Monday, August 1, 2011

Complete DHS Daily Report for August 1, 2011

Daily Report

Top Stories

• Federal authorities are investigating the deaths of two girls, and the injuries of several other Monsanto workers, electrocuted in a wet field while de-tasseling corn in Tampico, Illinois, WBBM 780 AM Chicago reports. (See item 26)

26. July 26, WBBM 780 AM Chicago and Associated Press – (Illinois) Girls electrocuted while de-tasseling corn in Northwest Illinois. Federal authorities are investigating the deaths of two 14-year-old girls, who were electrocuted in a wet field while de-tasseling corn in Tampico, Illinois July 25. One farm worker told a WBBM 780 AM Chicago reporter that he heard the girls screaming, and he ran to help, but could do nothing without becoming a victim himself. The Sterling, Illinois girls were de-tasseling corn, when the Whiteside County Sheriff’s Department said they were electrocuted by a field irrigator. The 13-year-old male witness said the field was like a pond. The girls were later pronounced dead at CGH Medical Center in Sterling. Two other workers were seriously hurt. In all, six workers were treated at area hospitals. They were among dozens working for St. Louis-based Monsanto, which said nothing like this has happened before. As a precaution, the company has shut down its de-tasseling operations in the Sterling-Rock Falls area for the time being, according to a company spokesman. He said more than 1,000 people have been working for Monsanto this summer. They receive training and are told to walk around irrigation systems. The spokesman said the accident has been reported to the U.S. Occupational Safety and Health Administration. Source: http://chicago.cbslocal.com/2011/07/26/girls-electrocuted-while-de-tasseling-corn-in-northwest-illinois/

• The U.S. Army private who admitted he was planning to bomb a restaurant in Killeen, Texas, popular with soldiers from Fort Hood, was ordered held without bond July 29, according to CNN. (See item 34)

34. July 29, CNN – (Texas) Fort Hood bomb suspect held without bond. The U.S. Army private who admitted he was planning to bomb a restaurant popular with soldiers from Fort Hood, Texas is to be held without bond, a federal magistrate ordered July 29. The suspect was formally charged with possession of an unregistered destructive device. Additional charges are likely, said a spokesman for the U.S. attorney's office in San Antonio, Texas. The 21-year-old shouted an apparent reference to the 2006 rape of an Iraqi girl by U.S. soldiers and a 2009 shooting spree by an army psychiatrist at Fort Hood that killed 13 people, before being hustled out of the courtroom by marshals. A Muslim American soldier granted conscientious objector status before going AWOL, the suspect was held July 29 in federal custody at an undisclosed location. According to the criminal complaint unsealed July 29, the suspect admitted he planned to turn two pressure cookers found in his Killeen hotel room into gunpowder- and shrapnel-filled bombs to detonate inside an unnamed restaurant popular with soldiers from Fort Hood. Among other things, police and FBI investigators who searched the room found six bottles of gunpowder, shotgun shells and pellets, and ammunition cartridges. Police who arrested him found wire, a handgun, ammunition and an article titled, "Make a bomb in the kitchen of your Mom" in the backpack he was carrying, according to the complaint. The backpack also contained a notebook with a hand-written list for many of the components police recovered. Killeen police arrested the suspect July 27 after a gun store employee indicated his behavior had raised red flags when he purchased 6 pounds of smokeless gunpowder, and other supplies. The tip came from a retired police officer who works at the Guns Galore gun store. He said the young man appeared suspicious as soon as he pulled up in a taxi cab. The suspect browsed for about 20 minutes, the tipster said, choosing 6 pounds of gunpowder, shotgun ammunition, and a magazine for a semiautomatic handgun. He asked what smokeless gunpowder was before finishing the purchase. The tipster said he called police after discussing the transaction at length with the owner of the store, which is the same place where the army psychiatrist bought supplies for his Fort Hood shooting spree. The suspect joined the infantry in 2009 and was assigned to Company E of the 101st Airborne Division's 1st Brigade Combat Team when he refused to deploy to Afghanistan on religious grounds. The Army approved his request to be discharged as a conscientious objector. But on May 13, he was charged with possession of child pornography on his computer, according to the statement. After a June 15 hearing, at which the suspect was recommended for court-martial, he went AWOL. Source: http://www.cnn.com/2011/CRIME/07/29/fort.hood.arrest/index.html

Details

Banking and Finance Sector

13. July 28, U.S. Department of the Treasury – (International) Treasury targets key al-Qa’ida funding and support network using Iran as a critical transit point. The U.S. Department of the Treasury July 28 announced the designation of six members of an al-Qa’ida network headed by a prominent Iran-based al-Qa’ida facilitator, operating under an agreement between al-Qa’ida and the Iranian government. The July 28 action, taken pursuant to Executive Order (E.O.) 13224, demonstrated that Iran is a critical transit point for funding to support al-Qa’ida’s activities in Afghanistan, and Pakistan. This network serves as the core pipeline through which al-Qa’ida moves money, facilitators and operatives from across the Middle East to South Asia, including to a key al-Qa’ida leader based in Pakistan, also designated July 28. As a result of the action, U.S. persons are prohibited from engaging in commercial or financial transactions with the designees, and any assets they may hold under U.S. jurisdiction are frozen. Source: http://www.treasury.gov/press-center/press-releases/Pages/tg1261.aspx

14. July 28, Bergen County Record – (New Jersey) Paramus broker admits role in mortgage fraud scheme. A Paramus, New Jersey mortgage broker, one of three men charged in a scheme to bilk lenders, admitted July 28 he helped generate millions of dollars in fraudulent mortgage loans by inflating borrowers’ income, and assets. The 39-year-old pleaded guilty to a single count of conspiracy to commit wire fraud during a hearing before a U.S. district judge in Trenton. He admitted that, from March 2008 to January 2009, he and his co-conspirators hatched a scheme to defraud mortgage lenders by doctoring residential loan applications to obtain millions of dollars in home loans. The loan applications falsely stated borrowers put cash down at the closings and would make the property their primary residence. They also showed inflated assets and earnings for the borrowers, the man admitted. The former broker allegedly conspired with a 38-year-old man from Maywood, and a 35-year-old from Sewaren in Middlesex County, who were arrested last October in connection with the scam. With the help of two attorneys, one of the co-conspirators arranged to purchase properties owned by financial institutions, while the other co-conspirator recruited borrowers to buy the same properties around the same time, authorities said. The conspirators caused the borrowers to obtain loans on properties they did not own, and failed to record deeds with the county clerk’s office, authorities said. When loans were approved, the funds were wired to the lawyers’ trust accounts and disbursed among the conspirators, with enough retained to cover the purchases made in the conspirator's name. After the deeds were transferred to one of the men, he allegedly altered them to reflect a sale to the borrowers at the inflated prices listed on the fraudulent loan applications and settlement forms. Source: http://www.northjersey.com/topstories/paramus/Paramus_broker_admits_role_in_mortgage_fraud_scheme.html

15. July 28, IDG News Service – (International) Phisher who hit 38,500 gets long prison sentence. A California man was sentenced to 12 years and 7 months in prison July 28 for his role as the mastermind behind a widespread phishing scam that took in more than 38,000 victims. He worked with Romanian scammers to drive users to Web sites that were set up to look up like they belonged to legitimate financial institutions. After victims entered their information on the sites, the Californian sold the data to two alleged co-conspirators who used the information to set up lines of credit — typically between $1,000 and $2,000 — at instant credit kiosks at Wal-Mart stores. They used those lines, as well as fake credit cards made using the stolen data, to purchase products from Wal-Mart, which they then sold for cash. Prosecutors said the co-conspirators stole nearly $193,000 in less than 2 months by hitting Wal-Mart stores throughout California. They have both been sentenced to prison in connection with the fraud, according to a spokeswoman for the U.S. Department of Justice. When police arrested the Californian in January 2007, they found stolen information, including bank and credit card numbers, belonging to 38,500 victims. They also found 20 Web templates used to make fake sites for businesses such as eBay, and local banks, including Florida's Fairwinds Credit Union, and Washington's Heritage Bank. Source: http://www.computerworld.com/s/article/9218732/Phisher_who_hit_38_500_gets_long_prison_sentence

Information Technology Sector

38. July 29, H Security – (International) Unpatched hole in FlexNet License Server Manager. The Zero Day Initiative (ZDI) published an advisory about a critical hole in the FlexNet License Server Manager that attackers can use to gain control of a victim's system. The vulnerability is found in the lmadmin component; when attackers send a specially crafted TCP packet to port 27000, they can write data into the server's heap buffer, leading to the possible execution of malicious code. The FlexNet License Server Manager is only intended for use in local networks, and is normally not reachable via the Internet. In January, the researcher who discovered the flaw reported the vulnerability to Flexera, the company that makes the software –- because the firm has yet to publish a patch, details of the vulnerability are now being made public in accordance with the ZDI 180-day deadline. Source: http://www.h-online.com/security/news/item/Unpatched-hole-in-FlexNet-License-Server-Manager-1288337.html

39. July 28, Computerworld – (International) Windows XP PCs breed rootkit infections. Machines running the Windows XP make up a large percentage of infected PCs that can spread malware to other systems, Avast Software announced July 28. Windows XP computers are infected with rootkits out of proportion to the operating system's market share, according to data released by the antivirus company, which surveyed more than 600,000 Windows PCs. While XP now accounts for about 58 percent of all Windows systems in use, 74 percent of the rootkit infections found by Avast were on XP machines. XP's share of the infection pie was much larger than Windows 7's, which accounted for only 12 percent of the malware-plagued machines — even though the 2009 OS now powers 31 percent of all Windows PCs. Source: http://www.computerworld.com/s/article/9218722/Windows_XP_PCs_breed_rootkit_infections

Communications Sector

40. July 28, threatpost – (International) Researchers find SpyEye operations hosted on Amazon's S3. According to researchers at Kapersky Lab, cybercriminals have been using Amazon’s Simple Storage Service (Amazon S3) as a launching point for their SpyeEye operation for at least several weeks. One researcher writes that cyber criminals are drawn to Amazon's S3 offering for its gigabytes of storage, which they can use to host Web-based attacks. Though S3 requires users to register to get access to their accounts, cyber criminals have steered around that roadblock by registering their AWS account using stolen credit cards, and personal information. Source: http://threatpost.com/en_us/blogs/researchers-find-spyeye-operations-hosted-amazons-s3-072811

41. July 28, Associated Press – (Oregon) Stolen phone cable leads to outage in Oregon city. An Oregon telephone service outage in the Junction City area the week of July 25 has been blamed on the theft of an 80-foot-long section of cable for the copper wire it contained. The Eugene Register-Guard reported the July 26 theft left hundreds of people in the Junction City and Cheshire areas without landline telephone service. But the wire was recovered after Lane County sheriff's deputies got a tip about a suspicious man in a pickup truck. Investigators said metal theft often provides a quick payoff for drug users. Officials estimated it cost about $50,000 to repair the cable that was damaged. Source: http://www.greenfieldreporter.com/view/story/7a9a90288c5b4fe4875ddd2d432dc0f0/OR--Stolen-Wire-Outage/

42. July 28, WPSD 6 Paducah – (Kentucky) Comcast outage fixed for some. Around 2 p.m. July 27, Comcast customers in the Paducah, Kentucky area began experiencing an outage of Internet, and phone services. The outage continued into July 28, but came back online for some in the afternoon. "[W]e have experienced a service outage that has impacted our services in Paducah and surrounding areas," Comcast said in a July 27 statement. "While we are still investigating and researching the issues involved, it appears that our fiber was damaged when utility crews were in the area working," it noted. "Our fiber has been cut extensively in several places. We are in the process of restoring, and are hoping to have all customers restored by the end of [July 27]." Source: http://www.wpsdlocal6.com/news/local/Comcast-outage-affects-area-customers-126325563.html

Friday, July 29, 2011

Complete DHS Daily Report for July 29, 2011

Daily Report

Top Stories

• A new survey of global oil and gas IT executives found only half of the respondents have put in place a strategy to address information security threats, according to Infosecurity. (See item 3)

3. July 27, Infosecurity – (International) Half of oil and gas companies have no information security strategy in place. Only half of oil and gas companies have put in place a strategy to address information security threats, according to a survey of oil and gas IT executives by IDC Energy Insights. The survey of global IT executives also found oil and gas companies still lag behind other industries in formulating, approving, and executing information security policies, as well as getting buy-in from senior management. Of the top three information security threats perceived by oil and gas companies, the greatest is state or industrial espionage, followed by employee error or accidental loss of sensitive information, and vulnerabilities owing to insecure code, the survey noted. In addition, 55 percent of survey respondents indicated an expected increase in their information security budget over the next 12 months. Only 10 percent of the respondents said they are using regulatory compliance as a requirement to justify budgets. In fact, almost 25 percent of respondents said the regulatory environment was a barrier to ensuring information security. Source: http://www.infosecurity-us.com/view/19702/\

• A massive water main break in the Bronx in New York City closed major transportation routes, damaged 12 blocks of businesses and homes, and knocked out gas service to hundreds, WABC 7 New York reports. (See item 26)

26. July 28, WABC 7 New York – (New York) Bronx residents clean up after water main break. It could be days before life returns to normal at homes and businesses in the Bronx in New York City after a massive water main break. It happened on Jerome Avenue and East 177th street in Mount Hope July 27. The streets were dry late the morning of July 28, but big problems remained. There were ongoing bus disruptions, and 500 mom-and-pop shops and residential gas customers were waiting on Con Edison to hook service back up. Officials said all utility lines, including phone service, were affected in some way. And there's a 6-foot deep crater in the middle of the street and 12 blocks of water damage to repair after the geyser-like break turned one of the Bronx's busiest streets into a bubbling river. The break in the 108-year-old main sent tens of thousands of gallons of water gushing along Jerome Avenue. It took crews nearly 3 hours to shut it off because that main supplies water to the entire city. The entrance to the Cross Bronx Expressway had to be shut down, and No. 4 subway service was stopped in its tracks for hours. A day later, Jerome Avenue remained closed, littered with soggy debris dragged from flooded basements. People spent the day cleaning up and adding up their losses. But the biggest problem, aside from all the water damage, is that Con Ed has to go door to door to restore gas service to those 500 homes and businesses. And still, no one knows what exactly caused the century-old main to break. "We need to investigate this," a New York City Department of Environmental Protection representative said. "Age in and of itself is not a reason why a main of this size and strength would break." Service on the BX32 and BX36 bus lines remained detoured. Source: http://abclocal.go.com/wabc/story?section=news/local/new_york&id=8275718

Details

Banking and Finance Sector

14. July 28, Assoicated Press – (New York) Man disguised as armored truck guard steals $15K from Queens check-cashing business. The New York City Police Department said a man dressed as an armored truck guard walked out of a check-cashing business with $15,000 in cash the week of July 18. Police said the suspect walked into Lorenzo's Enterprises in Queens, said he was there for a pickup and was handed the cash. They said he was wearing a GARDA Armored Courier uniform. The Daily News reported that workers at the check-cashing place did not suspect anything until an actual guard showed up hours later from the same armored truck company. The suspect remained at large as of July 27. Source: http://www.therepublic.com/view/story/9aff1d962a034893865aefecf5a23889/Disguised-Guard-Robbery/

15. July 27, New York Post – (New York) LI geezer bank bandit caught on tape. A hefty, gun-toting man who is believed to be responsible for a string of at least six bank robberies in New York since May is being hunted by Long Island cops, and the FBI. The squat, silver-haired bandit last struck July 26 at a Chase branch in Northport around 5:35 p.m. Armed with a black automatic gun, he approached a teller at bank at 721 Fort Salonga Road and demanded cash. The teller handed over the money and the subject fled on foot southbound through the parking lot. He is described as a white male in his 60s, 5 feet, 5 inches tall, and weighing 250 lbs. "We think he either has help, or parks a get-away car nearby," said the commanding officer of Nassau County's homicide and major crimes division. Cops believe the man is responsible for a similar bank robbery July 6 in Newburgh, New York, police said. Source: http://www.nypost.com/p/news/local/geezer_bank_bandit_caught_on_tape_lbFO5xi56Ex2g8LpJLAzXN

16. July 27, San Diego Union-Tribune – (California) Alleged ID thief stole $200,000 in debit-card scam. An alleged identity thief was charged July 27 with looting more than $200,000 from customer accounts at a Rancho Penasquitos, California bank by using an electronic device to steal debit card information. The suspect is accused of stealing from about 950 customers at the Chase Bank branch on Black Mountain Road, but authorities said that number may go up if more victims come forward. He was arraigned before a San Diego Superior Court judge on 45 counts of identity theft, grand theft, burglary, making fake ID cards, and a special allegation that losses exceeded $200,000, the prosecutor said. She said charges related to about 900 more victims would be added against the man, a legal U.S. resident from Romania. He has a felony conviction for trying to break into an ATM in Los Angeles County in 2008, she said. Bank investigators discovered a man was installing a card-skimming device on the door of the bank’s ATM lobby every Saturday after closing time. He would remove it before the bank reopened on Mondays, a district attorney’s investigator said. This occurred for 6 weeks in a row. Hidden cameras the man is accused of installing showed customers typing their identification numbers on the ATM keypads. Agents believe he transferred the account information onto fake debit cards to withdraw $300, $500, even $1,000 at a time at other ATMs. The bank notified the Secret Service of the scam July 22. Agents, with San Diego police and the regional fraud task force, were watching the bank July 23 when the suspect returned to retrieve his device, and he was arrested. Source: http://www.signonsandiego.com/news/2011/jul/27/debit-card-scam-revealed-1000-victims/

17. July 25, U.S. Department of Justice – (New York) Four charged with running a credit history repair scheme. The U.S. Attorney for the Southern District of New York and the U.S. Secret Service New York Field Office announced July 25 the unsealing of an indictment charging four people in connection with a fraudulent credit repair scheme. As part of the scheme, the defendants falsely reported to credit bureaus inflated credit histories for thousands of individuals, enabling those individuals to get millions of dollars in loans from financial institutions, and other lenders. From 2007 through 2009, through Highway Furniture Inc. and, later, New York Funding Group Inc., the four defendants engaged in a scheme to falsely and fraudulently improve credit histories and scores of thousands of people who purportedly were customers of the two firms. The individuals had never actually been customers of Highway Furniture, and New York Funding. As part of the scheme, in exchange for thousands of dollars in fees, the defendants provided credit bureaus with fictitious data showing their firms had extended credit to the purported customers, and that the loans had been or were being repaid. The defendants falsely and fraudulently improved credit histories and scores of some of the purported customers by deleting accurate, but negative, credit information maintained by credit bureaus. As a result, the purported customers obtained millions of dollars of loans from banks, and other lenders. Each defendant is charged with one count of conspiracy to commit bank fraud, and one count of conspiracy to cause damage to a protected computer. Source: http://www.hvinsider.com/articles/four-charged-with-running-a-credit-history-repair-scheme/

Information Technology Sector

37. July 28, Softpedia – (International) LiveJournal targeted in massive DDoS attack. LiveJournal experienced downtime during the past several days because of a massive distributed denial-of-service attack that overwhelmed the company's servers. The outages began July 26, but the company did not release a statement until July 27 when it confirmed it was the target of an attack. LiveJournal is one of the oldest blogging platforms, dating back to 1999, and has over 30 million registered accounts. LiveJournal appeared to be available as of July 28, but since the current attack is on-going, the service might experience more outages. Source: http://news.softpedia.com/news/LiveJournal-Targeted-in-Massive-DDoS-Attack-213909.shtml

38. July 28, Help Net Security – (International) Oracle Enterprise Manager Grid Control multiple vulnerabilities. Oracle reported its Enterprise Manager Grid Control has multiple problems. A remote issue in Security Framework can be exploited over the "HTTP" protocol. The "User Model" sub component is affected. A remote issue in EMCTL can be exploited over the "HTTP" protocol. A remote issue in CMDB Metadata & Instance APIs can be exploited over the "Oracle NET" protocol. A remote vulnerability in Database Control can be exploited over the "HTTP" protocol. Oracle Enterprise Manager Grid Control version 10.1.0.5, 10.2.0.3, 10.1.0.6, 10.2.0.5, 10.2.0.4, 11.1.0.7, 11.2.0.1, and 11.2.0.2 are affected. Source: http://www.net-security.org/vuln.php?id=15388

39. July 28, Softpedia – (International) Fake IRS emails distribute new file infector variant. Security researchers from Trend Micro warn a wave of fake Internal Revenue Service e-mails direct recipients to a new variant of the LICAT file infecting virus. LICAT is a piece of malware associated with the zeus banking trojan that first appeared in October 2010. Malware analysts believe LICAT is intended as a distribution and update mechanism for zeus. The virus appends its rogue code to legitimate EXE, DLL, and HTML files. Each time one of the infected files is executed, a list of URLs is generated according to a predefined algorithm similar to the one used by Conficker. The zeus trojan normally updates itself from a list of predefined command and control servers. Losing control of these domain names usually means losing control of the entire botnet. LICAT adds a redundancy mechanism. It tries to access all of the generated URLs and downloads a new zeus version if it finds one. If they lose control of their C&C domains, the attackers can register a domain they know LICAT will generate in advance and upload their new version there, at which point all they need to do is wait. The rogue e-mails detected by Trend Micro purport to come from "Payment IRS(dot)gov" and bear a subject of "Internal Revenue Service United States Department of the Treasury." Source: http://news.softpedia.com/news/Fake-IRS-Emails-Distribute-New-File-Infector-Variant-213969.shtml

40. July 27, IDG News Service – (International) Beware of 'wrong transaction' hotel spam. A new spam campaign began to appear in recent days, and there are already hundreds of variants on the same theme: A hotel wrongly charged a credit card number, and the victim is supposed to fill out an attached form to process the refund. The "refund" form is actually a malicious trojan that installs fake antivirus software on the victim's computer, according to the director of research in computer forensics at the University of Alabama at Birmingham, who blogged about the spam messages July 27. The messages appear to be coming from the same botnet of infected computers that recently sent out similar messages warning victims their credit card payments were overdue. Those messages led to the fake antivirus downloads too, the researcher wrote in his blog post. As of late July 27, only 19 out of 43 antivirus products used by the VirusTotal Web site detected this latest trojan program. Source: http://www.computerworld.com/s/article/9218700/Beware_of_wrong_transaction_hotel_spam

41. July 25, CNET News – (International) Street View cars grabbed locations of phones, PCs. Google's Street View cars collected the locations of millions of laptops, cell phones, and other Wi-Fi devices around the world, a practice that raises novel privacy concerns, CNET confirmed. The cars were supposed to collect the locations of Wi-Fi access points. However, Google also recorded the street addresses and unique identifiers of computers and other devices using those wireless networks, and then made the data publicly available through Google.com until several weeks ago. The French data protection authority, known as the Commission Nationale de l'Informatique et des Libertes, recently contacted CNET and said its investigation confirmed Street View cars collected these unique hardware IDs. Source: http://news.cnet.com/8301-31921_3-20082777-281/street-view-cars-grabbed-locations-of-phones-pcs/

Communications Sector

42. July 27, Winfield Daily Courier – (Kansas) Telephone service interrupted. Southern Kansas Telephone (SKT) customers in Cowley County and other towns in southeast Kansas have services back after one of SKT’s fiber optic lines was accidentally cut July 27. According to SKT's customer care director, at about 7:55 a.m. July 27, a construction company working near Belle Plaine was boring under a highway when they accidentally cut a fiber optic line that provides telephone, high-speed Internet, and cable television service to SKT customers in Belle Plaine and other communities in southeast Kansas, including Dexter, Burden, and Cedar Vale. SKT repair crews arrived onsite shortly after the cut to begin work on repairing the damaged fiber optic cable. Source: http://www.winfieldcourier.com/articles/2011/07/27/news/news/doc4e30d78c6fdc6244273419.txt

43. July 27, Tallahassee Democrat – (Florida) Cable repairs have been completed. A cut cable north of Tallahassee, Florida, interrupted Comcast's television, Internet, and communications service to about 6,000 customers in that area, the company said July 27. Comcast's general manager said the line was a 78-count fiber optic cable that relays signals to customers along Thomasville Road and up to Bradfordville. Repair of the cable began within an hour of the reported outage hour. The above-ground cable was accidentally cut early July 27 by crews that were clearing tree limbs from the lines. Comcast finished the fiber optic cable repair at 3:20 p.m. Source: http://www.tallahassee.com/article/20110727/BUSINESS/110727008/Update-Cable-repairs-been-completed?odyssey=mod|newswell|text|FRONTPAGE|s

Thursday, July 28, 2011

Complete DHS Daily Report for July 28, 2011

Daily Report

Top Stories

• Trusteer reports the SpyEye bank-code stealing botnet doubled in size, reaching financial institutions in many more countries, according to IDG News Service. See item 23 below in the Banking and Finance Sector

• One of two remaining intact levees in Holt County, Missouri, is in danger of collapse and releasing flood waters on the town of Forbes and 10,000 acres of farmland, WDAF 4 Kansas City reports. (See item 61)

61. July 26, WDAF 4 Kansas City – (Missouri) Missouri River still threatens Holt County levees. Water levels along the flood-swollen Missouri River have begun to drop, but danger is not over for parts of northwest Missouri, where flood waters threaten one of two of the remaining intact levees in Holt County, WDAF 4 Kansas City reported July 26. In Fortescue, north of St. Joseph, the population shrunk from 51 to 2 due to flooding. Many corn fields in the area died after being underwater, and the remaining roads are largely unused. Levee Number 7 was in danger of collapse as crews have been working since the weekend of July 23 and 24 to repair a 50-foot hole gouged out by the river, with an additional 300 feet of damage on either side of the hole. The levee is protecting the town of Forbes and roughly 10,000 acres of farmland. "Found it 11 o'clock [July 23] morning, and started delivering rock by 8 o'clock that night," said one levee worker. Truckloads of rock were being dumped into the hole to save the levee. Source: http://www.fox4kc.com/news/wdaf-missouri-river-still-threatens-holt-county-levees-20110726,0,2125788.story

Details

Banking and Finance Sector

19. July 26, Bloomberg – (International) TD Bank sued by trustee liquidating Rothstein law firm. Toronto-Dominion Bank (TD) was sued July 25 by the bankruptcy trustee liquidating Rothstein Rosenfeldt Adler PA for allegedly assisting in a $1.2 billion Ponzi scheme run by the Florida law firm’s former chairman. The chairman pleaded guilty in January 2010 to five counts of racketeering, money laundering, and wire fraud, admitting he sold investors interests in bogus settlements in fake sexual-harassment and whistleblower cases. The bank’s authorized agents let the man use its name, facilities, and accounts to deceive investors, the trustee said. He accused the bank of ignoring “red flags” and letting the lawyer open accounts and transfer ”huge sums” of money among them. “TD Bank played a central role in this massive fraud by giving [his] settlement program the appearance of legitimacy,” the trustee said in a filing July 25 in U.S. Bankruptcy Court in Fort Lauderdale, Florida. The firm collapsed after other attorneys there said they found evidence their chairman was running an illegal side business. TD Bank was a ”linchpin” in the scheme and disregarded numerous red flags, including hundreds of millions of dollars that moved out of law firm trust accounts, investors said in a complaint filed November 2009 in Florida state court. The investors accused the bank of breach of fiduciary duty, aiding and abetting fraud, and negligent misrepresentation. The investors, with more than $150 million in losses, seek “extensive relief” from the chairman and 27 co-conspirator defendants, according to court papers. Source: http://www.bloomberg.com/news/2011-07-26/td-bank-sued-by-trustee-liquidating-rothstein-firm-for-aiding-ponzi-scheme.html

20. July 26, Associated Press – (International) Ex-investment manager, known as Wall Street 'bad boy,' convicted of fraud. A former investment manager known as Wall Street's "bad boy" was convicted July 26 of defrauding U.S. and European investors of $140 million, promising them rich returns while blowing their money on a lifestyle that included private jets, home renovations, prostitutes, strippers, and classy London hotels. The verdict convicted him of conspiracy and securities fraud charges. The jury also convicted a co-defendant from Miami, Florida. The convicted fraudster was the former chief executive officer of the brokerage firm Sky Capital, which had offices in London, New York, Florida, and New Jersey. His co-defendant was a senior broker for the firm. The top charge, securities fraud, alone carries a potential sentence of up to 20 years in prison. Prosecutors portrayed the two defendants as con men, saying they capitalized on the excitement over Internet tech stocks by using their broker-dealer operation to solicit private investments in start-ups. Prosecutors said the defendants spent some of the investor money living lavishly with private jets, expensive vacations, fancy cars, and flashy watches. They said the men manipulated the value of stocks they sold to investors by paying brokers 400 percent commissions to promote the stocks. The scheme came to an end when one of the brokers was caught lying to an FBI undercover officer. Source: http://www.huffingtonpost.com/2011/07/26/ex-investment-manager-bad-boy-convicted-fraud_n_910285.html

21. July 26, KOMO 4 Seattle – (International) Police capture woman wanted in major ATM 'skimming' operation. Police may have cracked part of a major identity theft ring July 24 after a woman was caught placing a card "skimmer" on a bank ATM in Lynnwood, Washington. The 42-year-old woman was booked into jail for investigation of 20 counts of identify theft, and investigators said she is suspected in hundreds of similar cases, and has ties to an international organized crime group. According to court documents, an investigator with Chase Bank spotted the woman placing the skimmer on an ATM. Investigators said security camera video from the ATM showed the woman installing the skimmer. The bank investigator recognized the woman from numerous surveillance videos taken from ATMs affixed with skimmers from California to Mount Vernon, Washington, according to the documents. The woman is also the subject of a federal investigation into skimming and ID theft, and the Secret Service was called to interview her at Lynnwood police headquarters. In a statement of probable cause, police wrote the Secret Service believes the suspect has ties to organized crime in Romania, and is a flight risk if released. Chase has been investigating the woman since February, and has her on video placing skimmers on eight ATMs in the area, the court documents said. Those skimmers allegedly recorded the account information of at least 320 people. The bank investigator estimated the losses from the skimming at about $34,000. Source: http://www.komonews.com/news/local/126180303.html?skipthumb=Y

22. July 26, Associated Press – (Connecticut) Conn. man pleads guilty to swindling churchgoers. A Connecticut securities broker pleaded guilty July 26 to charges he swindled investors, including members of a Greek Orthodox church, out of more than $8 million. Federal authorities said the 51-year-old Easton man pleaded guilty to fraud and money laundering charges in U.S. district court in New Haven. Prosecutors said the man convinced officials and some parishioners at St. Barbara Greek Orthodox Church in Orange that he was an investment manager, and misrepresented his successes. Prosecutors have said church members lost retirement and college funds. Authorities said he used the money to support his auto racing businesses, and for personal bills. He will be sentenced in October. Source: http://www.google.com/hostednews/ap/article/ALeqM5iiA2Hbzw0YbgQQPrQigOmHJ3C9Qw?docId=51005e1862f641f5aa7f03499feaceec

23. July 26, IDG News Service – (International) SpyEye Trojan defeating online banking defenses. Banks are facing more trouble from SpyEye, a piece of malicious software that steals money from people's online bank accounts, according to new research from security vendor Trusteer. In its latest versions, SpyEye has been modified with new code designed to evade advanced systems banks have put in place to block fraudulent transactions, said Trusteer's chief executive officer (CEO) Banks are now analyzing how a person uses their site, looking at parameters such as how many pages a person looks at, the amount of time a person spends on a page, and the time it takes a person to execute a transaction. Other indicators include IP address, such as if a person who normally logs in from the Miami, Florida area suddenly logs in from St. Petersburg, Russia. SpyEye works fast, and can automatically and quickly initiate a transaction much faster than an average person manually on the Web site, which provides a key trigger for banks to block a transaction. So SpyEye's authors are now trying to mimic — albeit in an automated way — how a real person would navigate a Web site. Trusteer has also noticed that SpyEye in recent months has expanded the number of financial institutions it is able to target in an increasing number of countries. New target countries include Russia, Saudi Arabia, Bahrain, Oman, Venezuela, Belarus, Ukraine, Moldova, Estonia, Latvia, Finland, Japan, Hong Kong, and Peru. What that means is that more criminal groups around the world are purchasing the SpyEye toolkit, Trusteer's CEO said. SpyEye is a botnet with a network of command-and-control servers hosted around the world. As of July 26, 46 command-and-control servers were online, according to SpyEye Tracker, a Web site dedicated to gathering statistics about the malicious software. In May, there were just 20 or so active servers responding to computers infected with SpyEye, said the site's administrator. Source: http://www.computerworld.com/s/article/9218645/SpyEye_Trojan_defeating_online_banking_defenses

Information Technology Sector

48. July 27, H Security – (International) ICQ vulnerable to account theft. In security advisories for ICQ and the ICQ Web site, a security researcher warned that the ICQ instant messenger for Windows and the ICQ Web site contain vulnerabilities that potentially allow attackers to take control of a user's ICQ account. According to the researcher, ICQ does not adequately check user's profile information and fails properly to analyze status messages, which can be freely chosen by users, to see if they contain executable code. He recently discovered a similar hole in the Skype client. If the victim opens the attacker's profile in the ICQ client or on the ICQ Web site, the embedded JavaScript code stored on the ICQ server will be executed. This can allow attackers to steal victims' cookies and take control of their sessions. The script code appears to be executed in a local context: therefore, attackers can potentially also execute applications and read the user's local files. Such an attack is called a persistent cross-site scripting attack; the attacker manages to place JavaScript code on a server that will be executed on the victim's machine when a particular Web site is visited, or a particular application is used. Source: http://www.h-online.com/security/news/item/ICQ-vulnerable-to-account-theft-Update-1286231.html

49. July 27, H Security – (International) Vulnerability in Samba SWAT tool. A cross site request forgery vulnerability and a related cross-site scripting vulnerability in the SWAT administration tool of the Samba SMB/CIFS and Windows interoperability software triggered the release of updates for versions 3.3, 3.4, and 3.5 of the software. With the request forgery problem, an attacker could trick an authenticated user into clicking a manipulated URL on a different Web page and gain control of SWAT. If that user is authenticated as the root user in the system, it is possible to start or stop the service and add or remove shares, printers, or user accounts. The SWAT tool has to be installed and enabled as either a stand-alone server or as an Apache CGI plug-in to be vulnerable. By default, SWAT is neither installed nor enabled. The cross-site scripting vulnerability only exists if the request forgery problem is not fixed, and allows an attacker to insert arbitrary content into the user field of the change password pages of SWAT. Source: http://www.h-online.com/security/news/item/Vulnerability-in-Samba-SWAT-tool-1286063.html

50. July 27, Softpedia – (International) osCommerce mass injection attack infects over 90K pages. Security researchers from Armorize came across a new mass injection attack targeting osCommerce Web sites that has already infected more than 90,000 pages. Attackers began by injecting a hidden iframe pointing to a malicious URL, but later switched to a rogue script element that loads a rogue JavaScript file from an external domain. The injected code does not appear to be obfuscated, so searching for it on Google revealed more than 90,000 hits, indicating the attack is widespread. Both versions of the injection take visitors through several redirects until landing them on a page that loads exploits for vulnerabilities in browser plug-ins and popular applications. This type of attack, known as a drive-by download, is very dangerous because it requires no user interaction and there is usually little to no indication that something malicious has happened. According to the Armorize researchers, this attack exploits vulnerabilities in Java (CVE-2010-0840 and CVE-2010-0886), Adobe Reader (CVE-2010-0188), Internet Explorer (CVE-2006-0003), and Windows XP (CVE-2010-1885). Since these vulnerabilities are relatively old, users who keep their software and operating system up to date should be protected against the attack. Source: http://news.softpedia.com/news/osCommerce-Mass-Injection-Attack-Infects-over-90K-Pages-213662.shtml

51. July 26, The Register – (International) Kit steals Mac login passwords through FireWire port. Software maker Passware released a program that quickly recovers log-in passwords from Macs, even when running Apple's new OS X Lion, that have been locked, put into sleep mode, or have FileVault disk encryption turned on. Passware Kit Forensic v11 works by capturing a Mac's computer memory over FireWire and extracting any log-in passwords that happen to be stored there. The package takes only a few minutes to work, and can also extract passwords stored on a Mac's keychain. The program exploits the peer-to-peer characteristic of the FireWire design, which allows any connected device to read and write to any other connected device. As a result, anything stored in a Mac's memory is accessible. Source: http://www.theregister.co.uk/2011/07/26/mac_password_stealer/

Communications Sector

52. July 27, KMTR 16 Springfield – (Oregon) Phone service restored, suspect arrested. A man stealing wire from telephone lines was probably the cause of a telephone outage for about 1,000 residents of the Junction City, Oregon area July 26, according to the Lane County Sheriff’s Office. Phone service was restored by the evening of July 26 for most customers. Around 11:30 p.m., deputies investigating a report of a suspicious vehicle in a remote area of Bureau of Land Management land found a man who was apparently preparing to alter the appearance of some wire to make it easier to sell as scrap. Deputies arrested the 45-year-old man, and he was taken to jail on suspicion of theft, criminal mischief, and possession of methamphetamine. Source: http://www.kmtr.com/news/local/story/Phone-service-restored-suspect-arrested/MG0vV7kC9kGcCrkuZYOkew.cspx

53. July 26, WKTV 2 Utica – (New York) Severe weather knocks Galaxy radio stations off the air. Galaxy Communications radio stations were off the air due to damage from severe weather the afternoon of July 26 that swept through Oneida County in New York. According to a spokesperson for the group of radio stations, WOUR, WKLL (KRock), WUMX (Mix 102.5), andESPN Radio (WTLB, WIXT, WRNY) were all off the air. It was also reported that Galaxy's facilities on Kellogg Road in Washington Mills suffered minor damage following the storm. The company said that all of their radio stations were expected to return to the airwaves the evening of July 26. Source: http://www.wktv.com/news/local/Severe-weather-knocks-Galaxy-radio-stations-off-the-air-126205413.html