Friday, November 5, 2010

Complete DHS Daily Report for November 5, 2010

Daily Report

Top Stories

• The New York Times reports that the DHL Express cargo area at John F. Kennedy International Airport in Queens, New York, was briefly evacuated November 3 when a suspicious package from Yemen was discovered, authorities said. (See item 27)

27. November 3, New York Times – (New York) J.F.K. airport cargo area evacuated after package is found. A cargo area at John F. Kennedy International Airport in Queens, New York was briefly evacuated November 3 when a suspicious package from Yemen was discovered, authorities said. The package, found in a DHL Express cargo area about 5:30 p.m., contained a cellphone, officials said. The discovery prompted concern because it came 1 week after authorities foiled a plot in which two separate bombs — each containing circuit boards from cellphones — were sent from Yemen to Chicago via FedEx and U.P.S. Those packages were intercepted before reaching the United States. The discovery of the package November 3 led to the evacuation of the DHL cargo facility out of an abundance of caution, said a FBI spokesman. The package was determined safe just after 8 p.m., and workers were allowed to return. The evacuation did not affect any passenger terminals, a Port Authority spokesman said. Source:

• According to the San Antonio Express-News, a Cameron County, Texas sheriff’s deputy was arrested on bribery charges for allowing cars containing firearms to pass to Mexico as he monitored international bridge lanes for southbound stolen vehicles. (See item 48)

48. November 2, San Antonio Express-News – (International) Valley sheriff’s deputy charged with gun smuggling. A Cameron County, Texas sheriff’s deputy was arrested on charges he took bribes to allow cars containing firearms to pass to Mexico as he monitored international bridge lanes for southbound stolen vehicles. The 31-year-old Brownsville, Texas resident was arrested on a federal warrant November 1. A complaint unsealed in federal court alleges the man accepted payments from an undercover federal agent in exchange for allowing vehicles he knew contained guns through his checkpoint. The deputy was part of a joint local-federal operation aimed at preventing contraband and stolen goods from entering Mexico. He was being detained pending a bond hearing set for November 3. The vehicles were intercepted and the weapons recovered before entering Mexico, federal prosecutors said. Source:

For another story, see item 61 below in the Communications Sector


Banking and Finance Sector

18. November 4, WCMH 4 Columbus – (Ohio) Suspect arrested 2 days after Hilliard Bank robbery. A suspect was arrested November 3 after a November 1 bank robbery in Hilliard, Ohio. Columbus police arrested the 38-year-old of Columbus late November 3, according to the FBI. The suspect was charged with robbery in connection with the Key Bank robbery on Hilliard Rome Road. A male suspect entered the Key Bank at about 2:55 p.m. He passed a note to a teller that said he was robbing the bank and wanted cash, according to the FBI. The teller complied and gave the man money from her drawer. She did not see a weapon. The suspect took the money and fled the bank, the FBI said. It was Central Ohio’s 39th bank robbery of 2010 — compared to 33 at the same time in 2009. Source:

19. November 4, WOOD 8 Grand Rapids – (Michigan) Police: Alleged serial robber confessed. A man suspected of a series of armed robberies in Grand Rapids and Kentwood, Michigan, surrendered and was arrested November 4, police said. The 28-year-old admitted to robbing a Huntington Bank branch on Wealthy Street SE and committing other armed robberies, a Grand Rapids police investigator said. According to a news release, the suspect was arrested by the Grand Rapids FBI Fugitive Task Force. Officers executed a number of search warrants in the case, the GRPD investigator said, including one at a home not far from the bank. Grand Rapids and Kentwood police, along with Kent County sheriff’s investigators, will contact prosecutors to seek charges, the release stated. And the FBI will seek federal bank robbery charges. Investigators said they were already looking at connections among four October armed robberies when the Wealthy Street bank robbery happened. Three of those earlier robberies were at Grand Rapids gas stations. Another was at a Kentwood party store. Source:

20. November 3, Easy Reader – (California; Montana; New York) Bank robber nabbed after nationwide spree. Police in California arrested a man suspected of robbing a downtown Manhattan Beach bank in October, after he allegedly robbed a bank in Missoula, Montana 1 week later, according to authorities. The 64-year-old is also suspected of robbing a bank in New York — where he was dubbed the “Santa Clause bandit” due to a white beard — 3 days before the Manhattan Beach robbery, said a Manhattan Beach Police detective. “He does New York, then comes to Manhattan, then does Missoula,” the police detective said. “He used the same [method of operation] with a note each time.” The suspect allegedly entered the Chase Bank in downtown Manhattan Beach October 18 and passed a note to a teller that demanded money and claimed he had a gun. He was wearing a green New York Jets jersey with “Sanchez” written on the back, police said. The bank’s surveillance camera picked up an image of the suspect, who fled on foot. Source:

For another story, see item 54 below in the Information Technology Sector

Information Technology

49. November 4, – (International) Malware writers step up AutoRun attacks. Anti-virus firm Avast Software has warned of a growing risk to enterprise systems from infected USB devices targeting the AutoRun feature in Windows. The company said one in eight of the 700,000 attacks recorded by the firm’s CommunityIQ system came from USB devices. “The threat of USB-distributed malware is much more widespread than just the Stuxnet attacks on enterprise computers, which were also spread via infected memory sticks,” said an Avast Virus Lab analyst. “Cyber criminals are taking advantage of people’s natural inclination to share with their friends, and the growing memory capacity of USB devices. Put these two factors together and we have an interesting scenario.” Once infected with a generic USB worm, detected by Avast as ‘INF:AutoRun-gen2 [Wrm]’, an executable file is started which then allows a wide variety of malware to copy itself into the core of Windows. The malware then replicates each time the computer is started. “This danger is poised to increase with the introduction of the new USB 3 standard,” he said. Source:

50. November 4, SC Magazine UK – (International) Zero-day flaw affects three versions of Internet Explorer, as Microsoft warns of activity in the wild. Microsoft has issued an advisory about a zero-day flaw in three versions of Internet Explorer. It said the vulnerability is present in versions 6,7 and 8 of Explorer and could allow remote code execution. It is currently investigating public reports around it. Microsoft said the vulnerability exists due to an invalid flag reference within Internet Explorer, and under certain conditions it is possible for the invalid flag reference to be accessed after an object is deleted. In a Web-based attack scenario, an attacker could host a Web site that contains a Web page, which is used to exploit this vulnerability and in addition, compromised Web sites and ones that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. The CTO of Qualys, said: “Data Execution Prevention (DEP), a security feature first implemented in 2005, currently prevents the exploit from executing successfully. IE8 users have DEP enabled by default and are protected and according to Microsoft, only a single Web site was found to host the exploit, but others are soon expected. Upgrading to IE8 with DEP is highly recommended.” Source:

51. November 4, Computerworld – (International) U.S. says China building ‘entirely indigenous’ supercomputer. China may be no more than 1 year away from developing a supercomputer built entirely from its own technology, a big step toward freeing itself of Western technology. This is the view of some research and industry experts in the United States, but most notably the undersecretary for science at the U.S. Department of Energy (DOE), who said China is now working on petaflop-class supercomputer “using entirely indigenous components that is expected to be complete within the next 12 to 18 months.” Explaining how the 12-to-18 month estimate was made, an advisor in the undersecretary’s office told Computerworld it was a collective assessment based on data coming from China and Chinese researchers and visits to China by several people. A professor of computer science at University of Tennessee and a distinguished research staff member at Oak Ridge National Laboratory, made a similar prediction, and cited China’s work on microprocessors, which include chips based on MIPS architecture, and the Loongson or Godson processor. Source:

52. November 4, Computerworld – (International) PC typing errors can help guard against intruders. Japan’s NTT Communications has developed a computer security system that analyzes the way a computer user types, and then checks it against a profile of authorized users to detect if the person at the keyboard is an imposter. The system, called Key Touch Pass, records the speed at which a user is typing, the length of time they typically hold down each key and the errors they normally make. Every few hundred characters it checks this against a profile of the user that is supposedly logged in to the computer. If the two differ by more than a predetermined threshold, the system concludes the computer’s user isn’t who it should be. NTT Communications anticipates the system could have uses beyond security and has already conducted trials with e-learning networks. Distance learning systems rely on the honesty of users, especially when taking online tests. The company is also eyeing potential use in the online banking field. During a demonstration of the system, which works in both Japanese and English, it was able to detect an imposter after several lines of text had been typed. Source:

53. November 4, The New New Internet – (Florida) Former IT manager sent to prison for hacking employer. A former IT manager for a law firm in Tampa, Florida, has been sentenced to 18 months in prison for committing computer intrusions causing damage of at least $120,000. The court also ordered the convict to pay restitution of $120,000 to Consuegra Law Firm. He will also be placed on supervised release for 3 years after completing his sentence. The convict pleaded guilty to the charge August 19. According to court documents, CLF fired him August 13, 2009, for deleting files off a computer belonging to the human resources manager. The deletions happened after the convict had been counseled by his managers for unacceptable behavior. On at least four different occasions, he accessed CFL’s computers by unauthorized means and destroyed and deleted data on the company servers. He also disabled operating systems and deleted CFL’s e-mail accounts and other records. FBI agents interviewed the convict November 24, 2009, and after first denying any involvement, he admitted to accessing an open wireless network from his home using his computer to access the CLF computer servers. Source:

54. November 4, EUobserver – (International) OECD computers hacked as EU conducts cyber-games. The Organisation for Economic Cooperation and Development (OECD, the Paris-based club of the world’s 33 richest countries, has been successfully hacked by people looking for sensitive information on money laundering, high-level corruption and tax evasion. An OECD spokesman told EUobserver November 4 the body first detected “unusual” activity in its IT network in August 2010, and is still battling to get malware out of its computers 3 months later despite calling in help from the French security services and private cyber-defense firms. The spokesman said the malware appears to have gotten in via a USB memory stick and that the attacks are coming from “different geographical areas, quite a few points in Asia.” He was unable to say if the assault involves a government or a private entity. The OECD’s members include 20 EU countries, as well as the United States, Canada, Israel, Japan, Switzerland, and Turkey. Source:

55. November 4, Agence France-Presse – (International) Europe tests cyber defenses against hackers. European computer guards battled November 4 against a simulated attempt by hackers to bring down critical Internet services in the first pan-continental test of cyber defenses. All 27 of the European Union’s member nations as well as Iceland, Norway, and Switzerland took part in the simulation as participants or observers, working together against the fictitious online assault, the European Commission said. The exercise was based on a scenario in which one country after the other increasingly suffered problems accessing the Internet, making it difficult for citizens, businesses, and public institutions to access essential services. Security experts had to work together to prevent a simulated “total network crash,” said a commission spokesman for digital affairs. The European exercise will be followed by more tests with more complex scenarios on the global level, the EU’s executive arm said. The EU hopes the exercise will help the bloc understand how such an incident can take place and ensure that authorities know who to contact in other members states in any cyber strikes, the commission said. Source:

56. November 3, Softpedia – (National) Anonymous attacks the United States Copyright Office. After hitting during the weekend of October 30 and 31, Anonymous members have turned their attention towards the U.S. Copyright Office and are coordinating a distributed denial of service (DDoS) attack against its Web site. On September 28, Anonymous began a DDoS campaign dubbed Operation Payback against the entertainment industry and anti-piracy organizations. It started after an Indian company called Aiplex Software openly admitted to attacking Torrent sites that failed to respond to takedown notifications sent on behalf of movie studios. So far, the group’s targets have included music and film industry associations, law firms involved in copyright litigation, record labels and even artists, who were vocal against Internet piracy. It was not immediately clear if there is any specific reason why has become the main target, except for the organization’s mission to protect copyrights. Source:

57. November 3, The Register – (International) DDoS attacks take out Asian nation. Myanmar was severed from the Internet November 2 following more than 10 days of distributed denial of service (DDoS) attacks that culminated in a massive data flood that overwhelmed the Southeast Asian country’s infrastructure, a researcher said. The DDoS assault directed as much as 15 Gbps of junk data to Myanmar’s main internet provider, more than 15 times bigger than the 2007 attack that brought some official Estonian Web sites to their knees, said a researcher at Arbor Networks. It was evenly distributed throughout Myanmar’s 20 or so providers and included multiple variations, including TCP SYN, and RST. “While DDoS against e-commerce and commercial sites are common (hundreds per day), large-scale geo-politically motivated attacks — especially ones targeting an entire country — remain rare with a few notable exceptions,” he wrote, referring to the Georgia attacks, which coincided with the country’s armed conflict with Russia. “At 10-15 Gbps, the Myanmar [DDoS attack] is also significantly larger than the 2007 Georgia (814 Mbps) and Estonia DDoS.” Source:

58. November 3, DarkReading – (International) Zeus attackers deploy honeypot against researchers, competitors. Attackers turned the tables on competitors and researchers investigating a recent Zeus attack, which targeted quarterly federal taxpayers who file electronically, by feeding them a phony administrative panel with fake statistics. The massive and relatively sophisticated spam campaign in October posed as e-mail alerts to victims, notifying them their electronic federal tax payments had failed and sending them to a link that infects the victim with the Zeus Trojan and sends victims to the legitimate Treasury Department Web site,, for filing quarterly taxes. A researcher with The Last Line of Defense, discovered attackers had set up a ruse for those trying to hack or access its administrative interface for the malware after studying the back-end malware server used in the attack. The purpose appeared to be to provide false data. He said the toolkit used in the attack came with an administrative interface that acts as a hacker’s honeypot of sorts, gathering intelligence about the researchers or other users who try to access the console login or hack into it. Most exploit toolkits come with an admin interface that manages exploits and payloads, and tracks exploit success rates, but this fake one was a new twist, the researcher said. “It had a directory called ‘fake admin’ where they stored the logs of all of the IP addresses of people who tried the console and tried to access it,” he said. Source:

Communications Sector

59. November 4, – (Florida) FCC fines a licensee $25,000 for an absentee LMA in Florida. Rama Communications leases Orlando, Florida-area WRHB, Leesburg (1410) out to Heartbeat Radio, which is permitted under Federal Communications Commission (FCC) rules. But when FCC agents responded to a complaint and visited the main studio and transmitter location September 3, 2009, they found that “no managerial or staff personnel employed by Rama were present.” The rules require the licensee to have a full-time presence. The FCC uncovered other problems: missing Issues/Programs lists in the public inspection file, and no copy of the time brokerage agreement available for inspection. It appeared that Rama soon hired someone to work at the station, who greeted the agents on a followup visit in October. The result is a $25,000 fine. Source:

60. November 4, WOWK 13 Huntington – (West Virginia) Copper thieves strike again. Copper thieves struck again in Kanawha County, West Virginia cutting off phone service to many residents in the Sissonville and Pocatalico areas November 3. The phone lines belong to Frontier Communications. Service was restored late in the evening. Crews from the telecommunications company were in the area repairing the damage for most of the day. A Frontier spokesman said this is the third time since October 28 that thieves have struck the area stealing cable. Source:

61. November 4, Press of Atlantic City – (New Jersey) Avalon, Stone Harbor officials angered by days-long Verizon land-line problems. Widespread Verizon land-line telephone problems in Stone Harbor and Avalon, New Jersey the week of November 1 hampered businesses and riled municipal officials. Verizon said it fixed the problems November 3, apologized, and promised to investigate whether changes need to be made to prevent future problems. Both towns reported numerous cases of phone calls that did not go through or were dead on the other end starting November 1 or earlier. The issues affected residents, both borough halls, and both police departments’ nonemergency numbers. Verizon said the problem was related to equipment that routes voice traffic and was fixed November 3. A Verizon spokesman said the problem originated in the Avalon Central Office Facility, which houses telephone equipment and routes call traffic across the network. The issue involved equipment that routes voice traffic, he said. Source:

62. November 4, Sydney Morning Herald – (International) PayPal patches hacker hole in iPhone application. PayPal has rushed out a patch for a flaw in its iPhone application that could let hackers access accounts at the online financial transactions service, The Wall Street Journal has reported. The flaw only affected people that used PayPal applications on iPhones connected to the Internet through unsecured Wi-Fi networks, according to the Journal. A hacker would have needed to intercept PayPal transaction data by using commonly available gear to get between an iPhone and the Wi-Fi hotspot. PayPal told the Journal it knew of no accounts compromised by the flaw, which was fixed November 3. Source:

63. November 3, TMCnet – (National) Google voice working again after hours of downtime. On November 2 , Tech Crunch reported that Google Voice was experiencing major issues. Apparently, people who use the telecom service on their mobile phones were unable to complete outbound calls. Users could dial the number and hear the phone ring on their end, but the call was never actually initiated. The problem was underreported because most users did not notice anything was wrong, other than the fact that the call never reached voicemail. “We had an issue this morning that affected some outbound calls placed through the Google Voice mobile app,” a company representative told Tech Crunch. “Inbound calls or calls from the Web were not affected, and the issue has now been fixed.” It is still unclear whether the issue extended to Google Voice’s Web interface, which allows Gmail users to place calls through an Internet connection. Source: