Thursday, December 29, 2011

Complete DHS Daily Report for December 29, 2011

Daily Report

Top Stories

Reno, Nevada police arrested and charged a man December 26, connected to a string of violent crimes including a fire that happened at the Verdi Post Office, a shooting at the Sparks Police Department, and shootings and threats made at strip clubs. – KRNV 4 Reno (See item 27)

27. December 27, KRNV 4 Reno – (Nevada) Police: Police station shooting, post office arson & other crimes linked. Reno, Nevada police are connecting a string of violent crimes to one man, including a fire that happened at the Verdi Post Office, a shooting at the Sparks Police Department, and shootings and threats made at strip clubs. Reno police officers told News 4 December 26 that they arrested the man and charged him with arson, assault with a deadly weapon, shooting at an occupied building, and burglary. Police said he was the man behind a December 25 crime spree which started with a drive-by shooting at the Sparks Police Department. Those crimes allegedly continued with threats, shots fired, and fires set. The Bureau of Alcohol, Tobacco, Firearms, and Explosives was called in to investigate and shortly after, there was another report of shots fired with a similar description of the suspect. Police said they were able to track down the suspect after that shooting. They said he was armed but cooperative when arrested. So far, police have not said what the motive might be and more charges could be filed. He is being held in the Washoe County Jail on $50,000 cash-only bail. Source: http://www.mynews4.com/mostpopular/story/sparks-police-verdi-post-office-shooting-arson/yKQ4ZLBP1EuhLp8wdNJncg.cspx

 The WiFi Protected Setup (WPS) PIN is susceptible to a brute force attack, the United States Computer Emergency Readiness Team (US-CERT) reported December 27. – United States Computer Emergency Readiness Team. See item 29 below in the Information Technology Sector

Details

Banking and Finance Sector

9. December 27, WCBS 880 FM New York – (New York; International) Feds recover nearly $300,000 in bogus $100 bills at JFK. U.S. Customs and Border Protection officers at John F. Kennedy International Airport said they found nearly $300,000 in counterfeit cash while inspecting a bag the week of December 19. The fake money was found in the bottom of the suitcases of woman arriving from Medellin, Colombia. The bags contained 46 packets of money. She suspect is a Colombian citizen. She has been turned over to agents of the Secret Service. Source: http://newyork.cbslocal.com/2011/12/27/feds-recover-nearly-300000-in-bogus-100-bills-at-jfk/

10. December 24, Associated Press – (New York; Texas; Florida) NY attorney general, BNY Mellon settle probe into manipulative trading by subsidiary for $1.3M. The Bank of New York (BNY) Mellon Corp. will pay $1.3 million to three states to settle an investigation into manipulative trading of auction rate securities (ARS) facilitated by employees at one of the company’s subsidiaries, the New York attorney general’s office announced December 22. Under the agreement, BNY Mellon agreed to cease any further violations of New York’s Martin Act, which prohibits deception in offering securities. The deal ended a joint investigation with the Texas State Securities Board and the Florida Office of Financial Regulation. The $1.3 million is for penalties, fees, and costs to the three states. According to the agreement, in early 2008, Mellon Financial Markets (MFM) acting as an intermediary broker on behalf of Citizens Property Insurance Corp. enabled the Florida insurer to buy its own auction rate securities by placing bids as though they were from an independent third-party buyer. The bids at below-market rates resulted in the auctions clearing at rates significantly lower than would have resulted otherwise. “During the relevant period, Citizens’ bids through MFM reduced the clearing rate by over 520 basis points on average. Ultimately, this resulted in investors that held Citizens ARS earning approximately $6.7 million less in interest than they would have if Citizens had not bid in its own auctions,” according to the settlement agreement. The trading continued until the company’s compliance staff discovered and stopped it, the agreement noted. MFM earned about $300,000 in fees from that conduct. Source: http://www.washingtonpost.com/business/ny-attorney-general-bny-mellon-settle-probe-into-manipulative-trading-by-subsidiary-for-13m/2011/12/22/gIQALvUfBP_story.html

Information Technology

28. December 28, Softpedia – (International) 40 million Tianya members exposed after data breach. Tianya.cn, one of the largest Chinese social networking Web sites, suffered a data breach as a result of which 40 million users became exposed, Softpedia reported December 28. Usernames and passwords, all in clear text, were stolen by the hackers, Global Times reported. “The released information belongs to users who registered on our Web site before November 2009, when we saved information in clear text format. After that we started using encryption,” a tianya.cn customer service staff member said. The unencrypted data ended up online because the Web site’s administrators failed to delete, or at least secure, the old data stored on their servers before the systems were upgraded. Source: http://news.softpedia.com/news/40-Million-Tianya-Members-Exposed-After-Data-Breach-243215.shtml

29. December 27, United States Computer Emergency Readiness Team – (International) WiFi protected setup PIN brute force vulnerability. The WiFi Protected Setup (WPS) PIN is susceptible to a brute force attack, the United States Computer Emergency Readiness Team (US-CERT) reported December 27 after being notified by a member of the public who uncovered the vulnerability. A design flaw that exists in the WPS specification for the PIN authentication significantly reduces the time required to brute force the entire PIN because it allows an attacker to know when the first half of the 8 digit PIN is correct. The lack of a proper lock out policy after a certain number of failed attempts to guess the PIN on some wireless routers makes this brute force attack that much more feasible. The vulnerability affects all major brands of routers. Source: http://www.kb.cert.org/vuls/id/723755

Communications Sector

30. December 27, Fort Myers News-Press – (Florida) Contractor who died on radio tower in Bonita Springs ID’d. The worker who died December 26 approximately 600 feet above ground on a communications tower in Bonita Springs, Florida, has been identified. Deputies responded to the tower just before 5 p.m. December 26 in reference to man who appeared to be stuck in the tower. Collier County sent an aviation unit to assist and determined the man deceased. The man’s body has been transported to the medical examiner’s office where an autopsy will be conducted to determine his cause of death. Preliminary reports indicate the contractor’s death was accidental, the Bonita Springs deputy fire chief said. He was working on the tower’s electrical system when he died, the fire chief said. At the top, rescuers discovered the man was dead. Four teams of two men scaled the tower to retrieve the body, he said. A camera was hoisted and pictures were taken for workplace safety investigators, the fire chief said. Several radio stations and a couple of TV channels were knocked off the air, because rescuers turned off electricity, the fire chief said. Meridian Broadcasting rents the tower for Fox News 92.5, as do other stations. Source: http://www.news-press.com/article/20111227/NEWS0102/312270028/0/NEWS0102/Contractor-who-died-radio-tower-Bonita-Springs-ID-d?odyssey=nav|head

31. December 27, Spaceflight Now – (International) Six Globalstar satellites on track for liftoff Wednesday. The launch of a Soyuz rocket with six Globalstar mobile communications will go forward December 28 despite the failure of a similar booster December 23, according to Globalstar and Russian officials. The satellites will replenish Globalstar’s fleet of communications satellites linking customers through voice and data messaging services. Investigators are still studying the December 23 mishap, which caused the Soyuz rocket to fall in Siberia a few minutes after blasting off from the Plesetsk Cosmodrome in northern Russia. No injuries were reported, but some Russian news agencies said the crash resulted in property damage. Built by Thales Alenia Space of Italy, the satellites will finish deploying from a specially-built dispenser at about 1:49 p.m. Ground controllers will place each of the 1,543-pound satellites on different trajectories to enter the Globalstar constellation. The process will include raising their orbits to an altitude of 878 miles and carefully piloting the craft into precise positions in the fleet. Globalstar satellites are divided among eight orbital planes to evenly spread the spacecraft across the globe. The Louisiana-based company’s subscribers use the satellite network to make mobile phone calls and data transmissions, especially in rural zones where terrestrial coverage is spotty or non-existent. The December 28 launch is the third of four missions to bolster Globalstar’s satellite network. Six more satellites are due for liftoff on another Soyuz booster in 2012, following up on successful flights in October 2010 and July 2011. Some of the 12 fresh satellites launched in the last two years have shown signs of trouble with their momentum wheels, which maintain the craft’s orientation in space. Globalstar’s existing constellation is mostly comprised of spacecraft launched between 1998 and 2000. Built by Space Systems/Loral and designed for a seven-and-a-half year orbital life, the satellites are aging and need to be replaced. The new satellites are gradually restoring voice and duplex data service as they join the network. Source: http://www.spaceflightnow.com/soyuz/st24/111227preview/