Thursday, February 2, 2012
• Four men inspired by al-Qa’ida admitted planning to detonate a bomb at the London Stock Exchange, and considered targeting the U.S. Embassy. – BBC News, See item 14 below in the Banking and Finance Sector.
• Police found several bombs and ingredients to make more explosives inside an apartment in Fort Wayne, Indiana, while the man who lived there remained hospitalized after his hand was blown off in an explosion January 29. – Fort Wayne Journal Gazette (See item 56)
56. January 31, Fort Wayne Journal Gazette – (Indiana) Bombs found after apartment blast. Police found several bombs and ingredients to make more explosives inside an apartment in Fort Wayne, Indiana, while the man who lived there remained hospitalized after his hand was blown off in the explosion, the Fort Wayne Journal Gazette reported January 31. Fort Wayne’s hazardous devices unit collected several chemicals, fuels, and powders used to make bombs and several bombs from an apartment at the River Cove Apartment complex, a police spokeswoman said. Police responded January 29 after the man made an explosive mixture that became rocklike and he “began to engage” the mixture with a chisel, causing the explosion. The man’s hand took the full force of the explosion. The mixture that exploded was not believed to be a massive explosive device. The police spokeswoman said the man will probably face criminal charges because of the bombs found in his home. The man lived in the home with his teenage son and daughter. The daughter also was injured in the explosion, police said. Source: http://www.journalgazette.net/article/20120131/LOCAL07/301319982
Banking and Finance Sector
14. February 1, BBC News – (International) Four men admit London Stock Exchange bomb plot. Four men inspired by al-Qa’ida admitted planning to detonate a bomb at the London Stock Exchange, BBC News reported February 1. The men all pleaded guilty in court in England to engaging in conduct in preparation for acts of terrorism. The men, from London and Cardiff, were arrested in December 2010. Five other men linked to the plot pleaded guilty to other terrorism offenses and all nine will be sentenced the week of February 6. It emerged that those who targeted the London Stock Exchange wanted to send five mail bombs to various targets during the run up to Christmas 2010, and discussed launching a “Mumbai-style” atrocity. A hand-written target list discovered at the home of one of the men listed the names and addresses of London’s mayor, two rabbis, the U.S. embassy, and the stock exchange. The conspiracy was stopped by undercover anti-terror police before firm dates could be set for attacks. The terrorists met because of their membership of various radical groups and stayed in touch over the Internet, through mobile phones, and at specially arranged meetings. The quartet talked about leaving homemade bombs in the toilets of their city’s pubs and discussed traveling abroad for terror training. Source: http://www.bbc.co.uk/news/uk-16833032
15. February 1, Help Net Security – (International) Malware redirects bank phone calls to attackers. Trusteer has discovered a concerning development in new configurations of Ice IX, a modified variant of the ZeuS financial malware platform, that are targeting online banking customers in the United Kingdom (UK) and United States. “In addition to stealing bank account data, these Ice IX configurations are capturing information on telephone accounts belonging to the victims ... allow[ing] attackers to divert calls from the bank intended for their customer to attacker controlled phone numbers,” the chief technology officer (CTO) of Trusteer said. He believes “the fraudsters are executing fraudulent transactions using the stolen credentials and redirecting the bank’s post-transaction verification phone calls to professional criminal caller services that approve the transactions.” In one captured attack, at login the malware steals the victim’s user ID and password, memorable information/secret question answer, date of birth, and account balance. Next, the victim is asked to update phone numbers and select the name of their service provider from a drop-down list. To enable the attacker to modify phone service settings, the victim is then asked by the malware to submit telephone account number. The fraudsters justify this request by stating this data is required as a part of verification process caused by “a malfunction of the bank’s anti-fraud system with its landline phone service provider.” Source: http://www.net-security.org/malware_news.php?id=1984
16. February 1, H Security – (International) Hacker extracts RFID credit card details. The widespread use, especially in U.S. credit cards, of radio frequency identification (RFID) chips which can be read through clothing or wallets for contactless payments can lead to cards being read without the owners knowledge or permission, H Security reported February 1. Forbes reported January 30 that a hacker at the Shmoocon security conference in Washington D.C. demonstrated the ability to read data on RFID chipped credit cards and make a payment that had not been authorized by the card owner. With about 100 million RFID cards issued, this could now be done without card owners handing over their cards. No security measures such as card reader authentication are in place. However, the RFID data does not include the three-digit CVV number printed on the back of the card that is usually required when making an online transaction. Instead, the chip issues a one-time CVV that is only valid for one transaction. Using this CVV repeatedly will cause the card to be blocked. In the United States, Visa markets RFID credit cards as payWave, and in the United Kingdom (UK) as Contactless by Visa. Mastercard markets their RFID credit cards as Paypass in the United States and UK. Source: http://www.h-online.com/security/news/item/Hacker-extracts-RFID-credit-card-details-1425974.html
17. January 31, Infosecurity – (National) Trymedia breach exposes credit card numbers of 12,000 digital game customers. Trymedia’s ActiveStore Web-based storefront application, which processes digital game purchases made by customers on its partners’ Web sites, was recently breached, exposing credit card numbers and other personal information of more than 12,000 customers, Infosecurity reported January 31. Trymedia told the New Hampshire Attorney General’s Office it believes hackers were able to obtain credit card numbers, expiration dates, security codes, and postal and e-mail addresses to optional users accounts for transactions between November 4 and December 2. Trymedia said it would notify the 12,456 customers affected by postal mail about the potential breach and offer to provide a 12-month subscription to a credit-monitoring and identity-theft protection product. Source: http://www.infosecurity-us.com/view/23586/trymedia-breach-exposes-credit-card-numbers-of-12000-digital-game-customers/
18. January 31, Associated Press – (International) Hackers attack large Brazilian Bank. A group of Internet hackers said January 31 it took down the Web site of Brazil’s second largest private sector bank, one day after it did the same with the country’s largest private bank. The group that calls itself “Anonymous Brasil” said on Twitter: “Attention sailors: Target hit! The http://bradesco.com.br is sinking. TANGO DOWN.” Banco Bradesco SA said in a statement its site suffered “momentary interruptions,” due to high traffic, but that it was never forced offline. The group said on Twitter its attacks were a protest against corruption and would continue for at least a week. The group attacked the website of Itau Unibanco Banco Multiplo SA , Brazil’s largest private sector bank, January 30, saying it was the first of several such attacks. That bank said in a statement its site was offline for part of the day, but that it was re-established after the problem was detected. Source: http://techland.time.com/2012/01/31/hackers-attack-large-brazilian-bank/
19. January 31, U.S. Securities and Exchange Commission – (Illinois; New York) SEC charges brothers with short selling violations. The U.S. Securities and Exchange Commission (SEC) January 31 charged two brothers living in Chicago and New York with naked short selling for failing to locate and deliver shares involved in short sales to broker-dealers. While short selling is legal, SEC rules require short sellers to locate shares to borrow before selling them short, and they must deliver the securities by a specified date. According to the SEC’s order instituting administrative proceedings against the brothers, they generated more than $17 million in ill-gotten gains. The SEC’s alleges one of the men engaged in illegal naked short sales while working as a broker-dealer and later as the principal trader at a now defunct Chicago-based broker-dealer. His brother conducted illegal naked short sales while trading through Golden Anchor Trading II LLC, a New York-based broker-dealer, which the SEC has also charged. According to the order, the brothers engaged in two types of transactions from July 2006 to July 2007. The first type of transaction – a “reverse conversion” or “reversal” – involves selling stock short and simultaneously selling a put option and buying a call option on the stock. The second type was a stock and option combination that created the illusion he party subject to a close-out obligation had satisfied that obligation by buying the same kind and quantity of securities it had sold short. However, the brothers knew or had reason to know the shares purchased in the sham transactions would never be delivered because they were purchased from another seller who also did not have the stock. Source: http://www.sec.gov/news/press/2012/2012-22.htm
