Department of Homeland Security Daily Open Source Infrastructure Report

Tuesday, June 9, 2009

Complete DHS Daily Report for June 9, 2009

Daily Report

Top Stories

 KSWB 5 San Diego reports that a student was arrested on suspicion of setting off 12 crude homemade chemical bombs in trash cans at San Ysidro High School in San Diego, California on June 5, prompting an hour-long lockdown at the campus but causing no injuries or property damage. (See item 23)


23. June 6, KSWB 5 San Diego – (California) High school student arrested for suspicion of bomb threat. On June 6, San Diego police officials released the name of an 18-year-old high school student who was arrested on suspicion of setting off 12 crude homemade chemical bombs in trash cans at San Ysidro High School the afternoon of June 5, prompting an hour-long lockdown at the campus but causing no injuries or property damage, authorities said. The suspect was booked at San Diego Central Jail on June 5 with a bond set at $860,000, according to jail records. The suspect faces felony charges of detonating explosives and possessing bomb-making materials, authorities said. The suspect who planted the makeshift explosive devices was under arrest within an hour of the explosions, which occurred about 3:15 p.m. in a patio area, according to San Diego police and fire officials. Source: http://www.fox5sandiego.com/news/kswb-sanysidro-bomb,0,3345693.story


 According to IDG News Service, T-Mobile is investigating a claim that a massive amount of internal data has been stolen from the telecommunication operator’s servers, a company spokesman said on Monday. (See item 31)


31. June 8, IDG News Service – (International) T-Mobile investigates alleged data breach. T-Mobile is investigating a claim that a massive amount of internal data has been stolen from the telecommunication operator’s servers, a company spokesman said Monday. On Saturday, a message about T-Mobile was posted to the Full Disclosure mailing list by people who wrote they had unsuccessfully tried to sell the data to T-Mobile’s competitors. They wrote they had pitched the information to the wrong e-mail addresses, but were now willing to sell the data to anyone. Full Disclosure describes itself as an un-moderated forum where people can post information on security vulnerabilities. “We have everything — their databases, confidential documents, scripts and programs from their servers, financial documents up to 2009,” read the message. “We are offering them for the highest bidder.” The hackers then included a raft of data that showed information on operating system versions, applications and IP (Internet protocol) addresses allegedly collected from T-Mobile’s systems. The strings of information listed vendors such as Tibco Software, SAP, Centivia and Teradata whose software T-Mobile supposedly uses. Whether the message is a hoax or real is still not clear. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9134090&taxonomyId=17&intsrc=kc_top


Details

Banking and Finance Sector

10. June 8, MX Logic – (International) Man pleads guilty in brokerage account hacking scheme. A 23 year-old suspect has pleaded guilty to charges of money laundering in connection with a scheme to steal funds from hacked brokerage accounts. Prosecutors said the suspect would receive fund transfers from hacked accounts in bank “drop accounts” he had set up. He would then wire the funds to co-conspirators in Russia using remittance services. The scheme involved infecting brokers’ PCs with Trojan horse software that would steal account numbers and passwords from the brokers when they logged in over the internet. A co-conspirator in the identity theft fraud allegedly used the stolen passwords to access accounts to sell securities and then transfer funds to drop accounts set up by the suspect. The suspect would then wire the stolen funds to Russia. The co-conspirator is believed to be in Russia and out of reach of U.S. law enforcement, according to IDG News Service. Investigators used an unnamed informant to catch the co-conspirator and another man charged in the scheme in the act. The informant set up an account under investigators’ control to which the co-conspirator wired funds stolen from two Charles Schwab brokerage accounts in July 2007. The suspect agreed in his plea arrangement to return $112,000 he made as part of the fraud. Source: http://www.mxlogic.com/securitynews/identity-theft/man-pleads-guilty-in-brokerage-account-hacking-scheme859.cfm


11. June 8, Bank Info Security – (Massachusetts) Bank teller charged in fraud scheme. A former bank teller in Massachusetts has been charged with fraud and aggravated identity theft in a $270,000 fraud scheme. The FBI investigation led to a 25-year-old who worked as a bank teller at a Bank of America branch in Peabody, Massachusetts. The suspect was indicted in U.S. district court on 17 counts of bank fraud, one count of access device fraud, and two counts of aggravated identity theft. The crimes allegedly took place from July 2005 to June 2006, according to the Acting U.S. Attorney. The suspect used his position as bank teller to get access to the accounts and personal data of bank customers who deposited money at the branch he worked from November 2004 to February 2006. The suspect then sold the stolen account information to others, who used the data to make unauthorized withdrawals from customers’ accounts, states the indictment. The suspect shared the proceeds of the unauthorized withdrawals, approximately $270,000, with the others. Unauthorized withdrawals ranged from $2,800 up to $38,100 and hit bank customers from Massachusetts, New Hampshire and New Jersey, says the indictment. Source: http://www.bankinfosecurity.com/articles.php?art_id=1521


12. June 5, Investment News – (New York) Ex-Credit Suisse broker charged with $1B fraud jumps bail. A former Credit Suisse Securities LLC broker indicted in a $1 billion auction rate securities scandal has vanished, federal authorities say. The suspect — along with another former Credit Suisse Securities broker — was scheduled to stand trial this month to face fraud charges filed by the U.S. attorney’s office for the Eastern District of New York in Brooklyn. However, the prosecutors today officially told a federal judge that the suspect has been missing since May 9. He was expected to plead guilty before standing trial June 22. In September, the U.S. attorney’s office for the Southern District of New York in Manhattan charged both men with securities fraud, wire fraud and conspiracy. Going back to 2004, the suspect misled investors who thought that they were buying auction rate securities that were backed by student loans, when in fact the securities were backed by collateralized debt obligations that were linked to subprime mortgages, according to the indictment. Source: http://www.investmentnews.com/apps/pbcs.dll/article?AID=/20090605/REG/906059966


Information Technology


29. June 6, The Register – (International) Adobe’s quarterly patch cycle to commence Tuesday. Adobe Software’s new quarterly patch cycle will commence on Tuesday with an update that patches a severe vulnerability in some versions its Reader and Acrobat products. The program is part of a push by Adobe to beef up security after complaints earlier this year that the software maker was too slow in plugging security holes in its software, which runs on the vast majority of machines running Windows, Mac OS X and Linux. The quarterly release, which will coincide with Microsoft’s Patch Tuesday, is designed to make life easier on people administering large fleets of computers. Up to now, Adobe has issued security updates on an ad hoc basis that frequently fixed a critical vulnerability in one version but not others. Source: http://www.theregister.co.uk/2009/06/06/adobe_quarterly_patch_release/

30. June 5, The Register – (International) Pondlife scammers abuse Air France tragedy. Cybercrooks are once again taking advantage of current events to push malware. Prurient interest in the recent death of an actor is being used to promote Twitter updates containing links to sites punting rogueware. The attack is the latest in a string of assaults over the last week or so that abuse the Trending Topics feature of Twitter to promote scareware. Meanwhile, search engine result poisoning is being used so that searches involving the disappearance of Air France Flight 447 off the coast of Brazil point to scareware affiliate Web sites. The complex attack uses multiple site redirections, as explained in a blog posting by Trend Micro. Source: http://www.theregister.co.uk/2009/06/05/scareware_soc_eng/

Communications Sector

31. June 8, IDG News Service – (International) T-Mobile investigates alleged data breach. T-Mobile is investigating a claim that a massive amount of internal data has been stolen from the telecommunication operator’s servers, a company spokesman said Monday. On Saturday, a message about T-Mobile was posted to the Full Disclosure mailing list by people who wrote they had unsuccessfully tried to sell the data to T-Mobile’s competitors. They wrote they had pitched the information to the wrong e-mail addresses, but were now willing to sell the data to anyone. Full Disclosure describes itself as an un-moderated forum where people can post information on security vulnerabilities. “We have everything — their databases, confidential documents, scripts and programs from their servers, financial documents up to 2009,” read the message. “We are offering them for the highest bidder.” The hackers then included a raft of data that showed information on operating system versions, applications and IP (Internet protocol) addresses allegedly collected from T-Mobile’s systems. The strings of information listed vendors such as Tibco Software, SAP, Centivia and Teradata whose software T-Mobile supposedly uses. Whether the message is a hoax or real is still not clear. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9134090&taxonomyId=17&intsrc=kc_top


32. June 5, Softpedia – (International) Rogue ISP shut down by the FTC. A district court judge has ordered Pricewert, a company incorporated in Oregon, to cease all operations after the U.S. Federal Trade Commission (FTC) filed a complaint against it for knowingly and actively collaborating with cybercrooks, to whom it offered various Internet services. Pricewert, which is headquartered in Belize City, operates as an Internet Service Provider business under various aliases including Triple Fiber Network (3FN), APS Telecom, APX Telecom, and APS Communications. In its complaint against Pricewert, the FTC alleges that the company “recruits and colludes with criminals seeking to distribute illegal, malicious and harmful electronic content via the Internet.” The illegal content includes viruses, trojans, phishing and spam websites, botnet control and command servers, as well as illegal explicit adult material. “Pricewert offers these criminals a full service Internet hosting facility that welcomes content no legitimate Internet Service Provider would ever willingly host,” the FTC notes. In addition to offering hosting services, company representatives are being accused of actually assisting cybercrooks in configuring and deploying botnets (armies of infected computers). Such activity is revealed by logs of ICQ chats in Russian between 3FN’s Head of Programming Department or Senior Project Manager and some of the company’s shady customers. After considering the complaint, the U.S. District Court for the Northern District of California, San Jose Division, granted the motion for a temporary restraining against Pricewert and ordered all of its upstream providers to immediately cut it off the Internet in order to prevent the cybercriminal gangs from moving their illegal content. Additionally, the company’s assets have also been frozen in order to cover potential damages, if proven. Source: http://news.softpedia.com/news/Rogue-ISP-Shut-Down-by-the-FTC-113454.shtml


33. June 4, United Press International – (National) Scientists conduct data center heat study. U.S. researchers are using a simulated data center to develop new methods to reduce the heat generated by large computer equipment. Georgia Institute of Technology scientists said about a third of the electricity consumed by large data centers does not power computer servers, but instead must be used to cool the servers, a demand that continues to increase as computer processing power grows. The Georgia Tech scientists are using a 1,100-square-foot simulated data center to optimize cooling strategies and develop new heat transfer models. Their goal is to reduce the portion of electricity used to cool data center equipment by as much as 15 percent. “Computers convert electricity to heat as they operate,” said a professor. “As they switch on and off, transistors produce heat, and all of that heat must be ultimately transferred to the environment. If you are looking at a few computers, the heat produced is not that much. But data centers generate heat at the rate of tens of megawatts that must be removed.” He said five years ago, a typical refrigerator-sized server cabinet produced about one to five kilowatts of heat. Today, high-performance computing cabinets of about the same size produce as much as 28 kilowatts, and machines now being designed will produce twice as much heat. Summaries of the research have appeared in the Journal of Electronic Packaging and International Journal of Heat and Mass Transfer. Source: http://www.upi.com/Science_News/2009/06/04/Scientists-conduct-data-center-heat-study/UPI-22301244150231/