Daily Report Template - Version 1

Tuesday, March 2, 2010

Complete DHS Daily Report for March 2, 2010

Daily Report

Top Stories

 The Honolulu Star-Bulletin reports that fears of a tsunami caused by Saturday’s earthquake in Chile led to emergency measures being enacted across Hawaii. DOT worked with Coast Guard and harbor police to notify boat owners to leave harbors. KITV 4 Honolulu reports that Waikiki hotels evacuated guests to the third floor and above, and various tourism agencies ran emergency operations at the Hawaii Convention Center. (See item 32)

32. February 27, Honolulu Star-Bulletin – (Hawaii) Hilo, Kahului airports closed, others are open. Fears of a tsunami caused by Saturday’s earthquake in Chile led to emergency measures being enacted across the state of Hawaii. Airport operations were normal across Hawaii Saturday except in Hilo on the Big Island and Kahului, Maui. The Hilo Airport was closed at 6 a.m. and the road going into the Kahului Airport was closed at 10 a.m. Other airports were open but the reef runway was closed at Honolulu Airport. A spokeswoman said the DOT worked with Coast Guard and harbor police early this morning to notify boat owners to leave harbors across the state and most vessels and ground crews left. The DOT’s freeway service patrol, which normally does not operate on Saturdays, was reactivated from the University of Hawaii to Waimalu on H1 Freeway and Moanalua because of increased traffic. “If you don’t have to be on the road, don’t be on the road,” she asked, pointing out all roads leading in and out of coastal areas and the inundation zone were closed at 10 a.m. to keep the area clear for people evacuating because of the tsunami. Source: http://www.starbulletin.com/news/breaking/85715622.html

 According to the Oregon Statesman Journal, the FBI said Saturday that agents are trying to learn the identities of nine men who were photographed taking pictures of Detroit Dam on February 14. (See item 75)

75. February 28, Oregon Statesman Journal – (Oregon) FBI seeks to identify men who took photos of Detroit Dam. The FBI said Saturday, February 28 that agents are trying to learn the identities of nine men who were photographed taking pictures of Detroit Dam on February 14. An FBI spokeswoman said the Portland office received photographs that were taken by a worker at the dam. The worker thought that men photographing the dam appeared suspicious, and the worker’s photographs of the men were turned over to local authorities before they were handed over to the FBI, according to a story originally published in the Albany Democrat-Herald. The Democrat-Herald described the men as being of “Middle Eastern” descent. “A worker at the dam took pictures of the people taking pictures,” she said Saturday. “We are in possession of the [worker’s] photos ... We are interested in identifying” the men in the photos. Anyone who saw the men or who knows who they are or who they might be is asked to contact the FBI office. Source: http://www.statesmanjournal.com/article/20100228/NEWS/2280350/1001


Banking and Finance Sector

19. March 1, SC Magazine – (International) Restricting access to cardholder data is the biggest challenge of PCI-DSS compliance. Restricting access to cardholder data is the most difficult requirement for merchants to meet in Payment Card Industry Data Security Standard (PCI DSS) compliance audits. Meanwhile, almost half of businesses would fail audits if they were unable to rely on temporary compensating controls, while two per cent of businesses outright fail compliance audits. According to the PCI DSS Trends 2010 report on qualified security assessors (QSA) insights, conducted by the Ponemon Institute on behalf of Thales, QSAs believe that requirement seven (restricting access to cardholder data on a business-driven need-to-know basis) is the most important part in achieving PCI DSS compliance. The report said that QSAs find the most significant threats to card data are in merchant networks and databases containing cardholder data. Source: http://www.scmagazineuk.com/restricting-access-to-cardholder-data-is-the-biggest-challenge-of-pci-dss-compliance/article/164747/

20. March 1, Lehigh Valley Live – (Pennsylvania) Bomb threat briefly forces evacuation of Hanover Township Wachovia bank. A bomb threat on February 27 forced the evacuation of a Hanover Township bank, Colonial Regional police said. Police said the manager of the Wachovia bank called police about 11:25 a.m. to report the threat. The bank is in the 2700 block of Schoenersville Road. The manager told police the threat was received by a teller, police said. The message, which sounded like a recording, said, “This is a bomb threat and you need to evacuate. You are one of three branches,” according to police. Colonial Regional police were aware of no similar threats to Wachovia banks in the area. When police searched the bank and found nothing suspicious, normal operations resumed, police said. Source: http://www.lehighvalleylive.com/bethlehem/index.ssf/2010/03/bomb_threat_briefly_forces_eva.html

21. March 1, Ecommerce Journal – (National) Investmentforge is an investment fake. This scam investment game program should be called investment fake instead of investmentforge. The admin claims that Investment Forge is a registered and certified name “Intelvix Corporation” and they are an investment control management team. This program offers three types of low rate of return within long period of time frame plans which are 2 percent daily for 40 days, 2.4 percent daily for 80 days, and 2.8 percent daily for 120 days. The members reported that this program revealed itself to be a scam when the admin stopped paying them since the middle of last month. The admin also displays fake incorporation certificate images as well as fake daily trading performance results. Source: http://www.ecommerce-journal.com/news/27183_investmentforge-investment-fake

22. February 28, V3.co.uk – (International) Wyndham Hotels hacked again. International hotel group Wyndham Hotels and Resorts has suffered yet another serious data breach after hackers broke into its computer systems and stole customer names and payment card information. An open letter posted on the firm’s site said that the hotel group discovered the attack on one of its data centers in late January. “By going through the centralized network connections, the hacker was able to access and download information from several, but not all, of the Wyndham hotels and remove payment card information of a small percentage of customers,” read the letter. “In addition to ensuring that the hack was immediately terminated and disabled, we promptly retained a qualified investigator to assess the problem and ensure that we had isolated it, and then to help us implement the proper changes to strengthen and improve the security of our connections with each of our branded properties.” The company also hired an investigation firm to assess and improve the security at “each hotel property in the system”. Wyndham also notified the US Secret Service and several state attorneys, and has provided the credit card companies with the numbers of all compromised cards so that they can monitor usage. Source: http://www.v3.co.uk/v3/news/2258650/wyndham-hotels-hacked-again

23. February 28, Associated Press – (International) Security up after Thai bank blasts. Thailand’s prime minister ordered stepped-up security in Bangkok on February 28 after four banks were targeted with small explosive devices. The attacks the evening of February 27, in which no one was hurt, came a day after the Supreme Court ordered $1.4 billion of a exiled former leader’s assets seized for corruption. Authorities had voiced concern the verdict could spark violent protests by his supporters but none occurred. The Prime Minister told reporters on February 28 that he did not know who was behind the attacks on Bangkok Bank, the country’s biggest commercial bank. Police said only minor damage was caused when grenades exploded at two of the bank’s branches, and were found unexploded at two others. Source: http://online.wsj.com/article/SB10001424052748703411304575094101335647946.html?mod=googlenews_wsj

24. February 27, KDKA 2 Pittsburgh – (Colorado) FBI says man who allegedly robbed banks claiming to have swine flu is in custody. Police believe they have the man known as H1N1 bandit in custody. The FBI says he is responsible for five bank robberies. The thief got the name while robbing a Wells Fargo bank in Cherry Creek in December. He told a teller his face was covered because he had swine flu. Denver police arrested the 52 year old on February 28. Investigators believe he tried to rob a Key Bank on Parker Road in Aurora earlier that day. Source: http://kdka.com/watercooler/bank.robbery.swine.2.1525759.html

25. February 27, Bank Info Security – (National) Two banks, two credit unions closed Feb. 26. Four banking institutions - two banks and two credit unions - were closed by state and federal regulators late this past week. These latest closings bring to 24 the total number of failed institutions so far in 2010. The National Credit Union Administration (NCUA) on February 25 liquidated Friendship Community Federal Credit Union of Clarksdale, Mississippi, and accepted Shreveport Federal Credit Union’s offer to purchase and assume the credit union. At closure, Friendship Community Federal Credit Union had $861,696 in assets and served 685 members. The NCUA liquidated Mutual Diversified Employees FCU of Santa Ana, California, and accepted SchoolsFirst Federal Credit Union’s offer to purchase and assume the credit union. At closure, Mutual Diversified Employees Federal Credit Union had $6.1 million in assets and served 748 members.Carson River Community Bank, Carson City, Nevada, was closed by the Nevada Department of Business and Industry, Financial Institutions Division, which appointed the Federal Deposit Insurance Corporation (FDIC) as receiver. The FDIC estimates that the cost to the Deposit Insurance Fund (DIF) will be $7.9 million. Finally, Rainier Pacific Bank, Tacoma, Washington, was closed by the Washington Department of Financial Institutions, which appointed the Federal Deposit Insurance Corporation (FDIC) as receiver. The FDIC estimates that the cost to the Deposit Insurance Fund (DIF) will be $95.2 million. Source: http://www.bankinfosecurity.com/articles.php?art_id=2245

26. February 27, Associated Press – (Tennessee) 4 indicted in Tenn. for multimillion insurance fraud. The Tennessee Attorney General Office said four people have been indicted for their part in a multimillion dollar insurance fraud. The Tennessean reported that they were connected with the defunct Franklin-based National Foundation of America, which prosecutors say was used to convince investors to trade in insurance annuities for worthless charitable gift annuities. The owners of the company and an employee were arrested in Tallahassee, Florida. An officer in the company was arrested in Franklin. According to prosecutors, they were all charged with theft for gaining control of $31 million from customers and using the money for personal expenses, luxury items, vacations and to pay off debts. Source: http://www.whnt.com/news/sns-ap-tn--insurancefraud,0,1630502.story

27. February 26, Real Estate Economy Watch – (Florida) Massive Florida mortgage fraud case unfolding. A two year FBI investigation into Sarasota house flipping is turning into what may be the largest case of mortgage fraud in Florida’s history. A local real estate agent has been providing information to the FBI about one of the largest mortgage fraud schemes in Florida history. One of his longtime associates may become the center of attention as losses enter the millions, according to the Sarasota Herald-Tribune. The associate was in line to become the next president of the Gulf Coast Mortgage Bankers Association but now he’s expected to step down or be removed from the board of directors after news reports alleged that he participated in at least 10 deals with the agent since 1997. The agent allegedly participated in dozens of deals in which properties were sold back and forth between associates, inflating values and increasing the loans they could obtain. The agent turned himself in to the FBI two years ago, and his statements to federal agents resulted in a Sarasota title agent’s arrest on charges of conspiracy, bank fraud, wire fraud and making false statements in connection with loan applications, court documents filed with the U.S. District Court in Tampa show. Source: http://www.upi.com/Real-Estate/2010/02/26/Massive-Florida-Mortgage-Fraud-Case-Unfolding/9831267199939/

Information Technology

59. March 26, The Register – (International) Microsoft warns over rogue Security Essentials. Microsoft has warned Windows users to be on their guard against a piece of rogue antivirus software passing itself off as Microsoft Security Essentials. Security essentials 2010 is a piece of software Microsoft said installs a fake virus scanner on your machine and]monitors and blocks processes it doesn’t like. The software will also block access to websites of antivirus and malware companies and flag up a warning message. You can see the list of blocked sites here. Security essentials 2010 blocks access by downloading a Win32/Alureon component and another Layered Service Provider component, a researcher for Microsoft wrote on the company’s Malware Protection Center blog. Adding insult to injury, Security essentials 2010 charges you to scan and remove files on your machine, claiming the version you will have initially downloaded is just a trial edition. Microsoft’s Security Essentials is available without charge to PC users running a genuine copy of Windows. Source: http://www.theregister.co.uk/2010/02/26/microsoft_security_essentials_rogue/

60. March 1, The Register – (International) Most resistance to ‘Aurora’ hack attacks futile, says report. Most businesses are defenseless against the types of attacks that recently hit Google and at least 33 other companies, according to a report to be published Monday that estimates the actual number of targeted companies could top 100. The attackers behind the cyber assault dubbed Aurora patiently stalked their hand-chosen victims over a matter of months in a campaign to identify specific end users and applications that could be targeted to gain entry to corporate networks, the report, prepared by security firm iSec Partners, concluded. Emails or instant messages that appeared to come from friends and trusted colleagues were combined with potent zero-day vulnerabilities targeting common applications. In many cases, exploits were tweaked to circumvent specific versions of anti-virus programs. The findings are significant because they suggest that many of the best practices corporate IT departments have been following for years are ineffective against the attacks, which Google said were successful at piercing its defenses and accessing its trade secrets. A iSec founding partner said that with the exception of Google and a handful of other organizations with budgets to support expensive information security teams, companies are unprepared to defend themselves against this new caliber of attacks. Source: http://www.theregister.co.uk/2010/03/01/aurora_resistence_futile/

61. March 1, DarkReading – (International) State of application security: nearly 60 percent of Apps fail first security test. Even with all of the emphasis on writing software with security in mind, most software applications remain riddled with security holes, according to a new report released today about the actual security quality of all types of software. Around 58 percent of the applications tested by application security testing service provider Veracode in the past year-and-a-half failed to achieve a successful rating in their first round of testing. “The degree of failure to meet acceptable standards on first submission is astounding — and this is coming from folks who care enough to submit their software to our [application security testing] services,” said the senior vice president of marketing for Veracode. “The implication here is that more than half of all applications are susceptible to the kinds of vulnerabilities we saw at Heartland, Google, DoD, and others — these were all application-layer attacks.” The data for Veracode’s State of Software Security Report comes from a combination of static, dynamic, and manual testing of all types of software across multiple programming languages — everything from non-Web and Web applications to components and shared libraries. Veracode tests commercial, internally developed, open-source, and outsourced applications, all of which were represented in its findings. And nearly 90 percent of internally developed applications contained vulnerabilities in the SANS Top 25 and OWASP Top 10 lists of most common programming errors and flaws in the first round of tests, the vice president said. Source: http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=223100875

62. March 1, V3.co.uk – (International) Grum and Rustock botnets drive spam to new levels. Two highly active botnets have pushed spam levels up by five per cent this month, according to security firm Symantec. The company’s MessageLabs branch, now called Symantec Hosted Services, said in a new report that spam accounted for 89.4 percent of email traffic in February, an increase of 5.5 per cent over last month. Much of the gain was attributed to a 51 percent increase in spam activity from the Grum botnet, making it accountable for more than a quarter of all spam. The Rustock botnet was also blamed for the increase in junk mail. MessageLabs said that the botnet sprang to life on February 17 with a huge pharmaceutical spam run that boosted daily spam levels by 25 percent. There was some good news, however. Instances of malware-laden spam messages rose by just 0.02 percent, despite the climb in overall spam levels, while instances of phishing spam rose just 0.04 percent. Source: http://www.v3.co.uk/v3/news/2258689/pair-botnets-drive-spam-levels

63. March 1, NBC New York – (National) FBI. Those squiggly letters that can be almost impossible to read when you buy tickets or some other items online have apparently met their match with some West Coast ticket buyers. NBCNewYork.com has learned a U.S. Attorney’s news conference in Newark, New Jersey, later on March 1 will announce several arrests of scalpers who were able to defeat the system Ticketmaster uses: “CAPTCHA.” “CAPTCHA” is a cyber security system where you have to type in a match of letters and/or numbers from a distorted or garbled display. The intention is, in the case of Ticketmaster, to restrict sales to a concert or other event to, usually, no more than two or four tickets per customer. The U.S. Attorney’s office says that four individuals who, through their company called “Wiseguys,” engaged in a $25 million fraud and computer hacking scheme to obtain and resell more than 1.5 million highly coveted tickets to events nationwide, including tickets to performances by famous musicians, the 2006 BCS Championship Game, and 2007 Major League Baseball playoff games at Yankee Stadium. According to the indictment, Wiseguys employed 10 to 15 people between 2002 and January 2009. The company allegedly deployed a nationwide computer network that opened thousands of simultaneous Internet connections from across the United States, impersonated thousands of individual ticket buyers and defeated online ticket vendors’ security systems. Wiseguys then sold the tickets that it bought fraudulently over the Internet to ticket brokers in New Jersey and elsewhere, who in turn sold the tickets to the general public, the indictment says. The company allegedly profited from the scheme by charging its ticket brokers a percentage mark-up over the face value of the tickets it obtained. Source: http://www.nbcnewyork.com/news/local-beat/Ticket-Scalpers-Defeat-Latest-Cyber-Security-85808497.html

64. February 28, ComputerWorld – (International) New zero-day involves IE, puts Windows XP users at risk. Microsoft on Sunday confirmed it’s investigating an unpatched bug in VBScript that hackers could exploit to plant malware on Windows XP machines running Internet Explorer (IE). The flaw could be used by attackers to inject malicious code onto victims’ PCs, said the Polish security analyst with iSEC Security Research who revealed the vulnerability and posted attack code on February 26. Microsoft noted it’s already on the case. “Microsoft is investigating new public claims of a vulnerability involving the use of VBScript and Windows Help files within Internet Explorer,” said a senior manager with the Microsoft Security Response Center (MSRC), in an e-mail on February 28. “The current state of our investigations shows that Windows Vista, Windows 7 , Windows Server 2008, and Windows Server 2008 R2, are not affected.” The senior manager added that Microsoft has not yet seen any evidence of attacks exploiting the vulnerability. The security analyst called the bug a “logic flaw,” and said attackers could exploit it by feeding users malicious code disguised as a Windows help file — such files have a “.hlp” extension — then convincing them to press the F1 key when a pop-up appeared. He rated the vulnerability as “medium” because of the required user interaction. Source: http://www.networkworld.com/news/2010/030110-new-zero-day-involves-ie-puts.html?hpg1=bn

65. February 28, ComputerWorld – (International) Microsoft to target other botnets with legal weapon. Microsoft has several other botnets in its crosshairs, and believes it can use the same legal tactic against them that it deployed last week to strike at the Waledac botnet’s command-and-control centers. But the company also admitted that it had not yet severed all communications between the controllers of Waledac and the thousands of compromised Windows computers used by hackers to pitch bogus security software and send a small amount of spam. “This shows it can be done,” said the senior attorney with Microsoft’s Digital Crimes Unit. “Each botnet is different, of course, but this is another arrow in the quiver. This is not the last [effort].... We have other operations on the drawing board.” On February 24, Microsoft announced that it had been granted a court order that yanked nearly 300 sites from the Internet. Those sites, Microsoft said, were a key link between hackers and the PCs that make up the Waledac botnet. The legal tactic, which garnered accolades from many security professionals as a precedent-setting move, resulted in what Microsoft called “a major botnet takedown” of Waledac, a fact that some researchers disputed. Source: http://www.networkworld.com/news/2010/022810-microsoft-to-target-other-botnets.html?hpg1=bn

Communications Sector

66. March 1, Washington Post – (National) Misdials help ‘crammers’ ring up millions in phone bill scam. Two brothers made a devilish fortune in the details of phone bills, according to a federal investigation. The San Francisco brothers hired overseas telemarketers to offer directory assistance and other services to small businesses and ordinary Americans, according to a major case to be unveiled this week by the Federal Trade Commission. But their real goal was to sneak small, unauthorized fees onto thousands of monthly bills and hope the charges would go unnoticed, court documents state. The scheme, known as “cramming,” proved to be a boon, the documents show. The brothers alleged take: $19 million over five years. The brothers are among a resurgent wave of crammers who may be ensnaring millions of Americans, federal officials and consumer advocates say. A decade ago, the scam was so widespread that it became one of the most profitable business lines of the Gambino crime family. A wave of federal and state crackdowns pushed the crime into remission. But as phone bills, both conventional and cellular, have become more complex, crammers are making a comeback by using sophisticated marketing techniques and by launching their schemes from overseas to try to escape the purview of U.S. regulators. Source: http://www.washingtonpost.com/wp-dyn/content/article/2010/02/28/AR2010022803750.html

67. March 1, IDG News Service – (International) Glitch hits PlayStation Network users worldwide. Sony’s PlayStation Network has been hit by a glitch that has left users on all continents unable to connect to the online service, the company said on March 1. The PlayStation Network is an Internet-based service that connects PlayStation 3 consoles to online stores, software downloads and is used as a platform for some multiplayer online games. It has about 38 million users worldwide. The problem appears to be affecting only the older PlayStation 3 consoles and not the newer so-called “slim” models that were recently launched, according to messages on Twitter. First reports of the problem began appearing online at around 4pm PST (midnight GMT, March 1) on February 28, and acknowledgment came from Sony’s U.S. unit in the form of a blog and Twitter posting. Source: http://www.computerworld.com/s/article/9163338/Glitch_hits_PlayStation_Network_users_worldwide

68. March 1, Data Center Knowledge – (National) Feds commence huge data center consolidation. The federal government has begun what looms as the largest data center consolidation in history, hoping to dramatically reduce IT operations that are currently distributed among more than 1,100 data centers. On February 26 a Federal CIO outlined details of the ambitious plan in a memo that directs federal agencies to prepare an inventory of the IT assets by April 30 and develop a preliminary data center consolidation plan by June 30. These plans will need to be finalized by December 31, 2010, with implementation beginning in 2011. The government data center consolidation has huge implications for the fortunes of system integrators, data center service providers (especially in northern Virginia), and cloud computing platforms optimized for hosting government apps. The consolidation effort figures to generate significant business for companies providing energy efficiency tools and consulting, as the CIO signaled that reducing energy costs will be a driving force in the effort. He noted that the number of government data centers soared from 432 in 1999 to the current 1,100 plus. Source: http://www.datacenterknowledge.com/archives/2010/03/01/feds-commence-huge-data-center-consolidation/