20. January 31, Associated Press – (National) IRS says federal sweep against identity theft targets 105 people in 23 states in past week. The federal government has swooped down on 105 people in 23 states in the past week as part of a nationwide crackdown on identity theft and tax refund fraud timed to warn cheats to beware this tax season, the Internal Revenue Service (IRS) said January 31. The sweep, which ranged from Alaska to Florida and included 80 complaints and indictments and 58 arrests, has already produced a handful of guilty pleas and sentencings. Besides the IRS, the Justice Department’s Tax Division, the Postal Service, and local U.S. attorney’s offices were involved after investigations that lasted months and, in some cases, years. In 2011, the agency said it found 260,000 income tax returns with confirmed attempts at identity fraud and blocked the payment of $1.4 billion worth of refunds. Over the past week, IRS officials have also visited 150 money services businesses to see if they are involved in identity theft or filing for bogus refunds. This sweep was conducted in nine metropolitan areas the IRS considers high risk: Atlanta; Birmingham, Alabama.; Chicago; Los Angeles; Miami; New York; Phoenix; Tampa, Florida; and Washington, D.C. In addition, the agency is auditing more than 250 check-cashing operations around the United States, in part to try to spot any identity theft activity. The IRS’s deputy commissioner for services and enforcement said in 2012 the IRS installed new filters on its computers in an attempt to spot identify fraud before the agency pays a phony refund. Source: http://www.chicagotribune.com/sns-ap-us-irs-identity-theft,0,585346.story
21. January 31, Boulder Daily Camera – (Colorado) FBI: Two Boulder bank robberies committed by ‘Face Off Bandit’. The FBI now believes that two bank robberies this winter in Boulder, Colorado, were committed by the same robber, who they believe also targeted banks in Golden and Thornton, the Boulder Daily Camera reported January 31. The FBI said a man they are calling the “Face Off Bandit” is likely responsible for robberies at a Great Western Bank December 16, and a First Bank January 19 in Boulder. Investigators also believe the robber hit a Wells Fargo Bank in Golden in September, and a Key Bank in Thornton in November. In all four cases, the suspect entered the banks with some sort of fake facial hair, presented a note demanding money, and left. In one of the Boulder robberies, police believe he also used a hat with hair attached to it. Source: http://www.dailycamera.com/boulder-county-news/ci_19862212
22. January 30, U.S. Securities and Exchange Commission – (Arizona; International) Relationship partner at accounting firm charged with fraud and barred for five years; former Syntax-Brillian Corp. executive ordered to pay more than $48 million for insider trading and financial fraud. The U.S. Securities and Exchange Commission (SEC) January 30 filed settled charges against a partner at an accounting firm for aiding and abetting a fraudulent revenue recognition scheme at Syntax-Brillian Corporation, a developer of high-definition LCD televisions. In addition, a district court judge in Arizona January 12 entered a default judgment against the chief procurement officer and a director of Syntax. The court permanently enjoined the director from future violations of the antifraud, reporting, books and records, internal controls, and misrepresentation to auditor provisions of securities laws, and ordered him to pay disgorgement, prejudgment interest, an insider trading penalty, and a civil penalty totaling more than $48 millions for his role in the scheme. He was also permanently barred from serving as an officer or director of a publicly traded company. As alleged in the SEC’s complaint against the director, from at least June 2006 through April 2008, he and other Syntax senior executives engaged in a complex scheme to overstate Syntax’s revenues and earnings and artificially inflate its stock price. The scheme included the creation of fictitious sales and shipping documents and coordinating the circular transfer of funds among and between Syntax, its primary manufacturer in Taiwan, and its purported distributor in Hong Kong. In its complaint against the partner, the SEC alleged he instructed Syntax executives on how to create a backdated distribution agreement to assist them in improperly recognizing revenue. Source: http://www.sec.gov/litigation/litreleases/2012/lr22243.htm?utm_medium=twitter&utm_source=twitterfeed
45. February 1, H Security – (International) Mozilla closes critical holes in Firefox, Thunderbird and SeaMonkey. Following the release of new versions of its open source Firefox Web browser, Thunderbird e-mail client, and SeaMonkey suite, Mozilla detailed the security fixes included in each of the updates. According to the project’s Security Center page for Firefox, version 10.0 closes a total of eight security holes in the browser, five of which are rated as “Critical” by Mozilla. The critical issues include an exploitable crash when processing a malformed embedded XSLT stylesheet, potential memory corruption when decoding Ogg Vorbis files, XPConnect security checks being bypassed by frame scripts, a use after free error in child nodes from nsDOMAttribute, and various memory safety hazards. These vulnerabilities could be exploited remotely by an attacker to, for example, execute arbitrary code on a victim’s system. Additionally, Firefox 10 closes two “High” impact issues that could lead to information disclosure or an attacker violating the HTML5 frame navigation policy by replacing a sub-frame for phishing attacks. A moderate severity bug when exporting a user’s Firefox Sync key to a “Firefox Recovery Key.html” file that caused it to be saved with incorrect permissions was also fixed. Source: http://www.h-online.com/security/news/item/Mozilla-closes-critical-holes-in-Firefox-Thunderbird-and-SeaMonkey-1426048.html
46. January 31, H Security – (International) Security hole in Sudo’s debug option closed. A hole in the sudo command’s debug options was fixed by the developers, H Security reported January 31. The problem, discovered by joernchen of phenoelit, affects sudo versions 1.8.0 to 1.8.3p1. The sudo command is used extensively by Linux distributions, Mac OS X, and other Unix operating systems to allow users to execute commands with super user privileges without logging in as root. The security hole appeared in version 1.8.0 when a new simple debugging option was added. Source: http://www.h-online.com/security/news/item/Security-hole-in-Sudo-s-debug-option-closed-1425163.html
47. January 31, Threatpost – (International) Kelihos botnet resurfaces. The Kelihos botnet, which researchers at Kaspersky Lab and Microsoft disrupted last fall by sinkholing the control channel, sprung back to life and is using only slightly different versions of the original malware and controller list, Threatpost reported January 31. In late September, researchers from Kaspersky and Microsoft worked together on a coordinated takedown of the botnet, which involved sinkholing. This tactic involves researchers directing bots on infected computers to contact a server they control, rather than one controlled by the attackers. At the time of the takedown, a Kapersky researcher said the sinkholing was not a permanent answer because the peers in the network would eventually begin communicating with other controllers and the sinkhole peer would lose its dominant position. The real solution would have been to push an update to the infected machines that removed the infection or disabled the bot, but there are legal and ethical obstacles to that course of action. What happened since the takedown in September is essentially what the researcher predicted. The Kelihos network reformed and is back in action, in only slightly modified form. The encryption routine the malware uses is slightly different from the old version, shuffling around the spots in which Blowfish and Triple-DES keys are used. The signing keys for certain components of the malware also changed. Source: http://threatpost.com/en_us/blogs/kelihos-botnet-resurfaces-013112
48. January 30, ZDNet – (International) Android malware makes use of steganography. Security firm F-Secure released details on how Android malware makes use of steganography to hide the control parameters for rogue code. Steganography is the technique of hiding messages within something else, in this case, an icon file. F-Secure first suspected Android malware was making use of steganography when researchers came across a particular line of code. Further research revealed more code, and it soon became clear the image file being referenced was the icon file bundled with the rogue application. The hidden dtata is used to control how and when premium rate SMS messages are sent from the victim’s handset, which is the primary purpose of the rogue application. Source: http://www.zdnet.com/blog/hardware/android-malware-makes-use-of-steganography/17903
For more stories, see items 13, 15, 17, and 18 above in the Banking and Finance Sector.
49. February 1, Ardmore Daily Ardmoreite – (Oklahoma) Cable system target of vandalism. The cable system in the Healdton, Oklahoma area has been the subject of controversy in recent months and a target of vandalism over the past week, the Ardmore Daily Ardmoreite reported February 1. The Healdton city manager said the head end station, located near Ratliff City, has been targeted since January 27. The resulting vandalism has caused damage to the cable and Internet in terms of financial loss and service.”They moved the dish and cut some of the wires. It appears they scaled the fence,” the city manager said. The Carter County Sheriff’s Department is investigating the vandalism, which the city manager believes was a deliberate attempt to sabotage the cable system. “They had to know what they were doing,” he said. “The average Joe wouldn’t know to go cut some of the wires and some of the lead wires. They also pulled the T1 wire which affected the Internet.” Reports of cable problems began filtering in January 27. Repairs were made, but another incident caused much more significant problems. “It happened somewhere between noon [January 30] and 6 a.m. January 31,” the city manager said. Based on information relayed to the city manager, it will take 16 to 20 hours of labor to get the system back up fully. There will be additional hours needed to realign some of the channels. He said any charges could also fall into the realm of the Federal Communications Commission. Source: http://www.ardmoreite.com/news/x370663419/Cable-system-target-of-vandalism
For more stories, see item 15 above in the Banking and Finance Sector and 48 above in the Information Technology Sector.