Department of Homeland Security Daily Open Source Infrastructure Report

Friday, April 30, 2010

Complete DHS Daily Report for April 30, 2010

Daily Report

Top Stories

 The American Forces Press Service reports that a massive oil slick in the Gulf of Mexico that is headed toward U.S. shores is receiving “top-level attention” within the Defense Department as officials evaluate what capabilities it may have to support the response mission, the Pentagon Press Secretary said on Thursday. According to Reuters, fishermen and tourism businesses in the northeast Gulf of Mexico are dreading the possibility that the spill could wreck their livelihoods if it reaches shore. (See items 2 and 35)

2. April 29, American Forces Press Service – (National) Pentagon prepares for possible oil spill response. A massive oil slick in the Gulf of Mexico that is headed toward U.S. shores is receiving “top-level attention” within the Defense Department as officials evaluate what capabilities it may have to support the response mission, the Pentagon Press Secretary said on Thursday. The Defense Secretary, Chairman of the Joint Chiefs of Staff Navy, as well as officials at U.S. Northern Command, the Joint Staff, and the Navy are working in close collaboration with the White House and the Department of Homeland Security to determine what assets are required. In the meantime, planners at Northcom are planning for a variety of possible missions. Military resources could be used to tow and place containment booms, tow skimmers, provide aerial delivery of dispersant chemical or map the oil spill, reported a Northcom spokesman. In the event that the spill reaches shore, military assets could be needed to support beach clean-up, provide incident support bases, or provide other consequence management missions. A defense coordinating officer and defense coordinating element from Northcom’s Region 6 are deploying to support the federal on-scene commander, and their counterparts in Region 4 have been told to prepare to deploy. Meanwhile, the Navy is providing boom and mooring systems, oil skimmer systems and self-propelled MARCO Class V skimmer systems in direct support to the Coast Guard. That support is being provided under an existing pollution clean-up and salvage agreement between the two services. Source:

35. April 29, Reuters – (National) Oil spill fans fears of fishery, tourism damage. Fishermen and tourism businesses in the northeast U.S. Gulf of Mexico are dreading the nightmare possibility that a huge oil spill could wreck their livelihoods if it reaches shore. The threat could not come at a worse time as the oyster season ends and shrimp season is set to begin. The slick threatens the eastern shores of Louisiana and could also affect coastal waters in Mississippi, Alabama, and northwest Florida. The Southern Shrimp Alliance told the National Marine Fisheries Service in Washington this week it could help with prevention and clean-up. “They are willing to pull booms if they have to,” said a spokeswoman for the non-profit trade alliance. “The timing of this could be horrible.” U.S. landings of shrimp were valued at $442 million in 2008, up 2 percent from the previous year, according to the National Marine Fisheries Service. The industry fears a southerly wind could keep oil off the coast but push the shrimp into the slick, she said. The slick could also hit the tourism sector that is vital to Gulf Coast economies. In Alabama, coastal residents and businesses were “frantic” about the possible impact if the slick was blown east, said the director of the Dauphin Island Sea Lab, a state marine research facility. Tourists spent $2.3 billion on Alabama’s beaches in 2008, supporting 41,000 workers, according to the Alabama Gulf Coast Convention and Visitors Bureau. But Alabama’s beaches would be easier to clean than salt marshes and oyster reefs. The lab director said the state’s oyster fisheries are in “immediate jeopardy.” Source:

 The Washington Times reports that U.S. Northern Command in Colorado withdrew from major participation in the National Level Exercise that tests its response with the Department of Homeland Security and local governments to a nuclear attack. Some officials say that what is now planned for this month will be a waste of time. (See item 57)

57. April 27, Washington Times – (National) Military cancels nuclear attack test. The U.S. military has canceled a major field exercise that tests its response to a nuclear attack, angering some officials who say that what is now planned for this month will be a waste of time. U.S. Northern Command in Colorado withdrew from major participation in the National Level Exercise (NLE), a large-scale drill that tests whether the military and the Department of Homeland Security can work with local governments to respond to an attack or natural disaster. The exercise was canceled recently, after the planned site for a post-nuclear-attack response — Las Vegas — pulled out in November, fearing a negative impact on its struggling business environment. A government official involved in NLE planning said a new site could not be found. The official also said the Northern Command’s exercise plans for “cooping” — continuity of operations, during which commanders go to off-site locations — also had been scratched. “All I know is it’s been turned into garbage,” said the official, who asked not to be identified because of the sensitivity of the information. The NLE, which is supposed to be a series of hands-on exercises to test the system in the event terrorists use a nuclear device, has become instead a “tabletop exercise at best,” the official said. The field exercise in Las Vegas was to simulate terrorists detonating an improvised nuclear device assembled with smuggled weapons-grade uranium. Created after the September 11th attacks, the NLE is the country’s largest exercise of its kind — combining activities among the military, Department of Homeland Security, and local governments to test their joint, emergency response capabilities. Source:


Banking and Finance Sector

21. April 29, Foster’s Daily Democrat – (New Hampshire) State warns consumers about loan scam. The New Hampshire attorney general and the banking commissioner wish to warn consumers about Laconia Loan Services, an Internet loan scam, which purports to offer loans that require individuals to pay a large fee upfront. The attorney general’s office and the New Hampshire Banking Commission, as well as the Laconia Police Department, have received complaints about Laconia Loan Services (LLS) from consumers who, thinking they are going to be receiving a loan, have wired large amounts of money through Western Union to addresses in Spain given to them by LLS. After wiring the funds, LLS has failed to provide the loans. LLS is an Internet loan company which uses a Laconia, New Hampshire address on its paperwork. It is not located at this address. LLS is in no way affiliated with Laconia Savings Bank. The attorney general’s office and the banking commission arranged to have LLS’ toll-free telephone number shut down, but the business had already obtained another number. LLS’ Web site has also been closed down. Consumers are urged not to do business with LLS or any other Internet loan business without first contacting the attorney general’s office or the banking commission. Source:

22. April 29, Wichita Eagle – (National) FDIC: Hacker attacks are risk for businesses. A federal bank regulator is concerned about what he or she said are cybercriminals targeting small and midsize businesses. The Federal Deposit Insurance Corporation said such attacks are on the rise. It plans to begin addressing the problem at a symposium next month in Washington, D.C. “Our analysis of Financial Crimes Enforcement Network’s Suspicious Activity Reports indicates that bank losses related to computer intrusion or wire transfer have increased as of last fall,” said the director of the FDIC’s division of supervision and consumer protection. “We must do everything we can to keep electronic payments of all types safe.” The FDIC said the fraud has “resulted in losses in the millions, and frayed business relationships and litigation affecting both banks and businesses.” The specific issue is what the FDIC calls “corporate account takeover schemes.” Those involve criminals gaining access to a business’s online banking account by way of a password and user name or through hacking, another FDIC spokesman said. The criminals then make fraudulent electronic funds transfers. “This is happening all across the country,” he said. Source:

23. April 28, U.S. Government Accountability Office – (National) Better communication could enhance the support FinCEN provides to law enforcement. Better communication could enhance the support the Financial Crimes Enforcement Network (FinCEN) provides to law enforcement, the Government Accountability Office (GAO) has found. It detailed steps that could be taken to improve anti-money-laundering efforts in a study issued April 28. The GAO noted that in December 2009, it found that the majority of 25 Law Enforcement Agencies (LEA) surveyed found FinCEN support useful in their efforts to investigate and prosecute financial crimes. But the GAO also found that FinCEN could enhance its support by better informing LEAs about its services and products and actively soliciting their input. GAO recommended that FinCEN establish a process for soliciting input regarding the development of its analytic products. FinCEN agreed with the recommendation and in April 2010 outlined a number of steps it plans to take to better assess law-enforcement needs, including ongoing efforts to solicit input from LEAs. GAO recommended that FinCEN develop a mechanism to collect sensitive information regarding regulatory changes from LEAs. In April 2010, FinCEN reported that it developed an approach for collecting sensitive information without making the comments publicly available. Source:

24. April 28, WBRC 6 Birmingham – (Alabama) Former bank employee indicted for fraud, theft. A federal grand jury April 28, indicted a former Regions Bank (Alabama) employee on fraud and identity theft charges. A U.S. attorney, in a statement to FOX6 News, said the 33-year-old suspect of Birmingham, Alabama was indicted on 11 counts of mail fraud, bank fraud, and aggravated identity theft. In June 2008, the suspect applied for a Capital One credit card in the name of a Regions Bank customer who did business at the branch where the suspect worked. The suspect received the credit card through the mail, used it for more than a year, and sometimes made payments on the card bill with money he took from the same customer’s Regions Bank accounts. The indictment also charges that, from October 2008 to September 2009, the suspect made unauthorized cash withdrawals from accounts of three Regions customers, including the one in whose name he had obtained the Capital One credit card. Between June 2009 and September 2009, the suspect also made unauthorized electronic withdrawals from accounts of two of these Regions customers, causing the money to be transferred to a PayPal account he controlled, the indictment says. The U.S. attorney said this prosecution is connected to the U.S. President’s Financial Fraud Enforcement Task Force. Source:

25. April 28, Chicago Tribune – (Illinois) Serial robber suspected in suburban bank heists. A man who robbed an Arlington Heights bank today is suspected in at least four other Chicago-area bank heists this month, authorities said. At approximately 4:10 p.m., the man walked into the Village Bank and Trust at 311 S. Arlington Heights Road and demanded money, although he did not display a weapon. He left the bank on foot, eastbound into a residential neighborhood, Arlington Heights police said. Police searched the area with officers and dogs but did not find him. The FBI believes the same man is responsible for four other bank robberies and an attempted robbery in the last month, a spokesman said. According to information the FBI posted on the Web site, the same robber hit the TCF Bank at 950 W. Meacham in Schaumburg April 5, the Harris Bank at 1680 W. Algonquin Road in Hoffman Estates April 12, the Harris Bank at 10 Huntington Lane in Wheeling April 16, and the Harris Bank at 1 S. Arlington Heights Road in Elk Grove Village April 21. According to the FBI, witnesses in the first heist described the robber as a white man in his early 20s, about 5-foot-10 and 185 pounds, brown hair, and wearing blue jeans, a gray sweatshirt and dark sunglasses. Source:

26. April 28, – (International) Barclays security chief: assume all networks are compromised. IT security professionals should operate under the assumption that their networks are compromised, and look at ways to ensure that the system works regardless, according to the head of information risk management at Barclays. He argued during a panel debate at Infosecurity Europe April 28 that it is wrong for security chiefs to try to create a “bubble of safety” in their systems because it is a false hope given the numerous threats and flaws. He clashed with his fellow panelists, both heads of information security at large multinationals, arguing that users do not benefit from feeling that they are being “watched” and should not be treated like children. It is the information security professional’s responsibility to educate users so that they can make the right decisions, according to the Barclay’s executive. “I believe that it is not all the user’s fault. Users generally make informed and sensible decisions, and our goal is to educate and inform them,” he said. Source:

27. April 28, U.S. Government Accountability Office – (National) FinCEN needs to develop its form-revision process for suspicious-activity reports. The Financial Crimes Enforcement Network (FinCEN) must further develop its form revision process for suspicious-activity reports to better enforce the Bank Secrecy Act, according to a new Government Accountability Office (GAO) report. Issued April 28, the study found that from 2000 through 2008, total Suspicious Activities Report (SAR) filings by depository institutions increased from about 163,000 to 732,000 per year. Representatives from federal regulators, law enforcement, and depository institutions with whom the GAO spoke attributed the increase mainly to two factors. First, automated monitoring systems can flag multiple indicators of suspicious activities and identify significantly more unusual activity than manual monitoring. Second, several public-enforcement actions against a few depository institutions prompted other institutions to look more closely at client and account activities. Other factors include institutions’ greater awareness of and training on Business Software Alliance (BSA) requirements after September 11, 2001, and more regulator guidance for BSA examinations. FinCEN and law-enforcement agencies have taken actions to improve the quality of SAR filings and educate filers about their usefulness. Since 2000, FinCEN has issued written products with the purpose of making SAR filings more useful to law enforcement. FinCEN and federal, law-enforcement agency representatives regularly participate in outreach on BSA/anti-money laundering, including events focused on SARs. Law-enforcement agency representatives said they also establish relationships with depository institutions to communicate with staff about crafting useful SAR narratives. According to FinCEN officials, it is taking additional steps toward obtaining greater collaboration with law-enforcement agency representatives, prosecutors, and multi-agency law-enforcement teams and others to determine the contents of the form, but it is too soon to determine the effectiveness of the process. Source:

Information Technology

59. April 29, – (International) Russia dominating automated-malware kit market. Russia is dominating the market for automated malware creation kits that are sold online to phishers and data thieves. A new report from M86 Security, entitled “Web Exploits: There’s an App for That,” found that the majority of new malware-creation kits, such as Adpack and Fragus, are being sold in Russia The company had seen a big increase in the size and complexity of such kits, and said that more than a dozen had launched in the past six months. “People can launch attacks without even knowing a line of code, and the infrastructure now exists to pay the attacker per exploit achieved,” said the vice president of technology strategy at M86 Security. “With an attack kit, there is literally ‘an app for that’ and it is driving the explosive growth in Internet-borne threats such as spam and zero-day attacks with new kits popping up every day.” Software to automatically generate malware has been around for some years, but has now evolved into a complex business. Some kits just offer code generation, while others sell full-service packages that update the creation engine to keep ahead of security companies. The report also found a thriving trade in third-party payments, where attackers receive a commission based on the amount of third-party malware installed on a victim’s system. Source:

60. April 29, Help Net Security – (International) India now the primary producer of viruses. India has pushed Korea into second place and taken over the mantle of the world’s largest producer of Internet viruses, according to analysis of Internet threats in April by Network Box. India now accounts for just under 10 percent of the world’s viruses, ahead of Korea at 8.24 per cent and the U.S. at 6.7 percent. India is also becoming a more dominant force in spam production and intrusions: 7.4 percent of the world’s spam now originates from India; and the country is responsible for 8.6 percent of intrusions. This trails the U.S., which still produces more spam than any other country (11.9 percent). It was revealed earlier in the month that computer networks in India were compromised by Chinese hackers using social networking sites to compromise computers in India, and also attack the India High Commission in the UK. Source:

61. April 29, Computerworld – (International) PDF exploits explode, continue climb in 2010. Exploits of Adobe’s PDF format jumped dramatically last year, and continue to climb during 2010, a McAfee security researcher said April 28. Microsoft, meanwhile, recently said that more than 46 percent of the browser-based exploits during the second half of 2009 were aimed at vulnerabilities in Adobe’s free Reader PDF viewer. According to a security strategist with McAfee Labs, the percentage of exploitative malware targeting PDF vulnerabilities has skyrocketed. In 2007 and 2008, only 2 percent of all malware that included a vulnerability exploit leveraged an Adobe Reader or Acrobat bug. The number jumped to 17 percent in 2009, and to 28 percent during the first quarter of 2010. “In the last three years, attackers have found PDF vulnerabilities more and more useful, for a couple of reasons,” the security strategist said. “First of all, it is increasingly difficult for them to find new vulnerabilities with the operating system and within browsers that they can exploit across the different versions of Windows. And second, Reader is one of the most widely deployed applications that allows files to be accessed or opened within the browser.” Source:

62. April 29, Wall Street Journal – (International) Beijing to impose encryption disclosure rules. China is set to implement new rules that would require makers of certain electronic equipment to disclose key encryption information to be eligible for government procurement sales, creating a possible showdown with foreign companies that are unlikely to comply. Beginning May 1, makers of six categories of technology products, including smart cards, firewall technology, and Internet routers, will have to disclose encryption codes to authorities for certification to participate in bidding for government purchases. Such encryption information is closely guarded by companies, and industry officials say foreign companies that fall under the new rules are unlikely to comply, which could mean they are cut off from government contracts for those products. The product categories covered by the encryption rules account for tens of millions, or possibly hundreds of millions, of dollars a year in government sales, industry officials estimate. That’s a small fraction of the many tens of billions a year China’s government spends on procurement. Still, the dispute is the latest illustration of recent tension between Chinese authorities and foreign businesses over a range of regulatory policies. Source:

63. April 28, Computerworld – (International) Major malware campaign abuses unfixed PDF flaw. Several security companies today warned of a major malware campaign that tries to dupe users into opening rigged PDFs that exploit an unpatched design flaw in the PDF format. Users who open the attack PDFs are infected with a variant of a Windows worm known as “Auraax” or “Emold,” researchers said. The malicious messages masquerade as mail from company system administrators and come with the subject heading of “setting for your mailbox are changed,” said a research engineer in CA Inc.’s security group. A PDF attachment purportedly contains instructions on how to reset e-mail settings. “SMTP and POP3 servers for ... mailbox are changed. Please carefully read the attached instructions before updating settings,” the message states. In reality, the PDFs contain embedded malware and use the format’s /Launch function to execute that malware on Windows PCs running the newest versions of Adobe Systems Inc.’s Acrobat application or its free Adobe Reader, as well as other PDF viewers, such as Foxit Reader. Source:

64. April 28, IDG News Service – (Texas) Texas man set to admit building botnet-for-hire. A Mesquite, Texas man is set to plead guilty to training his 22,000-PC botnet on a local Internet Service Provider — just to show off its firepower to a potential customer. The suspect will plead guilty to charges that he and another man built a custom botnet, called Nettick, which they then tried to sell to cybercriminals at the rate of $0.15 per infected computer, according to court documents. On August 14, 2006, the pair allegedly used part of Nettick to attack a computer hosted by The Planet. Apparently, that was just a test, to show that the botnet was for real. “After the test, the bot purchaser agreed to buy the source code and the entire botnet for approximately $3,000,” prosecutors said in the indictment against the two men. The first suspect will plead guilty Thursday in federal court in Dallas, according to his attorney. The second suspect has pleaded innocent in the case and is set to go to trial May 17. Both men face a maximum of five years in prison and a $250,000 fine on one count of conspiring to cause damage to a protected computer and to commit fraud. Source:

65. April 28, The Register – (International) Online anonymity fueled ‘Web War’ on Estonia. The attacks that paralyzed Estonian Internet traffic for three days in 2007 were fueled by online anonymity and a phenomenon known as contagion, according to a report by three academicians. The paper, titled “Storming the Servers: A Social Psychological Analysis of the First Internet War,” is among the first to study the social and psychological forces that contributed to the massive DDoS, or distributed denial of service, attacks on Estonia. They are likely to play out in future online conflicts, the authors warn. Chief among the contributors was the anonymity of online interactions, which the authors said created a disregard for established social mores. “Participants in the attacks both transmitted instructions on how to participate and took part in the DDoS attacks themselves from the privacy of their offices, Internet cafes, and homes,” the paper explains. “One of the many ways in which communication via the Internet differs from face-to-face communication is the relative anonymity afforded by the communication mode.” Anyone who has ever participated in an online discussion knows that the potential runs high for flaming and other highly aggressive behavior. The paper speculates that the relative anonymity that comes with online interaction may be to blame because it decreases the effect of an individual’s internal standards of conduct. The resulting lack of accountability may have spurred on people who were already angry at Estonia. Source:

66. April 28, Government Computer News – (International) Microsoft reissues Windows 2000 Server security fix. On April 28, Microsoft released an updated critical fix for Windows Media Services on Windows 2000 Server. The revamped bulletin, MS10-025, addresses a “privately disclosed” bug that could enable remote code execution attacks. The bulletin was reissued less than a week after Microsoft pulled the initial fix from its April monthly security-patch rollout. Microsoft explained at that time that the fix did not “address the underlying issue effectively.” The company added that it was not aware of active attacks seeking to exploit the vulnerability. Some security experts believe that Microsoft recently received private, third-party reports that the patch did not correctly address the vulnerability and therefore pulled it for a reconfiguration last week. For its part, Microsoft said that the new update remedies the remote code execution exploit, which takes advantage of stack overflow in Windows Media Services. Windows Media Services is an option in Windows Server 2000 that supports streaming media applications. Source:

Communications Sector

67. April 29, – (International) Damaged submarine cable now fixed, says Etisalat. Frustrated Internet users in the UAE may finally be able to get back to watching video clips on YouTube and uploading pictures to Facebook, following the April 29 announcement that the damaged submarine cable largely responsible for connecting the country to the rest of the world has been fixed. The Sea-Me-We 4 cable has been out of action for two weeks, and although UAE internet providers Etisalat and Du say bandwidth has not been affected because traffic has been re-routed, users have complained of dramatically reduced speeds. Earlier April 29, a spokesman for Etisalat told CommsMEA: “[The repair work] has been completed and now all operators are re-routing their traffic. This will take some time, but by tonight it should be back to normal.” Repair work to fix the affected section of the cable was scheduled to start April 17, but it was pushed back to April 24 due to bad weather in the Mediterranean Sea before finally beginning April 25. Source:

Department of Homeland Security Daily Open Source Infrastructure ReportDepartment of Homeland Security Daily Open Source Infrastructure Report

Thursday, April 29, 2010

Complete DHS Daily Report for April 29, 2010

Daily Report

Top Stories

 The Federal Way Mirror reports that a suspicious object found at the Rainier View Elementary School playground in Washington on Monday turned out to be a six-inch pipe bomb, according to a King County sheriff's spokesman. The school was put into lockdown. (See item 45)

45. April 26, Federal Way Mirror – (Washington) Pipe bomb found at Rainier View Elementary in Federal Way. A suspicious object found at the Rainier View Elementary School playground in Washington Monday turned out to be a six-inch pipe bomb, according to a King County sheriff's spokesman. The pipe bomb was found during morning recess. The school was put into lockdown at 10:20 a.m. and the lockdown was lifted at 12:22 p.m. The King County Sheriff's Department was called to the school at 3015 S. 368th St. in unincorporated King County. The bomb squad came in and picked up the bomb. Students and staff were all safe. Shortly after the all clear was given Monday at Rainier View, a bomb threat was reported at Todd Beamer High School at 35999 16th Ave. S. The school was evacuated. Police inspected the school and found nothing suspicious. Staff and students were able to return to the school at 1:30 p.m. Federal Way Police are continuing to investigate the threat, which came from a phone call. Source:

 According to the Associated Press, police arrested two men and a woman suspected of planning to bomb an IBM Corp. research facility near Zurich, Swiss media reported on Monday. The arrests occurred on April 15. (See item 51 below in the Information Technology Sector)


Banking and Finance Sector

13. April 28, Daily Bruin – (California) Duffel bag prompts examinination by Los Angeles Police Department bomb squad. A duffel bag left in the parking structure of Chase Bank in Westwood, California April 27 was deemed nonexplosive by the Los Angeles Police Department (LAPD) bomb squad at 2 p.m. The bomb squad arrived at Chase Bank at 1:30 p.m. to examine the bag, which was thought to be suspicious, a LAPD sergeant said. A note on the outside of the bag read "Keep away confidential," according to police. The bag belonged to a homeless person and contained clothes and other miscellaneous items, the sergeant said. While police were investigating, several Westwood intersections were blocked off, and foot traffic around the bank was redirected. Source:

14. April 28, Patriot Ledger – (Massachusetts) Four charged with credit-card fraud at South Shore Plaza. Police arrested four, New York City residents on credit-card fraud charges at South Shore Plaza in Braintree, Massachusetts. They were charged with credit-card fraud, forgery of a credit card, and conspiracy. A Braintree deputy police chief said a detective and a officer were checking the parking lot near Lord & Taylor April 26 when they saw two men acting suspiciously in a Toyota RAV4. The officers allegedly saw the rear seat passenger "tearing stickers off a gold-colored Visa credit card," the deputy police chief said. In all, the officers saw more than 20 credit cards on the passenger's lap and on the seat, police said. They searched the passenger and found $1,630 in cash, the deputy police chief said. The two suspects in the vehicle were taken to the mall's police substation for further questioning. On the way, the deputy police chief said officers saw another man duck between two parked cars. He was also taken in for questioning. The final suspect was picked up when she returned to the vehicle with a laptop computer purchased from the Apple Store, the deputy police chief said. The officers found that the account numbers on the credit cards had not been issued by the card company and were either stolen or fraudulent, he said. Officers recovered 16 fraudulent credit cards and 25 others that had not been programmed with account information. Also recovered were $2,200 in cash, and two laptop computers believed to have been purchased with the fraudulent cards from Apple stores at the mall and in Dedham. Source:

15. April 27, ComputerWorld – (International) Man gets 81 months, $2.5-Million fine for stock scheme. An Indian national was sentenced Monday to 81 months in prison for hacking into online brokerage accounts and using those accounts to manipulate stock prices for personal gain. The 36-year-old suspect of Chennai, India, was also ordered to pay close to $2.5 million in restitution to the more than 90 people and seven brokerage firms that were victims of his illegal capers. In February, the suspect pleaded guilty in federal court in Omaha, Nebraska, to one count each of conspiracy to commit wire fraud, securities fraud, computer fraud and aggravated identity theft. He was arrested in Hong Kong and extradited to the U.S. last June. He had initially pleaded not guilty to the charges, but changed his mind earlier this year. One of his accomplices had in June 2008 pleaded guilty on the same charge and was sentenced to a two-year term. However, that suspect was deported to India last year before completing his prison term. A third conspirator, who has been indicted on 23 criminal counts including computer fraud and aggravated identity theft, remains at large. Court documents said the Indian man and his accomplices ran a hack, pump and dump scheme in which they would buy large volumes of thinly traded stocks and then sell those stocks after fartificially inflating their price. Between February 2006 and December 2006, the suspect and his cohorts, all of whom operated out of Chennai and Thailand, hacked their way into numerous brokerage accounts at investment companies including Omaha-based T.D. Ameritrade, E*Trade, Schwab, and Fidelity. The documents do not describe how the three gained access to customer accounts at these firms. However, all three appear to have somehow gained access to the full names, addresses, Social Security Numbers and other personal details of their victims. Source:

16. April 27, WPEC 12 West Palm Beach – (Florida) Police looking for high tech ATM scammers. Police are looking for some high-tech ATM scammers in Palm Beach Gardens, Florida. In a new scam, suspects are placing high-tech devices on ATM's to swipe both card and personal identification numbers at the same time. Transactions process normally, but the card data and pin numbers are captured and saved. Often the devices are indiscernible from real ATM parts. Once the information is captured, the scammers can make fake, ATM cards with the information and access the victims' bank accounts. Incidents like this have been happening nationally, and Palm Beach Gardens police have recorded three incidents. The most recent took place at the Bank of America at 5560 PGA Blvd where a customer discovered a skimming device had been installed over the ATM's card slot. The customer tugged at the device and it came off, then took the device and contacted police. Immediately after the customer left with the device, two men were captured on the ATM's security camera removing a video camera from the ATM's overhang. They were gone by the time police arrived. Authorities said that it is unusual to actually recover a skimming device. The one recovered in this incident has been sent for forensic analysis. Source:

17. April 27, SCMagazine – (National) U.S. businesses face skimming-fraud increase. U.S. banks are grappling with a recent increase in skimming attacks, which are being carried out by Eastern European gangs aiming to steal consumer bank account numbers and Personal Identification Numbers, according to a Gartner analyst. These types of attacks are not new, but the scale and the organization behind them is, the Gartner vice president told April 27. Over the past six months, fraudsters increasingly have been mounting well-organized and systematic attacks that involve placing skimming devices on not just ATM machines — the most commonly targeted device — but also point-of-sale systems and gas-pump card readers. The analyst said she heard about the increase in skimming at a recent fraud conference attended by officials from numerous financial-services firms. Source:

18. April 27, North Platte Bulletin – (Nebraska; National) Nebraskaland Bank pounces on 'phishing' scam. Nebraskaland National Bank took quick action April 27 to stop a "phishing" e-mail that apparently went out across the country. This phishing e-mail was sent at 7:55 a.m. notifying readers of "a new security message" at the bank. The readers were asked to click on the link: At that link, they were asked to enter a password and other information, such as their name, address and Personal Identification Number. Bank officials immediately began contacting Internet-security companies such as Norton and McAfee, as well as Internet search engines. In less than two hours the phony Web site was blocked with red warnings, and IT-security providers automatically advised their clients not to enter. Apparently, the e-mail was part of a widespread effort to collect passwords and bank account numbers. "We received calls from all over the nation," a bank spokesman said, "including a gentleman from Austin, Texas who said he got a similar e-mail from nine other banks. He didn't have an account at any of them." Source:

19. April 27, WCTV 11 Tallahassee – (National) There is lots of mortgage fraud in Florida and Georgia. An annual report by the Lexis Nexis Mortgage Asset Research Institute has Florida ranked as the tops in mortgage fraud for 2009, while Georgia came in 8th. Fraud includes lying on a mortgage application, but this year much of the fraud stemmed from inaccurate appraisals. A Valdosta State University economics professor said he was surprised to see so many cases as a result of appraisals. "Appraisers can give you numbers that may not be reflective of what's truly going on in the economy," he said. "Certainly one issue is just the sheer volume of foreclosure issues. Florida and Georgia both have lots of foreclosures, and that makes it difficult to find three, comparable homes for an accurate appraisal." The report said mortgage fraud and misrepresentation increased 7 percent from 2008 to 2009. Source:

20. April 27, WPBF 25 West Palm Beach – (Florida) Man wearing raincoat robs bank, claims he has bomb. A man wearing a raincoat left a Pompano Beach, Florida bank with a bag full of cash Monday morning after claiming he had a bomb, the Broward Sheriff's Office said. The robbery occurred at the Wachovia at 3885 N. Federal Highway about 9 a.m. Detectives said the man entered the bank, approached the teller, placed a black bag on the counter and told her it was a bomb. He then instructed the teller to fill a bag with money and threatened to detonate the bomb if she did not follow his instructions. The man then ran out of the bank. Surveillance video shows the man wearing a raincoat with the hood over his head and dark sunglasses to hide his face. Source:

21. April 27, Forbes – (National) Inside the brains of a professional, bank-hacking team. Following the cyberspying breaches at Google, Adobe, Yahoo!, Intel, Juniper and others, there has been much discussion and dissection of targeted attacks. But rarely is an individual operation laid out in step by step detail. And rarer still is an account told from the hacker's perspective. But just such an account has been provided by the individual who runs Netragard, a cybersecurity consultancy that, among other services, performs penetration tests on clients to expose their security vulnerabilities. In a blog post April 26, the consultant laid out a recent hacking operation that his SNOsoft research team was hired to perform on a bank client. Though he does not name the target, he describes step by step the social engineering involved in sussing out the bank's defenses, including staging a fake job interview with unwitting employees of the company. The technical strategy for breaching the bank's defenses — a targeted, booby-trapped, PDF attachment — is not a surprise. But the detailed description of the preparation for that exploit is a rare window into the hacking process. Source:

Information Technology

47. April 28, The Register – (International) Hackers crack Ubisoft always-online DRM controls. Hackers have overcome Ubisoft's controversial DRM system that relied on constant connection to the Internet for games to function. A crack for Ubisoft's anti-piracy system published by a group called Skid Row allows gamers to circumvent the controls for games such as Assassin's Creed II. A message from the group on a gamers' forum sets out the group's agenda: allowing legitimate copies of PC games to be played without an Internet connection, rather than facilitating piracy. Skid Row sarcastically thanks Ubisoft for posing an interesting intellectual challenge. A security researcher at Sunbelt Software and a long-time gamer, told The Register that Ubisoft's controls were fundamentally misconceived. "In general, it seems DRM restrictions in gaming are becoming more intrusive and creating problems for genuine customers, rather than the pirates who happily bypass these measures every time," he said. "PC gaming should be about portability — what use are games you can't play at the airport or on a train if you can't get online?" Source:

48. April 28, DarkReading – (International) Costs of data breaches much higher in U.S. than in other countries, study says. A data breach in the United States could cost enterprises twice as much as the same breach costs companies in other countries with less stringent disclosure and notification laws, according to a study published April 28. The study, conducted by the Ponemon Institute and sponsored by security vendor PGP, is an extension of the companies' previous cost-of-breach research that examined regional differences in the costs inflicted by compromises of enterprise data. In a nutshell, the study finds breaches are much more expensive in countries that have stringent regulations than in countries that do not. "The overarching conclusion from this study is the staggering impact that regulation has on escalating the cost of a data breach," said the chairman and founder of The Ponemon Institute. "The U.S. figures are testament to this, and it is clear that as breach-notification laws are introduced across the rest of the world, other countries will follow the same pattern, and costs will rise." The study examined breach costs in five countries: the United States, the United Kingdom, Germany, France, and Australia. In the U.S., where 46 states have introduced laws forcing organizations to publicly disclose the details of breach incidents, the cost per lost record was 43 percent higher than the global average. In Germany, where equivalent laws were passed July 2009, costs were second highest — 25 percent above the world-wide average. In Australia, France, and the U.K., where data-breach notification laws have not yet been introduced, costs were all below the average. Source:

49. April 28, IDG News Service – (International) New storm worm may not last long. A new variant of the Storm worm has emerged, but it does not appear to be as well-designed as its older relative, according to computer-security researchers. The Storm worm first appeared in early 2007 and spread quickly, making it one of the most prolific and widespread worms ever. Once it infected people's computers, the worm sent million upon millions of spam messages. The Shadowserver Foundation, which tracks botnets, first received a sample of the new version of the worm April 13, said a researcher via instant message. The worm was then reverse-engineered by the Honeypot Project, which studies Internet threats. The new worm was found to be based on the old code, but some of the elements that made Storm difficult to disrupt were gone, according to a blog post from the organization. The new Storm does not communicate using a peer-to-peer system, a decentralized way to have computers infected with the code communicate with each other and receive new spam instructions. That may be because researchers have effectively disrupted peer-to-peer botnets, the researcher said. The new Storm communicates via HTTP traffic, but it is programmed to receive instructions from one IP (Internet Protocol) address hosted by a server in the Netherlands. The ISP hosting that server has been contacted, the researcher said. Since it is receiving instructions from just one IP address, it means the new Storm may not last that long. Source:

50. April 27, KUSA 9 Denver – (International) New twist on old scam defrauds Facebook users. A new phishing fraud is a frenzy on Facebook. Thousands of folks have fallen victim to an old scam with a new twist. The Colorado attorney general wants to change Facebook liability rules "This is the very first time I have seen it but I am not surprised," the CEO of Vertical IT Solutions in Tampa, Florida said. The CEO was an intended target himself. He got an e-mail from what he thought was Facebook. It asked him to "reset his password" by clicking on an attachment. But being an Internet-security expert, he knew better. "No organization can send you an e-mail requesting you to change your password. No organization does that," he said. He said that this policy was put in place after the Bank of America phishing scam that hit thousands of Americans last year. That scam was a more direct route to get to people's personal information, like passwords, account information and ultimately money. This Facebook scam is a more roundabout route but still effective, since most people tend to use the same password for everything. "Spoofing Facebook and having them capture that confidential information, I mean, it is ingenious," the CEO said. Source:

51. April 26, Associated Press – (International) Swiss police foil bomb attack against IBM. Police have arrested two men and a woman suspected of planning to bomb an IBM Corp. research facility near Zurich, Swiss media reported Monday. Prosecutors said two Italians and a Swiss national suspected of planning a bomb attack against an international company had been arrested, but declined to confirm the target. They said the arrests occurred April 15 near Rueschlikon about 6 miles (10 kilometers) south of Zurich. Police discovered "explosive and further items in their car" as well as a note "indicating a planned attack on the branch of an international company," said a spokeswoman for the federal prosecutors office. All of those arrested remain in detention, she said. The SonntagsBlick newspaper reported the suspects intended to attack a nanotechnology research facility that IBM Corp. is building in Rueschlikon. Source:

For more stories, see items 55 and 57 below in the Communications Sector

Communications Sector

52. April 28, Associated Press – (International) Copper theft cuts phone service to hundreds in Alberta. Telus says phone service to hundreds of customers was cut after thieves swiped about 500 meters of copper cable in Alberta, Canada. Land-line and Internet service to around 460 Telus customers living in the Big Lake area in northwest Edmonton was cut off around 6 a.m. April 26 and restored later that afternoon. A spokesman for the phone company said the outage was caused by the theft of about 500 meters of copper cable. He said the cable normally would have been buried, but construction was underway in the area and it had been temporarily dug up and was above ground. The spokesman said the thieves put people's lives at risk because they no longer had access to 911. Source:

53. April 28, Gulf News – (International) Faulty submarine internet cable still not fixed. The faulty Internet cable Sea-We-Me, which has caused Web traffic disruptions since April 14 not only in the UAE, but in the entire Middle East, large parts of Africa and Southern Asia, is still not fixed. The cable, which stretches from South East Asia to Europe via the Indian sub-continent and Middle East, was initially scheduled to undergo repairs April 24. But the cable consortium said that the work would take longer than expected, mainly due to bad weather conditions in the Mediterranean Sea. One of the affected Internet service providers, Seacom in South Africa, said in a statement April 28 that the Sea-We-Me consortium "has indicated that the repair window may be extended to Friday, April 30." The cause of the damage is still unclear. There is speculation that a ship anchor might have caused the outage, which has been located on a cable segment between Alexandra and Sicily. Source:

54. April 28, Southeast Texas Record – (Texas) Phone company claims utility provider caused damage to circuits. Southwestern Bell Telephone Co. (SWBT) has filed suit against Texas-New Mexico Power Co. over $30,000 worth in damages to its communications system. SWBT alleges that on May 14, 2008, TNMPC erected a utility pole near Highway 3 and Century Boulevard in Texas City and struck a conduit and cable that were buried in the area. The original complaint was filed April 26 in Galveston County Court No. 3. TNMPC is accused of negligence and trespassing. SWBT claims it lost the use of four DS3 trunk and toll circuits and five DS1 exchange circuits while repairing the problem caused by the power company. "The plaintiff has suffered actual, incidental and consequential damages, including costs to replace, repair and/or restore that portion of its telecommunications system damaged by the defendant and the value of replacement lines or circuits for the time they could not be used," the suit states. Source:

55. April 28, Help Net Security – (International) Poisoned search results: Our daily reality. The biggest threat to search engines are not their competitors, but poisoned search results. Since the moment when search engines have largely become the starting point for our daily surfing, the risk of landing on a compromised site serving malware has increased. Scammers'-link architectures have evolved, and they now include even fake search engines — perfect copies of the real ones, but with all links pointing to compromised sites. A paper that Google presented April 27 at the Workshop on Large-Scale Exploits and Emergent Threats in San Jose, California contains results of the company research of the fake AV phenomenon. Among the things the researchers reviewed is how their search engine is abused in order to drive users towards malware-serving Web sites set up by fake AV peddlers. Basically, poisoned search engine results have become a primary vector of infection, and it should not come as a surprise that Google's large market share, its breadth and speed of indexing have made it the target of choice. Source:

56. April 27, IDG News Service – (National) Broadcasting group defends its spectrum turf. Television broadcasters are willing to talk about sharing their unused spectrum with broadband providers, but they should not be forced to give up spectrum or be taxed for the spectrum they have, said the head of a broadcasting trade group. The National Association of Broadcasters (NAB) supports the goal of the U.S. Federal Communications Commission to bring broadband to all U.S. residents, but policymakers should recognize TV broadcasting, with its one-to-many communication model, is a more efficient use of spectrum than broadband, the NAB president and CEO said. "Broadband is one to one, and it is spectrum hogging," he told members of the U.S. Senate Small Business and Entrepreneurship Committee April 27. Mobile broad-band providers could solve much of their concern about a coming spectrum shortage by investing more money and putting up more towers, the NAB president, who is a former U.S. Senator, said. While much of the hearing focused on the broadband needs of small businesses, the NAB president devoted much of his testimony to concerns that his group has about a national broadband plan the FCC released in March. The plan says the FCC should encourage broadcasters to give up unused spectrum in return for a share of the money when the spectrum is sold at auction as part of an effort to free up 500MHz of spectrum for mobile broadband uses in the next 10 years. Source:

57. April 27, – (International) InfoSec 2010: Europe to mandate reporting of serious breaches. Organizations could soon be forced to report all serious data breaches to the Information Commissioner's Office (ICO), as part of an upcoming review of a European Union directive on the reporting of data losses. The ICO deputy commissioner said April 27 at Infosec 2010 that elements of the Privacy and Electronic Communications directive on breach notifications, which will soon force telcos and Internet Service Providers (ISPs) to report data breaches, are likely to be extended. "Within 18 months it is likely that ISPs and telecoms companies will have to abide by this rule, and before too long this same law will apply more generally," he said. "However, it would still only be for serious breaches of data, and firms would need to understand what represented a serious breach to ensure that the ICO, and individuals affected, were not bombarded with irrelevant notifications on all losses." The deputy commissioner also revealed the latest figures on data breaches reported to the ICO. Since November 2007, there were 962 public and private sector breaches. The largest source of breaches was the National Health Service. Source: