Thursday, August 2, 2012 


Daily Report

Top Stories
  
 • A suspicious item prompted the crew of a United Airlines flight to Switzerland to divert it to Boston, as two F-15 fighters shadowed the plane July 31. – CNN

18. August 1, CNN – (New Jersey; Massachusetts) Suspicious object that forces plane to divert is unclaimed camera. A suspicious item prompted the crew of a United Airlines flight to Switzerland to divert it to Boston, as two F-15 fighters shadowed the plane July 31, CNN reported August 1. The item, found inside an airsickness bag, turned out to be an unclaimed camera, officials said. United Airlines flight 956 took off from Newark, New Jersey, and was headed to Geneva, Switzerland, when it was diverted to Boston’s Logan International Airport “out of an abundance of caution,” according to a Transportation Security Administration statement. Two fighter jets intercepted and shadowed the plane “as a prudent precaution” after its diversion from Newark, said a spokeswoman at North American Aerospace Defense Command. Source: http://www.cnn.com/2012/08/01/travel/united-flight-diverted/index.html?hpt=hp_t2

 • Air Canada said a passenger found what appeared to be a sewing needle in a catered sandwich on board a flight July 30 from Victoria, British Columbia, to Toronto. –Associated Press

22. August 1, Associated Press – (International) Air Canada passenger finds needle in sandwich on flight. Air Canada said a passenger found what appeared to be a sewing needle in a catered sandwich on board a flight July 30 from Victoria, British Columbia, to Toronto. A spokesman for the airline said that the airline was “working closely with our caterers to ensure heightened security measures have been put in place.” He said the airline contacted the caterers immediately after the discovery July 30. He said a police investigation was under way. A spokesman for Dutch police investigating how needles got into six turkey sandwiches on Delta Air Lines flights from Amsterdam to U.S. cities last July said it was too early to say whether there was any connection with the new incident on Air Canada. A Dutch police officer said Dutch investigators have been interrogating witnesses in the chain of people who had access to the Delta sandwiches, and were examining the actual sandwiches August 1. He said it was too early to rule out a copycat or link with the Air Canada incident, which was also being investigated. Source: http://www.foxnews.com/world/2012/08/01/air-canada-passenger-finds-needle-in-sandwich-on-flight/

 • A man was held without bail July 31 after prosecutors said they found evidence he plotted to kill students and administrators at a high school in Irvine, California, where his son was disciplined before committing suicide. – Associated Press

36. July 31, Associated Press – (California) No bail for UC Irvine professor charged with arson. A University of California professor was held without bail July 31 after prosecutors said they found evidence he plotted to kill students and administrators at a high school in Irvine, California, where his son was disciplined before committing suicide. He is charged with arson for a series of five fires set in early July at University High School, a school administrator’s house, and a nearby park, where his son killed himself in the spring. After his arrest July 24, authorities found emails on his cellphone describing a plot to burn down the high school, commit sexual assaults, and purchase weapons to murder school officials and students there before killing himself, said an Orange County district attorney spokesperson. “I can only at this point tell you, he laid out in sufficient detail plans to purchase guns and murder lots of people,” the deputy district attorney said. Prosecutors believe the suspect was acting alone but it was not clear if he was targeting anyone specifically. After the emails were discovered, the Orange County district attorney spokesperson said the suspect, who was free on bail, was arrested again. “[The emails] support our argument that he should be denied bail because he’s dangerous,” she said. Source: http://www.google.com/hostednews/ap/article/ALeqM5jC5P2_Y49QBHXucDBGMy5BGWHQgg?docId=e5926ecf1f304440aed04dc59dfb6a8f

 • Dropbox said July 31 that one of its employee’s accounts was compromised, leading to a raft of spam in July that irritated users of the cloud-storage service. – IDG News Service See item 42 below in the Information Technology Sector

 • In Colorado alone, insurers estimated that wildfires have caused some $450 million in damage to personal property. Nationally, the U.S. Forest Service is on track for another possible record with nearly $28 million spent so far on burned-area recovery work. –Associated Press

56. July 31, Associated Press – (Colorado; National) Western wildfire recovery likely to take years. In Colorado alone, insurers estimated that wildfires have caused some $450 million in damage to personal property, and that number is expected to grow, the Associated Press reported August 1. Nationally, the U.S. Forest Service is on track for another possible record with nearly $28 million spent so far on burned-area recovery work. The U.S. Department of Agriculture undersecretary said the Federal Government tries to get into burned areas as quickly as possible to predict what some of the fallout might be. The number of fires and total acreage burned in the West this summer was roughly within range of the past decade’s average. But the fires were bigger, they were burning with greater severity, and they were burning areas where the potential impacts were greater. Burned-area response specialists were working in Arizona, Nevada, Utah, and Wyoming to finalize contracts for seeding and mulching, stabilize roads and trails, prep culverts for higher flows of water, and put up warning signs. Charred hillsides are vulnerable to erosion during downpours because they have less vegetation to soak up rain, increasing the likelihood of flooding. In July, a wall of water rushed down New Mexico’s Santa Clara Canyon, washing away months of restoration work done by Santa Clara Pueblo and government contractors. National forests and grasslands provide about 20 percent of the nation’s water supply, according to the Forest Service, and the cost of treating drinking water increases by about 20 percent for every loss of 10 percent of forest land in a watershed. Source: http://www.google.com/hostednews/ap/article/ALeqM5hLHmJrYRzyBBYdr5RbNs3e3FvtRw?docId=60d00504d9f44b7bbd6a7732ddc5

Details

Banking and Finance Sector

13. August 1, Wilkes-Barre Times-Leader – (Pennsylvania) Lupas stole $6M, feds now allege. Aided by co-conspirators, a Plains Township, Pennsylvania attorney defrauded investors of more than $6 million over an 18-year period, federal prosecutors alleged in a new indictment filed July 31. The man convinced clients to invest in a purported trust account with the promise they would earn 5 to 7 percent interest. There was no trust account and he diverted the money for his personal use, according to the indictment. The attorney was originally indicted in March on one count of mail fraud. The new indictment listed eight victims, and charged him with 29 counts of mail fraud and one count each of conspiracy to commit mail fraud and conspiracy to commit money laundering. The indictment also revealed that he had help in perpetrating the alleged scheme, which prosecutors said began as early as November 1993. The attorney and unidentified co-conspirators created false documents that depicted checks he mailed to clients as being “interest” on their trust account as part of a Ponzi scheme. Source: http://www.timesleader.com/stories/Lupas-stole-6M-feds-now-allege,184338

14. August 1, NBC News; Reuters – (International) 2 poker sites agree to forfeit $731 million after prosecutors allege ‘global Ponzi scheme’. The world’s largest poker company and its rival have settled federal money laundering and fraud charges, agreeing to pay $731 million, most of which will be used to reimburse online gamblers, NBC News reported August 1. PokerStars, which is based on the Isle of Man in the United Kingdom, agreed to forfeit the money, including $547 million that will be available to reimburse U.S. customers of the rival, Full Tilt Poker. Full Tilt also agreed to settle and will cease independent operations. Prosecutors said both companies had used false billing codes to deceive banks that would not process gambling transactions, and they said Full Tilt had devolved into a “global Ponzi scheme,” with the big-name players and other owners pocketing hundreds of millions of dollars that were owed to players. Prosecutors accused Full Tilt of lying when it told customers that their accounts were “segregated and held separately” from the company’s operating funds. In the end, it owed more than it could repay without a sale. Source: http://www.msnbc.msn.com/id/48433962/ns/us_news-crime_and_courts/#.UBlB3GGe6NA

15. July 31, Newark Star-Ledger – (New Jersey) Elizabeth man charged in string of 6 armed bank robberies. Federal authorities arrested and charged a man with committing a string of six armed bank robberies during the last nine months, including three in Middlesex County and two in Somerset County, New Jersey, during which he stole more than $105,000, according to officials and a criminal complaint filed July 30. In several of the robberies, the man also sent an accomplice into the bank to case it just moments before he walked in, authorities said. Two accomplices who allegedly worked with the suspect were also arrested and charged. Source: http://www.nj.com/news/index.ssf/2012/07/elizabeth_man_charged_in_strin_1.html

16. July 31, U.S. Department of the Treasury – (International) Treasury sanctions Kunlun Bank in China and Elaf Bank in Iraq for business with designated Iranian banks. The U.S. Department of the Treasury July 31 announced the imposition of sanctions under the Comprehensive Iran Sanctions, Accountability, and Divestment Act of 2010 (CISADA), against two financial institutions for knowingly facilitating significant transactions and providing significant financial services for designated Iranian banks. The financial institutions sanctioned were Bank of Kunlun in China and Elaf Islamic Bank in Iraq. Bank of Kunlun and Elaf Islamic Bank provided financial services to designated Iranian banks and facilitated the movement of millions of dollars worth of international transactions, the statement read. The action against Bank of Kunlun and Elaf Islamic Bank effectively bars them from directly accessing the U.S. financial system. As a result of the sanctions imposed under CISADA, financial institutions may not open correspondent or payable-through accounts for Bank of Kunlun or Elaf Islamic Bank in the United States and any financial institutions that currently hold such accounts must close them within 10 days. Source: http://www.treasury.gov/press-center/press-releases/Pages/tg1661.aspx

17. August 1, Associated Press – (Ohio) Last defendant admits guilt in central Ohio mortgage fraud scheme. The last of 12 defendants pleaded guilty to participating in a $9 million central Ohio mortgage-fraud scheme, the Associated Press reported August 1. The Columbus Dispatch reported that the man pleaded guilty to one count of theft. Prosecutors said the 12 defendants were part of a wide-ranging plot to fraudulently obtain mortgages for homes with inflated values. Most of the loans ended in foreclosure. At the time the indictments came out in 2009, prosecutors estimated that $9 million in loans had been obtained with fraudulent documents for about 24 properties. Source: http://www.therepublic.com/view/story/21e23ba29c78403688187bde050a6011/OH--Mortgage-Fraud-Scheme

Information Technology Sector

41. July 31, Computerworld – (International) Microsoft warns of critical Oracle code bugs in Exchange. The week of July 23, Microsoft warned IT administrators that critical vulnerabilities in code licensed from Oracle could give attackers access to Exchange Server 2007 and Exchange Server 2010 systems. Oracle patched the vulnerabilities in its “Oracle Outside In” code libraries as part of an update July 17 thatfixed nearly 90 flaws in its database software. Exchange, as well as Microsoft’s FAST Search Server 2010 for SharePoint, use the Oracle Outside In libraries to display file attachments in a browser rather than to open them in a locally-stored application, like Microsoft Word. The vulnerabilities are within the code that parses those attachments. “An attacker who successfully exploited these vulnerabilities could run arbitrary code under the process that is performing the parsing of the specially crafted files,” said Microsoft in the security advisory it issued the week of July 23. A successful exploit ofan Exchange server would let hackers “install programs; view, change, or delete data; or take any other action that the server process has access to do.” In the absence of an immediate patch — Microsoft said it is working on an update, but gave no release timetable — the company’s Security Research and Defense blog and the advisory recommended IT administrators temporarily disable those Exchange Server and FAST Search Server features that relied on the Oracle Outside In libraries. Source: http://www.computerworld.com/s/article/9229816/Microsoft_warns_of_critical_Oracl_code_bugs_in_Exchange

42. July 31, IDG News Service – (International) Dropbox blames employee account breach for spam attack. Dropbox said July 31 that one of its employee’s accounts wacompromised, leading to a raft of spam in July that irritated users of the cloud-storage service. A stolen password was used to access the employee’s account, which contained “a project document with user email addresses,” a Dropbox engineer said. The company also found that usernames and passwords that were stolen from other Web sites were used to access “a small number of Dropbox accounts,” he said. In response to the breach, Dropbox said it in a few weeks, it plans to introduce two-factor authentication, such as a system that would send a temporary code to a user’s phone. Source: http://www.computerworld.com/s/article/9229856/Dropbox_blames_employee_account_breach_for_spam_attack

43. July 31, Threatpost – (International) Google Chrome 21 fixes six high-risk vulnerabilities. Google released Chrome 21, the most recent stable version of its browser. The new release includes more than two dozen security fixes, among them patches for six high-priority flaws. Chrome 21 is the rare release from Google that includes fixes for mainly low and medium-severity vulnerabilities. There is only one critical flaw fixed in this release, and that one is present only on Linux. Source: http://threatpost.com/en_us/blogs/google-chrome-21-fixes-six-high-risk-vulnerabilities-073112

44. July 31, Threatpost – (International) Cross-platform flaws a boon for attackers. Microsoft researchers came across a series of malware samples and exploits that show some attackers are beginning to target the same vulnerability across multiple platforms as a way to make the most out of their efforts. Even though Windows and Mac are still separated as platforms, there are a number of applications that run on both operating systems, including Adobe Flash, Reader, and Java. Attackers, not wanting to waste time on small target bases and looking to maximize their profits, are focusing their efforts on vulnerabilities in these applications. Microsoft’s investigation of the way attackers are using cross-platform vulnerabilities began about a year ago when the company’s researchers discovered a backdoor aimed at Mac users. The malware disguised itself as a Google app on the infected machine and then initiated a remote connection to a command-and-control server. Source: http://threatpost.com/en_us/blogs/cross-platform-flaws-boon-attackers-073112

45. July 30, Dark Reading – (International) ‘Luckycat’ APT campaign building Android malware. Windows has been the favorite target of cyberespionage actors for a long time, but newly discovered evidence shows they are also targeting mobile platforms, namely the Android. The attackers behind the recent Luckycat advanced persistent threat (APT)-type attack campaign are in the process of developing malware aimed at the Android, a researcher with Trend Micro said in a presentation at the Black Hat conference the week of July 23. Luckycat, an attack campaign with ties to Chinese hackers that targets Indian and Japanese military research institutions and the Tibetan community, also began targeting Mac OS X users in 2011. Trend Micro researchers found two Android applications in the early phase of development that can communicate with Luckycat’s command and control (C&C) server. The malware is currently capable of gathering information on the mobile device and uploading and downloading files as directed by the C&C server. Source: http://www.darkreading.com/mobile-security/167901113/security/attacks-breaches/240004623/

Communications Sector

46. August 1, Shawnee News-Star – (Oklahoma) Internet disruption: Severed cables disconnect many from World Wide Web. Internet service was down for hundreds, if not thousands, of Allegiance Communications customers in Shawnee, Oklahoma, for most of July 31. A buried fiber optic cable was severed in McLoud, disrupting communication services for most of the day, while crews worked to get the service returned for the greater Shawnee area. The outage affected businesses and residents in Shawnee, including City Hall, as well as customers in Prague, McLoud, and Tecumseh. The Shawnee/Pottawatomie County Emergency Management offices were without email communications, but were still able to conduct business. However, the Shawnee city Web site was down. Allegiance crews completed the work by the evening of July 31 by locating the severed cable and working to run an aerial line in order to return services quickly, and then replacing the buried line later, the Allegiance general manager said. Source: http://www.news-star.com/newsnow/x1814084256/Internet-disruption-Severed-cables-disconnect-many-from-World-Wide-Web

47. July 31, Northland’s NewsCenter – (Wisconsin) Lightning storm forces Northland College’s radio station off-air. Due to a lightning storm July 29, the Northland College radio station in Wisconsin — WRNC 97.7 FM Ashland — is temporarily off the air, Northland’s NewsCenter reported July 31. The lightning storm is believed to have caused a power surge that resulted in the failure of the station’s radio transmitter, according to the radio station’s manager. She said the station may be back on the air by the end of the week of July 30. Source: http://www.northlandsnewscenter.com/news/nw-wisconsin/Northland-College-Radio-Station-Temporarily-off-air-164510506.html

48. July 31, Threatpost – (International) Firm sees more DDoS attacks aimed at telecom systems. Attackers are now using distributed denial-of-service (DDoS) services that offer attacks on telecommunication systems as part of larger attack schemes. These attacks, known as TDoS attacks, can be a relatively cheap option for cyber criminals seeking to diversify their attack vectors. Researchers have seen a series of advertisements and forum posts promoting services that can “flood” both mobile and stationary telephone lines. Often these attacks are used as a distraction while attackers launch simultaneous attacks on their victims, according to a member of Arbor Networks’ Security Engineering and Response Team. http://threatpost.com/en_us/blogs/firm-sees-more-ddos-attacks-aimed-telecom-systems-073112