Tuesday, May 10, 2011

Complete DHS Daily Report for May 10, 2011

Daily Report

Top Stories

• The Anchorage Daily News reports authorities evacuated about 50 homes May 6 in the Trapper Creek, Alaska area after the discovery of 550 pounds of unstable ammonium nitrate and nitoglycerine in the trunk of an abandoned station wagon. (See item 5)

5. May 8, Anchorage Daily News – (Alaska) Explosives detonation rattles dozens of Trapper Creek homes. Authorities evacuated about 50 homes May 6 in the Trapper Creek, Alaska area after the discovery of roughly 550 pounds of aging, unstable explosives in the trunk of an abandoned station wagon, state troopers said. An explosives team from Joint Base Elmendorf-Richardson destroyed the cache, which included 15- to 20-year-old ammonium nitrate and nitroglycerine, and the car, at 2 a.m. May 7. No one was injured, though some neighbors reported shattered windows. The explosives had been in the car since the mid-1990s, when a man who owns the property moved them there from a nearby railroad boxcar or boxcars, said a wildlife trooper. The man has been living in one of the railroad cars, a trooper spokeswoman said. She declined to identify him because he had not been charged with a crime. The incident, which displaced neighboring families for hours, began when the man left a message for the wildlife trooper to visit his property for what at the time were unknown reasons, troopers said. Source: http://www.adn.com/2011/05/07/1851016/explosives-detonation-wakes-up.html

• According to WNYW, two breaches occurred where suspects with fireworks, and a man who made a bomb threat, got into train tunnels in New York and New Jersey. (See item 20)

20. May 9, WNYW 5 New York – (New York; New Jersey) 2 rail security breaches cause scares. Two rail security breaches reportedly occurred within hours of each other in New York, New York, May 8 as authorities remained on alert for an al-Qaida attack. In one breach near the World Trade Center, a man slipped into a train tunnel and walked from Manhattan to New Jersey before saying that he left a bomb in the tunnel. That scare — and an unrelated escapade involving four “urban explorers” infiltrating an under-construction subway tunnel — came just days after the FBI warned that al-Qaida could be targeting U.S. trains. There was no bomb on the tracks, police said. Officials said that a 20-year-old man, of Bayonne, New Jersey, hopped down onto the tracks in a Manhattan tunnel from a station being patrolled by two Port Authority officers. The suspect then walked the 2 miles to Jersey City, New Jersey. A Port Authority contractor spotted him exiting at around 3 a.m. May 8 and called police. “I just put a bomb down on the tracks,” he allegedly told officers. The tunnel was shut down while the Joint Terrorism Task Force and bomb-sniffing dogs searched for a device. He was charged with criminal trespass, evaluated at a hospital, and released. Separately, at around 4:30 a.m., police arrested four men who allegedly sneaked into the Second Avenue subway tunnel carrying Roman candles and cameras. The men told cops they were part of an “urban explorers” group and that they planned to use the fireworks for light for photos. The four were charged with criminal trespass after a Harlem resident alerted cops that the group descended into the tunnel around 112th Street. Source: http://www.myfoxny.com/dpp/news/2-rail-security-breaches-cause-scares-new-york-city-ncx-20110509

Details

Banking and Finance Sector

15. May 6, Detroit Free Press – (Michigan) Brighton man steps off plane, is arrested in $50M Ponzi scheme. A man whom federal authorities have accused of fleecing 440 investors in a $50 million Ponzi scheme, was arrested May 5 in New York City after getting off an inbound flight from Italy, the U.S. attorney’s office said May 6. The arrest means the 42-year-old man of Brighton, Michigan, is facing criminal charges for what authorities have described as one of Michigan’s largest investment schemes. A criminal complaint unsealed May 5 makes no mention of a Ponzi scheme. It allegesthe man misled investors about how their money would be used, how secure their money would be, and the returns they could expect. He also told investors he would not be paid unless BBC was profitable, which was untrue, the FBI said in a criminal complaint. The suspected fraudster is the founder and chairman of BBC Equities, LLC., which authorities have dubbed the Billionaire Boys Club. The Securities and Exchange Commission accused the man and a co-conspirator in a civil complaint in July 2009 of defrauding investors in a real estate investment scheme. It said the pair promised investors 8-12 percent annual returns. The criminal complaint said of the more than $50 million collected from investors, only $20.7 million was invested in real estate. It said a significant portion was used to pay the man’s personal expenses. Source: http://www.freep.com/article/20110506/NEWS06/110506029/Brighton-man-steps-off-plane-arrested-50M-Ponzi-scheme

16. May 6, WABC 7 New York – (New Jersey) ‘Dapper Bandit’ burglary spree in New Jersey. A bank burglar, dubbed the “Dapper Bandit”, wears a suit coat, shined shoes, and creased pants, and he is wanted in connection with crimes at banks in Essex, Union, and Bergen counties in New Jersey since April. The suspect was caught on surveillance video near a safe at a Livingston bank in New Jersey. He used a crowbar to open cash drawers at banks once they have closed for the day. He has left without money from a few of his break-ins, but he has made off with an unknown amount of cash from others. No one has been injured in any of the incidents. Source: http://abclocal.go.com/wabc/story?section=news/local/new_jersey&id=8117183

17. May 6, KSLA 12 Shreveport – (Texas; Louisiana) Waskom bank robbery: FBI investigating connection to Shreveport robberies. The FBI is looking into the possibility of a connection between an armed robbery of a Waskom, Texas bank May 6 and a series of hold-ups in the Shreveport, Louisiana area. Around 1:20 p.m. May 6, witnesses said a man armed with a gun ran in to the Citizens National Bank in Waskom and demanded money from a teller. Police said the man took off on foot with an undisclosed amount of cash. The suspect was described as being about 5’11” to 6’ tall with a slender build. He was wearing a ski mask, a red long-sleeve shirt, baggy pants, and white tennis shoes. Waskom schools were placed on lockdown immediately following the armed robbery. It was lifted at 2:20 p.m., and students were sent home shortly afterward. Eight Shreveport area banks have been held up since December 2010, including the Chase bank on E. 70th Street December 16. It was robbed again December 30. Source: http://www.ksla.com/story/14590159/waskom-bank-robbery-fbi-investigating-connection-to-shreveport-robberies

18. May 5, Chico Enterprise-Record – (California) Two guilty pleas in Chico mortgage fraud scheme. Two of the principal players in a multimillion dollar mortgage fraud scheme in Chico, California, pleaded guilty May 5 in federal district court in Sacramento. A 29-year-old man pleaded guilty to one count of mail fraud and one count of money laundering, and a 31-year-old woman pleaded guilty to one count of mail fraud. In the May 5 hearing, the 29-year-old admitted he and others originated approximately $21 million in fraudulent loans, causing losses to lenders of more than $4 million. A Chico builder, who has already pleaded guilty, was among those involved in the scheme. Source: http://www.chicoer.com/breakingnews/ci_18003714

Information Technology

41. May 9, Softpedia – (International) Sony deals with third breach. Sony has dealt with a new breach over the weekend of May 7 and 8 that exposed the names and partial addresses of 2,500 people who participated in a sweepstakes contest 10 years ago. Sony learned about the intrusion after hackers stole the information and posted it on a public Web site. The company took measures to remove the data from the Internet and apologized for the new incident. The information was taken from a Web site that was used for a product sweepstakes contest back in 2001. “The Web site was out of date and inactive when discovered as part of the continued attacks on Sony,” the company told Reuters. No credit card details, Social Security numbers, or user passwords were compromised in this new incident. The breach comes after recent reports that a group of hackers was planning a new attack against Sony that was to involve the disclosure of sensitive information stolen from its systems. There is no evidence to definately link the rumored plan to the new breach. Sony also announced that restoring the PlayStation Network and Qriocity services has been further delayed. Source: http://news.softpedia.com/news/Sony-Deals-with-Third-Breach-199092.shtml

42. May 7, Softpedia – (International) Fix for critical Skype vulnerability available. Skype announced a patch for a vulnerability in its Mac client that could be used to remotely execute code has been available since April 14, despite users not being automatically notified. A senior security consultant at security vendor Pure Hacking, publicly reported the existence of the critical flaw May 6. He found the vulnerability by chance when he pasted a payload to a colleague on Skype as part of an unrelated discussion. The colleague’s Skype client crashed, prompting the researcher to further investigate the strange behavior. After additional testing, he concluded that only the Mac client was vulnerable. The researcher classified the vulnerability extremely wormable and dangerous and explains that an attacker can exploit it by simply sending a message to the victim. The researcher decided to publicize the issue one month after notifying Skype because he did not see a fix being released. A Skype spokesman claimed a hotfix (Skype for Mac version 5.1.0.922) has been available since April 14, but that users have not been automatically prompted to update. Source: http://news.softpedia.com/news/Fix-for-Critical-Skype-Vulnerability-Available-198996.shtml

43. May 6, Help Net Security – (International) Facebook scammers go back to using Javascript. As users become accustomed to ignoring one particular scam approach — and as Facebook is becoming more adept at spotting and blocking the rogue applications — the copy/paste script one is making a comeback. The most popular lure used by these scammers is the undying “See who viewed your profile” offer. The landing page could be a Facebook one or one hosted on another domain, and it asks the user to copy some Javascript into the browser address bar and press “Enter.” Once the directions are executed, the user is asked to fill out a survey in order to finally get the results. In the meantime, the Java script does its job. “Depending on the configurations of the attacker, the script will post a new bait message to the user’s wall, send chat messages to friends, tag you in post messages or images, or even create an event and send an invitation to all your friends,” Symantec explains. “Of course as always the attack is easy configurable through a toolkit. Since the script runs in the context of Facebook and uses your open session it can do a lot with your profile, it can do nearly everything you could do yourself.” Source: http://www.net-security.org/secworld.php?id=10987

44. May 6, H Security – (International) Google Images search results may lead to malicious sites. Postings by SANS Internet Storm Center and a security specialist describe how, in recent weeks, both have been receiving many reports that vulnerabilities in Google Images search are being exploited to load malicious software onto users’ systems. Both sources state users were being led to fake anti-virus Web sites and presented with false security alerts. The Internet Storm Center gives a detailed description of the exploit: legitimate sites are compromised and scripts are planted on them; these scripts monitor Google Trends for suitable search terms and create fake Web pages containing text and images culled from various Web sites; these Web pages and the images they contain are then indexed by the Google bots; when a user clicks on a relevant thumbnail in the results of a Google Images search, the exploit will be triggered and the user directed to a fake anti-virus Web site. Source: http://www.h-online.com/security/news/item/Google-Images-search-results-may-lead-to-malicious-sites-1238858.html

45. May 6, Computerworld – (International) Unpatched DLL bugs let hackers exploit Windows 7 and IE9, says researcher. Although Microsoft patched multiple DLL load hijacking vulnerabilities since last summer, Windows and Internet Explorer 9 (IE9) can still be exploited, a security company warned May 6. Microsoft confirmed it is investigating the claims by Acros Security. Researchers from Acros will demonstrate the new attacks at the Hack in the Box security conference later in May. “We’ll reveal how IE8 and IE9 can be used on Windows 7, Vista and XP for attacking users without any security warnings, even in ‘Protected mode,’ and how to remotely make many seemingly-safe applications, for example, Word 2010 and PowerPoint 2010, vulnerable,” Acros’s CEO said May 6. The attack class called “DLL load hijacking” by some, but dubbed “binary planting” by Acros, jumped into public view last August when the creator of the Metasploit penetration hacking toolkit and chief security officer at Rapid7, found dozens of vulnerable Windows applications. His report was followed by others, including several from Kolsek and Acros. Many Windows applications do not call DLLs using a full path name, but instead use only the filename, giving hackers a way to trick an application into loading a malicious file with the same title as a required DLL. If attackers can dupe users into visiting malicious Web sites or remote shared folders, or get them to plug in a USB drive — and in some cases con them into opening a file — they can hijack a PC and plant malware on it. Since the original report, Microsoft has issued 13 DLL load hijacking-related updates stretching from November 2009 to April 2011, when it patched a pair in Office and Visual Studio as part of a massive 64-fix update. Source: http://www.computerworld.com/s/article/9216483/Unpatched_DLL_bugs_let_hackers_exploit_Windows_7_and_IE9_says_researcher?taxonomyId=17&pageNumber=1

46. May 6, Computerworld – (International) LastPass says users no longer have to reset passwords. LastPass May 6 rescinded its day-old order that all users of its online password management system reset their master passwords due to a database breach. In a LastPass blog post May 6, the company said it will not allow users to change master passwords “until our databases are completely caught up and we have resolved outstanding issues.” In an e-mail to Computerworld, LastPass’s CEO said the company changed its plan in response to demands from users asking they not be required to reset their passwords. “They’re asking because they know how strong their master password is — that it’s not vulnerable and therefore they know they’re safe even if it was exposed,” he said. However, comments posted on a LastPass blog suggest the company’s decision may also be related to trouble some users appear to be having with the password reset process. The LastPass blog post acknowledged it had “identified an issue” with roughly 5 percent of users that reset their master passwords. The company said it would be contacting those users about a fix to the problem. Source: http://www.computerworld.com/s/article/9216471/LastPass_says_users_no_longer_have_to_reset_passwords

Communications Sector

Nothing to report

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)