Tuesday, October 26, 2010

Complete DHS Daily Report for October 26, 2010

Daily Report

Top Stories

• KSLA 12 reports that on October 23, 3 million gallons of sewage spilled into Champion Lake in Shreveport, Louisiana, the second such big leak in 3 months. (See item 36)

36. October 23, KSLA 12 Shreveport – (Louisiana) Leak spills 3 million gallons of sewage into Shreveport lake. On October 23, 3 million gallons of sewage spilled into Champion Lake in Shreveport, Louisiana. In July, the city had to fix a leak only about 50 feet away from the October 23 leak. Officials said both leaks are symptoms of a greater problem. “Some of these pipes in the system, particularly around the older parts of the city, are 80 years old, and are well past their life expectancy. The infrastructure is starting to crumble,” said a city engineer. It will take money to fix the problem, but the city does not have it. City engineers said the two recent breaks near Champion Lake were not hazardous to the general public because Champion Lake is privately owned. However, they are concerned about the leaks happening in more heavily populated areas or near a public body of water. Source: http://www.ksla.com/Global/story.asp?S=13376520

• According to IDG News Service, the Iranian Cyber Army group of malicious hackers has been running a for-rent botnet since August that has infected as many as 20 million personal computers. See item 49 below in the Information Technology Sector


Banking and Finance Sector

19. October 23, Bay Area Citizen – (California) San Jacinto College warns of financial aid scam. The financial aid department at San Jacinto College in the Houston, Texas is warning students and the community of a potential financial aid scam. Individuals claiming to represent College Financial Advisory have contacted San Jacinto students by mail to offer financial aid. Students and parents are asked to complete a Student Aid Profile Form and pay a processing fee to receive help. “There is no fee to receive information about financial assistance at San Jacinto,” said the college’s financial aid services director. “We urge students and parents not to offer personal information, including any financial background information, to anyone making these claims.” Last year, people claiming to represent the U.S. Education Department contacted San Jacinto students to offer scholarships and grants. The callers asked for a bank or credit card number, saying the information would be used for a $249 processing fee, but the call was fake. San Jacinto students or parents who believe they may have received a scam financial aid letter are encouraged to report the incident to 1-800-MIS-USED, or via e-mail at oig.hotline@ed.gov. Telltale signs of fraud can be found on the Federal Trade Commission’s Web site under “scholarship scams.” Source: http://www.hcnonline.com/articles/2010/10/23/bay_area_citizen/news/10financial_scam28.txt

20. October 22, njtoday.net – (New Jersey) Sewaren man charged in $7 million dollar mortgage fraud scheme. A former mortgage broker and his purported co-conspirator in a mortgage fraud scheme were arrested October 21 on a criminal complaint which alleges they conspired to defraud various mortgage lenders of more than $7 million by conducting at least 50 fraudulent real estate transactions involving residential properties in New Jersey, the U.S. Attorney announced. The two suspects were arrested by special agents of the FBI and the U.S. Secret Service on charges of conspiracy to commit wire fraud. The first suspect was arrested October 21 at his home. The second suspect, who awaits sentencing after pleading guilty to conspiracy to commit wire fraud in an unrelated scheme, was arrested when he reported to pretrial services concerning that case. Source: http://njtoday.net/2010/10/22/sewaren-man-charged-in-7-million-dollar-mortgage-fraud-scheme/

21. October 22, Orlando Sentinel – (Florida) FDLE: ‘Ring leader’ in credit union fraud scheme arrested. An Orlando, Florida woman described as the ringleader in a scheme to defraud credit unions has been arrested, the Florida Department of Law Enforcement (FDLE) said October 22. The 41-year-old woman was arrested October 21 on charges of organized scheme to defraud, grand theft and petty theft, the FDLE said. She had been sought on those charges since March and is the 39th person arrested in the scheme. After the FDLE received a complaint from a local credit union, its investigation revealed that the suspect recruited accomplices and provided them a small amount of money to open accounts at a local credit union. When those people received ATM cards in the mail, they sold the cards and corresponding PIN numbers to the suspect, the FDLE said. The woman would then deposit fraudulent checks, via the ATM, into the recently opened accounts and then immediately make a withdrawal, the investigation showed. Once the deposited checks failed to clear, a representative from the credit union would call the account holder, who would claim the ATM card was stolen and that they had no knowledge of the deposit or withdrawal. During the investigation, FDLE determined that 28 of the 42 people charged are currently receiving public assistance benefits. FDLE’s public assistance fraud investigators are actively investigating potential violations, and are in contact with the United States Department of Agriculture and the Department of Children and Families for review and possible revocation of benefits. Source: http://articles.orlandosentinel.com/2010-10-22/news/os-orlando-fraud-arrest-20101022_1_ring-leader-brandon-demps-central-florida-credit

22. October 19, Monsters and Critics – (International) G20 finance ministers meet amid currency war threat. The world’s top finance officials will meet during the week of October 25-29 in the South Korean city of Gwangju amid fears about a so-called currency war between the world’s financial superpowers. The 2-day gathering of the Group of 20 (G20) finance ministers and central bankers, which starts October 29, is meant to help set the agenda for next month’s summit of G20 leaders in Seoul. But concerns about a ramped-up conflict over currency rates is threatening to cast a shadow over the meeting. “It all seems to be about exchange rates and banking rules,” said the Societe Generale chief European economist who believes the real risk facing the meeting is that it might fail to ease the tensions gripping global foreign exchange (forex) markets. Some experts fear a further escalation in forex rhetoric could derail the Gwangju meeting, which is supposed to focus on a proposed overhaul of the international financial system — including talks on a financial-market transaction tax and tough new bank capital rules. The tensions that have taken hold in forex markets follow the push by countries to bolster their national economic performances by weakening their currencies. Source: http://www.monstersandcritics.com/news/business/news/article_1592566.php/PREVIEW-G20-finance-ministers-meet-amid-currency-war-threat

Information Technology

49. October 25, IDG News Service – (International) Iranian Cyber Army running botnets, researchers say. A group of malicious hackers who attacked Twitter and the Chinese search engine Baidu are also apparently running a for-rent botnet, according to new research. The so-called Iranian Cyber Army also took credit last month for an attack on TechCrunch’s European Web site. In that incident, the group installed a page on TechCrunch’s site that redirected visitors to a server that bombarded their PCs with exploits in an attempt to install malicious software. Researchers with a security startup called Seculert have traced the malicious server behind those attacks and found evidence the Iranian Cyber Army may be running a botnet. They found an administration interface where people who want to rent the botnet can describe the machines they would like to infect and upload their own malware for distribution, the CTO and co-founder of Seculert said. The company runs a cloud-based service that alerts customers to new malware, exploits and other cyber threats. There are many computer crime gangs that create botnets, or networks of compromised computers, that can then be rented to other players in the cybercrime industry, such as spammers. The CTO said Seculert was able to see the administration panel as it was left unprotected. His company has since notified the provider where the page is hosted and contacted law enforcement. The statistics page showed that as many as 14,000 PCs were being infected per hour. Since the server has been active since August 2010, Seculert estimates it may have successfully infected as many as 20 million PCs. Source: http://www.computerworld.com/s/article/9192800/Iranian_Cyber_Army_running_botnets_researchers_say

50. October 25, IDG News Service – (National) Zeus hackers may target corporate data. Criminals who use Zeus malware may be working on a new angle: corporate espionage. Zeus typically steals online banking credentials. But a computer security researcher at the University of Alabama said that the criminal groups that use Zeus have started trying to find out where their victims are employed. Sometimes the malware will pop up a fake online bank log-in screen that asks the victim for the name of his employer. He said that in online forums, hackers recently speculated that they might be able to sell access to computers associated with certain companies or government agencies. “They want to know where you work,” he said. “Your computer may be worth exploring more deeply because it may provide a gateway to the organization.” Zeus could be a powerful tool for stealing corporate secrets, because it lets the criminals remotely control victims’ computers, scan files, and capture passwords and keystrokes. With Zeus, hackers could tunnel through the victim’s computer to break into corporate systems. The researcher said the biggest threat is that Zeus could infect employees’ home PCs and laptops that are outside the corporate firewall, but have access to company data. Source: http://www.computerworld.com/s/article/352327/Zeus_Hackers_May_Harvest_Business_Info

51. October 25, The Register – (International) Firesheep flames cookie capture risks. A developer has released a Firefox extension that illustrates just how vulnerable users of open wireless networks are when they log into Web sites that rely on cookies for authentication. It is well understood that cookies sent over insecure connection can easily be captured and replayed to allow a mischief maker or hacker to log into the same Web site via a process called HTTP session hijacking (AKA sidejacking). A Firefox extension dramatically illustrates the problem. Surfers who install Firesheep can capture the credentials of anyone who happens to be using the same open network. The extension allows them, for example, to display the Facebook profile picture of a victim and the ability to then log in to a compromised account simply by double-clicking on the profile picture. The open source extension was released on Mac OS X and Windows to coincide with a talk on the subject by the developer at the Toorcon 12 security conference. He released the utility to push more Web sites into using full end-to-end encryption, known as HTTPS or SSL, for logins. “It’s extremely common for Web sites to protect a password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else,” the developer explained. Source: http://www.theregister.co.uk/2010/10/25/firesheep_cookie_capture_peril/

52. October 25, ITProPortal – (International) Linux flaws provide root access to hackers. Security experts have discovered two vulnerabilities in the Linux operating system platform that could grant attackers root privileges on an infected system. The first Linux vulnerability was reported by security firm VSR, which said the security flaw was related to the implementation of Reliable Datagram Sockets protocol (RDS) in versions 2.6.30 through 2.6.36-rc8 of the Linux kernel. According to the company, the vulnerability will allow an attacker to write arbitrary data on the kernel memory that can be used to escalate privileges to root. “The exploit leverages the ability to write into kernel memory to reset the kernel’s security operations structure and gain root privileges. The exploit requires that kernel symbol resolution is available to unprivileged users,” the company explained. The second Linux vulnerability, is related to a flaw found in the library loader of the GNU C library, which can be exploited to gain escalated root privileges. Source: http://www.portal.itproportal.com/portal/news/article/2010/10/25/linux-flaws-provide-root-access-hackers/

53. October 25, The New New Internet – (International) Leader of hacking crew m00p pleads guilty. A Scottish man has pleaded guilty to offenses originating from his involvement as the leader of an international cyber crime ring responsible for infecting computers worldwide with Trojans, according to Softpedia. In 2006, U.K. authorities arrested the suspect, following an investigation into the hacker group called m00p. Prosecutors said the suspect, who used the aliases of “warpigs” and “aobuluz,” headed the group and handled the malware distribution via spam. He used his security software company, Optom Security, as a front for the operation. When police searched his computers, they found wills, medical reports, resumes, photographs, and other sensitive documents copied from infected systems. The suspect pleaded guilty to one count of causing unauthorized modification to the content of computers. Source: http://www.thenewnewinternet.com/2010/10/25/leader-of-hacking-crew-m00p-pleads-guilty/

54. October 22, IDG News Service – (National) Google to tighten privacy policies after Wi-Fi fiasco. Under fire for months over its capture of people’s Wi-Fi traffic data, Google October 22 announced several steps aimed at preventing similar missteps in the future. At the same time, Google recognized its inadvertent Wi-Fi snooping collected not only data fragments, but also entire e-mail messages, Web site addresses, and passwords. Government agencies and legislators in the United States and abroad are investigating, and a number of users have filed privacy-breach lawsuits. Google had intended the Street View cars to only grab and store open Wi-Fi networks’ names (SSIDs) and their unique router numbers (MAC addresses) for use in Google location-based services. Due to a software glitch, the Google cars intercepted and stored Web traffic data, which initially the company had said was highly fragmented, but that it now is admitting includes the full text of e-mail messages and passwords. The steps Google announced include appointment of a new privacy director overseeing engineering and product management. Google will beef up her staff, so that more engineers and product managers are involved in privacy-protection efforts. Google also plans to boost privacy-related training and compliance, ad will implement a provision that all engineering project leaders maintain a privacy design document for each project. Source: http://www.computerworld.com/s/article/9192639/Google_to_tighten_privacy_policies_after_Wi_Fi_fiasco

Communications Sector

55. October 25, WSAZ 3 Huntington – (West Virginia) Phone outage reported in multiple West Virginia counties. On October 25, phone service was out in several counties in West Virginia. According to Metro 911, FiberNet lines were down in Kanawha, Cabell, and all other counties south of Ohio County. Anyone who uses FiberNet got a busy signal when placing a call. The amount of customers affected by the outage is unknown. FiberNet was working to find the cause. As a precaution, Metro 911 advised all FiberNet customers to use their cellphones as an alternative source of communication. FiberNet had a similar outage October 10. The state public service commission is investigating that outage. It wants to know what caused the outage that cut off communications with 911 centers and other emergency services. The Kanawha County Commission requested an investigation because the company failed to notify county agencies about that outage. FiberNet was in touch with Metro 911 about the October 25 outage. The company said as soon as they learn more about the outage, Metro 911 will be notified. Source: http://www.wsaz.com/huntington/headlines/BREAKING_NEWS__Phone_Service_Outage_Reported_in_Multiple_WVa_Counties_105675273.html

56. October 25, WHNT 19 Huntsville – (Alabama) Several reports of storm damage in DeKalb County. People in several areas of DeKalb County were cleaning up damage from severe storms that moved through October 24 and October 25. There is significant damage in Ider — several trees were down, some roads were closed, and the city’s communications tower fell. Crews put up a temporary tower to conduct business, and a command center set up at Ider Town Hall. A DeKalb County EMA spokeswoman said some buildings were damaged. She said she was waiting for the National Weather Service (NWS) to confirm if a tornado indeed hit the town. Crews were working around town with chain saws, hoping to have all roads open soon. Source: http://www.whnt.com/news/sandmountain/whnt-several-reports-of-storm-damage-dekalb-co-102510,0,4450498.story

57. October 24, Beverly Hills Courier – (California) Couple electrocuted, burned trying to steal copper wiring from electrical vault. Two children whose father was electrocuted while allegedly trying to steal copper wiring from an electrical vault in South Gate near Beverly Hills, California were in county custody, while their mother fought for her life in a burn ward. The man was killed at 4:14 p.m. October 23 when he triggered an explosion and flash fire on a vacant lot at 3064 Firestone Blvd. The woman, who was severely burned while trying to pull the man off the current, was in critical condition at Grossman Burn Center. “It was a pretty ugly scene,” a South Gate police lieutenant said. The blast at a former Liberty Cable Co. site also caused an electrical outage in the immediate area, but service was restored to most customers within a few hours. The children, 3- and 6-years-old, were found in a truck about 15 feet from where the flash fire occurred, police said. They were taken into protective custody and expected to be turned over to the county department of children and family services. Source:

58. October 22, Abilene Christian University Optimist – (Texas) Temporary power outage takes KACU off air. Power went out across campus at Abiline Christian University (ACU) and in surrounding neighborhoods at around 3:45 p.m. October 22 for about 30 minutes in Abilene, Texas, taking ACU’s Internet connection and the on-campus radio station with it. The director of physical resources, said an accident involving a car hitting a pole caused the outage. He said things were back up and they were checking to make sure it would stay that way. KACU, Abilene’s on-campus NPR station was off the air for about 2 hours because the outage caused its transmitter to stop working. The KACU general manager said the transmitter had been fluctuating, and crews worked to finally restore it. Source: http://www.acuoptimist.com/2010/10/power-outage-takes-kacu-off-air/