Wednesday, September 22, 2010

Complete DHS Daily Report for September 22, 2010

Daily Report

Top Stories

 According to the Associated Press, a person opened fire September 20 at a convenience store on Fort Bliss in Texas, injuring two people before being killed by responding officers, the commander of the West Texas Army post said. (See item 40)

40. September 20, Associated Press – (Texas) Shooter dead after wounding 2 at Fort Bliss store. A person opened fire September 20 at a convenience store on Fort Bliss in Texas, injuring two people before being killed by responding officers, the commander of the West Texas Army post said. An Army official declined to discuss the conditions of the victims or other details of the shooting. The Army official said the area was roped off for an FBI investigation, but the sprawling facility next to El Paso never was under lockdown. An Army official said the shooting was reported about 3 p.m. and authorities responded in about 3 minutes. He said the post’s emergency notification system worked well, sending several messages to his cell phone. “Our law enforcement agents took it upon themselves to react immediately and aggressively, and I think that’s the main reason why this didn’t escalate further than it is right now,” an Army official said. The victims were taken to nearby William Beaumont Army Medical Center, said a post spokesman. An FBI spokesman said the agency was not releasing any details. The victims were employees at the Army & Air Force Exchange Service, the mayor of El Paso told the El Paso Times. The service runs merchandise operations for the military, including fast-food restaurants and convenience stores, according to the service’s Web site. Source:

 The FBI announced that a Chicago man was arrested September 19 immediately after placing a backpack which he thought contained an explosive device into a curbside trash receptacle outside a crowded Wrigleyville nightclub. Throughout the summer, he allegedly discussed with an associate a number of possible targets and plots, including a biological attack on Chicago, poisoning Lake Michigan, attacking police officers, bombing the Sears (Willis) Tower, and assassinating the mayor. (See items 55 and 57)

55. September 21, Associated Press – (Illinois) FBI says it supplied fake bomb in Chicago plot. A man arrested for allegedly placing a backpack he thought contained a bomb near Chicago’s Wrigley Field baseball stadium got the fake explosive from an FBI undercover agent, authorities said — a tactic that has been used in other U.S. terrorism cases in recent years. The Lebanese citizen living in Chicago for about 3 years was charged September 20 with one count each of attempted use of a weapon of mass destruction and attempted use of an explosive device. He was arrested September 19 after planting the fake explosive device in a trash receptacle near Sluggers World Class Sports Bar, a popular bar steps from Wrigley Field, an FBI Special Agent said. The Cubs were not playing at their home field; the stadium hosted Dave Matthews Band concerts that weekend. Source:

57. September 20, Federal Bureau of Investigation – (Illinois) Chicago man arrested in attempted bombing plot. A 22-year-old Chicago man was arrested September 19, immediately after placing a backpack which he thought contained an explosive device into a curbside trash receptacle near a crowded North Side street corner. The arrest followed an investigation that accelerated in June of this year. He was charged in a criminal complaint filed September 20 with one count each of attempted use of a weapon of mass destruction and attempted use of an explosive device. The supposed explosive device was inert and provided to him by an undercover agent. Throughout the summer, the suspect allegedly discussed with an associate a number of possible targets and plots, including a biological attack on the city, poisoning Lake Michigan, attacking police officers, bombing the Sears (Willis) Tower, and assassinating the mayor. Eventually, the suspect is alleged to have selected the Wrigleyville area of Chicago as his target, utilizing an explosive device which he would detonate on a weekend night to inflict maximum damage. He eventually settled on a bombing outside a crowded Wrigleyville nightclub as the first step in his plan. Source:


Banking and Finance Sector

18. September 21, The Register – (International) Belarusian extradited to US for one-stop ID theft site. U.S. prosecutors have extradited a Belarusian national accused of running a Web site that helped thousands of criminals exploit stolen financial information. The 26-year-old suspect was transferred from the Czech Republic to federal prosecutors in Manhattan, New York City September 17. In April, he was charged with creating and operating, an online service that supplied identity thieves with English- and German-speaking individuals to call financial institutions and pose as authorized account holders. They would then confirm fraudulent withdrawals, transfers, and other transactions being made from compromised accounts. was designed to make it easy for identity thieves to complete transactions that require verbal confirmation from an account holder. Crooks could submit online requests for someone of a particular locale and sex to call a particular financial institution and make certain types of requests or supply certain pieces of information. The operators advertised the service on various Web sites that catered to identity thieves. According to one ad, the service, which operated from 2007 to 2010, helped about 2,090 people carry out 5,400 instances of fraud. Source:

19. September 21, Associated Press – (Michigan) Michigan regulators say credit union may be scam. Michigan regulators say a Grand Haven-based credit union called Whitestone Credit Union may have been operating a scam. The state’s office of financial and insurance regulation announced September 21 that it had ordered Whitestone Credit Union to stop doing business. The agency said it believes Whitestone used a Web site and telephone answering service to pose as a legitimate credit union and may have been attempting to steal consumers’ money and identity information. A telephone listing for Whitestone wasn’t working September 21. Its Web site also was not working. The state said Whitestone was encouraging customers to apply for loans by providing personal information including Social Security and financial account numbers. Source:

20. September 20, IDG News Service – (International) IETF approves e-crime reporting format. An Internet standards group has approved an electronic crimes reporting format, which may eventually give security researchers a cohesive, broad set of data to gauge online crime. The Internet Engineering Task Force (IETF) approved a customized version of the XML-based Instant Object Description Exchange Format (IODEF). Extensions have been added that are appropriate for creating standard e-crime reports. The format allows for unambiguous time stamps, support for different languages and a feature to attach samples of malicious code. It solves the problem of inconsistent reports, which make it harder to spot trends and react faster. The goal is for groups hit by Internet crime such as banks will be able to mine a centralized databases. If a bank is experiencing an attack, it could query the database to find out ranges of IP (Internet Protocol) addresses that have been used for offenses such as phishing attacks. Further queries could determine if other banks have been hit by attacks and analyze spam messages to see if there are common patterns in the grammar or if the attacks originate from a certain area. All of the information could then be used to contact ISPs to take steps to stop the abuse. The Anti-Phishing Working Group, which has been instrumental in developing the reporting format, plans to run a trial to see how organizations can share the data in the format. Source:

21. September 20, Las Vegas Sun – (Nevada; Florida; Arizona) Officials: 13,800 credit cards ‘skimmed’ in alleged scheme. Federal charges have been filed against a Las Vegas, Nevada man in connection with the production and use of counterfeit credit and debit cards that allegedly were encoded with information skimmed from gas pumps in Las Vegas and elsewhere. The 41-year-old suspect is charged in a criminal indictment with five counts of bank fraud, possession of 15 or more counterfeit access devices, possession of access device-making equipment and aggravated identity theft, said the U.S. Attorney for Nevada. From about April 16, 2009, to May 4, 2010, the indictment alleges the suspect and others installed devices used to steal magnetic information from credit and debit cards — known as “skimming” — at gas pumps in the Las Vegas area, as well as in Florida and Arizona. The suspect and others used computers, encoders and software programs to transfer the stolen credit and debit card information to counterfeit credit and debit cards through a process called re-encoding, authorities said. A re-encode is when someone uses a real credit card and erases the magnetic information on the magnetic stripe to replace it with the stolen information. The suspect and others allegedly skimmed about 13,800 credit and debit card account numbers using this system, and unlawfully used the stolen account numbers to fraudulently obtain about $591,872 from more than 10 financial institutions, officials said. Source:

Information Technology

47. September 21, BBC – (International) Twitter flaw pumps out spam links. A flaw in the Web site of micro-blogging service Twitter is being used to pump out pop-up messages and links to porn sites. Users only have to move their mouse over the link — not click it — to open it in the browser. Thousands of Twitter accounts have so far posted messages exploiting the flaw including the wife of the United Kingdom’s former prime minister. The malicious links look like a random URL and contain the code “onmouseover”. This command — written in a programming language called Javascript — automatically directs users to another Web site, some of which contain pornography. “There is no legitimate reason to tweet Javascript,” a researcher at security firm Sophos, told BBC News. He said that it looked like the initial vulnerability was exploited as a prank by users, but was now being spread by a worm, a self-replicating and malicious piece of code. Until the flaw is fixed, users should use a third-party Twitter client — such as TweetDeck — rather than the Web site, he advised. Source:

48. September 20, IDG News Service – (International) Germans flood Google with Street View opt-out requests. Google has received an increased number of requests from Germans who want to omit their properties from its Street View imagery program. The German publication Der Spiegel reported September 18 that the requests number several hundred thousand. “As expected, due to the wide media coverage and our own information campaign the number of letters we have received has increased in recent weeks,” according to Google. “Our first priority is to verify and process all the genuine applications. At this stage it is therefore not possible to give an accurate number of opt-outs.” In August, Google launched a special program for Germans that allowed people in certain cities to request their properties be blocked from appearing on Street View, due to go live in 20 cities later this year. People can use an online tool or write an e-mail or letter. Google extended the program from September 15 to October 15. People in other countries can request that their properties be blocked from Street View, but that action is taken after the images have publicly appeared in Street View. The increased attention to Street View comes as Google and other online companies attended a high-level summit in Berlin September 20, concerning privacy issues such as geo-location services, online mapping and data protection issues. Source:

49. September 20, Help Net Security – (International) Fake ‘universal’ iPhone jailbreaking exploit contains Trojan. When Apple released iOS 4.0.2 which, among other things, patched the vulnerabilities that allowed iPhone owners to jailbreak their device, these users were faced with the question “To upgrade or not to upgrade?” But, buyers of iPhones with iOS 4.0.2 or 4.1 already preinstalled didn’t have that choice — and they still don’t. And even though a hacker announced he was working on an exploit that will change this and will allow users to jailbreak any existing or future iPhone or iPad (regardless of the iOS version), this exploit has yet to see the light of day. Aware that the jaibreaking community is eagerly waiting for the solution to come out, miscreants thought of trying to use the hype to push some of their malicious wares. According to a Kaspersky Lab expert, the awaited exploit will be called “Greenpois0n,” so they named the .rar archive that contains the information-stealing Trojan greenpois0n_By pOsixninja and made it available for download on popular torrent sites. Web sites selling fake tools that can supposedly jailbreak any iPhone with any iOS have also appeared. Selling these tools for a price that goes up to $40, they are also trying to capitalize on the users’ lack of patience. Source:

50. September 19, PC Advisor – (International) Facebook ‘clickjacking’ awareness campaign launched. Security firm AVG has launched an online campaign to help

university students combat Facebook status jacking. According to AVG, students are the group most at risk of having their status jacked on social networking sites such as Facebook. The security firm’s claims are backed up by figures from Ofcom, which revealed that just 15 percent of Web users aged 16 to 24 take Internet security seriously. Furthermore, just 9 percent are concerned about security. Research by AVG revealed there are 19,491 malicious pages across the world’s 50 most popular social-networking sites. More than half, 11,701, of these appeared on Facebook, while video-sharing site YouTube has 7,163 of the compromised pages. AVG hopes to educate students about the dangers of going onto social networks using unprotected connections, and of the need to always log out of sites properly. Two videos about status jacking, featuring a comedienne and offering advice on securing social media profiles, are among the materials that will be released over the course of the campaign. Source:

For another story, see item 20 above in the Banking and Finance Sector

Communications Sector

51. September 21, Milford Daily News – (Massachusetts) Two copper thefts investigated in Milford. Police are investigating the thefts of copper from a Pine Street church and a Verizon substation in Milford, Massachusetts, sometime September 19. The police chief said someone stole $1,800 worth of the metal from the First Unitarian Universalist Church at 23 Pine St. An officer responded to the church at 12:20 p.m. September 20, when a church employee told him a copper downspout was removed from the back of the building. In his report, the officer said the copper was about 16 feet long. The employee said he noticed September 19 a different downspout had been tampered with, but not taken. Older buildings are targets for such theft. Another officer responded to the Verizon tower at 2:27 p.m. September 20 after an employee called police to report the theft. The employee said somebody cut the lock to the gate door and entered the facility sometime during the week of September 13. He said employees have reported five or six different incidents of theft over the last few weeks, and that police are looking for trucks that might be leaving the tower area. The investigation remains open. Source:

52. September 20, Milwaukee Journal Sentinel – (Wisconsin) Milwaukee area cable service restored after outage. Time Warner Cable customers in the greater Milwaukee, Wisconsin, area were without cable television service September 20 after a fiber cable was accidentally cut, a Time Warner Cable spokeswoman said. The outage began at 10:30 a.m. but was repaired just after noon. The cable was cut by a third party, she said, possibly by a construction company. The area affected went as far north as Mequon and as far south as Oak Creek and west into Waukesha County, Wisconsin. The affected area represented half of the Time Warner Cable customers in the state, though the spokeswoman did not say how many households were affected. While cable television service was out, telephone and Road Runner Internet service were not affected. Source:

53. September 20, InformationWeek – (National) NIST research could boost mobile device security. Particle physics could be the key to creating a new generation of wireless technology that would be more secure and resistant to interference than current methods, according to the National Institutes of Standards and Technology (NIST). The research could pave the way for federal agencies like the U.S. military to create wireless devices with signals that would be difficult for enemies to intercept or scramble. If NIST research and analysis is correct, it may be possible to create an oscillator that could leverage the spin of electrons to generate microwaves for use in mobile devices. The effect of this process could be used to create a cell-phone oscillator that enables the frequency of the devices to be changed very quickly. This would make the signals from the devices very hard for enemies to intercept or jam, making them optimal for use by the military or other defense or intelligence agencies, according to NIST. Source:

54. September 20, Washington Post – (National) Schools could get an Internet speed boost under FCC proposal. The Federal Communications Commission (FCC) is set to reform an annual $2 billion E-Rate fund, aimed to bring faster and more affordable Internet connections to schools and libraries. The program has doled out more than $22 billion since it was launched in 1998, helping to bring Internet connections to nearly all classrooms in America. But the connections have been slow and costly, and the Government Accountabilty Office said in 2009 the FCC had not set clear goals for E-Rate. In an order set for a vote September 23, the FCC chairman will propose that schools and libraries tap into unused fiber networks in towns and cities. Known as “dark fiber,” those unused lines can help lift average connection speeds inside and outside classrooms. Source: