in Hitachinaka to begin until July, and then it will only be at part of the plant. Source: http://www.computerworld.com/s/article/9215247/Japanese_DRAM_makers_woes_echo_rest_of_industry_after_quake?taxonomyId=12&pageNumber=1

For another story, see item 11 above in the Banking and Finance Sector

Communications Sector

47. March 30, Brockton Enterprise – (Massachusetts) Raynham officials plead for help in maintaining the town’s TV link to Boston. Raynham, Massachusetts officials are asking a U.S. Representative for his assistance in ensuring cable subscribers continue to get Boston TV stations. The Federal Communications Commission (FCC) has classified Raynham and other southeastern Massachusetts communities –- including Easton, Mansfield, Norton, and Taunton –- as being in the Providence, Rhode Island market, and not the Boston market. That means FCC can force the cable company to black out Boston television stations and carry Providence stations upon request by a Providence station. “A representative in Massachusetts, whatever he does, should come over our local TV stations. We don’t care about Rhode Island governors, senators, representatives,” he said. Town officials are asking the U.S. Representative for help in getting FCC to reclassify Raynham, and other southeastern Massachusetts communities for the Boston market. FCC regulations allow TV stations and the commission to initiate a change in designated market area; however, municipalities are not allowed to do so. Raynham officials are also asking the Representative to get FCC to make a rule change to allow cities and towns to apply to change market designation. Source: http://www.enterprisenews.com/topstories/x1664572254/Raynham-officials-plead-for-help-in-maintaining-the-town-s-TV-link-to-Boston

48. March 28, Press of Atlantic City – (New Jersey) WMGM-TV 40 fined $4,000 for airing news release without identifying sponsor. WMGM-TV 40 has been fined $4,000 for airing a video news release about a nasal spray during its weekly health segment without letting viewers know who sponsored it, the Federal Communications Commission (FCC) said. The “Lifeline” segment, which aired October 2006, was introduced by a health reporter as “especially important as we begin the cold and flu season and one of the biggest travel times of the year,” FCC notice of the fine states. The segment, which was edited for broadcast, was produced by Matrixx, the company that makes the Zicam zinc nasal preparation. The station is required to identify the sponsor because “listeners and viewers are entitled to know who seeks to persuade them,” the 9-page FCC document states. In this case, viewers may have been even more confused, as Shore Memorial Hospital in Somers Point was mentioned as a sponsor of the segment, but the material was supplied by the company that makes Zicam, the FCC notice states. In both cases, the complaints were filed by Free Press and the Center for Media and Democracy, FCC said. The WMGM general manager said the station argued it did not break the law because it was not compensated for airing the segment. Source: http://www.pressofatlanticcity.com/news/breaking/wmgm-tv-fined-for-airing-news-release-without-identifying-sponsor/article_3738e6cc-5992-11e0-a8c7-001cc4c002e0.html

Wednesday, March 30, 2011

Complete DHS Daily Report for March 30, 2011

Daily Report

Top Stories

• According to Reuters, a man was arrested and charged with illegally selling an unmanned U.S. spy plane on Ebay. (See item 14)

14. March 28, Reuters – (International) Man accused of selling U.S. spy plane on Ebay. A man was arrested and charged with illegally selling an unmanned U.S. spy plane known as the Raven, the U.S. attorney’s office in Tampa, Florida, said March 28. A grand jury indicted the man, 47, of Manila, Philippines, March 10 on charges he sold the Raven to undercover federal agents on Ebay. He faces up to 20 years in federal prison if convicted of smuggling and violating the Arms Export Control Act. The man was arrested when he came to Los Angeles, California, in February. The Raven is a 4-pound plane equipped with three cameras that U.S. troops use for battlefield surveillance. It can be taken apart and carried by troops and then reassembled for use. According to the U.S. attorney’s office, agents with the Homeland Security Department found out last May the man was offering a Raven for sale on Ebay for $13,000. They exchanged messages with him over several months, and he sent the Raven to them in separate packages in exchange for the money, officials said. Source: http://www.reuters.com/article/2011/03/28/us-crime-spyplane-idUSTRE72R72P20110328

• SecurityNewsDaily reports an audit found NASA has not corrected problems identified in 2009 that have left its internal computer network vulnerable to cyberattack. (See item 47)

47. March 28, SecurityNewsDaily and msnbc.com – (National) Serious flaws found in NASA’s computer network. NASA’s internal computer network is full of holes and is vulnerable to an external cyberattack, an audit by the agency’s Office of the Inspector General (IG) found. It appears several of the vulnerabilities were known about for months yet remained unpatched. “Six computer servers associated with IT [information technology] assets that control spacecraft and contain critical data had vulnerabilities that would allow a remote attacker to take control of or render them unavailable,” said the audit report released March 28. “The attacker could use the compromised computers to exploit other weaknesses we identified, a situation that could severely degrade or cripple NASA’s operations,” the report said. “We also found network servers that revealed encryption keys, encrypted passwords, and user account information to potential attackers.” The IG’s office released a previous audit report nearly a year ago, but nothing had been done to remedy the situation. A Government Accountability Office report in October 2009 was similarly critical of the agency. The IG report was based on an audit of the agency-wide mission network, using a program called NESSUS that scans for vulnerabilities. Investigators found 54 computer servers on the network were accessible via the Internet, and 6 had high-risk vulnerabilities to a cyberattack. Six other servers not directly accessible via the Internet also had high-risk vulnerabilities. Source: http://www.msnbc.msn.com/id/42311998/ns/technology_and_science-security/

Details

Banking and Finance Sector

16. March 29, Associated Press – (Illinois) Chicago man charged in suburban bank robberies. The FBI said authorities have charged a 42-year-old Chicago, Illinois, man in the armed robberies of two suburban banks in 2010. The suspect allegedly beat several people during the holdups in June at the First Bank and Trust in Winnetka and the Brickyard Bank in Skokie. Court documents allege the man got away with more than $9,200 from the bank in Winnetka, and nearly $7,400 from the one in Skokie. An FBI statement said the man is charged with two counts of aggravated bank robbery. If convicted, he faces up to 25 years in prison on each count. The FBI said the man is being held without bond and is scheduled to appear in U.S. District Court in Chicago later the week of March 28. Source: http://abclocal.go.com/wls/story?section=news/local&id=8040604

17. March 28, Bank Info Security – (Michigan) Bank of America denies breach. Bank of America (BofA) branches in Detroit, Michigan were reportedly flooded over the weekend of March 26 and 27, after many BofA debit cardholders noticed fraudulent transactions on their accounts. According to one local news report, the incident involves more than $100,000 in fraudulent transactions. Over the weekend, BofA branches were working to assess the geographic breadth of the incident, the news report states. How the cards may were compromised was not known. A BofA spokeswoman said the bank has not released any information about debit fraud, adding, “There was no breach at Bank of America.” BofA does not provide details about potential debit compromises, she said. “If we think a customer’s card has been compromised at a third-party location, we’ll block and reissue the card, which is what we did in this case,” she said. The director of education and professional services for The Payments Authority, a regional payments association in Michigan affiliated with the National Automated Clearing House Association, said the association heard reports of local BofA branches being overwhelmed with customers who believed their debit cards had been compromised. Source: http://www.bankinfosecurity.com/articles.php?art_id=3479

18. March 28, St. Petersburg Times – (Florida) Brooksville police search for two bank robbers. Brooksville, Florida police are searching for two men they say robbed the Chase Bank at 7179 Broad Street about 9:10 a.m. March 28. According to a department press release, the robbers threatened to ignite an incendiary device and demanded money from a clerk. After taking an undisclosed amount of cash, the men ran from the bank. Investigators said the suspects may have fled north on S. Broad Street in a newer-model white Dodge Charger. One robber was described as a black man, 5 feet 9, weighing about 160 pounds. He was last seen wearing a long-sleeved white shirt, white pants, gloves, framed glasses and a white baseball-type hat. The other robber was described as 6 feet tall, 180 pounds and wearing a long-sleeved white shirt with a light blue over shirt, dark pants, dark glasses and a black skull-type hat. Source: http://www.tampabay.com/news/publicsafety/crime/brooksville-police-search-for-two-bank-robbers/1160181

19. March 28, Associated Press – (National) Ariz. man, his mother face charges in fraud scheme. A mother and son are facing charges stemming from an alleged 16-year fraud scheme that affected residents in 28 states. The Arizona Attorney General (AG) said a 55-year-old Scottsdale man and a 78-year-old Dallas, Texas woman are believed to have received more than $8 million. The AG said the defendants advertised a series of short-term investment or loan programs in an aviation magazine asking for a minimum $25,000 contribution. He said investors were told their money would be used to purchase, refurbish and sell airplanes for profit, and that they would get a full return of their money plus interest. More than 60 people claimed they had not received their promised payments. The suspects are scheduled for a pre-trial conference May 11 in Maricopa County Superior Court. Source: http://www.chron.com/disp/story.mpl/ap/tx/7495118.html

20. March 28, KCTV 5 Kansas City – (Kansas) Man pleads guilty to role in staged kidnapping, bank robbery. An 18-year-old Overland Park, Kansas, man pleaded guilty March 28 to one count of aiding and abetting embezzlement by a bank employee. He is one of four men charged with staging a kidnapping and bank robbery November 10 at the U.S. Bank at 10100 West 119th Street in Overland Park. FBI agents were called to the bank in response to a report of a kidnapping and bank robbery. When they arrived, an employee told them he had been kidnapped and forced to get money for the robber. The employee was discovered at 7:20 a.m., bound with duct tape, seated in a chair, with a bloody nose. Surveillance footage from the bank showed the employee being led around the empty bank by a masked man. No weapon could be seen. FBI agents said they learned during their investigation the employee had not been kidnapped, and that the kidnapping was staged to embezzle money from the bank. The man who pleaded guilty March 28 admitted he was the person wearing a mask in the surveillance video. He also admitted he and the bank employee used the worker’s key to steal money from the bank’s ATM, and that he hit the employee in the face to make it look like he had been beaten. He is set for sentencing July 13. He faces a maximum penalty of 30 years in federal prison and a fine up to $250,000. Source: http://www.kctv5.com/news/27347741/detail.html

Information Technology

53. March 29, The Register – (International) McAfee site crawling with scripting bugs say researchers. Flaws on McAfee’s Web site leave it vulnerable to cross-site scripting and other attacks, security researchers warned. YGN Ethical Hacker Group also discovered various lesser information disclosure bugs on the security firm’s Web site, according to an advisory published on a full disclosure mailing list March 28. YGN said it published the details only after notifying McAfee privately of the problems February 10. Cross-site scripting (XSS) flaws create a means to present content from a third-party Web site in the context of a vulnerable site. The class of flaw, which is a perennial problem in Web site development, creates a possible mechanism to mount phishing attacks or other sorts of malfeasance. Source: http://www.theregister.co.uk/2011/03/29/mcafee_website_security_flaws/

54. March 28, Softpedia – (International) New variant of destructive ransomware identified. Security researchers from Kaspersky Lab have identified a new variant of a destructive ransomware program that encrypts personal files with an uncrackable algorithm. Ransomware applications block critical system functionality or lock access to important documents and ask for money to restore normal operations. While many ransomware programs can be cleaned from the system, others are uncrackable. This is the case of programs in the Gpcode ransomware family, which make use of the secure RSA public-key algorithm with an 1024-bit key. Once installed, these applications start encrypting files with predefined extensions, including documents and images, and post a warning message on the desktop advising users to read an instructions file that tells them to send money if they want the special encryption key. One of the changes in the new variant is criminals have switched to ukash or psc pre-paid cards as payment method and have raised the ransom from $120 to $125. There is little users can do to recover their files if they have been affected. Source: http://news.softpedia.com/news/New-Variant-of-Destructive-Ransomware-Identified-191613.shtml

55. March 28, Automotive News – (International) Key automotive chip plant in Japan down until July. Renesas Electronics Corp., the world’s biggest maker of automotive microcontrollers and a key bottleneck in Japan’s parts shortage, said one of two auto-related factories damaged by the March 11 earthquake will not be operational until July. Renesas only recently restored electricity and lighting to its Naka plant in the quake zone and will now start assessing damage to its clean rooms and wafer fabrication lines. Renesas is the world’s top producer of automotive microcontrollers, the tiny microprocessors that control electronic components in vehicles, with 22 percent of the global market, according to Strategy Analytics, a market research firm. Such chips are used in everything from engine control units and transmissions to pre-crash safety technologies and onboard telematics. Renesas had eight factories damaged by the earthquake, including two that make microcontrollers for automotive use. One of those auto-related chipmaking plants, the company’s Tsugaru factory, has already resumed limited production. But the Naka plant will be offline for months and accounts for 15 percent of the company’s total chip output, according to Japan’s Nikkei business daily. Source: http://www.autonews.com/apps/pbcs.dll/article?AID=/20110328/OEM10/110329886/1117

56. March 28, Softpedia – (International) Vulnerabilities disclosed on Sun Websites. The hackers who disclosed vulnerabilities in MySQL.com also published details about SQL injection flaws in older Sun Microsystems Web sites. Sun Microsystems was acquired by Oracle at the beginning of 2010 and its products were integrated into the latter’s portfolio. However, given the sheer size of Sun, many of its Web properties still need to be moved under Oracle’s brand and some have been neglected security-wise. Such is the case of reman.sun.com and ibb.sun.com, two sites dedicated to remanufactured systems and spare parts. Although some might think that hacking such sites has little value, a Romanian hacker’s proof-of-concept attack shows their databases can still contain sensitive information. In his report, he published a list of tables and columns taken from the remandb database, as well as a list of e-mail addresses found inside. SQL injection is the result of insufficient input validation in forms that interact with databases. By exploiting such vulnerabilities, attackers can gain unauthorized read and write access. Source: http://news.softpedia.com/news/Vulnerabilities-Disclosed-on-Sun-Websites-191759.shtml

57. March 25, IDG News Service – (International) Two weeks after quake, Japanese IT industry faces hurdles. Many factories in Japan closed immediately following the earthquake and tsunami March 11, and most have been gradually returning to production the week of March 21. A handful of plants were hit harder and could be offline for months. For IT companies, the loss of production at these plants could have widespread effects on the electronics industry. Texas Instruments’ plant in Miho is one of the factories that was hard hit. The plant, which produced chips and DLP devices for projectors, suffered “substantial damage” and it will not be until May when partial production resumes. Full production is not due until mid-July, and that could be further delayed by power problems, the company said. Toshiba estimates production at its mobile phone display factory in Saitama will be stopped for a month because of damage sustained in the earthquake. A Sony plant responsible for magnetic tape and Blu-ray Discs is one of six Sony plants currently idle. Two Nikon plants were severely damaged and will not be back online until at least the end of March. Fujitsu’s major chip plant in Aizu Wakamatsu is still closed with no estimate of when production will begin again. Some of the potentially biggest disruptions could come from the closure of two plants run by Shin-Etsu Chemical. The company is a major supplier of silicon wafers. One of the halted plants, its Shirakawa facility in Fukushima prefecture, is responsible for approximately 20 percent of the world’s supply of such wafers, IHS iSuppli said. “The wafers made by this facility mainly are used in the manufacturing of memory devices, such as flash memory and DRAM,” an IHS iSuppli analyst said in a statement. “Because of this, the global supply of memory semiconductors will be impacted the most severely of any segment of the chip industry by the production stoppage.” Source: http://www.computerworld.com/s/article/9215057/Two_weeks_after_quake_Japanese_IT_industry_faces_hurdles?taxonomyId=214&pageNumber=1

58. March 25, IDG News Service – (International) Russian security team to upgrade SCADA exploit tool. The Russian security company Gleg, which specialized in vulnerability research, plans to release an upgraded exploit pack for industrial control software that incorporates a raft of new vulnerabilities released by an Italian security researcher. The company recently began focusing on problems within supervisory control and data acquisition (SCADA) systems, which are used in factories, utilities and many other kinds of industrial applications, said Gleg’s CEO. Gleg works with the Miami, Florida company Immunity, which sells a tool called Canvas, which is a framework for penetration testers wanting to try out the latest exploits against software vulnerabilities. Gleg supplies Immunity with exploit packs, which are add-ons with specific kinds of exploits, for Canvas. Gleg’s main product is Agora, which integrates with Canvas. Agora is regularly updated with publicly disclosed zero-day vulnerabilties and those discovered by its research team. Canvas allows companies to figure out what kind of information a hacker could obtain, the CTO for Immunity said. Source: http://www.computerworld.com/s/article/9215064/Russian_security_team_to_upgrade_SCADA_exploit_tool

Communications Sector

59. March 27, Green Bay Press Gazette – (Wisconsin) Permit to build communications tower near Baileys Harbor denied. Opposition has halted plans for a 400-foot communications tower in Baileys Harbor, Wisconsin, a short distance from the Mud Life Wildlife Area. The Door County Resource Planning Committee March 24, voted 3-2 to deny GCGI Development LLC’s request to build the tower, which the company hoped to lease to the U.S. Coast Guard for its Rescue 21 marine distress response system. The committee acted after the second part of a public hearing that began February 17 and included testimony from residents concerned about the proposed tower’s proximity to the wildlife area. Several speakers suggested a cluster of radio towers on the bluff near Ellison Bay would better suit the Guard’s needs. The Coast Guard was not present at the earlier hearing to respond to questions. Source: http://www.greenbaypressgazette.com/article/20110327/GPG0101/103270739/Permit-build-communications-tower-near-Baileys-Harbor-denied?odyssey=mod|newswell|text|GPG-News|s

60. March 25, Reuters – (International) US develops ‘panic button’ for democracy activists. Some day soon, when pro-democracy campaigners have their cellphones confiscated by police, they will be able to hit the “panic button” — a special app that will both wipe out the phone’s address book and emit emergency alerts to other activists. The panic button is one of the new technologies the U.S. State Department is promoting to equip pro-democracy activists in countries ranging from the Middle East to China with the tools to fight back against repressive governments. “We’ve been trying to keep below the radar on this, because a lot of the people we are working with are operating in very sensitive environments,” said the Assistant U.S. Secretary of State for Human Rights and Labor. The U.S. technology initiative is part of the Secretary of State’s push to expand Internet freedoms, pointing out the crucial role that on-line resources such as Twitter and Facebook have had in fueling pro-democracy movements in Iran, Egypt, Tunisia, and elsewhere. The United States had budgeted some $50 million since 2008 to promote new technologies for social activists, focusing both on “circumvention” technology to help them work around government-imposed firewalls and on new strategies to protect their own communications and data from government intrusion. Source: http://uk.reuters.com/article/2011/03/25/rights-usa-technology-idUKN2527265620110325