DHS Daily Open Source Infrastructure Report

Thursday, March 17, 2011

Complete DHS Daily Report for March 17, 2011

Daily Report

Top Stories

• WXIA reports an armored car courier was shot to death in a robbery in Atlanta, Georgia, the seventh such robbery committed by the same crew, officials said. (See item 21)

21. March 15, WXIA 11 Atlanta – (Georgia) Courier killed in Toco Hills armored car robbery. An armored car courier was shot to death during a robbery in front of a Kroger store in the Toco Hills Shopping Center in Atlanta, Georgia, just after noon March 15. FBI investigators said the Garda Armored Car courier was walking back to his truck when a gunman walked up and shot him three times. The gunman then grabbed an undisclosed amount of money, hopped in a car and fled the scene in a car police said had been carjacked in Snellville March 14. The courier was taken to Grady Memorial Hospital in Atlanta, where he later died. Garda is offering a $100,000 reward for information leading to the conviction of those responsible for the robbery. Investigators said surveillance video relating to the incident would not be released because of its graphic nature. “There was no provocation, there was no mercy,” an FBI Special Agent said. The FBI said it was the seventh time the same violent robbing crew has targeted armored car couriers. “They fire on these guards without any provocation, I think that is paramount,” the Agent said. Source: http://www.11alive.com/news/local/story.aspx?storyid=182763&catid=3

• According to CNN, the U.S. military has blocked access to a range of popular commercialWeb sites to free up bandwidth for use in Japan earthquake recovery efforts. See item 58 below in the Communications Sector

Details

Banking and Finance Sector

20. March 15, GovInfoSecurity.com – (National) IRS financial systems vulnerable to insider threats. The Internal Revenue Service has been inconsistent in implementing IT security controls to prevent, limit, and detect unauthorized access to its financial systems and information, making them vulnerable to malicious insiders, government auditors said March 15. The IRS failed to restrict sufficiently users’ access to databases to only the access needed to perform their jobs; secure the system employed to support and manage its computer access request, approval, and review processes; update database software residing on servers that support its general ledger system; and enable certain auditing features on databases supporting several key systems, according to a Government Accountability Office (GAO) report. In addition, GAO said, 65 of 88, or nearly three quarters of previously reported weaknesses, remain unresolved or unmitigated. GAO said the IRS has not fully implemented key components of its comprehensive information security program. Although IRS has processes in place intended to monitor and assess its internal controls, auditors said, these processes were not always effective. Source: http://www.govinfosecurity.com/articles.php?art_id=3431

22. March 15, WEWS 5 Cleveland – (Ohio) Two charged with robbing Twinsburg bank, more robberies under investigation. Two men suspected in multiple bank robberies in Northern Ohio were arrested and charged March 15. The two were charged with one count each of federal bank robbery. The Key Bank on East Aurora Road in Twinsburg was robbed March 14. According to a release from the FBI, a man passed the teller a demand note. After receiving cash, he fled the bank and got away in car waiting outside. A witness to the robbery called 911, and reported the vehicle’s location and description. The FBI said Oakwood Village police followed the car during a high-speed chase, until it crashed in Garfield Heights. The FBI said the duo are suspects in bank robberies across Cuyahoga, Summit and Lake counties, including one the week of March 7 in North Olmsted. These other robberies remain under investigation. One of the perpetrators was set to appear in federal court March 15, while the second man remains hospitalized at MetroHealth Medical Center. Source: http://www.newsnet5.com/dpp/news/local_news/cleveland_metro/Two-charged-with-robbing-Twinsburg-bank-more-robberies-under-investigation

23. March 15, WSBTV 2 Atlanta – (National) Security guard foils fake credit card ring. A security staffer at a retail store helped break up an interstate crime ring that used counterfeit credit cards from Georgia to Ohio, police said. Three men were arrested after a loss-prevention manager at a Meijer store in Lexington, Kentucky reported they were acting strangely while buying iPods. The men are believed to be Chinese citizens who have used faked credit cards in at least five states, a Lexington police spokeswoman said. Lexington police were called by the Meijer employee March 11, she said. The employee gave police a description of the men and their car, and the car was stopped and police found iPods and 86 fake credit cards, police said. According to court records, the men also had $5,200 worth of phone cards, and at least $4,700. The men were charged with 86 counts of criminal possession of a forged instrument and one count each of false making or embossing of a credit card, and receiving goods by fraud under $10,000. It appeared the men flew to Atlanta from California and drove north along Interstate 75, using the cards in Georgia, Ohio, and Indiana, police said. Source: http://www.wsbtv.com/news/27203362/detail.html

