Thursday, June 28, 2012

Complete DHS Daily Report for June 28, 2012

Daily Report

Top Stories

• Barclays and its subsidiaries agreed to pay more than $400 million to settle charges it tried to manipulate key global interest rates tied to all manner of loans and investments for 4 years. – Associated Press See item 6 below in the Banking and Finance Sector

• An international cyber sting led by the FBI attracted criminals from four continents looking to buy and sell stolen credit card numbers, bank information, and drivers licenses online. The sting led to 24 arrests. – ABC News See item 10 below in the Banking and Finance Sector

• The governors of Wisconsin and Minnesota declared states of emergency in response to heavy flooding that caused tens of millions in damage to roads, public infrastructure, and homes. – Reuters

13. June 27, Reuters – (Wisconsin; Minnesota) Governor declares state of emergency in Wisconsin flooding. The governor of Wisconsin declared a state of emergency June 26 for three counties in the northwest corner of the State after heavy rain caused flooding. Some roads remain underwater from the heavy rain of 3-5 inches that fell across northwestern Wisconsin June 19 and 20, causing damage to roads, culverts, and other public infrastructure of more than $2.5 million. The state of emergency covers Douglas, Ashland, and Bayfield counties. The governor also directed all State agencies to assist the area in the cleanup and recovery effort. Three people died in Clark County to the south when vehicles entered a ravine created where a road washed out. The governor of Minnesota declared a state of emergency late the week of June 18 for the northeastern part of the State where up to 10 inches of rain fell in some spots. Hundreds of residents in northeastern Minnesota were forced from their homes because of flooding that ripped up dozens of roads and caused mudslides and sinkholes. June 21, Duluth's mayor said damage was estimated at up to $80 million to the city's public infrastructure alone. Source: http://in.reuters.com/article/2012/06/27/weather-midwest-floodsidINL2E8HQKP820120627

• An explosive wildfire doubled in size and moved into residential area of Colorado Springs, Colorado, a city of about 400,000. The fire chased 32,000 people from homes and forced the evacuation of the U.S. Air Force Academy campus. It was just one of several huge fires burning in Colorado and Utah. – CNN

44. June 27, CNN – (Colorado; Utah) Colorado fire of 'epic proportions' roars into neighborhoods. Fueled by winds and dry conditions, a wildfire doubled in size and moved down foothills, razing residential areas of Colorado Springs, Colorado, June 27. The Waldo Canyon Fire engulfed 15,517 acres, with only 5 percent contained, and forced 32,000 people to flee their homes, said the incident commander. The 1,000 firefighters braced for predicted thunderstorms that could worsen the situation. The storms bring strong winds that can gust unpredictably. Winds gusting to 65 mph through mountain canyons blew the wildfire through containment lines. The flames came dangerously close to the U.S. Air Force Academy campus. An evacuation order was issued for about 700 residents in its Pine Valley Housing and 1,400 in Douglass Valley Housing, a public affairs officer said. The academy's powered flight, glider, and parachuting operations were called off since June 23 so the U.S. Forest Service could use runways for helicopters used to fight fires. Colorado Springs set a record high of 101F June 26 as firefighters contended with conditions, including ash falling on highways and neighborhoods. Meanwhile, a new fire in Boulder prompted preevacuation notices to 2,300 phone numbers. Six other wildfires were active in the State, according to the Colorado Division of Emergency Management. The largest of the fires was the High Park Fire, which began June 9 and consumed 87,284 acres, the U.S. Forest Service said. It was 65 percent contained June 27. The total number of homes lost rose to 257. An estimated $33.1 million has been spent trying to contain it. A large section of Utah was under a red-flag warning, with three wildfires burning June 26. Authorities said they found the body of one person after they entered the evacuated areas of the Wood Hollow Fire, about 30 miles south of Provo. The Federal Emergency Management Agency was providing funds to help fight that fire, which has grown to 46,190 acres since starting June 23. Containment was 15 percent. Source: http://www.cnn.com/2012/06/27/us/western-wildfires/index.html?hpt=hp_t1

Details

Banking and Finance Sector

6. June 27, Associated Press – (International) Barclays will pay $400M for manipulating interest rates. Barclays and its subsidiaries agreed to pay more than $400 million to settle charges it tried to manipulate key global interest rates, the Associated Press reported June 27. The rates affect the costs of hundreds of trillions of dollars in loans and investments such as bonds, auto loans, and derivatives. The U.S. Commodity Futures Trading Commission (CFTC) said the incidents occurred between 2005 and 2009 and sometimes took place daily. The CFTC said Barclays senior management and multiple traders were involved, and they coordinated with traders at other banks to make false submissions. The falsified data was used in determining the London interbank offered rate (LIBOR) and Euribor rates, which influence many other interest rates. Barclays' settlement with the CFTC includes a $200 million civil penalty. Britain's financial services authority levied a fine of $92.7 million, the biggest fine ever imposed by the British regulator. Barclays also agreed to pay $160 million as part of an agreement with the fraud section of the Justice Department's criminal unit on a related matter. Source: http://www.usatoday.com/money/industries/banking/story/2012-06-27/barclays-penalty/55854212/1

7. June 27, Associated Press – (National) 2 plead guilty to skimming IDs for fake cards. A Bulgarian man and a Florida woman pleaded guilty in Birmingham, Alabama, to skimming bank customers' identification at ATMs across the south and using the information to create more than 300 counterfeit credit and debit cards, the Associated Press reported June 27. Federal officials said the two pleaded guilty to bank fraud, possession of counterfeit cards, and aggravated identity theft. Prosecutors said the fraud cost the Bank of America more than $862,000, which the two must repay. Hoover, Alabama police arrested the two in May 2011 as they attempted to place a camouflaged skimmer on a bank ATM. They recovered $50,000 in cash and skimmer equipment from their hotel room. Prosecutors said the two were working with a group that placed skimmers in Alabama, North Carolina, Florida, Virginia, Tennessee, and South

Carolina. Source: http://www.sfgate.com/news/article/2-plead-guilty-to-skimming-IDs-for-fakecards- 3665986.php

8. June 27, Reuters – (International) U.S. files lawsuit against Wyndham over data breach. U.S. regulators filed a complaint against Wyndham Worldwide Corp and three subsidiaries June 26, alleging that a failure by the hospitality company to safeguard consumers' personal information led to more than $10 million lost to fraud. The Federal Trade Commission (FTC) said repeated failures to secure consumer data led to hundreds of thousands of consumers' payment card information being exported to an Internet domain address registered in Russia. Wyndham operates several hotel brands, including the value-oriented Days Inn and Super 8. In its complaint, the FTC said fraudulent charges on Wyndham's consumer accounts totaled more than $10.6 million following three data breaches in less than 2 years. The breaches occurred in April 2008, March 2009, and in late 2009, it said. A vice president for investor relations at Wyndham said the company offered affected customers credit-monitoring services while also strengthening its security systems. Wyndham was unaware of any customers losing money because of the breach, he said. Source: http://www.reuters.com/article/2012/06/27/uk-ftc-wyndhamidUSLNE85Q01Q20120627

9. June 26, San Jose Mercury News – (California) Los Gatos developer, two others indicted on charges related to mortgage fraud. A Los Gatos, California developer, his nephew, and a real estate broker were indicted by a federal grand jury on charges of bank fraud, conspiracy, and making false statements to financial institutions related to the sale of homes in a Salinas subdivision. The indictment alleges the developer and his nephew built the homes and then sold them to low-income home buyers who they knew would not be able to afford them. The indictment said the suspects falsified loan documents to secure financing, and when a dozen homes went into foreclosure, the prices plummeted from the 2006 sale price. According to the U.S. Department of Justice, the family members made more than $4.5 million through the sales, while the broker got $230,000. The banks lost more than $5.5 million. Source: http://www.mercurynews.com/los-gatos/ci_20944864/los-gatos-developer-twoothers-indicted-charges-related

10. June 26, ABC News – (International) Largest cyber sting in history nabs 24 on four continents. An international cyber sting led by the FBI attracted criminals from around the world and led to 24 arrests in what is believed to be a multi-million online financial fraud case, ABC News reported June 26. Eleven people were arrested in the United States, and another 13 were taken into custody by foreign law enforcement officials. Officials called the sting the largest coordinated international police action in history targeting cyber crime. The cyber sting used a Web site created by federal law enforcement officials as the spider web that lured in the alleged criminals. It was dubbed "Operation Card Shop," officials said. The alleged fraudsters could buy and sell stolen credit card numbers, drivers licenses, and bank information on the Web site, as well as discuss general hacking techniques. Agents then identified the suspects and fanned out across four continents to make the arrests. The actions were the result of a 2-year undercover operation led by the FBI. Source: http://abcnews.go.com/Business/largest-cyber-sting-history-nabs-24-continents/story?id=16653993#.T-sjIpFgrNO

11. June 26, U.S. Securities and Exchange Commission – (National) SEC charges founder of equity research firm with insider trading. The Securities and Exchange Commission (SEC) June 26 charged the owner of the California-based equity research firm Insight Research with insider trading. The SEC alleged that from 2006 through 2009, the owner frequently traded in the securities of Abaxis, Inc. based on inside information he received from a close relative employed at Abaxis. He repeatedly traded for himself in advance of the company’s quarterly earnings announcements while in possession of key data in those announcements, reaping approximately $145,000 in illicit profits. In addition to trading in his own account, the SEC alleged he passed the inside data to New York-based Barai Capital Management and Boston-based Sonar Capital Management. The two hedge fund managers — who collectively were paying Insight Research tens of thousands of dollars each month — traded Abaxis securities based on the inside information he provided and reaped more than $7.2 million in illicit gains for their hedge funds. Source: http://www.sec.gov/news/press/2012/2012-121.htm

For more stories, see items 37 below in the Information Technology Sector and 42below in the Communications Sector

Information Technology Sector

36. June 27, Threatpost – (International) Researcher warns of security hole in KeePass password manager. A researcher from Vulnerability Lab said in an e-mail to Threatpost that he discovered a hole in a software filter and validation feature in KeePass Password Manager up to and including v1.22. If exploited, the hole would enable an attacker with access to a machine running the KeePass software to inject malicious script by passing the html/xml export feature a specially crafted file. The security hole is rated "medium" — a reflection of the need for attackers to obtain local access to a vulnerable system, and fool users into taking certain actions to import malicious content without noticing that it is malicious. The researcher said the vulnerability is remote exploitable. Source: http://threatpost.com/en_us/blogs/researcher-warns-security-hole-keepasspassword-manager-062712

37. June 27, Help Net Security – (International) Customized webinjects for Zeus and SpyEye Trojans on sale. Criminals are selling customized webinjects that are priced per feature. For example, one seller offers a webinject for Zeus/SpyEye that contains the automatic transfer system. Initially, criminals used malware-based pricing for selling webinjects. In this model, webinjects were developed for specific malware platforms such as Zeus and SpyEye, and priced per platform. Certain platforms commanded a higher price for webinjects. This pricing system was followed with bulk pricing, where criminals offered discounts for large orders, as well as geography-based pricing, where webinjects costs were determined by the location of the target they were designed to attack. That was followed by production cost pricing, where sellers offered cheaper pre-made webinjects and charged a premium for custom webinjects. The new pricing strategy Trusteer discovered charges for webinjects based on specific features requested and user information they are designed to steal. In one advertisement they came across, the criminal offers to develop webinjects for any malware platform (e.g., SpyEye, Zeus, Ice IX) and target specified by the buyer. Source: http://www.net-security.org/malware_news.php?id=2163&utm

38. June 27, IDG News Service – (International) Gunmen drive into Microsoft's Greece headquarters, set van on fire. Armed men drove a stolen van loaded with gas canisters into the Microsoft Greece headquarters in Athens June 27 and set it on fire, causing damage to the building. "The Microsoft building in Athens, Greece, was attacked by assailants who drove a van through the entrance to the building, ushered the two security personnel out of the building, and then set the van on fire," a Microsoft spokeswoman said. The stolen van was packed with gas canisters and other cans of flammable materials, but no one was injured, local news media reports said. The attack occurred around 4 a.m. Athens time, and the gunmen escaped. Microsoft has more than 150 permanent employees in Greece, according to its Web site. The Microsoft office was closed and the counterterrorism unit of the Greek national police launched an investigation. The reasons behind the attack were not immediately clear. Source:

http://www.computerworld.com/s/article/9228564/Gunmen_drive_into_Microsoft_39_s_Greece_headquarters_set_van_on_fire?source=rss_security&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+computerworld/s/feed/topic/17+(Computerworld+Security+News)&ut

39. June 27, H Security – (International) Chrome 20 closes 23 security holes. Google closed 23 vulnerabilities with the release of Chrome 20. Of those vulnerabilities, 14 are rated critical, enabling attackers to execute code in the browser's sandbox, among other things. Integer overflow vulnerabilities in the code for processing PDF files and Matroska containers (.mkv) were also fixed. Chrome 20 also includes the latest version of Adobe's Flash Player on Linux, using the new cross-platform Pepper API. In testing at the H, it was confirmed the Flash Player support also works on 64-bit Linux systems. Source: http://www.h-online.com/security/news/item/Chrome-20-closes-23-securityholes-1627112.html

40. June 26, Infosecurity – (International) ICS-CERT identifies more security gaps for internet-accessible control systems. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned about additional vulnerabilities to industrial controls systems that are Internet accessible. "ICS-CERT has recently become aware of multiple systems with default usernames and passwords that are accessible via the internet. These systems have not been configured securely with common best practices such as being placed behind a firewall or changing documented default credentials," the security update said. The systems include the Echelon i.LON product — deployed in motors, pumps, valves, sensors, and other control devices — which contains a default username and password. In addition, ICS-CERT warned that certain industrial control systems have weak authentication mechanisms, which are often difficult to fix because passwords often cannot be changed by the user to protect the system. These products include ClearSCADA, Siemens Simatic HMI, and RuggedCom.

Source: http://www.infosecurity-magazine.com/view/26603/icscert-identifies-moresecurity-gaps-for-internetaccessible-control-systems/

For more stories, see items 8 and 10 in the Banking and Finance Sector

Communications Sector

41. June 27, Asbury Park Press – (New Jersey) Cops charge man with discharging fire extinguisher, setting off evacuation of Point Pleasant Beach hotel. June 25, police arrested a man who they said caused a mass evacuation after he discharged a dry chemical fire extinguisher inside a hotel in Point Pleasant Beach, New Jersey. He was charged with causing false public alarm and possession of cocaine. According to a detective, he discharged the fire extinguisher on the third floor of the White Sands hotel. That set off the fire alarms in the hotel, and when police responded, the haze caused by the dry fire extinguisher appeared to be smoke, he said. Police began the evacuation as a precaution. Five fire departments also responded, according to the criminal complaint filed against the defendant. Source: http://www.app.com/article/20120626/NJNEWS/306260064/Cops-chargeman-discharging-fire-extinguisher-setting-off-evacuation-Point-Pleasant-Beachhotel?odyssey=nav|head&nclick_check=1

42. June 25, Boston Globe – (National) Rising sea level a threat in East, study says. The seas along the East Coast from North Carolina to New England are rising three to four times faster than the global average, and coastal cities, utilities, beaches, and wetlands are increasingly vulnerable to flooding, especially from storm surges, according to a U.S. Geological Survey study published June 24. "Cities in the hot spot, like Norfolk, New York, and Boston, already experience damaging floods during relatively lowintensity storms," said the lead author of the study in the journal Nature Climate Change. In Boston, officials began mapping low-lying areas and critical systems that are most likely to be inundated. The maps show that if sea levels rise just 2.5 feet, it could take little more than a Nor’easter to put much of the financial district underwater. The Boston Water and Sewer Commission will begin inspecting hundreds of miles of sewers, storm drain connections, pumping stations, and other utility systems this summer to assess what needs to be done to protect them from rising seas. Some major institutions such as the New England Aquarium already took action to protect their buildings. "As we get further along with climate change, buildings in the city like the aquarium are going to have to look at anywhere water can penetrate," said its chief executive. "People are going to have to think about whether they need sandbags or automatic devices to close off their buildings during storms or high tides. They’re also going to have to think about drainage and how to divert water."

Source: http://articles.boston.com/2012-06-25/metro/32393729_1_sea-levels-powerfulstorms-storm-surges

43. June 25, WTXF 29 Philadelphia – (New Jersey; Pennsylvania) Police report Splash World scare arrest. June 25, New Jersey State Police said a Cumberland County, Pennsylvania man was responsible for a scare at an amusement park in Clementon, New Jersey. Some 5,000 people had to evacuate Splash World when the suspect called in a threat the week of June 18. State police said he also called in a bomb threat to Cumberland Regional High School in Pennsylvania in early June. Source: http://www.myfoxphilly.com/story/18875768/police-report-splash-worldscare-arrest

For more stories, see items 12 and 13 in the Banking and Finance Sector