Monday, November 8, 2010

Complete DHS Daily Report for November 8, 2010

Daily Report

Top Stories

• The Austin American-Statesman reports that the Department of Defense has released recommendations for military installations to help identify threats and respond to them in response to last year’s deadly Fort Hood shooting. (See item 39)

39. November 4, Austin American-Statesman – (National) Security boosted at U.S. military posts. In the year since an Army major is accused of bringing two handguns and 400 rounds of ammunition onto Fort Hood in Fort Hood, Texas and shooting dozens of people in a busy medical processing building and killing 13 in the process, Army officials have taken steps to improve security on American military installations and ferret out similar threats from American soldiers. Department of Defense (DOD) officials are recommending an array of fixes aimed at identifying future threats at all U.S. military installations, and improving response time to incidents. Among the recommendations made by the U.S. Defense Secretary in response to an independent review of the shooting at Fort Hood are: bringing enhanced 911 services to military installations, which would notify dispatchers of call locations and broadcast emergency notifications to designated areas; strengthening background checks of recruits entering the military and foreign nationals working for the DOD abroad; conducting violence risk assessments for service members before and after they deploy; developing a policy to help commanders distinguish between “appropriate religious practices” and those that indicate the “potential for violence or self-radicalization”; and standardizing personal firearms policies, which vary by installation. Source:

• According to SecurityNewsDaily, a top security expert said the massive set of undersea cables that make up global Internet infrastructure must be revamped because a malicious attack or natural disaster could jeopardize worldwide communications. See item 54 below in the Communications Sector


Banking and Finance Sector

12. November 5, ABC Newspapers – (Minnesota) Anoka bank robbed Friday morning. Two African American males in their mid-20s to early 30s robbed the U.S. Bank at the corner of 7th Avenue and Tyler Street in Anoka, Minnesota, just after 6 a.m. November 5. There may be a third suspect, according to the Anoka police chief. Authorities are reviewing the bank’s video footage and plant to release photos to the media. The robbers were wearing dark-colored clothing, the police chief said. He noted U.S. Bank is offering a $50,000 reward for information that leads to arrests. According to the police chief, the two males were waiting for the U.S. Bank employee in the driveway of her home in Ramsey sometime after 6 a.m. They implied they had a gun and told her to drive them to her bank branch, the police chief said. After stealing an undisclosed amount of money, the robbers left. The FBI and the Anoka County Sheriff’s Office Criminal Investigation Division and crime lab responded. Source:

13. November 5, Empire State News – (International) Seven Israeli defendants charged in multi-million dollar lottery telemarketing fraud scheme. Federal prosecutors and the FBI announced the extradition from Israel to the United States of seven individuals, all residents of Israel, on charges relating to a lottery telemarketing fraud scheme through which they stole approximately $2 million from elderly victims in the United States between 2007 and September 2008. This is the largest number of Israeli citizens ever extradited to a foreign country in a single case. The defendants participated in a phony “lottery prize” scheme that targeted hundreds of victims, mostly elderly, throughout the United States. They identified victims by purchasing the names and contact information of U.S. residents who subscribed to sweepstakes lotteries from list brokers. They then contacted the victims and solicited information about their finances by falsely telling them they had won a substantial cash prize they would receive as soon as they paid the necessary fees and taxes. In reality, there was no lottery prize and the victims were ultimately robbed. All seven defendants were provisionally arrested in Israel in September 2008 based on the indictments. Source:

14. November 4, CNET News – (National) Firm finds security holes in mobile bank apps. A security firm disclosed holes November 4 in mobile apps from Bank of America, USAA, Chase, Wells Fargo, and TD Ameritrade, prompting a scramble by most of the companies to update the apps. “Since Monday [November 1], we have been communicating and coordinating with the financial institutions to eliminate the flaws,” research firm viaForensics wrote in a post on its site. “The findings we published reflect testing completed on November 3. Since that time, several of the institutions have released new versions and we will post updated findings shortly.” The company had reported its findings to The Wall Street Journal earlier in the day. On November 3, viaForensics went public with problems in PayPal’s iPhone app, spurring the online payment provider to action. Specifically, viaForensics concluded that: the USAA’s Android app stored copies of Web pages a user visited on the phone; TD Ameritrade’s iPhone and Android apps were storing the user name in plain text on the phone; Wells Fargo’s Android app stored user name, password, and account data in plain text on the phone; Bank of America’s Android app saves a security question (used if a user was accessing the site from an unrecognized device) in plain text on the phone; and Chase’s iPhone app stores the username on a phone if the user chose that option, according to the report. Source:

15. November 4, Life Settlements Report – (Illinois) Illinois man defrauded investors in $1.9M life settlement scam, FBI says. A 42-year-old Illinois man was charged November 2 with allegedly defrauding more than $5 million from about 150 people, including raising $1.9 million from 25 investors in a life settlement scheme, according to the FBI in Chicago. The suspect was charged with three counts of mail fraud for swindling people who invested in funds he claimed to operate, according to the U.S. Attorney for the Northern District of Illinois and the FBI. He raised $1.9 million for the Elucido Fund, which claimed to invest in life settlements, and another $3 million from about 134 investors in the Moondoggie Fund, which purported to invest in the company’s stock and its reported development of a dual-sided computer monitor. He allegedly used the funds raised for the Elucido Fund to pay expenses of the so-called Maize Fund, made Ponzi-type payments to investors in the Moondoggie Fund, bought a $75,000-a-year sky box at the Indianapolis Colts’ football stadium and paid himself a $319,000 salary. He told investors in the Elucido Fund they could expect returns as high as 34 percent from investments in life settlements and viaticals, although he never purchased such contracts, the FBI said. Source:

16. November 4, Wisconsin State Journal – (International) International sting nabs two men in Wisconsin for alleged computer virus scheme. Two Moldovan men who allegedly took part in a complex scheme to siphon millions of dollars out of American bank accounts were arrested November 3 in Wisconsin, and are to be shipped to New York to face charges. The two suspects appeared November 4 in U.S. District Court in Madison where they agreed to be sent back to New York City to face charges stemming from the use of computer viruses to raid bank accounts through the Internet. Thirty-seven people from Eastern Europe, including the two suspects, were charged in U.S. District Court in Manhattan September 30 for the scheme that led to the theft of about $3 million, mostly from small business and municipality accounts. The two suspects are each charged with conspiracy to commit bank fraud. One suspect is also charged with conspiracy to possess false identification. It is not clear what the suspects, both 21, were doing in Wisconsin. Source:

17. November 4, Network World – (National) Financial services firms expand online fraud defense. As guardians of wealth, financial-services firms have always been a high-value target for cybercrime, and with online banking and trading, banks find they have to work harder than ever to safeguard their operations. Tech-savvy gangs of cybercrooks have been stealing tens of millions over time by breaking into computers of online banking customers to install malware like the Zeus banking Trojan to make phony funds transfer requests to a bank, so the need for vigilance is only increasing. At Stillwater National Bank and Trust, the concern about the threat of cybercriminals hijacking customers’ PCs is enough to spur the Oklahoma-based bank to extend its security to a verification system that add use of automated phone calls to online banking customers to verify the funds requests they are making online are genuine. There’s a need to validate transfer requests beyond what the customer PC appears to be telling the bank because “with the endpoint PC, I just can’t control what they’re doing,” said the vice president of information security at Stillwater National Bank and Trust. Source:

For another story, see item 47 below

Information Technology

47. November 5, The New New Internet – (International) Stock traders become targets for hackers exploiting mobile platforms. Once mobile online trading platforms become popular, the nature of the cyber-crime scene will most likely change, according to an Internet security expert. It is just a matter of time when Internet crime, which mostly has targeted personal computers, will expand to the mobile platform, according to a McAfee Labs Technical Product Manager. He outlined the possible threats to traders who use mobile platforms, including denial of service (DoS) attacks, session hijacking, cross-site scripting and SQL injection. When a lot of data is sent around the same time, systems are likely to slow down and block access to thousands of users, as seen with a DoS attack, he said. This is particularly crucial in trading sessions, where the price of stocks can fluctuate by the minute, he added. With session hijacking, the hacker can eavesdrop or pose as the legitimate user. If session hijacking takes place during an online stock trading, it can be dangerous as the details of the transaction are compromised. It could also mean the customer is dealing with a hacker, not his trader. Source:

48. November 4, CNET News – (National) Attack cause Intuit Web-hosting service outage. Intuit’s Web-hosting service for small businesses remained inaccessible for several hours November 4 — possibly due to a denial-of-service (DOS) attack, a customer service representative told CNET. The Web hosting service, at Intuit’s Web site, had been out at least 2 hours and would hopefully be back up by the end of the business day, the customer service rep said. Asked if it could be the result of a DOS attack, she said: “It’s looking like an attack.” Intuit spokespeople could not immediately confirm what the phone rep said, but said the sites were back up. However, checks by CNET employees on the West Coast and East Coast found the site was still down late in the afternoon November 4. Other Intuit sites remained accessible. Source:

49. November 4, PC World – (International) Facebook and Twitter flunk security report card. Digital Society, a self-professed security think tank, has given failing security grades to both Twitter and Facebook. Both sites are vulnerable to attacks that can give someone partial or full control over one’s account, the group claimed. According to Digital Society, the main problem with Facebook and Twitter is that neither site allows full Secure Sockets Layer (SSL) protection. Both sites create unencrypted sessions for the user by default. Although the actual logins are encrypted, they’re not authenticated — which means one cannot pull up security information in one’s browser to verify the sites’ identities. Even if a user forces a secure session by going to the main sites for Twitter and Facebook, the sites still have links to non-secure parts of the site and JavaScript code that transmit authentication cookies without SSL, Digital Society found. These are not new concerns, but the news fits hand-in-hand with the release of FireSheep, a FireFox add-on that lets people with limited technical knowledge hijack other people’s Web accounts over unencrypted Wi-Fi networks. Digital Society’s report card essentially spells out what an attacker using FireSheep or another packet-sniffing program could accomplish. In Facebook, for instance, an attacker can gain access to every part of an account except username and password, allowing the attacker to send status updates and read private messages. Source:

50. November 4, Computerworld – (International) Google quashes 12 Chrome bugs, gives users early Flash fix. Google November 4 patched 12 vulnerabilities in its Chrome browser, all of them rated as high-level threats by the company’s security team. The patched version of Chrome also included an update to Adobe’s Flash Player, giving Google users an early fix for a critical flaw that hackers have been exploiting with rigged PDF documents. Adobe plans to release that Flash patch to users of other browsers later November 4. The dozen flaws fixed in Chrome 7.0.517.44 include a pair related to SVG (Scalable Vector Graphics), a collection of XML specifications for describing two-dimensional vector graphics; one in Chrome’s V8 JavaScript engine; and three involving aspects of the browser’s text handling. Google paid $7,500 in bounties to eight researchers who reported 11 of the 12 bugs, the most it’s awarded since mid-August when the company handed out $8,674. Source:

51. November 4, DarkReading – (International) New technique spots sneaky botnets. Researchers have devised a new method to root out botnets that try to hide behind alternating domain names. A research scientist said he and a team of colleagues came up with a prototype method of detecting botnets like Conficker, Kraken, and Torpig that use so-called DNS domain-fluxing for their command and control (C&C) infrastructure. The team created a method of studying in real-time all DNS traffic for domain-flux activity. The researchers presented their findings this week at the ACM Measurement Conference in Melbourne, Australia. Their method basically looks at the pattern and distribution of alphabetic characters in a domain name to determine whether it’s malicious or legitimate: This allows them to spot botnets’ algorithmically generated (rather than generated by humans) domain names. Bottom line: Given that most domain names are already taken, botnet operators have to go with gibberish-looking names like Conficker does:,, and, which their bots generate. Source:

52. November 4, Data Center Knowledge – (International) Transfer switch glitch KOs iWeb customers. About 3,000 servers at Montreal, Canada Web host iWeb experienced an outage November 3 after a fire near the iWeb-CL data center prompted the company to shift the facility to generator power. All three generators started properly, but one of the transfer switches failed. Once UPS power was exhausted, a third of the data center wound up without power. Power was restored in about 1 hour, but at least 450 dedicated servers failed to restart properly and needed manual attention, according to the account of the incident on the iWeb blog. As of November 4, the last of the affected servers were being brought back online. The iWeb event was the fourth significant data center power outage this year in which an automatic transfer switch (ATS) failure was cited. The other three occurred in California, Arizona, and Virginia. When operating correctly, an ATS switches a facility’s electric power source from the utility grid to backup power, usually supplied by a diesel backup generator. Source:

Communications Sector

53. November 4, IDG News Service – (Texas; National) Researcher releases Web-based Android attack. A computer security researcher released code November 4 that could be used to attack some versions of Google’s Android phones over the Internet. The attack targets the browser in older, Android 2.1-and-earlier versions of the phones. It was disclosed November 4 at the HouSecCon conference in Houston by a security researcher with Alert Logic. The researcher said he has written code that allows him to run a simple command line shell in Android when the victim visits a Web site that contains his attack code. The bug used in the attack lies in the WebKit browser engine used by Android. Google said it knows about the vulnerability. “We’re aware of an issue in WebKit that could potentially impact only old versions of the Android browser,” a Google spokesman confirmed in an e-mail. “The issue does not affect Android 2.2 or later versions.” Version 2.2 runs on 36.2% of Android phones, Google says. Older phones such as the G1 and HTC Droid Eris, which may not get the updated software, could be at risk from this attack. Android 2.2 is found on phones such as the Droid and the HTC EVO 4. Source:

54. November 4, SecurityNewsDaily – (International) Web’s undersea cables need revamp to prevent catastrophe. The massive set of undersea cables that makes up the infrastructure of the Internet needs to be revamped to ensure security during a crisis, according to a top security expert. “At the national level, it’s been implemented — the most important communications get through. But other countries don’t have the capability to communicate across borders” in an emergency, explained a Distinguished Fellow at the EastWest Institute, who was instrumental in forming the U.S. strategy for communications-infrastructure protection following the calamity of September 11. This bottlenecking comes partly as result of the spectacular — and speedily growing — amount of bandwidth consumed throughout the world every day, the fellow told SecurityNewsDaily. While it is common to think of the Internet as an amorphous entity that is always available, there are actual “geographical choke points” — physical locations where the undersea cables that make up the global Internet infrastructure receive such heavy volumes of information that Web traffic literally gets backed up or stopped, like a freeway that narrows to a single lane. He identified three major choke points as the Luzon Strait near Taiwan, the Strait of Malacca, and the Red Sea. If any of those sets of cables were compromised by either natural disaster or malicious attack, worldwide Internet and phone communication would be highly jeopardized, he said. Source:

No comments: