Monday, November 15, 2010

Complete DHS Daily Report for November 15, 2010

Daily Report

Top Stories

• According to the South Florida Sun Sentinel, an identity theft ring led by employees at a hospital and physician’s office stole data from 1,500 patients and sold it to crooks. The thieves used the data to obtain credit and debit cards, and ultimately cash. (See item 43)

43. November 11, South Florida Sun Sentinel – (Florida) Identity theft ring breaches Holy Cross Hospital. An identity theft ring managed to breach emergency room files at Holy Cross Hospital in Fort Lauderdale, Florida to steal Social Security numbers and personal details of about 1,500 patients, officials said November 10. An emergency room employee was among four people arrested as part of an investigation that began before June, U.S. postal inspectors and prosecutors said. After federal agents uncovered the scheme, hospital technicians spent months tracking her computer activity but cannot be sure which of the 1,500 patients she compromised while working there from April 2009 to September 2010. As a precaution, Holy Cross plans to notify all 44,000 patients who visited the emergency room during that period, the hospital chief executive said. Technicians discovered the suspect had printed basic computerized forms in patient files containing name, address, birth date, diagnosis, and other details, officials said. A second suspect did the same on his job at an Aventura physician office. Both were paid for the information by a third person, who then sold the ID details to two other men. They used the data to obtain credit cards and bank debit-card accounts to steal money, authorities said. The breach only affects patients who came to the emergency room, not other departments. Officials do not believe the woman compromised the hospital computer system, but rather just stole the printouts. Source:

• National Defense Magazine reports that in April 2010, China’s state-controlled telecommunications company hijacked 15 percent of the world’s Internet traffic, including data from U.S. military and civilian organizations, for 18 minutes. See item 57 below in the Information Technology Sector


Banking and Finance Sector

17. November 12, WCMH 4 Columbus – (Ohio) Note threatens bank employees, customers; suspect arrested. A bank-robbery suspect whom the FBI said threatened everyone inside a bank was arrested and charged after a November 9 heist. The FBI said a man entered the Merchants National Bank, 279 Lafayette St. in London, Ohio, at noon and passed a note to a teller that said he would kill everyone in the bank unless she gave him money. The teller complied and gave the suspect a small amount of cash, according to the FBI. No weapon was observed. Witnesses said the suspect got into a gray-colored vehicle with a female occupant and drove away from the scene. Madison County sheriff’s deputies and London police officers spotted the suspect vehicle shortly after the robbery was reported. The suspect was identified as a 29-year-old man of Columbus. He was arrested and taken into police custody. The female was not immediately identified. Source:

18. November 12, WMAQ 5 Chicago – (Illinois) FBI rookie helps nab swine flu bandit. A rookie FBI agent with 1 week on the job is being credited with helping to nab the serial bank robber dubbed the “Swine Flu Bandit” at a Chicago, Illinois bank. The rookie and a senior agent, members of the FBI’s Violent Crimes Task Force, were inside a First American Bank branch at 1241 Wabash Avenue November 10 working the case when lucky timing and good police work collided. While talking to bank personnel and getting security video because they believed the bandit had previously cased the bank, the junior agent saw a man outside who matched the robber’s description, an FBI spokesman said. The agents walked outside and arrested the man who, fitting the size of the Swine Flu Bandit and wearing the same clothes and hat worn in the most recent stick-ups, was also found to be carrying a 9mm semi-automatic handgun in his pocket. It is believed the 28-year-old suspect was preparing to hold up the bank when he was arrested. Source:

19. November 12, Sacramento Bee – (California) Some real estate brokers accused or convicted of fraud still licensed in California. The Sacramento Bee in California found dozens of real estate professionals — people who have been charged with real estate-related crimes or sued by the state for fraud-related misdeeds, or who have pleaded guilty to such wrongdoing — who are still licensed and have no notations, flags, or disciplinary sanctions listed on their records with the Department of Real Estate (DRE). This means they are authorized to sell homes and originate mortgage loans. The number of alleged and admitted criminals still licensed by the state could be higher. Law enforcement agencies and prosecutors said they were unable to provide a list of all people charged with mortgage fraud over the past few years. So the Bee looked at 2010 news releases from the U.S. attorney’s office and the state attorney general’s office and past news reports to compile a list of people who had been charged with a real estate-related crime or sued by the state in recent years. The Bee then ran those names — about 260 — through the DRE’s licensee database and used other public records to confirm their identities. At least 45 of the accused or convicted wrongdoers were listed as licensed brokers or salespeople, and consumers would have no way of knowing of the accusations. Another dozen had their licenses suspended or revoked. Source:

20. November 11, KCTV 5 Kansas City – (Kansas) Bank robbery victim now in Wyandotte County jail. The bank teller who claimed he was kidnapped and beaten as part of a bank robbery November 10 was in the Wyandotte County Jail in Kansas November 11, jail officials said. The FBI said November 10 that three people were taken into custody in connection with the robbery of a US Bank branch in Overland Park, but a fourth person, the teller was being held November 11. A coworker found the teller November 10 tied up and beaten at the US Bank off of 119th Street. “He was tied up to the chair and had a bloody nose,” said a spokesman from the Overland Park Police Department. “He said he was abducted from his apartment at 1:30 in the morning and driven around for a while, and then brought here and opened up the bank.” Because November 11 was a federal holiday, no charges were filed against the four. Friends told KCTV5 that the four people who are being held worked together at the AMC Theater in Leawood. Source:

21. November 11, Associated Press – (New Mexico) Corrections officer allegedly robs bank, commits suicide when cornered. Police in Albuquerque, New Mexico, said a suspected bank robber who killed himself after officers cornered him was a corrections officer in Los Lunas. Police said they found the 25-year-old suspect dead inside a pickup truck SWAT officers surrounded in a residential neighborhood November 10. A police spokeswoman said the man had been a corrections officer in Los Lunas since April 2008. Authorities said a man dressed in black with a mesh hood over his head held up a New Mexico Bank and Trust shortly before noon, fleeing with an undisclosed amount of cash. Responding officers spotted his car and followed him until he crashed. The FBI said the man then fatally shot himself in the head. Source:

22. November 11, IDG News Service – (Louisiana) Three charged with phishing after Sears investigation. Three men have been arrested on phishing charges after local police got a tip that somebody was sending boxes filled with computer equipment to abandoned houses in Lake Charles, Louisiana. The men were arrested November 9 after a tipster spotted the strange UPS shipments and reported them to police, said a sergeant with the Louisiana State Police. After setting up surveillance on the houses and investigating further, police discovered the men were running a phishing scam, where victims are spammed in hopes of tricking them to enter sensitive information into fake Web sites, the sergeant said. “They were obtaining the credit card numbers fraudulently by phishing, then they were shipping the packages to vacant residences,” he said. “Then someone was coming by and picking up the packages.” The three suspects were arrested and face felony theft charges. Investigators from Sears Holdings and U.S. Immigrations and Customs Enforcement participated in the investigation. Police are still looking into whether other brands were phished and how many victims were hit by the alleged scam. Source:

23. November 6, Detroit Free Press – (Michigan) More fake money hitting streets. When federal agents busted a counterfeiting operation in Detroit, Michigan, recently, they did not find any sophisticated engraving tools, expensive presses, or fancy paper that mimicked the real green stuff. A woman led them to a storage locker that contained a Lexmark printer and some plain paper. Federal authorities said fake money is popping up in record amounts as simple gadgets such as all-in-one printers make it easier for even the tech-illiterate to make their own money. Nationwide, the Secret Service pulled $182 million in fake bills from circulation in 2009 — more than double the $79 million in fake loot that was discovered the year before. And about 62 percent of counterfeit bills passed around in 2009 were made on digital printers, versus less than 1 percent in 1995. Source:

For another story, see item 43 above in the Top Stories

Information Technology

55. November 12, Engineering News – (International) New research shows cost of IT downtime. New research shows that European organizations are collectively losing up to 17-billion Euro in revenue each year by failing to protect their business-critical systems. Information technology (IT) management firm CA Southern Africa reported international 
research conducted by CA Tech-
nologies during 2010 showed the figure equates to 13.5 percent of the proposed European Union budget 
for 2011. CA Southern Africa’s chief technology officer said the results of the report hold great significance and lessons for local companies. The 
statistics reveal how much room for improvement there is. The report illustrated that the financial losses associated with IT outages quickly escalate the longer organizations take to fix the problem. The survey, consisting of 1,808 organizations across 11 European countries, revealed that each suffered an average of 14 hours of IT downtime a year, which equates to almost 1 million hours across the European continent. The U.K. experienced the most downtime with an average for each organization of 27 hours a year, whereas in Belgium average downtime for each company was only 8 hours a year. During these periods, when business-critical systems are interrupted, European organizations estimated their ability to generate revenue was reduced by 32 percent. Source:

56. November 12, ITProPortal – (International) Microsoft unimpressed with Kinect PC hack. Microsoft has reacted angrily to the recent hack of it’s Kinect Device for the Xbox 360 that allows users to access its functions on a PC. Adafruit Industries, an open source hardware manufacturer originally offered to dispense a cash prize of $3,000 to anyone who could hack the device and provide an open source driver. Eventually a developer won the challenge when he provided a Linux driver for the Kinect. According to Adafruit, the developer made this possible by running the drivers on his Linux laptop. He also mentioned that he does not even own an Xbox 360. Microsoft however is not amused with the open source community’s effort to build their own Kinetic drivers. The company vowed to use technical and legal measures to prevent any third party from modifying the Kinetic camera for other purposes. Source:

57. November 12, National Defense Magazine – (International) Cyber experts have proof that China has hijacked U.S.-based Internet traffic. For 18 minutes in April 2010, China’s state-controlled telecommunications company hijacked 15 percent of the world’s Internet traffic, including data from U.S. military, civilian organizations, and those of other U.S. allies. This massive redirection of data has received scant attention in the mainstream media because the mechanics of how the hijacking was carried out and the implications of the incident are difficult for those outside the cybersecurity community to grasp, said a top security expert at McAfee. The Chinese could have carried out eavesdropping on unprotected communications — including e-mails and instant messaging — manipulated data passing through their country or decrypted messages, McAfee’s vice president of threat research said. Nobody outside of China can say, at least publicly, what happened to the terrabytes of data after they entered China. The incident may receive more attention when the U.S.-China Economic and Security Review Commission, a congressional committee, releases its annual report on the bilateral relationship November 17. A commission press release said the 2010 report will address “the increasingly sophisticated nature of malicious computer activity associated with China.” Source:

58. November 11, CNET News – (International) Get hacked and spill the beans, anonymously. A new Web site could help turn security breach guesswork into science. In a first-of-its-kind effort, Verizon Business is launching a public Web site for reporting security incidents that could crack open the self-defeating secrecy of data breaches. “This will benefit the overall community,” a principal of research and intelligence at Verizon Business, told CNET. “The valid data helps us all learn from mistakes.” On November 11, Verizon launched its Veris information-sharing site where network or security professionals can provide detailed information about an incident and get back a report that illustrates via charts, graphs, and other information how the reported incident compares with others. Source:

59. November 11, The Register – (International) Fedora bars SQLNinja hack tool. Fedora Project leaders have banned a popular penetration-testing tool from their repository out of concern it could saddle the organization with legal burdens. The move came November 8 in a unanimous vote by the Fedora Project’s board of directors rejecting a request that SQLNinja be added to the archive of open-source applications. It came even as a long list of other hacker tools are included in the bundle and was harshly criticized by some security watchers. “It seems incredibly short sighted to reject software based on perceived legal usage,” said a full-time programmer for the Tor Project. “They have decided to become judges of likely usage based on their own experience. That is a path of madness.” SQLNinja is an open-source toolkit that exploits SQL injection vulnerabilities in poorly configured Web applications that use Microsoft SQL Server as the back-end database. Its creator, concedes it “has an extremely aggressive nature,” in part because it focuses on taking over remote machines by “getting an interactive shell on the remote DB server and using it as a foothold in the target network.” But his Web site insisted it should be used by professional penetration testers and only when they have authorization to do so. Source:

60. November 11, – (International) Nearly 200 Chinese government sites hacked daily. Nearly 200 Chinese government Web sites are hacked every day, with 80 percent of these cyber attacks coming from abroad, said the vice director of the State Information Center of Network and Information Security of China Ministry of Public Security, at the Fourth U.S.-China Internet Industry Forum in Beijing November 9. “Eight out of ten computers with Internet access in China have experienced attacks by botnets,” he said. A report issued earlier this year by China National Computer Network Emergency Response Technical Team (CNCERT) showed 71 percent of the world’s botnets are located in China. Most of them are controlled by foreign hackers. As a nation that currently has 440 million Internet users, “China is the main victim of online criminals,” the vice director said. China cooperates with foreign governments to combat online criminals. So far, Chinese police have established bilateral cooperation with 30 countries including the United States, UK, and Germany. “China and the U.S. have the largest number of Internet users and the largest number of Web sites. We have broad cooperation prospects in combating online crimes. I sincerely invite American delegates coming to exchange views with us, putting forward more efficient mechanism to combat trans-border cyber crimes,” the vice director said. Source:

61. November 11, Slyck – (International) Operation Payback: Back in business and about to strike at IRMA. It seems a few weeks off from their DDoS (Distributed Denial of Service) raids have re-energized the Operation: Payback campaign. After 6 days of attempting to bring down, supporters of Operation: Payback struck the Irish Recorded Music Association (IRMA). The strike was scheduled for 2 p.m. November 11. The latest rumors of FBI involvement only seem to have reinvigorated Operation: Payback. As of 3:30 p.m., the IRMA Web site was down. Source:

Communications Sector

62. November 12, Charleston Daily Mail – (West Virginia) Frontier targets copper theft. Frontier Communications Corp. is continuing to aggressively address the problem of copper thefts, said the director of security. She reported that in August 2010 thieves hit the company’s facilities in West Virginia every day since July 1, when Frontier took over Verizon’s landlines. “It has definitely slackened off somewhat,” she said November 11. “We’re still getting hit but it’s more on a sporadic basis. We believe the reason is we’re getting great cooperation from law enforcement and very good cooperation from the community.” Copper has become more valuable, trading at just over $4 per pound, within pennies of an all-time high. “West Virginia still seems to be our hot spot,” she said. “Now we’re getting sporadic hits scattered throughout the state.” Source:

63. November 11, Neon Tommy – (National) Google’s Street View cars may have violated federal laws. Just weeks after the Federal Trade Commission dropped its inquiry, the Federal Communications Commission (FCC) is confirming its own investigation of Google’s inadvertent collection of private information. In October 2010, Google announced it had accidentally picked up and recorded e-mails, passwords, and other personal information when its Street View cars used Wi-Fi networks and GPS data to capture street-level images for Google Maps. “In light of their public disclosure, we can now confirm that the enforcement bureau is looking into whether these actions violate the communications act,” the chief of the FCC’s enforcement bureau, said in a statement. “As the agency charged with overseeing the public airwaves, we are committed to ensuring that the consumers affected by this breach of privacy receive a full and fair accounting.” The investigation dates back to May 2010, when the FCC received a complaint from the Electronic Privacy Information Center (EPIC), an advocacy group that focuses on emerging civil liberties and privacy issues. EPIC wanted the FCC to determine whether Google was violating federal electronic eavesdropping laws. Besides the FCC probe, several European countries launched their own investigations about possible privacy breaches from Street View. Source:

64. November 11, Ubergizmo – (International) Hackers take control of over 1 million phones In China via Zombie virus. Reports surfaced that a so-called zombie virus has been circulating in China, disguised as an anti-virus app, infecting more than 1 million phone mobile users. The hackers have taken advantage of the access to the mobile phones by using them to spread the virus further, and also spamming phones with spam links amongst other annoying things, collectively costing the users up to about $300,000 per day in additional charges. Discovering the hackers behind the whole deal is proving to be difficult as the producer of the application where the virus concealed itself said that it has nothing to do with the malware, and said that it is difficult for users to distinguish a normal application from an infected one. Source:

65. November 11, Financial Times – (International) Smartphones in hacking risk. Certain smartphone models running Google’s Android operating system have security flaws that could allow hackers to steal personal information or record conversations, researchers said. In a demonstration at a Black Hat security conference, a UK researcher showed how a vulnerability in the Web browser on an HTC Android phone allowed him to install an application that gave him broad control over the phone. Another method of attack is to get a user to install a seemingly harmless application, which can then be used to access data. The researcher from MWR InfoSecurity showed the application could re-install itself with greater privileges and give a hacker broad powers, including recording. The Black Hat presentation was the latest in a series of findings in the past 1 weeks raising concerns about the security of Android phones, which have overtaken those made by Apple to claim 25 percent of the global market in the third quarter. Another team presented a similar scenario at a security conference in Oregon, using what appeared to be an innocuous application for a popular game — Angry Birds — that in turn installed malicious programs. “We’ve begun rolling out a fix for this issue, which will apply to all Android devices,” Google said. While there have been few reports of criminals using such techniques yet, experts said it was only a matter of time. Source: