Monday, November 28, 2011

Complete DHS Daily Report for November 28, 2011

Daily Report

Top Stories

• U.S. and Philippine authorities arrested four members of a terrorist-funded hacker collective suspected to have hacked, and caused millions in damages to wireless provider AT&T. – Softpedia See item 35 below in the Communications Sector

• Shoppers looking for deals November 24 and 25 ran into numerous problems, with 20 injured by pepper spray at a Wal-Mart in Porter Ranch, California, and several others shot in parking lots. – Los Angeles Times (See item 39)

39. November 25, Los Angeles Times – (California; South Carolina) Shootings, pepper-spray attack mar Wal-Mart Black Friday sales. As shoppers converged on retailers around the country looking for Black Friday deals November 24 and 25, authorities reported scattered problems. In Porter Ranch, California, a woman pepper sprayed customers at a Wal-Mart in what authorities said was a deliberate attempt to get more “door buster” merchandise. In San Leandro, California, a Wal-Mart shopper walking to his car was shot and wounded in a suspected robbery early November 25. Another shooting was reported at a parking lot next to a Wal-Mart in South Carolina, also a suspected robbery attempt. Officials told WMBF 32 Myrtle Beach, they believe the robbery was tied to Black Friday. At Porter Ranch, 20 customers, including children, were hurt in the 10:10 p.m. incident, officials said. Shoppers complained of minor skin and eye irritation, and sore throats. The woman used the spray in more than one area of the Wal-Mart “to gain preferred access to a variety of locations in the store,” said a Los Angeles fire captain. Police were searching for the woman but said they have had trouble getting a clear description of her. Black Friday sales began at the Wal-Mart at 10 p.m. Source: http://latimesblogs.latimes.com/lanow/2011/11/wal-mart-black-friday-marred-by-shootings-pepper-spray-attack-.html

Details

Banking and Finance Sector

9. November 25, Help Net Security – (International) ‘PayPal email address change’ phishing scheme doing rounds. PayPal users have been targeted again as e-mails supposedly sent by the online payment company urge them to fill out a form with their personal and financial information to prevent the suspension of their accounts, Help Net Security reported November 25. With “You have changed your PayPal email address” in the subject line, the sender attempts to convince the recipient that someone has accessed their account and changed the e-mail address. To “keep the original email and restore their PayPal account,” the users must fill out an attached Personal Profile Form - PayPal-.htm form. For everything to go smoothly, the sender also “helpfully” notes “the form needs to be opened in a modern browser which has javascript enabled (ex: Internet Explorer 7, Firefox 3, Safari 3, Opera 9).” But for those who fall for this scam, the submitted information gets sent directly to the phishers, Sophos points out. Source: http://www.net-security.org/secworld.php?id=12003

10. November 23, Darien Times – (Connecticut; Massachusetts; Rhode Island) Three indicted for pinhole camera ATM scam. Police in Darien, Connecticut, arrested two more people in connection to an ATM skimming scam at the Bank of America in June, the Darien Times reported November 23. A New York resident was previously arrested in June. Assisted by the Connecticut Financial Crimes Task Force and the Secret Service, Darien Police connected the crime in Darien to two New York residents. On November 15, a federal grand jury handed down an indictment, charging the three New York residents with conspiracy, bank fraud, and identity theft offenses related to their alleged participation in the scheme across southern New England. The indictment claims, between February 2011 and July 2011, the three conspirators and others conspired to install skimming devices on ATMs at 11 banks and one credit union in Connecticut, Massachusetts, and Rhode Island. The co-conspirators used the stolen information captured by the skimming devices and pinhole cameras to create counterfeit bank cards that allowed them to withdraw funds from the customers’ accounts. One of the conspirators is familiar to law enforcement and perpetrated similar crimes in Massachusetts, Connecticut, and Rhode Island, police said. Police believe he is responsible for 26 similar incidents in the same states. He has been detained in state custody since his arrest in Darien June 20. The other two men were arrested November 2 and November 4. Both are detained in federal custody. The charges of conspiracy to commit bank fraud and bank fraud carry a maximum prison sentence of 30 years and up to $1 million in fines, on each count. The charge of aggravated identity theft carries a mandatory prison sentence of 2 years, which must be imposed consecutively to a sentence imposed on any other count of conviction. Source: http://www.darientimes.com/news/darien-features/local-news/5001890.html

11. November 22, CNNMoney – (National) FDIC’s list of problem banks shrinks. The number of banks at risk of failing fell in the third quarter of 2011, marking the second straight quarterly decline, according to a government report issued November 22. Banks deemed troubled by the Federal Deposit Insurance Corporation (FDIC) dropped by 21 to 844, the agency said in its quarterly survey. The so-called problem bank list is comprised of institutions considered most likely to fail, though few actually reach that point. Only 26 of the nation’s 7,436 banks failed in the quarter, 15 fewer than in 2010. And so far in 2011, only 90 banks have failed, compared with 149 at this time in 2010. The FDIC’s report also showed the banking sector generated the highest profit levels since the second quarter of 2007 — before the financial crisis. The report said 14.3 percent of institutions reported a net loss during the third quarter, the smallest proportion since the first quarter of 2008. Banks earned nearly $35.3 billion in the third quarter, according to the FDIC, up from $23.8 billion from the same quarter in 2010. Source: http://money.cnn.com/2011/11/22/markets/fdic_bank_list/

Information Technology

32. November 25, Softpedia – (International) Android monitoring software hides SMS trojan. Kaspersky Lab experts came across a legitimate application used for monitoring and managing SMSs, calls and Internet traffic on an Android smartphone that can masquerade a malicious Trojan once it lands on a device. The Trojan sends messages to premium rate numbers. The application targets users from countries such as Belgium, France, Switzerland, Luxemburg, Germany, Spain, and Canada, which means the cybercriminals moved their operations from China and Russia to Europe and North America. Upon closer inspection, the app hosted on the Web as SuiConFo, was hiding a SMS trojan identified as Trojan-SMS.AndroidOS.Foncy, which sends four short messages to premium rate numbers. To make the software as legitimate looking as possible, its creators made sure an icon appears in the phone’s menu, but once it is launched, an error pops up, claiming the Android version is not compatible. Right after the error, the trojan will use two public methods to determine the ISO country code of the SIM card. Based on this code, it will send the four MSs to one of eight locations. The malware will not only send short messages, but it will also hide incoming SMSs from certain numbers. This is done to ensure reply messages received from premium numbers are not seen by the victim. The virus is programmed to send alerts to a French cell phone number, based on the replies sent by the premium numbers so the developers are aware of the number of victims. Because such trojans can generate a considerable income, it is likely these operations will be extended to affect citizens of other countries. Source: http://news.softpedia.com/news/Android-Monitoring-Software-Hides-SMS-Trojan-236641.shtml

33. November 25, H Security – (International) Paragon programming language identifies security vulnerabilities. A researcher from Sweden’s University of Gothenburg developed a programming language that can be used to identify security vulnerabilities in the information flow of applications as they are being developed. Paragon was created as part of his dissertation entitled “Practical, Flexible Programming with Information Flow Control.” It is an extension to the Java programming language and, according to the researcher, can easily be integrated into existing Java applications. Source: http://www.h-online.com/security/news/item/Paragon-programming-language-identifies-security-vulnerabilities-1385148.html

34. November 24, The Register – (International) Thanksgiving menaced by virus-laden fake iTunes vouchers. E-mails containing supposed iTunes gift certificates doing the rounds in the run-up to Thanksgiving were actually loaded with malware, The Register reported November 24. Spoofed e-mails purportedly offering $50 vouchers for the iTunes Store, which arrive with e-mail subject lines such as “iTunes Gift Certificate,” come with an attachment supposedly containing a certificate code. In reality, these zip file attachments are infected with the Windows PC-compatible malware, detected by Sophos as BredoZp-B and first spotted by German info security group eleven-security. Source: http://www.theregister.co.uk/2011/11/24/fake_itunes_gift_cert_malware/

For more stories, see items 9 above in the Banking and Finance Sector 35 and 36 below in the Communications Sector

Communications Sector

35. November 25, Softpedia – (International) Terrorist-funded Filipino hackers arrested. U.S. and Philippine authorities managed to arrest four members of a hacker collective suspected to have been funded by terrorists and to have attempted a hack on AT&T, Softpedia reported November 25. The investigation that led to the arrest of the Filipinos started in March when the FBI requested the aid of Criminal Investigation and Detection Group’s Anti-Transnational and Cyber Crime Division (CIDG-ATCCD) concerning a hacking operation that targeted the wireless services provider AT&T. The suspects, aged between 21 and 31, and allegedly financed by a Saudi Arabian terrorist group, caused $2 million in damages, the Manila SunStar reported. The hackers were taken into custody after the FBI and the ATCCD raided several locations in the Metro Manila area, from where numerous computer and telecommunications equipments, believed to be used in the attacks, were seized. One of the hackers was arrested before in 2007 as a result of an operation by the FBI and Philippines authorities against terrorist organizations. The ATCCD chief claimed that back in 1999 when the FBI was investigating a series of hacking operations that targeted telecoms companies, they uncovered a trail of banking records that linked local hackers to terrorists. It turns out the criminal organizations from Pakistan and India are also somehow connected, since in 2007, a Pakistani man suspected of funding operations in India, also supplied the necessary funds for the Filipinos. Source: http://news.softpedia.com/news/Terrorist-Funded-Filipino-Hackers-Arrested-236560.shtml

36. November 24, CableMuse.com – (International) MSN Thanksgiving outage. Hundreds, potentially thousands of Microsoft MSN Premium customers experienced a major network outage the morning of November 24. Instead of the ability to log into MSN Premium, users received an error code (23) that stated difficulty with the sign in server. A MSN technical source reported at least 300 calls regarding the outage between 8:45 and 9:25 a.m. He stated that potentially thousands of customers were impacted, and that MSN was trying to locate the server(s) and correct the issues. The MSN technical representative also stated it was likely caused by too many people signing in at the same time. Service was restored to most if not all MSN Premium customers at about 11 a.m. November 24, more than 3 hours after the outage. Source: http://www.cablemuse.com/cmn188er23.html

37. November 24, Aviation Week – (International) Software fix could save Globalstar sat. Mobile satellite services provider Globalstar Inc. and European satellite manufacturer Thales Alenia Space announced an agreement that could return one of the Louisiana-based company’s second-generation telecom satellites to service, Aviation Week reported November 24. Over the coming months, Thales Alenia Space will develop and upload software to the satellite, which currently suffers from a mechanical glitch affecting two momentum wheels designed to keep the spacecraft in a stable position in orbit. Although the software fix is not expected to repair the wheels, it should adapt the satellite’s current in-flight configuration to allow it to return to service. The defective momentum wheels, built by North Carolina-based Goodrich Corp., affected two of the six satellites Globalstar launched in October 2010. If the new software fix works, a Thales spokesman said it could be uploaded to other satellites suffering momentum wheel defects in the future, if necessary. Globalstar is now looking at a different issue affecting momentum wheels on a second tranche of six second-generation satellites launched in July, and may delay the launch of a third batch of satellites currently planned for December. Source: http://www.aviationweek.com/aw/generic/story.jsp?id=news/asd/2011/11/23/12.xml&headline=Software

38. November 23, Mobile TV Examiner – (Alabama) Local Comcast customers lose APT IQ programming again. By the week of November 21, cable television customers of Comcast Cablevision of Mobile, Alabama, lost access to APT IQ programming from Alabama Public Television (APT) through their digital transport adapters or digital TV receivers (set-top boxes) provided by Comcast. The last time local customers of Comcast could not access APT IQ programming through cable TV was late August. Like the previous time, instead of APT IQ programming, TV sets connected to digital transport adapters displayed the words “We’ve detected an interruption in your service” and TV sets connected to digital TV receivers displayed the words “One moment please. This channel should be available shortly” with the reference code “S0a00.” While APT IQ programming was inaccessible through Comcast, WEIQ-TV continued to broadcast programming over the air on digital sub-channel 42-2, along with APT Create programming on digital sub-channel 42-3, and Alabama Public Television’s main programming on channel 42-1. Source: http://www.examiner.com/tv-in-mobile/local-comcast-customers-lose-apt-iq-programming-again

For another story see item 32 in the Information Technology Sector