Tuesday, January 10, 2012

Complete DHS Daily Report for January 10, 2012

Daily Report

Top Stories

• Federal agents arrested a Pinellas Park, Florida, man described as having extremist jihadist beliefs after he attempted to procure guns and explosives and threatened to blow up government and commercial buildings. – Tampa Tribune (See item 30)

30. January 9, Tampa Tribune – (Florida) Feds: Man planned terrorism attacks in Tampa. Federal agents the weekend of January 7 arrested a Pinellas Park, Florida, man described as having extremist jihadist beliefs who wanted to blow up a target in Tampa and create “terror.” The man was taken into custody after an FBI sting operation in which he tried to buy explosives, at least 10 grenades, Uzis, and an AK-47, authorities said. His intended target shifted over the course of the investigation, which spanned several months, at times involving government buildings, the Hillsborough County Sheriff’s Office operations center in Ybor City, and a pub in South Tampa, authorities said. The arrest came about, in part, because of assistance from the Muslim community, said a U.S. attorney. The sting culminated at a Tampa hotel January 7 after the suspect had the person from whom he was purchasing the explosives –- unknown to him, an undercover agent –- film him making a video explaining his reasoning for the planned attack, according to the complaint. The suspect, who was born in the former Yugoslavia, came to authorities’ attention in September 2011 when he contacted a store owner and asked for flags representing al-Qa’ida, according to a federal complaint. The suspect began working for the owner as a laborer. The store owner contacted the FBI, which initiated an undercover investigation. Source: http://suncoastpinellas.tbo.com/content/2012/jan/09/091105/feds-man-planned-terrorism-attacks-in-tampa/news/

• Two vulnerabilities in the Siemens FactoryLink industrial control systems used in the oil and gas, chemical, and food and beverage industries, could enable a hacker to carry out remote denial of service and arbitrary code execution attacks. – Infosecurity. See item 41 below in the Information Technology Sector

Details

Banking and Finance Sector

13. January 8, NetworkWorld – (National) FBI warns of malware phishing scam. The FBI issued a warning the week of January 2, on a new Internet blight called “Gameover,” which, once ensconced on a PC, can steal usernames and passwords and defeat common methods of user authentication employed by financial institutions. The FBI said it has seen an increase in the use of Gameover, which is an e-mail phishing scheme that invokes the names of prominent government financial institutions — the National Automated Clearing House Association (NACHA), the Federal Reserve Bank, or the Federal Deposit Insurance Corporation (FDIC). The FBI said Gameover is a newer variant of the Zeus malware, which was created several years ago and specifically targeted banking information. This is how the FBI described the scam: “Typically, you receive an unsolicited e-mail from NACHA, the Federal Reserve, or the FDIC telling you that there’s a problem with your bank account or a recent ACH transaction. The sender has included a link in the e-mail for you that will supposedly help you resolve whatever the issue is. Unfortunately, the link goes to a phony website, and once you’re there, you inadvertently download the Gameover malware, which promptly infects your computer and steals your banking information. After the perpetrators access your account, they conduct what’s called a distributed denial of service, or DDoS, attack using a botnet, which involves multiple computers flooding the financial institution’s server with traffic in an effort to deny legitimate users access to the site.” The FBI went on to say some of the funds stolen from bank accounts go towards the purchase of precious stones and expensive watches from high-end jewelry stores. Source: http://www.pcworld.com/article/247450/fbi_warns_of_malware_phishing_scam.html

14. January 8, Asheville Citizen-Times – (North Carolina) Bank of Asheville officials negligent, FDIC says. Directors of the Bank of Asheville in North Carolina ignored their own policies and warnings from regulators while making risky real estate loans that ultimately forced the bank’s closure, the Asheville Citizen-Times reported January 8. That is the thrust of a lawsuit filed recently by the Federal Deposit Insurance Corp. (FDIC) against seven former bank directors that seeks to recover $6.8 million in losses on loans the suit said the directors approved. The lawsuit, filed December 29 in a U.S. district court, identifies 30 loans it said were negligently approved. It said bank directors generally approved loans via e-mail instead of meeting and discussing loan applications in person. Many of the applications were based on only cursory research on borrowers’ finances and the adequacy of collateral, it said. The FDIC and state regulators shut Bank of Asheville in January 2011. Bank of Asheville previously reported substantial losses on real estate loans. The former bank president and chief executive pleaded guilty in June to fraud in connection with a loan. Source: http://www.citizen-times.com/article/20120109/NEWS/301090019/FDIC-slams-Asheville-bank?odyssey=tab|topnews|text|Frontpage

15. January 6, Huffington Post – (California) ‘Dying Son Bandit’ held up five southern California banks since November. In southern California, one father is claiming his family’s staggering hospital bills are driving him to a life of crime as a bank robber, the Huffington Post reported January 6. Known among local law enforcement authorities as the “Dying Son Bandit,” he has reportedly been apologetic during bank hold-ups as he explains he needs the money to pay for his ailing son’s care. A FBI spokeswoman told KCBS 2 Los Angeles that during two bank robberies January 5 — one in Dana Point and the other in Lake Forest — he told tellers he needed the cash to pay for his family’s medical bills. The spokeswoman confirmed the report with the Huffington Post and revealed the FBI has been on the trail of the “Dying Son Bandit” since late 2011 when he started robbing banks in San Diego County. In November he robbed a bank in Carlsbad. In early December, he robbed a bank in Encinitas, then a bank in Oceanside New Year’s Eve. The FBI was able to tie the bank robberies in San Diego County with the January 5 hits in Orange County because of the similar modus operandi, and very clear photos from surveillance cameras. Source: http://www.huffingtonpost.com/2012/01/06/dying-son-bandit-bank-robberies-hospital-bills-california_n_1190217.html

16. January 6, KNBC 4 Los Angeles – (California) Alleged ‘Market Duo’ bandit still on the loose. A man taken into custody in California who was believed to be the second half of the “Market Duo” robbery team was released, and now authorities are searching for a suspect who managed to escape a police perimeter. Following a police pursuit January 5, one suspect was shot and arrested. A second man fled the scene on foot. After setting up a perimeter, a man was taken into custody; however, it was “later determined that the man had no involvement with the incident,” a deputy told City News Service. The incident started January 5 when two men — believed to be the serial robbers known as the “Market Duo” — allegedly held up a Wells Fargo branch in Placentia. A freeway pursuit ensued, at times reaching 100 mph. The chase ended in Paramount when the suspects’ vehicle hit a curb. After exiting the vehicle, one suspect allegedly pulled out a replica weapon, a Placentia detective said. Wells Fargo is offering a $10,000 reward for information leading to the identification and conviction of the second suspected robber. The “Market Duo” bandits earned the nickname because they allegedly targeted bank branches in grocery stores. The robbers are believed to have held up the same branch November 21, an FBI spokeswoman said. The alleged bandits are also suspected of robbing a U.S. Bank branch in La Habra October 25 and another U.S. Bank branch in Seal Beach November 3, a FBI special agent said. Source: http://www.nbclosangeles.com/news/local/Market-Duo-Robbery-136832503.html

17. January 6, Wired – (New York) Romanian man charged in $1.5 million ATM skimming scam. A Romanian man was arrested in a $1.5 million card-skimming operation that targeted 40 ATMs belonging to HSBC branches in New York, Wired reported January 6. Between May 2010 and the week of January 2 the man and others allegedly installed card-skimming devices that stole card numbers and PINs on HSBC ATMs in Manhattan, Long Island, and Westchester. Using the videotaped PINs, they withdrew about $1.5 million from customer accounts over about 7 months, authorities said. According to an affidavit filed by a U.S. Secret Service agent, the suspect was caught on bank surveillance cameras January 5 –- and on prior occasions –- installing the skimmers and pin-hole cameras and made no attempt to hide his face. The suspect, according to authorities, was in the United States illegally on an overstayed visa. He was charged with one count of conspiracy to commit bank fraud and one count of bank fraud. If convicted, he faces a maximum sentence of 60 years in prison. Source: http://www.wired.com/threatlevel/2012/01/hsbc-skimming-operation/

18. January 6, Minneapolis Star Tribune – (Minnesota; Wisconsin) Wisconsin man admits mass mortgage fraud. A man suspected in what authorities described as “the next wave” in mortgage fraud schemes surprised Hennepin County, Minnesota, prosecutors January 6 and pleaded guilty to a charge of racketeering, exposing himself to a potential prison term of up to 20 years. The man owned and operated Mortgage Planners Inc., a licensed mortgage originator in St. Paul. He admitted January 6 he and others submitted forged financial documents to lenders to qualify “straw buyers” for mortgage loans guaranteed by the Federal Housing Administration (FHA). In addition to the forgeries, he also admitted he relied on a phony “phone tree” set up to provide employment verifications at nonexistent companies for some borrowers. Others facing charges in the scheme include the man’s wife and two other men. The U.S. Department of Housing and Urban Development said the defendants brokered about $23 million in loans, which were used to buy 136 properties in the Twin Cities area and outstate Minnesota. The suspect property transactions were complex deals that took advantage of provisions of Minnesota foreclosure law, prosecutors said. Source: http://www.startribune.com/local/west/136832893.html

Information Technology

39. January 9, Computerworld – (International) Big IT vendors lead patching laggards. IBM, Hewlett-Packard (HP), and Microsoft led the list of companies that failed to patch vulnerabilities after being notified by the world’s largest bug-bounty program, according to the TippingPoint Zero-Day Initiative. During 2011, TippingPoint — a division of HP — released 29 “zero-day” advisories that had information about vulnerabilities the company reported to IT vendors 6 or more months earlier. Ten of the 29 were bugs in IBM software, 6 were in HP applications and 5, later patched, were in Microsoft products. Other vendors on the late-to-patch list included CA, Cisco, and EMC. TippingPoint, which sponsors the Pwn2Own hacking contest, buys information about vulnerabilities from independent security researchers and privately reports them to vendors. It uses the data to craft defenses for its own line of security appliances. In mid-2010, TippingPoint announced it would go public with advisories that included “limited details” of reported vulnerabilities if vendors did not patch them within 6 months. Source: http://www.computerworld.com/s/article/9223221/Big_IT_Vendors_Lead_Patching_Laggards

40. January 6, Threatpost – (International) Adobe plans critical security updates for Reader, Acrobat next week. Adobe said January 6 it will issue critical fixes for its popular Reader and Acrobat products January 10. The company said it is planning to release updates for Adobe Reader and Acrobat versions X and earlier for the Windows and Macintosh platforms to fix a slew of critical security issues. They include the vulnerabilities CVE-2011-2462 and CVE-2011-4369, which were patched in Adobe products up through version 9 in December, the company said on its PSIRT blog. The January patch will be released January 10 as part of Adobe’s monthly patch cycle. Source: http://threatpost.com/en_us/blogs/adobe-plans-critical-security-updates-reader-acrobat-next-week-010612

41. January 6, Infosecurity – (International) Flaws in Siemens FactoryLink could be exploited remotely. Two vulnerabilities in the Siemens FactoryLink industrial control system could enable a hacker to carry out remotel denial of service and arbitrary code execution attacks, warned the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). Buffer overflow and data corruption vulnerabilities, discovered by a researcher from Taiwan’s Information and Communication Security Technology Center, affect ActiveX components in Siemens Tecnomatix FactoryLink versions V8.0.2.54, V7.5.217 (V7.5 SP2), and V6.6.1 (V6.6 SP1). The Siemens Tecnomatix FactoryLink software is used for monitoring and controlling industrial processes in variety of industries, including oil and gas, chemicals, food and beverage, and building automation. The buffer overflow vulnerability is exploited by inputting a long string to a specific parameter, causing a buffer overflow that could allow the execution of arbitrary code. The data corruption vulnerability is exploited by inputting arbitrary data, causing a file save to any specified location on the target system, the ICS-CERT explained. Siemens released a patch to its customers to address these vulnerabilities. ICS-CERT confirmed the Siemens patch resolves the reported vulnerabilities. In addition, Microsoft released a kill bit to address the ActiveX vulnerabilities. Customers of Siemens Tecnomatix FactoryLink should also install the security update referenced in the Microsoft Security Advisory 2562937, the ICS-CERT advised. Source: http://www.infosecurity-magazine.com/view/23047/

For another story, see item 13 above in the Banking and Finance Sector

Communications Sector

42. January 8, Associated Press – (Montana; Wyoming) Verizon Wireless network working again in Montana, northern Wyoming. A Verizon Wireless spokesman said service was restored after a January 8 outage of more than 7 hours in Montana and northern Wyoming. A spokesman told the Billings Gazette a switch failed during scheduled maintenance on the network. He said engineers fixed the problem. Customers reported cell phone calls could not be completed and text messaging had problems. The spokesman said the company’s network team typically does maintenance and software updates early in the morning when traffic is light. He said the routine maintenance normally does not cause problems in the network. Source: http://www.therepublic.com/view/story/5a30b22afba74b95a1a7a9f6223add49/MT--Verizon-Wireless-Outage/

43. January 6, WSPA 7 Spartanburg – (South Carolina) Weather radio outage for the GSP area. The transmitter located on Paris Mountain that handles the heart of the Greenville/Spartanburg area in South Carolina failed, WSPA 7 Spartanburg reported January 6. Repair efforts are underway, but it was not known when the broadcasts to National Oceanic and Atmospheric Administration (NOAA) weather radios would continue. There is a possibility the outage could linger into early February, but officials hoped for a quicker fix. The 162.550 MHz frequency is down until further notice. Source: http://www2.wspa.com/blogs/dan-bickford/2012/jan/06/weather-radio-outage-gsp-area-ar-2997953/

No comments: