Tuesday, February 8, 2011

Complete DHS Daily Report for February 8, 2011

Daily Report

Top Stories

• Associated Press reports that computer hackers broke into a Nasdaq service that handles confidential communications for about 300 corporations. See item 8 below in the Banking and Finance Sector

• According to the New York Post, an American Airlines jetliner came within 200 feet vertically and 2,000 feet horizontally of two giant military cargo planes in a near-collision over the Atlantic Ocean. (See item 16)

16. February 4, New York Post – (New York) NY jetliner in near-miss with military cargo planes over Atlantic. An American Airlines jetliner barely missed two giant military cargo planes in a harrowing near-collision over the Atlantic Ocean January 20, investigators said February 4. Authorities suspect errors by Long Island-based air controllers and the jetliner’s pilot in the incident, an air control source told the New York Post. American Flight 951 took off around 9:30 p.m. from John F. Kennedy International Airport in Queens, New York. An hour later, about 80 miles southeast of New York, the American Boeing 777 came within 200 feet vertically and 2,000 feet horizontally of two military C17 cargo planes heading toward McGuire Air Force Base in New Jersey, the air controller source said. The planes were close enough to trigger a traffic collision avoidance system, or TCAS, alert on the American Airlines jet, the National Transportation Safety Board (NTSB) said. The incident also triggered automatic alerts to the Federal Aviation Administration’s New York Center, which oversees that area of the Atlantic. With the TCAS alert and the controllers’ guidance, the planes avoided a collision, NTSB said. NTSB noted it has interviewed the controllers involved, and is still gathering information from the Air Force and the airline.

Source: http://www.nypost.com/p/news/local/jet_barely_misses_military_cargo_lZdQmDxDFEpF0kVcKkNsMI


Banking and Finance Sector

8. February 5, Associated Press – (New York) Nasdaq hackers reportedly penetrated computer network multiple times. Hackers broke into a Nasdaq service that handles confidential communications for about 300 corporations, the company said February 5 –- the latest vulnerability exposed in the computer systems Wall Street depends on. The intrusions did not affect Nasdaq’s stock trading systems, and no customer data was compromised, Nasdaq OMX Group Inc. said. Nasdaq is the largest electronic securities trading market in the United States, with more than 2,800 listed companies. A federal official told Associated Press the hackers broke into the service repeatedly over a period of more than 1 year. Investigators are trying to identify the hackers, the official said. The FBI and Secret Service are investigating. The targeted service, Directors Desk, helps companies share documents with directors between scheduled board meetings. It also allows online discussions and Web conferencing within a board. Since board directors have access to information at the highest level of a company, penetrating the service could be of great value for insider trading. A Nasdaq OMX spokesman said the Justice Department had requested the company keep silent about the intrusion until at least February 14. However, the Wall Street Journal reported the investigation on its Web site February 4, prompting Nasdaq to issue a statement and notify its customers. Source: http://www.huffingtonpost.com/2011/02/05/nasdaq-hackers-reportedly_n_819068.html

9. February 5, Sumter Item – (South Carolina) Pipe bomb ignites at bank ATM. Police in Manning, Illinois, are looking for a man who ignited an explosive device February 3 at a local ATM. A detective said at about 2:30 a.m., an unidentified man attached a pipe bomb to Bank of Clarendon’s drive-thru automatic teller machine at 106 S. Brooks St. in Manning. The device exploded and damaged the ATM but was unsuccessful in cracking the machine’s lock box. A detective said the man looked to be trying to break into the automatic teller machine’s money safe. Surveillance video show the masked man picking up pieces of the exploded device. The man left the scene on foot. The detective said the ATM looked functional, but he did not know how much damage was done. The detective said the department is looking for connections that may lead to the man’s identity and have contacted the FBI. He said the bomber is thought to be a white male, about 6 feet tall and weighs between 180 and 190 pounds. Source: http://www.theitem.com/news/article_edf6fc73-60d8-5bf2-916e-c18aa6a73ae5.html

10. February 4, The H Security – (International) Investigation into black market prices for stolen online banking data. Panda Security reports it infiltrated a criminal network for trading stolen financial data and hawking services. Panda explored 50 online forums and shops and surveyed a variety of prices for stolen data. Costs for credit card details, for example, range from $2 to $90, depending on the card’s credit limit. Criminals can also get physical credit cards made up for about $30 for a single color card or a less suspicious full color card for $90, plus the cost of the credit card details. Users can use a transaction service for between $30 and $300 to purchase a television from a stooge using stolen data; having it sent to one’s own address costs $100. The shops also offer accessories for card skimmers –- card cloners for attaching to Diebold and NCR ATMs cost around 3,000 pounds. A complete fake ATM machine is $35,000. The online crooks can be contacted via IM or social media. Source: http://www.h-online.com/security/news/item/Investigation-into-black-market-prices-for-stolen-online-banking-data-1183686.html

11. February 4, Belleville News Democrat – (Illinois; National) Madison County deputies probe ID thefts: ‘The crooks are taking information in cyberspace’. Police are investigating a series of identity thefts in Madison County, Illinois. According to the Madison County Sheriff’s Department, a computer virus might have compromised card and PIN information for “numerous” people in the Alton and Godfrey areas, with multiple reports filed since November. “It’s not a bank problem, it’s a software problem,” a police spokesman said. “The crooks are taking information in cyberspace and downloading credit cards and PINs.” False charges have been made in New York, New Jersey, Virginia, Texas, California, and other places with the stolen numbers, the police spokesman said. “The common denominator among the victims is their geographic location in northern Madison County,” he said. “We think there’s a pattern to it, but it’s still under investigation.” They also believe fake credit cards have been made with the stolen information and have been used for fraudulent charges. Images were captured at a restaurant in Bridgeton, Missouri, and a Kmart in Springfield, Missouri, of two men who might be using the cards, the police spokesman said. These cards are often made using preloaded cards reprogrammed with stolen information, the police spokesman said. Source: http://www.bnd.com/2011/02/04/1578201/madison-county-deputies-investigate.html

12. February 4, Softpedia – (International) US hosts the highest percentage of ZeuS command and control servers. According to statistics gathered by Trusteer, the highest number of ZeuS command and control servers are hosted in the United States. The United States is usually at the top of malware charts, either as top hoster, the country with largest number of infected computers, or the primary source for spam. Given the major crackdown on ZeuS-related fraud in the United States in 2010 and the amount of damage suffered by companies in the country as a result of this banking trojan, expectations were to see a decrease in the number of ZeuS C&Cs hosted there. However, Trusteer reports that almost 40 percent of the global ZeuS infrastructure is still based in the United States. Source: http://news.softpedia.com/news/US-Hosts-the-Highest-Percentage-of-ZeuS-Command-and-Control-Servers-182723.shtml

Information Technology

37. February 7, Softpedia – (International) Anonymous hacks into security firm’s network and steals confidential data. Members of the Anonymous collective have broken into the network of HBGary Federal and exposed its internal communications after it claimed to know the identity of the group’s founders. The week of January 30, the CEO of the information security firm told the Financial Times the company’s researchers infiltrated Anonymous and managed to learn who the group’s leaders are. Over the weekend of February 5 and 6, Anonymous supporters hacked into HBGary’s network to learn what information the company has gathered about the group. In the process they managed to extract more than 60,000 business e-mails, they hacked the CEO’s Twitter account and posted personal information about him, and they defaced the company’s Web site. The hackers said they found evidence the CEO was planning to sell the details about the so called Anonymous “leaders” to the FBI at a meeting February 7. However, they claim the data is false, except for the publicly available nicknames lifted from the group’s IRC network. To prove that it has no value, the hackers published the 23-page document online, as well as the company’s e-mail database which contains sensitive information about customers. Source: http://news.softpedia.com/news/Anonymous-Members-Hack-into-Security-Firm-and-Steal-Confidential-Data-182861.shtml

38. February 7, Softpedia – (International) MHTML 0-day vulnerability won’t be patched tomorrow. Microsoft is expected to provide fixes for two zero-day vulnerabilities February 8, but they will not cover a vulnerability in the MHTML (MIME Encapsulation of Aggregate HTML) protocol handler for which proof-of-concept exploit code has been published. The flaw received the CVE-2011-0096 identifier and was confirmed by Microsoft at the end of January. It was originally disclosed in a Chinese-language hacking Webzine. It can be exploited to access potentially sensitive information both server-side and locally, as well as in combination with other programs. Source: http://news.softpedia.com/news/MHTML-0-Day-Vulnerability-Won-t-be-Patched-on-Tuesday-182792.shtml

39. February 4, Softpedia – (International) Number of malicious PDFs on the rise. Security vendor GFI Software warned that the number of malicious PDF files detected in the wild significantly increased in January with two detections making it into the top 10. According to data gathered by the company’s ThreatNet system, two PDF exploits detected as Exploit.AbobeReader.Gen and Exploit.PDF-JS.Gen, finished in February in eighth and ninth place as far as malware detections go. No Java exploit made its presence in the GFI’s list. Seven of the top 10 threats detected by GFI in January were trojans, including all malware that finished in the first five positions. These seven threats accounted for four of all detection registered by the security company’s products. The other threat in the top 10 is a variant of the Conficker worm, which still remains strong even if abandoned by its creators a year ago. GFI researchers are also concerned about a spike in the number of scareware applications detected in January. Source: http://news.softpedia.com/news/Number-of-Malicious-PDFs-on-the-Rise-182722.shtml

40. February 4, Softpedia – (International) Adobe prepares critical Reader and Acrobat security updates for next Tuesday. Adobe is preparing to release the first security updates for the new Adobe and Acrobat X product line February 8, which will address critical vulnerabilities. The announcement was made by the Adobe Product Security Incident Response Team and a prenotification security advisory was published. “Adobe is planning to release updates for Adobe Reader X (10.0) for Windows and Macintosh, Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX, Adobe Acrobat X (10.0) for Windows and Macintosh, and Adobe Acrobat 9.4.1 and earlier versions for Windows and Macintosh to resolve critical security issues,” the advisory noted. Since updates for the X (10.0) and 9.4.1 versions will be bundled together in the upcoming security bulletin, it is unknown whether the critical rating is for vulnerabilities in just one of these branches or both. Source: http://news.softpedia.com/news/Adobe-Prepares-Critical-Reader-and-Acrobat-Security-Updates-for-Next-Tuesday-182719.shtml

For another story, see item 12 above in the Banking and Finance Sector

Communications Sector

41. February 6, New York Times – (National) F.C.C. to propose expanding broadband service to underserved areas. The Federal Communications Commission (FCC) February 8 will propose the first steps toward converting the $8 billion fund that subsidizes rural telephone service into one for helping pay to provide broadband Internet service to underserved areas, according to commission officials. The chairman of the FCC was expected to call for a consolidation of existing methods of supporting rural phone service into a new pool of funds. The chairman was expected to outline the proposal in a February 7speech. Most of the money under discussion involves a longstanding subsidy known as the Universal Service Fund, which is paid for through fees tacked onto most consumers’ phone bills and distributed among telephone companies to subsidize the high costs of providing service to rural areas. The chairman will propose phasing out the payments between phone companies, which he said create “inefficiencies and perverse incentives” that result in waste in the fund. The FCC will also propose consolidating existing methods of paying for rural phone service into a new pool to be called the Connect America Fund, to be used for helping pay for making broadband available to underserved areas. Source: http://www.nytimes.com/2011/02/07/business/07fcc.html?_r=1&partner=rss&emc=rss

42. February 4, Associated Press – (Arizona) Ariz. man accused of putting porn in TV broadcast. An Arizona man has been arrested on charges that he used a computer to interrupt a local telecast of the 2009 Super Bowl with a 37-second pornography clip. The FBI and Marana police took the suspect into custody February 4 on suspicion of fraud and computer tampering. Authorities said someone cut into the Comcast cable broadcast of the game between the Arizona Cardinals and Pittsburgh Steelers that went to viewers in the Tucson area. Comcast ended up offering a $10 credit to all of its 80,000 subscribers, whether they saw the brief X-rated clip or not, and the investigation was turned over to the FBI. Authorities did not say what led them to the suspect. Source: http://news.yahoo.com/s/ap/20110205/ap_on_sp_ot/us_computer_tampering_arrest;_ylt=AgRLXzQrRJSTgld8mLdJaAYsQE4F;_ylu=X3oDMTMzN2tyY3VmBGFzc2V0A2FwLzIwMTEwMjA1L3VzX2NvbXB1dGVyX3RhbXBlcmluZ19hcnJlc3QEcG9zAzEyBHNlYwN5bl9wYWdpbmF0ZV9zdW1tYXJ5X2xpc3Q2xrA2FyaXp