24. March 15, Las Vegas Review-Journal – (National; International) Man guilty of securities fraud sentenced to prison, ordered to repay $23.5 million. A former Clark County, Nevada man who stole more than $26 million through mining and real estate investment scams was sentenced March 15 to more than 6 years in federal prison and ordered to pay his victims $23.5 million in restitution. The man created a number of false business fronts from 2001 through 2007, then “told investors that he and his companies were engaged in exploring and developing a series of lucrative mining claims in Peru, Guyana, California and Nevada,” according to a statement from a U.S. Attorney. The stocks he sold were worthless because the mining projects never existed, the statement said. The man reportedly purchased a 6,000-square-foot home in Lake Las Vegas, and several luxury automobiles, according to the U.S. Attorney’s office. All of those assets were seized by the government. The man reportedly told investors in North America and the Middle East he needed their money to fund a water delivery system for an Arizona real estate project. That development, like the mines, was a product of his imagination. According to the U.S. Attorney, he used the ill-gotten gains from the real estate scam to pay his mortgage, make “lavish” home improvements and pay for a riding stable. The judge found the defendant was “delusional and not generally remorseful.” Source: http://www.lvrj.com/news/man-guilty-of-securities-fraud-sentenced-to-prison-ordered-to-repay-23-5-million-118047039.html?ref=039

25. March 9, San Jose Mercury News – (California) Police crack credit card skimming scam in Mountain View, Los Altos. Authorities thwarted a sophisticated scheme to capture the credit card numbers of gas station patrons in Mountain View and Los Altos, California, the Santa Clara County District Attorney’s Office announced March 8. Skimming devices allegedly installed inside gas station pumps by 2 men collected more than 3,600 credit card numbers. However, police arrested the Glendale, California duo before they could retrieve the information. The men face charges including conspiracy, altering a computer, and acquiring credit card information with the intent to defraud, according to the district attorney’s office. An attendant at a gas station in Mountain View first called police December 6, after opening up a pump to investigate an error message. Inside, the attendant found a small device attached to a circuit board. Mountain View police then set up an alarm system to signal officers when the pump was reopened. On December 17, the duo set off the alarm and were arrested. Police searched the duo’s van and found keys that opened the gas pump and notes with addresses, which led police to other stations. In Mountain View, credit card skimmers were found at four stations in addition to one found at a Chevron in Los Altos. Source: http://www.mercurynews.com/breaking-news/ci_17569451?nclick_check=1

Information Technology

52. March 16, Help Net Security – (International) LotusCMS multiple vulnerabilities. A weakness and multiple vulnerabilities have been discovered in LotusCMS, which can be exploited by malicious users to disclose sensitive information and compromise a vulnerable system, and by malicious people to conduct cross-site scripting and request forgery attacks, disclose sensitive information, and compromise a vulnerable system, according to Secunia. Successful exploitation of this vulnerability requires that “magic_quotes_gpc” is disabled. The vulnerabilities are confirmed in version 3.0.3. Other versions may also be affected. Source: http://www.net-security.org/secworld.php?id=10748

53. March 16, The Register – (International) RIM tells users of bloodied BlackBerry to disable JavaScript. Research in Motion (RIM) has suggested BlackBerry users disable JavaScript to protect themselves against a critical vulnerability that allows attackers to remotely execute malicious code and access confidential data stored on the phone. The recommendation issued March 14 came 4 days after contestants in an annual hacking competition exposed a serious security vulnerability in a fully patched BlackBerry Torch 9800. By exploiting a bug in the phone’s Web browser, they were able to write a file to its storage system and steal a complete list of contacts and a cache of pictures stored on the device. “Users of BlackBerry Device Software version 6.0 and later can disable the use of JavaScript in the BlackBerry Browser to prevent exploitation of the vulnerability,” RIM said in the advisory. “The issue is not in JavaScript but the use of JavaScript is necessary to exploit the vulnerability.” Source: http://www.theregister.co.uk/2011/03/16/blackberry_security_advisory/

