Wednesday, November 3, 2010

Complete DHS Daily Report for November 3, 2010

Daily Report

Top Stories

• According to the Washington Examiner, police are investigating a report of shots fired into a Coast Guard recruiting station in Woodbridge, Virginia, the fifth overnight shooting at a Northern Virginia military facility since October 17. (See item 30)

30. November 2, Washington Examiner – (Virginia) Shots fired at Coast Guard recruiting station in Woodbridge. Police are investigating a report of shots fired into a Coast Guard recruiting station in Woodbridge, Virginia, the fifth overnight shooting at a Northern Virginia military facility since October 17. The shots were discovered early November 2, said a Prince William County police spokeswoman. No one was injured, she said. The recruiting station is near the Potomac Mills mall. Police and the FBI are probing four other similar shootings — two at the National Museum of the Marine Corps, one at the Pentagon, and one at a Chantilly Marine Corps recruiting station. The same weapon was used in at least three of those shootings, and FBI officials said they believe the gunman is someone who has a grievance against the Marines, but who is not trying to hurt anyone. Source:

• KIRO 7 Seattle reports that local officials and the U.S. Army Corps of Engineers said the aging levees along the Skagit River in Washington could fail this winter, putting north Mount Vernon under water. (See item 49)

49. November 1, KIRO 7 Seattle – (Washington) Aging Skagit River levee could fail, Army Corps says. The aging levees along the Skagit River in Washington could fail this winter, putting an area of the county in northern Mount Vernon under water, said local officials and the U.S. Army Corps of Engineers. The Corps said it has identified 35 weak points along the levee since 2006 and fixed 32 of those points. The rest will be repaired next summer. The Skagit River tore away several sections of the levee during a severe flood in 2006. Now, a 60-foot gap is a weak point that could fail if the river rises above 28 feet, considered flood stage, the Corps said. In the meantime, the Corps has created an emergency response plan. Source:


Banking and Finance Sector

12. November 2, Associated Press – (Pennsylvania) Pa. robbery suspect caught ‘red-handed’ due to dye. The FBI saiid a southwestern Pennsylvania bank robbery suspect has been caught “red-handed.” The 50-year-old suspect, of Charleroi, is in jail after police and the FBI said he robbed a Citizens Bank branch a few doors down from his apartment. Witnesses said a dye pack hidden in the money he stole exploded in his hands, creating a red cloud that led authorities to his home. Authorities searched the suspect’s apartment above a thrift and used furniture shop November 1 after the heist. Source:

13. November 2, NBC San Diego – (California) Robbery suspect claimed to be ‘That Bandit’. A North County man accused of holding up two banks and a medical facility at gunpoint claimed to be the robbery suspect known as the “Geezer Bandit”, according to police. However, FBI investigators said the suspect has been identified as as a 58-year-old and is not believed to be the Geezer Bandit, wanted for 11 robberies around San Diego County over the last year. It is unclear why the suspect claimed to be the Geezer Bandit, agents said. Witnesses told police that a man walked into the bank on Vista Way shortly before 3:30 p.m. November 1 and demanded money from a teller. “Teller gave him an undisclosed amount of money, after he exposed a firearm, a handgun in his waistband,” said an Oceanside Police spokesman. Police said the suspect told the teller he was “that bandit” according to a Carlsbad police report. Police got a break when a witness wrote down the license plate number of the PT Cruiser the suspect was seen driving away from the bank. Source:

14. November 2, KITV 4 Honolulu – (Hawaii; Texas) Local credit card scam also affects Houston business. A telephone credit card scam targeting people in Hawaii caused some collateral damage to a business thousands of miles away in Texas November 1. Over the weekend, Oahu residents complained about phone calls they received claiming their banks were having problems with their security systems. In order to keep their credit cards active, a message left on their phones said they would have to report their credit card numbers. Arya Limousine service in Houston, Texas, was also targeted by the scam. Source:

15. November 2, Quincy Patriot Ledger – (Massachusetts) Weymouth bank robbery looks familiar to police. Police believe the same man is behind two bank robberies in Columbian Square in Weymouth, Massachusetts, that occurred within 9 days of each other. A man holding a tissue or handkerchief over his face entered the Sovereign Bank at 51 Pleasant St. just after 2 p.m. November 1 and handed a teller a note demanding money, police said. The man did not show a weapon. On October 23, a man who robbed the Hingham Institute for Savings at 32 Pleasant St. also used a handkerchief or tissue to cover his face when he announced he was robbing the bank and and demanded $100, $50 and $20 bills, police said. Both times, the robber was described as a white male, about 6 feet tall, wearing a hooded sweatshirt and blue jeans. “If you compare notes, it’s pretty obvious it’s the same person,” said a detective. “We’re reviewing surveillance tapes from other businesses hoping to get a better look at him.” Source:

16. October 29, WSYR 9 Syracuse – (New York) Civic Center credit card breach may be a computer hack. Investigators believe scammers used either a skimming device or a computer hack to steal credit and debit card information from victims that had used their cards at the Onondaga County Civic Center in Syracuse, New York. Police have now heard from more than 60 victims. So far, Syracuse Police said most of the victims have reported using their credit or debit card in the basement at the cafeteria of the civic center. One of those victims said his bank called him a few days ago to check on some irregular charges made at the Long Island Rail Road. “The bank had paid five to six transactions, almost $800,” he said. While police are not sure which method the scammers used to get the card information, they said it appears they have had the information for about 8 to 10 months and only recently started using it. Although investigators believe it has been narrowed down to the civic center, they want anyone who has used a card at the Oncenter or War Memorial to also check their statements. Source:

Information Technology

38. November 2, Latin American Herald Tribune – (International) Hacker attacks Peruvian National Police web site, taunts cops. A hacker attacked the Peruvian National Police Web site and challenged the law enforcement agency to catch him “if you can.” The cyber attack occurred October 31 and was mounted by a hacker who identified himself as “Jardha” and said he was from the southern city of Arequipa, located about 745 miles from Lima. “Catch me if you can,” the hacker said in a message posted on the police Web site. The hacker, who said he found a weakness in the Web site’s security, left some e-mail addresses to taunt police. The national police did not comment on the incident, but the Web site was back up later in the day October 31. Source:

39. November 2, International Business Times – (International) Computer scientist creates new way to combat hacking. In the fight against malicious hackers, a Virginia Polytechnic Institute and State University (Virginia Tech) professor said she has created a new weapon to fend off malware. The assistant professor of computer science said she has developed a framework to combat “spoofing attacks.” A spoofing attack is when organized botnets — groups of computers that are controlled by malicious software — run by hackers, are able to penetrate someone’s computer and steal their identity. These attack bots are able to do this by emulating a user’s keystroke sequences. The assistant professor holds a patent on her human-behavior-driven malware detection technology. The professor and her colleague, now a graduate student in the computer science department at Stanford University, have developed a system to combat these attacks. Called “Telling Human and Bot Apart” (TUBA), it is able to differentiate when the bot and human are typing. It is based on a remote biometrics system. It also uses a cryptographic mechanism that prevents the bot from pretending to be human. Source:

40. November 1, DarkReading – (International) Researchers to demonstrate new attack that exploits HTTP. A flaw in the HTTP protocol leaves the door open for attackers to wage a new form of distributed denial-of-service (DDoS) attack that floods Web servers with very slow HTTP “POST” traffic. Researchers at the upcoming OWASP 2010 Application Security Conference will demonstrate the new attack, showing how online gaming could be used as a way to recruit bots in an “agentless” botnet that executes the attack. The bot does the bidding of the botnet without getting infected with bot malware. The researcher who first discovered the attack in 2009 with a team of researchers in Singapore, said HTTP is “broken” and leaves all Web-based servers or systems with a Web interface vulnerable to this form of attack. “This talk is very sensitive and should be highlighted for U.S. critical infrastructure,” the researcher said of his upcoming presentation. “If it has a Web interface, we can knock it down [with this attack]: think SSL VPN and other critical systems accessed with a Web browser that you need to connect to by posting information.” It could be used to take down any HTTP or HTTP-S service — including some supervisory control and data acquisition (SCADA) systems. “Internal clients can be exploited to launch the slow HTTP POST attacks to the SCADA systems via authorized HTTP connections and from authorized clients,” he said. “One does not need millions of connections to bring down a Web server.” Source:

41. November 1, DarkReading – (International) The 10 most common database vulnerabilities. Protecting databases is hardly an easy task, but it is often the attacks that go after the simplest vulnerabilities that are most successful. Enterprises that stick to the basics will generate the most bang for their database security bucks. According to the manager of AppSec’s Team SHATTER (Security Heuristics of Application Testing Technology for Enterprise Research), his team has found 10 common database vulnerabilities that keep plaguing organizations. The common thread is databases rarely ship security-ready, and their configuration is not a fire-and-forget operation for database administrators. Organizations must continually assess packages to determine if they are really necessary and disable those they do not need to reduce attack surfaces. They need to be vigilant about keeping on the lookout for default or weak log-in credentials. They have to put sound privilege and authentication practices into play. And most important, they need to patch regularly. About half of the vulnerabilities named by Team SHATTER are directly or indirectly related to lax patch management practices within the database environment. That is a scary thought considering only 38 percent of administrators patch their Oracle databases within the initial 3-month patch cycle. And almost a third take a1year or more to patch. Source:

Communications Sector

42. November 2, Sky News – (International) Hacker beats 2G and 3G encryption. Using a simple computer, a home-built transmitter and receiver, plus some readily available software, a developer was able to develop a system whereby he could monitor any conversation using 2G or 3G technology. In the early 1990s came the second generation (2G), which switched from analog to digital transmission, signaling a massive rise in phone usage. The switch to digital also meant that conversations could not be monitored by third parties, due to encryption. Hackers and ham radio enthusiasts had been trying ever since 2G emerged to beat the encryption and now after much experimental work, this developer has managed to crack the system using a device that cost him around 1,000 pounds. Source:

43. November 2, WMUR 9 Manchester – (National) Massive amount of political calls jam Comcast system. Telecommunications company Comcast said massive numbers of automatically dialed political telephone calls that caused service problems in New England have dropped off sharply. A Comcast spokesman in Philadelphia said the volume of calls dropped precipitously starting at about 8:30 p.m., November 1, easing the service problems. He said only the New Hampshire area and perhaps parts of Massachusetts appeared to have been affected. Another Comcast spokesman said the company experienced severe call volumes on its phone network due to an increase in inbound political phone calls. He said in a statement November 1 that Comcast believed that other phone carriers in New Hampshire and Massachusetts experienced similar issues. The Philadelphia-based company said congestion resulting from the calls November 1 forced it to reroute phone traffic. The outages came as political campaigns hit the phones to woo voters before November 2 midterm elections. About a dozen campaign headquarters across New Hampshire said that their landlines went down at about 1:30 p.m. November 1, while both parties were trying to reach out to more than 100,000 Granite State voters. Source: