Department of Homeland Security Daily Open Source Infrastructure Report

Wednesday, June 9, 2010

Complete DHS Daily Report for June 9, 2010

Daily Report

Top Stories

My apologies to all. My source, the DHS website at 08:52 AM today is having a problem. While indicating that the Daily Report is ready, selecting it results in an error message “404 Error: The requested page was not found”. Being a working man, I have meetings to attend out of the office and will not be able to monitor this situation continuously. I will check when I return and post as soon as possible!

• According to The Register, Connecticut’s attorney general June 7 became the latest law enforcement official to order Google to give a detailed accounting of the information its Street View cars surreptitiously sniffed from unsecured Wi-Fi networks over a three-year period. He joins officials in Missouri, France, Germany, Spain, Canada and Australia in ordering the search giant to be more forthcoming about the privacy violation. (See item 54 below in the Information Technology Sector)

• ABC News reports that a recent internal FBI report warns federal, state, and local authorities to be alert for a potential new tool in the jihad terror arsenal – the placing of suspicious, but harmless, bags in public places to inspire fear, disrupt public transportation, and tie up police and bomb squads. The so called “battle of suspicious bags” was encouraged by an unknown poster to a known jihadi Web site. (See item 61)

61. June 7, ABC News – (National) Jihadi calls for ‘suspicious bags’ to be left throughout DC and NYC. A recent internal FBI report warns federal, state, and local authorities to be alert for a potential new tool in the jihad terror arsenal – the placing of suspicious, but harmless, bags in public places to inspire fear, disrupt public transportation, and tie up police and bomb squads. The so called “battle of suspicious bags” was encouraged by an unknown poster to a known jihadi Web site. On May 12, the poster suggested an “invasions suspicious bags (sic)” in “the heart of Washington D.C. and New York.” The bags would contain not bombs, but innocuous items, a tactic that has been used by other political extremists in the U.S. in the recent past. “The stated goal of the campaign,” said the report, “was to exploit desensitization of first responders caused by response fatigue to suspicious, but harmless items.” The FBI report did not include the full text of the jihadi forum post. The poster’s credibility was not known, but the site where the information was posted was listed as a “known jihadi Web site.” Source: http://abcnews.go.com/Blotter/jihadi-calls-suspicious-bags-left-dc-nyc/story?id=10826590

Details

Banking and Finance Sector

17. June 8, WMBF 32 Myrtle Beach – (National) Limping bandit pleads guilty to 23 bank robberies. A Douglas, Georgia man known as “the Limping Bandit” pleaded guilty in federal court Monday to 23 counts of bank robbery, according to a U.S. attorney. The suspect will be sentenced after a judge reviews pre-sentencing reports. He faces up to 25 years in prison and $250,000 fines for each count. The suspect admitted to committing the robberies across the Southeast United States beginning in June 2006. He first robbed three banks in Georgia, and eight more over the next three years in Florida and Alabama, as well as 13 South Carolina banks in Summerville, Orangeburg, Aiken, Sumter, Edgefield, Camden, Charleston and Mount Pleasant. The suspect was stopped after he entered the National Bank of South Carolina on US-17 in Mount Pleasant July 17, 2009. The U.S. attorney said the suspect handed the teller a brown paper bag, pointed a gun at her and demanded that she put money in the bag. After he fled the bank, someone followed him and gave a description of his vehicle to Mount Pleasant Police. Officers located the suspect about 20 minutes later sitting in his vehicle in the parking lot of a retirement home. Police found the clothing that he wore in a nearby dumpster, as well as a BB-gun pistol that he used to commit the robbery. Source: http://www.wmbfnews.com/Global/story.asp?S=12612193


18. June 7, IDG News Service – (National) BofA call center worker pleads guilty to data theft. A Bank of America call center employee has pleaded guilty to charges that he stole sensitive client information and then tried to sell it for cash. The defendant pleaded guilty last week to one count of bank fraud. According to court filings, the suspect allegedly recorded customer account information when BofA customers called him for technical support at the Florida call center where he worked. Prosecutors said he focused on high net-worth customers and then unwittingly sold their information to an undercover FBI agent. Allegedly, the suspect thought he was going to collect a percentage of the profits from what’s known as a credit bust-out scam — meaning that the information would be used to fraudulently line up new credit with other banks. He allegedly logged account holders’ names, birth dates, addresses and account histories between September 2009 and April 2010. He was supposed to get a 25-percent stake of the profits, court filings state. The suspect faces a maximum sentence of 30 years in prison and a $1-million fine on the charges, but with his guilty plea, he is likely to face a much lighter sentence. Source: http://www.businessweek.com/idg/2010-06-07/bofa-call-center-worker-pleads-guilty-to-data-theft.html


19. June 7, Los Angeles Times – (California) Geezer Bandit’ hits 10th bank in San Diego County. The so-called Geezer Bandit has robbed his 10th bank, the FBI said June 7. The bandit, described as between 60- and 70-years-old, robbed the U.S. Bank branch inside the Albertson’s grocery story in Poway, California according to the FBI, which gave the robber the unique nickname. The robbery string began in August and has included banks in San Diego and the suburbs. During the Poway heist, the suspect pointed a small-caliber revolver at a teller and threatened to use it unless he was given money, the FBI said. Authorities declined to say the amount of money he took. Source: http://latimesblogs.latimes.com/lanow/2010/06/my-entry.html


20. June 7, AnnArbor.com – (Michigan) Police say ‘skimming devices’ placed on ATMs in Ypsilanti Township, Ann Arbor to access bank account information. The Washtenaw County Sheriff’s Department is seeking the public’s help to identify a man who recently placed a skimming device on a Ypsilanti Township, Michigan ATM to steal from customers’ accounts. Authorities said the man placed the device, which captures and records ATM card numbers from unsuspecting customers, at the drive-up ATM of the Bank of America branch at 2250 W. Michigan Ave. May 30. Bank employees discovered and removed it before any losses were reported. But police want to prevent the suspecting from attempting it again. The man is white with dark hair and appears to be in his early 20s. He was driving a dark-colored Chrysler minivan. Saline police said they are investigating a similar case where a skimming device placed on an Ann Arbor ATM siphoned roughly $500 from a woman’s accounts last week. KeyBank officials said at least 90 customers reported irregularities on their accounts after using the machine at the West Stadium Boulevard location, reports said. Source: http://www.annarbor.com/news/police-say-skimming-devices-placed-on-atms-in-ypsilanti-township-ann-arbor-to-access-bank-account-in/


Information Technology


50. June 8, The Register – (International) Researchers release point-and-click Web site exploitation tool. Researchers have released software that exposes private information and executes arbitrary code on sensitive Web sites by exploiting weaknesses in a widely used Web-development technology. Short for Padding Oracle Exploitation Tool, Poet is able to decrypt secret data encrypted by the JavaServer Faces Web development framework without knowing the secret key. Attackers can use the technique to access private customer data on Web sites operated by banks, e-commerce companies and other businesses, according to a paper released in February by two researchers. In some cases, the exploit can be used to run malicious software on the underlying server. In the software released June 7, one of the researchers exploits a well-known vulnerability in the way many Web sites encrypt text stored in cookies, hidden HTML fields and request parameters. The text is designed to help servers keep track of purchases, user preferences and other settings while at the same time ensuring account credentials and other sensitive data can’t be intercepted. By modifying the encrypted information and sending it back to the server, the attackers can recover the plaintext for small chunks of the data, allowing them to access passwords and restricted parts of a Webserver. Source: http://www.theregister.co.uk/2010/06/08/padding_oracle_attack_tool/


51. June 8, eWeek – (International) 1 in 10 IT pros cheat firewall audits, survey finds. In a survey of IT professionals, nearly 10 percent admitted cheating to pass a firewall audit. But what is called cheating may be the result of a lack of time or resources more so than malicious intent. Cheating on a firewall audit can be tempting. So much so that roughly 1 in 10 IT pros surveyed by firewall management vendor Tufin Technologies admitted to cutting corners to get an audit passed. The results of the latest survey, which included responses from 242 IT pros that were mostly from organizations with 1,000 to 5,000 or more employees, is actually an improvement compared to last year’s study, which found twice as many had cheated. Those who cheated cited a lack of time and resources as the main reasons. But the complexity of firewall audits means “cheating” may not necessarily be the right word, a Forrester Research analyst said. Source: http://www.eweek.com/c/a/Security/1-in-10-IT-Pros-Cheat-Firewall-Audits-Survey-Finds-522539/


52. June 8, SC Magazine – (International) Adobe zero-day vulnerability exploited by backdoor Trojan on a PDF file. The zero-day vulnerability on Adobe Flash, Reader, and Acrobat is being exploited by a strain of malware. A Symantec researcher claimed that Trojan.Pidief.J, a PDF file that drops a backdoor onto the compromised computer if an affected product is installed, is a new threat to the vulnerability. He said that attacks on the vulnerability can take place by receiving an e-mail with a malicious PDF attachment or with a link to the malicious PDF file or through a Webs ite with the malicious SWF embedded in HTML code or by stumbling across a malicious PDF or SWF file when surfing the Web.”We have confirmed that the attack involves Trojan.Pidief.J, which is a PDF file that drops a backdoor Trojan onto the compromised computer if an affected product is already installed,” the researcher stated. Source: http://www.scmagazineuk.com/adobe-zero-day-vulnerability-exploited-by-backdoor-trojan-on-a-pdf-file/article/171911/


53. June 8, ComputerWorld – (International) Group lists top five social media risks for businesses. As businesses increasingly try to figure out how to use social-networking tools in the enterprise, an IT governance group has released a ranking of the top five risks social media poses to companies. The study, which lists the biggest risks businesses need to prepare for when they are using social media, was released June 7 by ISACA, a 43-year-old international organization previously known as the Information Systems Audit and Control Association that researches IT governance and control. An ISACA Certification Committee member noted that many business executives have considered some of the risks, but few have considered all of them. The top risks, which are laid out in an ISACA research paper, are viruses and malware, brand hijacking and lack of control over corporate content. Rounding out the top five are unrealistic expectations of customer service at “Internet-speed” and non-compliance with record-management regulations. Source: http://www.computerworld.com/s/article/9177786/Group_lists_top_five_social_media_risks_for_businesses


54. June 7, The Register – (International) Top cops worldwide grill Google over Wi-Fi snoop. Connecticut’s attorney general June 7 became the latest law enforcement official to order Google to give a detailed accounting of the information its Street View cars surreptitiously sniffed from unsecured Wi-Fi networks over a three-year period. In a letter to Google officials, the attorney general demanded they provide additional details about the data collection, including what type of information was intercepted, the duration and location of the snooping operation, and where the data is stored now. He joins officials in Missouri, France, Germany, Spain, Canada and Australia in ordering the search giant to be more forthcoming about the privacy violation. Google has said it was the result of beta software that was accidentally installed in Street View cars as they snapped pictures in more than 30 countries from 2007 until earlier this year. At least seven civil lawsuits have been filed against Google, and agencies in Canada, Australia and throughout Europe have opened investigations. U.S. lawmakers have called on the Federal Trade Commission to conduct its own inquiry. A Google spokeswoman said company officials are cooperating. “We’re working with the relevant authorities to answer their questions and concerns,” she wrote in an e-mail. Law enforcement officials, meanwhile, have indicated they are investigating whether Google has broken any criminal laws. Source: http://www.theregister.co.uk/2010/06/07/google_wifi_snoop_inquiries/


55. June 7, PC Advisor UK – (International) One third of search engine results are poisoned. A third of search engine results are poisoned links, said Symantec. The security vendor uncovered the size of the threat after its researchers spent two weeks investigating the top 100 results when searching for the 300 most popular terms. In one incident, 99 out of the top 100 search results for a phrase navigated to malicious Web sites designed to infect Web users with malware or steal sensitive personal data such as log-in and passwords. According to Symantec, search engines such as Google manage to identify and remove only around half of all poisoned links. Symantec said this makes poisoned search results, one of the most prevalent online threats, along with attacks on social networkers and fake anti-virus. As a result, the security vendor has made tackling these security issues the focus of its Norton Internet Security 2011 software. Source: http://www.networkworld.com/news/2010/060710-one-third-of-search-engine.html?hpg1=bn


56. June 7, DarkReading – (International) Smartphone malware multiplies. The number of malware and spyware programs found on smartphones has more than doubled in the past six months — and some types of malware are more prevalent on certain smartphone platforms than others. New data gathered from users of a free smartphone security tool shows the bad guys are increasingly going after smartphone users. According to Lookout, which offers a free lightweight mobile client with cloud-based security, backup, and anti-theft features, there were about nine pieces of malware and spyware per 100 smartphones as of last month — more than twice as many as in November 2009. Even more worrisome is how rapidly these threats are hitting smartphones in comparison to the desktop: What took 15 years to evolve with the desktop machine is happening practically overnight in mobile handsets, security experts said. “We call this the 1999 factor: It feels like about 10 years ago in terms of prevalence of threats. There was a tipping point between 2000 and 2002 [for PC threats] that was driven by broadband” and more consumers going online, according to the CEO and founder of Lookout, formerly Flexilis. “The same trends are going to hold true here [with smartphones].” Source: http://www.darkreading.com/insiderthreat/security/attacks/showArticle.jhtml?articleID=225402185&subSection=Attacks/breaches


Communications Sector

57. June 7, Associated Press – (National) Thousands needed for broadband study. The Federal Communications Commission (FCC) wants to find out whether broadband providers are delivering Internet connections that are as fast as advertised. The FCC is seeking 10,000 volunteers to take part in a study of residential broadband speeds. Specialized equipment will be installed in homes to measure Internet connections. Those results will then be compared with advertised speeds. The agency hopes to get a cross section of volunteers who subscribe to broadband services provided by a range of phone and cable TV companies. The new project grows out of several proposals outlined in the FCC’s national broadband plan, released in March. According to data cited in the national broadband plan, average residential download speeds are typically only half as fast as the maximum speeds advertised by U.S. broadband providers. Source: http://www.wilx.com/news/headlines/95784824.html?ref=824


For another story, see item 56 above in the Information Technology Sector