54. March 16, H Security – (International) Twitter adds ‘Always use HTTPS’ option. The Twitter micro-blogging service has added a new setting that allows users to always use HTTPS when accessing Twitter.com, sending secure data transmissions via SSL, not only during log-in, but also for its other pages. This means that even cookies are now transmitted in encrypted form and can no longer be read and exploited for fraudulent activities by attackers using such tools as the Firesheep extension for Firefox. Source: http://www.h-online.com/security/news/item/Twitter-adds-Always-use-HTTPS-option-1209032.html

55. March 15, Computerworld Hong Kong – (International) Quake damages plants of Fujitsu and Canon. The 8.9 magnitude earthquake in Japan the week of March 6 damaged six plants of the Fujitsu Group and several facilities of Canon. Four of the Fujitsu Group plants with building and equipment damage are in the Fukushima Prefecture plagued by nuclear plant blasts after the quake, while the other two are in the Iwate Prefecture and the Miyagi Prefecture, according to the vendor in a statement March 14. These plants are respective facilities of Fujitsu Semiconductor, Fujitsu Semiconductor Technology, Fujitsu Integrated Microtechnology, and Fujitsu Isotec. Canon reported March 13 severe damage at Fukushima Canon and the Utsunomiya Office that houses an optics R&D center and two plants. While there are 15 cases of injury at the Utsunomiya Office, production at offices and plants in the hard-hit northern Honshu area has been suspended until further notice, the company noted. Companies including Sony and Panasonic also announced suspension at some of their plants earlier. Source: http://www.computerworld.com/s/article/9214640/Quake_damages_plants_of_Fujitsu_and_Canon

56. March 15, IDG News Service – (International) Intel targets security in the cloud with McAfee. Intel March 15 said it will use assets acquired from McAfee to provide cloud security services to protect the growing number of mobile devices that face malware and cyberattack threats. Intel will first offer security products through software and services and later offer security features via hardware, with a heavy focus on providing cloud security services, said the senior vice president and general manager at Intel’s Software and Services Group. He also said mobile devices such as tablets and smartphones are increasingly vulnerable to malware and cyberattacks. Intel wants to design security management capabilities into hardware that activate features on mobile devices to communicate in real time with cloud-based consoles and provide security capabilities such as tackling malware, authenticating users, and verifying Internet Protocol addresses or Web sites, he said. Source: http://www.computerworld.com/s/article/9214607/Intel_targets_security_in_the_cloud_with_McAfee

57. March 15, Beverly Hills Courier – (California) Monterey Park chemical leak prompts hazardous materials response. A chemical leak March 15 at a computer chip manufacturing company in Monterey Park, California, prompted a hazardous-materials response, but no one was hurt, authorities said. The problem was reported at about 3:30 a.m. at Kotura Inc., the Monterey Park fire captain said. He stated firefighters determined the leak involve hydrogen bromide and ammonia, which are used in the manufacturing process. A part of the commercial complex was isolated while crews worked to handle the problem, he said. There were no evacuations, but people were kept away from the area. By 7:30 a.m., the all-clear was given, but Kotura remained closed while an investigation was conducted. Source: http://www.bhcourier.com/article/Local_News/Local_News/Monterey_Park_Chemical_Leak_Prompts_Hazardous_Materials_Response/75118

Communications Sector

58. March 16, CNN – (International) U.S. military blocks websites to help Japan recovery efforts. The U.S. military has blocked access to a range of popular commercial Web sites in order to free up bandwidth for use in Japan recovery efforts, according to an e-mail obtained by CNN and confirmed by a spokesman for U.S. Strategic Command. The sites — including YouTube, ESPN, Amazon, eBay and MTV — were chosen not because of the content, but because their popularity among users of military computers account for significant bandwidth, according to Strategic Command spokesman. The block, instituted March 14, is intended “to make sure bandwidth was available in Japan for military operations” as the United States helps in the aftermath of the March 11 deadly earthquake and tsunami, the spokesman explained. U.S. Pacific Command made the request to free up the bandwidth. The sites, 13 in all, are blocked across the Department of Defense’s .mil computer system. “This is a response to a time of extreme demand for networks,” The spokesman said. He emphasized that it was a temporary measure. “This blockage will be of a temporary nature and may increase or decrease in the size and scope as necessary,” according to the message distributed to military announcing the move. “We are doing this to facilitate the recovery efforts under way in Japan,” The spokesman explained. “We are trying to make sure we are giving them as many avenues and as much support as we can.” Source: http://www.cnn.com/2011/US/03/15/us.military.websites/index.html

No comments:

Blog Archive

Links

About Me