Wednesday, January 12, 2011

Complete DHS Daily Report for January 12, 2011

Daily Report

Top Stories

• Associated Press reports the U.S. Department of Justice said a former NASA employee in Ohio has been charged with illegally shipping infrared military technology to South Korea. (See item 10)

10. January 10, Associated Press – (International) Ohio ex-NASA worker charged over military exports. The U.S. Department of Justice said a former NASA employee in Ohio has been charged with illegally shipping infrared military technology to South Korea. The 66-year-old of Avon Lake was charged January 10 with one count of exporting defense articles on the U.S. munitions list without getting an export license or written authorization from the federal government. Authorities said he exported infrared focal-plane array detectors and infrared camera engines. They said the man is a former employee at the NASA Glenn Research Center, but noted he is not accused of taking technology from the center. The suspect also is charged with making a false individual income tax return. Source:

• According to Associated Press, a Colorado man was arrested for threatening to set fire to the office of a U.S. Senator and to shoot members of his staff. (See items 36, 39)

36. January 11, Associated Press – (Colorado) Man accused of threatening Sen. Bennet staffers. A Colorado man is accused of threatening to set fire around the office of a U.S. Senator from Colorado and shoot members of his staff, prompting authorities to step up patrols around the Senator’s home and office. The man faces a charge of assault on a federal employee. If convicted, he faces up to 10 years in prison and a $250,000 fine. He is due in federal court January 17. An FBI agent said in an arrest affidavit that the man called the Democratic Senator’s office January 6 to complain about his Social Security benefits. At one point, according to the document, the man one of the Senator’s staffers that he is schizophrenic and needs help and that he “may go to terrorism.” A spokesman from the U.S. attorney’s office said there were no indications the incident was related to the January 8 shooting of several people — including a U.S. Representative — in Arizona. The man was well known to staffers in the Senator’s office because he had called several times before to complain about his Social Security benefits, the affidavit said. But during one call January 6, a spokesman quotes the man as telling a staffer: “I’m just going to come down there and shoot you all.” The man called again and spoke to another staffer, this time saying: “To get your attention, I will go down there and set fire to the perimeter.” Source:

39. January 10, Chicago Breaking News Center – (Illinois) Danny Davis receives threat in wake of arizona shooting: email warns ‘Danny Davis is next. An U.S. Congressman from Illinois said his office received an e-mail threat January 9. “It was some person who emailed one of my staff persons and said that ‘[the name of the Representative] is next,’ “ the legislator said. The Democratic Representative said the U.S. Capitol Police and Chicago, Illinois police have been notified. The legislator said he would typically ignore such a threat, but a shooting in Arizona December 8 that critically injured a U.S. Representative, killed six people and injured 14 others, prompted him to be on alert. “You know some things are cranks, some things are pranks. Some things you simply don’t know about, but I think in this climate it pays to be as cautionary as one can be,” he said.The Representatives said the e-mailer is someone from Chicago who “operates around and in the community” and has been known to “do this before.” Source:


Banking and Finance Sector

11. January 11, Torrance Daily Breeze – (California) Alleged `Scanner Bandit’ nabbed. A man alleged to be the so-called Scanner Bandit has been arrested in connection with four bank robberies in southern California, including one in Torrance. The 48-year-old suspect was arrested January 7 following a tip that came after the FBI released his photograph to the media January 6. The suspect is suspected of holding up a Bank of America branch on Sartori Avenue in Torrance December 21, along with a U.S. Bank branch in Norwalk December 15, a U.S. Bank in Whittier December 18 and a Bank of America branch in Orange January 4. The suspect showed an address in Santa Fe Springs, but had been living in residential motels. In crimes attributed to the Scanner Bandit, the robber carried a device that looked like a police scanner. He told tellers he had a bomb, which he partially hid inside a black folder. Source:

12. January 10, Infoworld – (National) Hackers find new way to cheat Wall Street. High-frequency trading networks, which complete stock market transactions in microseconds, are vulnerable to manipulation by hackers who can inject tiny amounts of latency into them. By doing so, they can subtly change the course of trading and pocket profits of millions of dollars in just a few seconds, said a former IBM research fellow and founder of cPacket Networks, a Silicon Valley firm that develops chips and technologies for network monitoring and traffic analysis. The former IBM research fellow, an Israeli-born computer scientist and one-time Intel engineering manager, said the root of the problem is the increasing speed of networks; as they get faster and faster, our ability to actually understand events taking place within them is not keeping up. Network monitoring technology can detect perturbations in network traffic happening in milliseconds, but when changes occur in microseconds, they are not visible, he said. Source:

13. January 10, WFMZ 69 Allentown – (Pennsylvania) Feds bust constable in alleged plot to steal millions. An elected Pennsylvania constable is one of two men accused of trying to rob an armored car storage vault. Federal prosecutors said a lead conspirator and an associate conspired to steal millions of dollars from the Garda armored car storage vault on Corporate Drive in Muhlenberg Township, Berks County. The FBI arrested both men at the facility January 8. Prosecutors said the lead suspect is a former employee of Garda, who is currently a constable in Upper Tulpehocken. Source:

14. January 10, Detroit News – (Michigan) FBI warns of serial bank robber. The FBI is looking for a serial bank robber who has hit at least five banks throughout Macomb and Wayne counties in Michigan since October. The man has robbed each of the banks in the same manner, said a FBI Special Agent.The robber is described as a black male in his early to mid-30s, about 5-foot-10 to 6-feet tall with a medium build. In each robbery, he has worn a baseball cap, including hats bearing logos of the Detroit Red Wings and Philadelphia Phillies. Police said he may be driving a maroon or burgundy sport-utility vehicle. The man is suspected in the following robberies: October 28: Chase Bank, 31045 Harper Ave., St. Clair Shores; November 18: Comerica Bank, 30500 Van Dyke Ave., Warren; November 26: Bank of America, 20599 Mack Ave., Grosse Pointe Woods; December 21: PNC Bank, 31320 Harper Ave., St. Clair Shores; January 5: Comerica Bank, 28801 Groesbeck Highway, Roseville. Source:

Information Technology

43. January 11, The Register – (International) Spam volumes double as Rustock botnet wakes. Spam volumes have returned to normal following a holiday lull that saw a drastic reduction of junk mail. The Rustock botnet is out of hibernation and back in business, spewing copious volumes of useless junk mail courtesy of hundreds of thousands of compromised Windows machines. Rustock (which specializes in spamvertising unlicensed pharmaceutical Web sites) is the biggest single source of global spam. Its return January 10 resulted in the doubling (98 percent increase) of global junk mail volumes over the course of just 24 hours, MessageLabs reported. Source:

44. January 11, AfterDawn – (International) Security researcher uses Amazon cloud to hack WPA-PSK passwords. A security researcher in Germany is warning Amazon’s cloud service can be used to brute force weak passwords used to protect Wi-Fi security. Short and weak passwords would be vulnerable to a brute force attack, especially at the speeds offered by Amazon’s services, which is capable of testing 400,000 potential passwords every second. The researcher claims to have found the key for a network in his neighborhood using his method and Amazon’s service. The brute force attack took about 20 minutes to get the correct key, but he is making changes to his code which he reckons could bring the time down in such a case to about 6 minutes. He will distribute his software publicly and give demonstrations on using it at the Black Hat conference in Washington, D.C. He is releasing it to convince skeptical network administrators that such attacks will often be successful against protected networks. Source:

45. January 10, IDG News Service – (International) IBM DeveloperWorks site hacked and defaced. An IBM site for developers was defaced the weekend of January 8 and 9, with attackers replacing some of the Web pages on the site with ones containing their own messages, IBM confirmed January 10. Word of the vandalism, which took place on the IBM DeveloperWorks site, was first posted January 8 on the Full Disclosure security mailing list. IBM restored the original pages within a few hours, though copies of the compromised pages were quickly reposted elsewhere. No data was lost, nor were any user passwords exposed during the breach, an IBM spokesman said. The site was undergoing routine maintenance at the time of the breach. The defaced pages were draped in black and titled “Defaced by Hmei7.” They contained the scrolling message: “You have been Hacked !!!, not because of your stupidity That’s because we love you, and we want to warn you That your web still has large of vulnerability.” Source:

46. January 10, Softpedia – (International) Aging simulation scam hits Facebook users. Facebook scammers are tricking users into taking surveys by promising them an app that can simulate what their appearance would be 20 years from now. According to Facecrooks, the spam messages associated with this latest scam read “Wow, how creepy, LOL i look scary as an old person! - http[colon]//bit[dot]ly/[censored]” and share a page called “AGE yourself! See what you will look like in 20 years!” Clicking on the link takes users to a page which displays the picture of a girl and how she would allegedly look 20 years into the future. The images seem to have been copied from a real aging simulation service available at that scammers deemed interesting enough to attract users. A message on the rogue page instructs users to click on the image to begin the simulation process. However, doing this will prompt a permissions dialog from an app called “OMG - How could this happen?” that wants access to post on people’s walls in order to spam their friends. Source:

47. January 10, Switched – (National) Obama drafting online identity system, led by Commerce Department. The U.S. President is looking to create an Internet ID system for American Web surfers, and is counting on the Department of Commerce to make it a reality. As CBS News reports, the so-called “trusted identity” project is part of the National Strategy for Trusted Identities in Cyberspace, which the Presidential administration is currently drafting. The White House Cybersecurity Coordinator sayid the initiative is geared toward creating an “identity ecosystem,” but it remains unclear what that ecosystem will look like, and how it will function. “We are talking about is enhancing online security and privacy and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities,” the Commerce Secretary explained. The White House Cybersecurity Coordinator said an online identification system would still allow users to maintain anonymity and protect their privacy when surfing the Web. He stressed there are no plans to put together “a centralized database” of user information. Source:

Communications Sector

48. January 10, – (National) Android mobile phone trouble has a solution. Google Inc. said it would soon overcome the bug that has hit the company’s small number of Android mobile phones because of which text messages are delivered to the wrong people and not the desired one. This glitch emerged last year for the first time. Some of the people facing this problem have reported that sometimes messages are delivered to random people. It has been a year since the problem was reported to the company, and the number of such mishaps increased last summer. Google has been investigating, and said it has finally found the source of the problem. An engineer on the Android security team said some of the cell phones can be fixed remotely, but there are others which require a complete software update and need to be plugged in to computers for this purpose. Source:

Tuesday, January 11, 2011

Complete DHS Daily Report for January 11, 2011

Daily Report

Top Stories

• An incendiary package addressed to the Homeland Security Secretary ignited in a Washington D.C. postal facility. It was similar in design and shape to two packages that previously ignited in Maryland. (See items 24, 23)

24. January 8, Christian Science Monitor – (District of Columbia; Maryland) Janet Napolitano was apparent target of D.C. package, widening investigation. Authorities investigating two incendiary packages in Maryland have more evidence to examine after a third package ignited January 9 in Washington D.C. The mailing in Washington was similar in design and shape to the packages in Maryland, according to the Baltimore Sun. The District of Columbia package was addressed to the Homeland Security Secretary, said a department official who spoke to the Associated Press on condition of anonymity. The other packages were intended for The Maryland governor and the state’s transportation secretary. Although all three parcels aroused alarm because of their fiery characteristics, they did not appear to contain explosive material. The devices in the Maryland packages each contained a small battery and an electric match, CNN said, citing law-enforcement officials. Each of the mailings will now be examined more closely at the FBI lab in Quantico, Virginia. Already, investigators were sorting through phone calls, e-mails, and letters to try to identify suspects, the Sun said. One focus was disgruntled people who have made threats against state government, according to the Associated Press. Still, much remained to be determined. The Metropolitan Police Department in the District of Columbia, the Department of Homeland Security, the Postal Inspection Service, and other federal agencies are also involved in the investigation, the New York Times said. Source:

23. January 9, Associated Press – (District of Columbia) Post union miffed by ‘sloppy’ evacuation. Postal workers who returned to work in Washington D.C. January 8 said a package that ignited at a government mail facility conjured painful memories of the anthrax attacks that killed two of their colleagues in 2001. The fiery package found January 7, which was addressed to the Department of Homeland Security Secretary, followed two packages that ignited January 7 in Maryland state government mailrooms. It halted government mail until bomb-sniffing dogs could sweep the District of Columbia facility. Mail processing resumed January 8 after a meeting with workers, the local postmaster and the workers’ union. The postal workers union president said the package worried many employees. “We want them to feel safe and secure and be able to trust management to respond properly if this were to happen again,” the union official said. When the popping and smoking package was discovered, postal service managers failed to follow proper safety procedures, the union official said. The evacuation process was “very sloppy,” she said, because workers in the back of the building had no idea they were supposed to evacuate. Managers should have made an announcement on the public address system, she said. A mail processing clerk at the D.C. facility said co-workers told her management had trouble deciding whether to evacuate the building and wanted to wait for postal inspectors or police to decide. A worker ended up flagging down a police car, and workers said police evacuated the building. Source:

• Federal prosecutors brought charges January 9 against a gunman accused of carrying out an assassination attempt on a U.S. Representative from Arizona. The suspect killed six people and critically wounded the Representative and 12 others at a political event in Tucson, Arizona. (See items 39, 40, 41)

39. January 9, Associated Press – (Arizona) U.S. prosecutors charge gunman accused of assassination attempt on Arizona Rep. Giffords, killing 6. Federal prosecutors brought charges January 9 against the gunman accused of carrying out an assassination attempt on a U.S. Representative from Arizona, and killing six people at a political event in Tucson, Arizona. The suspect is accused of killing six people, including a federal judge, an aide to the Representative, and a 9-year-old girl outside a Safeway grocery store, located next to a Walgreen’s. Fourteen others were wounded, including the three-term Democrat lawmaker. Authorities said he targeted the Representative at a public gathering around 10 a.m. January 8 outside a busy Tucson supermarket. Investigators said they carried out a search warrant at the 22-year-old suspect’s home and seized an envelope from a safe with messages such as “I planned ahead,” ‘‘My assassination,” and the last name of the U.S. Representative who was shot next to what appears to be the man’s signature. He allegedly purchased the Glock pistol used in the attack in November at Sportsman’s Warehouse in Tucson. Court documents also show the suspect had contact with the Representative in the past. Other evidence included a letter addressed to him from the Representative’s congressional stationery in which she thanked him for attending a “Congress on your Corner” event at a mall in Tucson in 2007. The first assistant federal public defender in Arizona said the suspect does not yet have a lawyer, but that her office is working to get a lawyer appointed for the suspect. Source:

40. January 9, Long Island Newsday – (Arizona; National) Officials warn of Arizona copycat attacks. Members of the U.S. House of Representatives were told in a bipartisan conference call with their leaders January 9 that authorities are monitoring for potential “copycat” attacks on lawmakers after the rampage January 8 in Tuscon, Arizona. Following the deadly shooting that killed six and critically wounded a U.S. Representative and injured several others, the House Speaker and House Minority Leader urged lawmakers to take precautions. “I have also asked that the Sergeant-at-Arms, U.S. Capitol Police, and FBI to conduct an in-depth security overview for members on Wednesday,” the House Speaker told members on the call, along with a “bipartisan security briefing for district directors” of congressional offices. Republican leaders called off all votes January 9 scheduled for the upcoming week, allowing lawmakers to stay in their districts rather than return to Washington, D.C. Homeland Security agencies, including immigration enforcement, customs and border patrol, and the Transportation Security Administration assisted the FBI in Arizona. Source:

41. January 9, Associated Press – (Arizona) Package at Giffords’ office was non-explosive. A loud noise rattled more than 100 people attending a candlelight vigil January 8 outside the headquarters of a U.S. Representative in Tuscon, Arizona, where authorities investigated a suspicious package that turned out to be non-explosive. A police department spokesman said an officer checking the Representative’s office in Tucson had found a “strange” item that resembled a coffee can and had writing on it. A bomb squad worked for a couple hours, using X-ray equipment, to try to figure out what the package was before the loud noise was heard. The noise was caused by authorities’ efforts to destroy the package and render it safe. The spokesman said there was no threat to public safety. Earlier that day, the Representative was holding a forum for constituents outside a grocery store when a gunman shot many people, killing six and wounding several others, including the Democratic Congresswoman. Source:


Banking and Finance Sector

13. January 8, Wilkes-Barre Citizens Voice – (Pennsylvania; New Jersey) Suspect in 7 bank robberies nabbed. A New Jersey man wanted for seven bank robberies and a drugstore hold-up was arrested January 6 in White Haven, Pennsylvania where two of the robberies occurred, the borough officer-in-charge said. The suspect confessed to robbing PNC Bank November 18 and Rite-Aid Pharmacy December 13 in White Haven, the borough official said. Police detained the suspect for questioning after a report of a suspicious vehicle at PNC Bank around 4 p.m. January 6, the officer said. The suspect had planned to rob the bank for a second time before he was detained, the official said. The suspect also confessed to robbing banks in Allentown, Quakertown, Harrison Township, New Jersey; Paulsboro, New Jersey.; and Millville, New Jersey, the borough official said, adding he robbed the Millville bank twice. All the robberies took place since June. Borough police, who had been working with the FBI, turned him over to federal officials for prosecution in all eight holdups, the borough official said. Investigators had identified the suspect as a suspect based on evidence and surveillance footage from the robberies, and an arrest was near before he showed up in White Haven January 6, he said. Source:

14. January 8, Deseret News – (Utah) SEC says Draper men bilked investors of $60 million in alleged securities fraud. A Draper, Utah man and three associates allegedly bilked investors of $60 million in a securities fraud scam as a means to fund his extravagant lifestyle, federal authorities said. The Securities and Exchange Commission (SEC) filed a complaint January 6 against four suspects, claiming they misrepresented unregistered promissory notes as high yield, risk-free notes for an exclusive investment fund started by the owner of the Houston Astros baseball team. According to the complaint, the lead conspirator organized the scheme in March 2007 and enlisted his three co-conspirators, to help him raise millions of dollars for the fund. Some 90 investors were guaranteed returns of at least 20 percent, the complaint said. The suspect, who owned E & R Holdings, Wise Financial Holdings and Momentum Leasing, told investors their money would be deposited in a secure account over which he had sole control and that the funds would never leave the account, the complaint said. The money was to be used only for “verification of deposit” purposes for private traders obtaining large lines of credit. None of the four men were registered with the SEC or licensed to sell securities, the complaint said. Source:

15. January 7, KGMB 23 Honululu – (Hawaii) Hawaii banker accused of stealing millions. The FBI is investigating a Hawaii banker accused of stealing a million dollars through a loan scheme. Hawaii News Now has learned the unnamed employee is part of the Bank of America’s home loan division. Authorities believe he pocketed money that customers thought they were putting into an escrow account. Anyone who thinks they were victimized is urged to contact the FBI. Source:

16. January 7, Muskegon Chronicle – (Michigan) Alleged Ponzi mastermind Dante DeMiro arrested. The man accused of bilking Mona Shores Schools in Michigan out of $3.7 million in an alleged Ponzi scheme was arrested in Port Huron January 6 by the U.S. Marshal Service and is in a county jail. A bench warrant for the suspect had been issued for failure to appear on a civil case out of Southfield. He did not appear for a hearing on a default judgment issued against him for failing to pay for goods and services. A $300 cash bond was posted on the suspect’s behalf, but he remained in jail, meaning he is likely being held on more than one complaint, according to an official with 46th District Court in Southfield. The suspect appeared in U.S. District Court in Port Huron January 6 for a hearing on a request by his attorney to withdraw from the Ponzi case in which Mona Shores is one of several alleged victims. The suspect is facing five felony counts for bank and wire fraud in that case. After the judge granted the high-profile attorney’s request to withdraw due to a conflict of interest, he was taken into custody by the U.S. Marshal Service. Lapeer County, Comstock Township, a credit union in Iowa, and a bank in Virginia are other alleged victims in the Ponzi scheme. Source:

Information Technology

48. January 10, The Register – (International) Facebook worm spread via photo album chat lure. A new worm that spreads using a photo album chat message lure began proliferating across Facebook January 8 and 9. The photo lure is used to trick potential users into downloading a malicious file, which appears in the guise of a photo viewing application. Victims are prompted to click a “View Photo” button. Users who fell for the scam became infected by malware, dubbed Palevo-BB by net security firm Sophos. The malware attempts to generate a message to the victim’s Facebook contacts, continuing the infection cycle. Facebook responded by purging the malicious application. Source:

49. January 10, Softpedia – (International) Serious DOM vulnerabilities found in many well-funded websites. A study performed by security researchers from IBM revealed that around one in seven Web sites belonging to the world’s wealthiest companies is plagued by DOM-based cross-site scripting vulnerabilities or open redirects. The research was performed on a set of 675 Web sites, those of all Fortune 500 companies, plus an additional 175 handpicked ones, belonging to security vendors, reputable IT firms, or social networks. Researchers used a crawler to retrieve 200 random pages from each Web site with complete HTML, JavaScript, and CSS code, and then scanned them in a controlled environment with an internally developed tool called JavaScript Security Analyzer (JSA). Pages downloaded from a number of 92 Web sites were found vulnerable to DOM-based XSS, while open redirects — vulnerabilities that can redirect the visitor’s browser — were found in 11 sites. Source:

50. January 10, The H Security – (International) Mono developers close security hole. A flaw in the Web server components of the free Mono .NET clone potentially allows ASP.NET applications to supply source code or other files from the Web server’s application directory. Mono 2.8.2 fixes this as yet unexplained bug. Affected components on the project’s vulnerability list include the XSP Web server and the mod_mono Apache module. Both of these execute ASP.NET code. Another security patch fixes a flaw that allows Silverlight applications to execute arbitrary code when running in a security manager. Versions 2 and 3 (beta) of the Moonlight Silverlight implementation are affected. Further information about the update can be found in the release notes. Mono 2.8.2 is available for Linux, Windows, Mac OS X, and other operating systems from the project’s download page. Source:

51. January 7, Softpedia – (International) Malware possibly distributed through According to notifications from Google’s Safe Browsing service,, home to a leading open source ad server package, might be used as an intermediary for malware. The problem was observed by researchers from Web security company Sucuri, which provides a Web site integrity monitoring solution. “We are tracking a few sites that are currently blacklisted and showing a warning from Google that (home of a popular open source ad server) is the site responsible for the infection,” a Sucuri researcher warned. The Google Safe Browsing diagnostic page for claims that “over the past 90 days, appeared to function as an intermediary for the infection of 82 site(s).” This does not mean that is hosting the malware itself, only that it is serving as a doorway. This could point to malicious ads being served via the OpenX network. Source:

Communications Sector

52. January 7, Minneapolis Star-Tribune – (Minnesota; National) State sues Pennsylvania firm over inflated phone bills. A Pennsylvania company is accused of sneaking unauthorized charges of about $15 a month onto the phone bills of hundreds of Minnesotans — a practice called cramming. The Minnesota attorney general and a U.S. Senator from Minnesota announced January 7 a lawsuit against Cheap2Dial Telephone, LLC, at the same time calling for a national crackdown on crammers who they say prey on unsuspecting telephone customers. They also are working to hold phone companies accountable, because they make money by letting crammers put bogus charges on bills. Complaints about cramming nationwide jumped from 1,761 in 2005 to 6,714 in 2009, according to the Federal Communications Commission. The Senator said the U.S. Senate Commerce Committee and the Federal Trade Commission are investigating companies involved in cramming. The attorney general said her office has about six open investigations on crammers, phone companies, and third-party companies that place questionable charges on phone bills. The suit against Cheap2Dial alleged the company placed charges of about $17 on the phone bills of 2,567 Minnesotans for long-distance calling minutes. Only nine of those customers actually used the service. Source: