Friday, November 19, 2010

Complete DHS Daily Report for November 19, 2010

Daily Report

Top Stories

• According to the Jersey Journal, a man was arrested and charged with stealing a frequency generator with military applications from ITT Corp. in Clifton, New Jersey, and selling it on eBay. (See item 11)

11. November 18, Jersey Journal – (New Jersey) West New York man charged with high-tech theft. A 38-year-old resident of West New York, New Jersey was arrested and charged November 17 with stealing a frequency generator with military applications from ITT Corp. in Clifton, New Jersey, and selling it on eBay, according to the U.S. attorney’s office. The suspect was arrested in Clifton November 17. Using his Department of Defense security clearance, the staff engineer for ITT Corporation, allegedly stole the frequency generator July 25. The device is valued at about $50,000. According to the U.S. attorney’s office, the generator can be used in the manufacturing process of other items to mimic radio frequencies of surface-to-air missiles and can be used in the testing and manufacturing of other items. Source:

• NBC News reported that one day after German officials issued a terror alert, police found a suspected bomb in a parcel bound for Germany at an airport in Namibia. (See item 20)

20. November 18, NBC News, Reuters, and Associated Press – (International) Airport stops Germany-bound suspected bomb. Police have found a suspected bomb in a parcel bound for Germany at an airport in Namibia, officials said November 18. The security alert came just 1 day after authorities in Germany warned that terrorists were planning an attack on that country by the end of November. The Air Berlin flight carrying more than 300 people from Namibia’s capital Windhoek to Munich was delayed after police found the “unlabeled” parcel in the luggage hall, an airline spokeswoman told NBC News. A scan of the parcel showed batteries attached by wires to a fuse and a clock, Germany’s federal criminal police office said. German security officials told NBC News they were in the process of assessing whether the device was “a fake bomb” or could have actually detonated. Source:


Banking and Finance Sector

13. November 18, IDG News Service – (International) European banks see new ATM skimming attacks. Banks in Europe are seeing innovative skimming attacks against ATMs, where fraudsters rig special devices to the cash machines to record payment card details. Many banks have fitted ATMs with devices that are designed to thwart criminals from attaching skimmers to the machines. But it now appears in some areas that those devices are being successfully removed and then modified for skimming, according to the latest report from the European ATM Security Team (EAST), which collects data on ATM fraud throughout Europe. Skimming devices are designed to record the account details from the magnetic stripe on the back of a payment card. The data can then be encoded onto a dummy card. A person’s PIN (personal identification number) is often captured with a micro-camera, which was done with the illicitly modified anti-skimming devices, according to the report. Banks in five countries also reported seeing a new type of skimming device, which uses a modified MP3 player to record card details. It also has a micro-camera to record PINs, according to a photo seen by IDG News Service. Source:

14. November 18, – (Illinois) Sunrise Equities: Owners accused of cheating investors in $43 million Ponzi and bank fraud scheme. Three owners of a bankrupt Chicago, Illinois real estate development firm that purported to adhere to Islamic law in handling investments from individuals in the Chicago area and nationwide actually operated a Ponzi-scheme that defrauded hundreds of victims and three banks of more than $43 million, according to a federal indictment made public November 18. The defendants, who owned Sunrise Equities, Inc., allegedly fraudulently obtained more than $40 million from more than 300 investors through the sale of promissory notes, and fraudulently obtained more than $29 million in loans from three area banks. The individual victims collectively lost approximately $30 million, and the banks lost approximately $13.7 million when the alleged scheme collapsed in the fall of 2008. Source:

15. November 18, WEWS 5 Cleveland – (Ohio) Cleveland man suspected of robbing four banks. Authorities are looking for a man they believe has robbed four Cleveland, Ohio-area banks since October. The 34-year-old male, who hails from Cleveland, is wanted on federal bank robbery charges. The FBI said the suspect is a suspect in the robbery of the Huntington Bank on Coventry Road in Cleveland Heights, November 17, according to the FBI. Authorities said the suspect is also suspected of robbing a PNC Bank in North Randall, a US Bank in Warrensville Heights, and a Charter One Bank in Maple Heights. All of the robberies occurred over the last few weeks. The suspect is a black male and is about 6-foot-2, and weighs between 180 and 200 pounds. He was last seen wearing a dark brown hat, beige jacket, and dark green shirt. Source:

16. November 18, Associated Press – (Pennsylvania) Guilty plea for Pa. ‘mummy bandit’. A Philadelphia, Pennsylvania man dubbed “the mummy bandit” for using gauze bandages to conceal his face pleaded guilty November 17 to five bank heists. Federal prosecutors said the 45-year-old suspect is the man behind the mummy mask. They said he also wore a doctor’s coat, scrub hat and stethoscope in a June holdup in Wyndmoor. An FBI affidavit said that robbery netted just $568. Prosecutors said the suspect pleaded guilty to four bank robberies and the attempted robbery of a fifth bank since January 2009. All of the banks are in or near Philadelphia. The suspect faces up to 100 years in prison and more than $1 million in fines at his scheduled February 17 sentencing. Source:

17. November 17, Worcester Telegram and Gazette – (Massachusetts) Sturbridge bank teller finds powder in coin roll. A Main Street bank in Sturbridge, Massachusetts was closed a few hours November 17 because of a suspicious white powder a teller found in a bag of rolled up coins. The police chief said the report came in at about 9 a.m. November 17 from Savers Bank, and the building was evacuated shortly thereafter. “At no time was there a threat to the public,” the chief said. “The bank had not opened yet.” He said a bank worker was going through a bag of the rolled-up coins received from customers and discovered the powder in one of the rolls. “There was no identifying marks on in, no threat, no special or suspicious packaging. She popped one of them open and noticed that there was a white substance in there,” the police chief said. “It wasn’t a lot. It was a small amount. รข€¦ It didn’t cause a big puff or anything like that.” A hazardous materials team and fire department personnel secured the area. The substance was packaged and sent out to the state police forensic lab for analysis, the chief said. Source:

18. November 17, Associated Press – (Arkansas) Police evacuate complex after standoff with man suspected of shooting at Ark. bank building. Little Rock, Arkansas police have evacuated an apartment complex following an incident involving a man they believe fired shots into a bank building. Police said someone fired several shots through windows on the third floor of the Metropolitan Bank building about 8:30 a.m. November 17. There were no reports of injuries. About 10:15 a.m., a suspect was tracked down at the Westside Loft Apartments, but an unknown incident occurred between an officer and the man. Attempts to communicate with the man were unsuccessful. Authorities said they evacuated the apartment complex and a health clinic attached to the building because they believe the man is armed. Access also was blocked to streets in the area. Source:,0,5575347.story

Information Technology

48. November 18, IDG News Service – (International) China telecom operator denies hijacking Internet traffic. China’s largest fixed-line phone carrier denied it hijacked worldwide Internet traffic in April 2010 following a U.S. government report that said the company had redirected network routes through Chinese servers. China Telecom rejected the claims in an e-mail statement, but offered no further comment. A report to Congress published November 17 claimed that for 18 minutes April 8, China Telecom rerouted 15 percent of the Internet’s traffic through Chinese servers. The traffic affected U.S. government and military Web sites, said the U.S.-China Economic and Security Review Commission. Computer security researchers cannot say if the act was intentional, the report said. But such hijacking of Internet traffic could enable the surveillance of specific users or sites, or it could be used to conceal one targeted cyberattack. According to the report, what caused China Telecom to reroute Internet traffic, however, originated with a smaller Internet service provider called IDC China Telecommunication. The incident could have been an accident that stems from a weakness of the Border Gateway Protocol (BGP), which is used to help route traffic and connect the Internet together. BGP data is sent from small service providers like IDC China Telecommunication and then shared with larger providers. Small providers generally direct Internet traffic to about 30 routes. For some reason, on April 8 IDC China Telecommunication began directing to tens of thousands of networks. The bad information was then accepted by larger Internet providers like China Telecom, which then propagated the data. Source:

49. November 18, SC Magazine UK – (International) Almost half of all rogue anti-virus was created in 2010, as UK-based spam increases. Statistics released the week of November 15 show one in ten spam messages originated from the UK. According to Trend Micro, the UK ranks top amongst western European countries for sending malicious spam, with a quarter of all scams detected created by cyber criminals in October. The most prevalent was commercial/advertising spam offering special incentives for quick and easy weight-loss products and programs and “business opportunities” in classifieds advertisements. Work at home schemes, such as making arts and crafts or stuffing envelopes have been replaced by offers to “use your home PC to make fast money in your spare time.” Job-related spam came in third at 10 percent of all spam messages sent. Meanwhile, research by PandaLabs revealed 40 percent of all rogue anti-virus has been created this year. It said since this type of malicious code was first reported 4 years ago, 5,651,786 unique rogueware strains have been detected, out of which 2,285,629 have appeared between January to October 2010. A report said: “If we compare the number of rogueware specimens to the total number of malware strains included in our Collective Intelligence database, 11.6 percent of all samples correspond to fake anti-virus. This is a staggering figure, especially if you consider that this database contains all malware detected in the company’s 21-year history and rogueware only appeared 4 years ago.” Source:

50. November 18, SC Magazine UK – (International) IT companies need to engage with business about the risks of software piracy. IT companies need to start engaging more effectively with businesses about the risks of software piracy, according to a recent Microsoft debate. It claimed partners need to play a pivotal role in educating businesses and consumers on the risks they face by using pirated software. During the debate, the head of anti-piracy at Microsoft revealed software pirates are continuing to dupe people into thinking they are getting the real deal. She said: “Around 14 percent of new PCs shipped with Windows in the UK are running a pirated copy of the operating system, with even a higher number of 29 percent for Microsoft Office.” She also revealed that during a 1-month period in August 2010, there were over 16,000 illegal copies of Microsoft Office and 20,000 copies of Windows downloaded online. Source:

51. November 18, The Register – (International) Whitehat cracks notorious rootkit wide open. A malware analyst has deconstructed a highly advanced piece of crimeware believed to be the work of the notorious Russian Business Network. The step-by-step instructions for reverse engineering the stealthy ZeroAccess rootkit is a blow to its developers, who took great care to make sure it could not be forensically analyzed. The tutorial means other malware researchers may also study the malware to close in on the people behind it and to better design products that can safeguard against it. The analysis was written by a malware researcher specializing in reverse engineering at InfoSec Institute, an information security services company. It documents a rootkit that is almost impossible to remove without damaging the host operating system and uses low-level programming calls to create hard disk volumes that are virtually impossible to detect using normal forensic techniques. According to the researcher, malicious URLs unearthed from the disassembled rootkit use IP addresses associated with the Russian Business Network. ZeroAccess is currently being used as a platform for installing fake antivirus software, but it could obviously be used to force install any software of the author’s bidding. Source:

52. November 17, DarkReading – (International) Possible new threat: Malware that targets hardware. French researchers said it is possible to write malware that attacks specific hardware processors rather than operating systems or applications. Researchers of Ecole Supyrieure d’Informatique Electronique Automatique (ESIEA) in Paris, have developed a proof-of-concept for hardware-specific malware, which they consider a step up from Stuxnet and a potentially key weapon in cyberwarfare. The malware can easily identify and target specific hardware systems based on the on-board processor chip, the researchers said. They used the so-called floating point arithmetic (FPA) to help identify processors, including AMD, Intel Dual-Core and Atom, SPARC, Digital Alpha, Cell, and Atom. In order to pinpoint the type of processor, the malware would see how a processor handles certain mathematical calculations. This breed of malware is not any more difficult to create than malware that targets software vulnerabilities, one researcher said. The researchers maintain that targeted attacks like Stuxnet are a major threat, but it is not always so simple for the attacker to be sure what software is running on a targeted machine. Hardware malware gives cyberwarfare another weapon. “You can arrange things in such a way that effectively Iran buys a set of computers with Intel processor of a given type and family. Then you can strike them selectively — and only these computers — whatever Iran has installed on those computers, [whether it’s] Linux, Windows, or any application,” he said. Source:;jsessionid=53HQMZG3CYRYFQE1GHPCKH4ATMY32JVN?articleID=228300082

53. November 17, Nextgov – (National) Senators mull bill to require private sector reporting of cyberattacks. U.S. Senators are contemplating legislation to mandate the private sector report cyberattacks in the wake of Stuxnet, a recently detected computer worm with potential to bring down industrial operations ranging from water treatment to manufacturing. At a Senate Homeland Security and Governmental Affairs Committee hearing November 17, the Chairman and Independent Senator from Connecticut, asked representatives from DHS, the computer security community and industry whether DHS needs enhanced powers to respond to threats to private networks. The Connecticut Senator and the ranking Republican Senator from Maine have sponsored the 2010 Protecting Cyberspace as a National Asset Act (S. 3480), which focuses on public-private partnerships and information sharing because industry owns upwards of 85 percent of the nation’s critical infrastructure. The committee is negotiating with other Senate panels to pass comprehensive cyber legislation. The equipment vulnerable to such cyberattacks in the United States includes agricultural systems and electric grids, but the manufacturing sector is the largest user of the networks, according to DHS. Homeland Security officials who analyze and coordinate responses to incidents and threats affecting industrial control systems step in only when asked to by the private sector, said the acting director of the DHS National Cybersecurity and Communications Integration Center. He said DHS is not appealing for more powers at this time, but would not oppose accepting greater responsibilities. Source:

Communications Sector

54. November 18, – (Iowa) Transmitter theft forces a Connoisseur station to go dark. Connoisseur’s “Wolf” KZWU in Iowa was involuntarily taken off the air in October because of theft at the transmitter. The company told the Federal Communications Commission it needs Special Temporary Authority to remain silent while new equipment is brought in and service restored at country “Wolf” KZWU, Pleasantville, Iowa (96.3). The site said KZWU and sister KZWF, Patterson (105.9) both signed on the air 2 years ago, simulcasting a country format. The Patterson Wolf is also silent, but that is because of “an unacceptable level of interference near the transmitter.” Connoisseur said that would be resolved by a new antenna location on a newl -built tower, at a greater height. Source:

55. November 18, – (Ohio) Ohio’s ‘Paulding Pirate’ was on both AM and FM. An agent from the Federal Communication Commission’s (FCC) Detroit, Michigan office paid a visit to Paulding, Ohio September 29 and initially found an unlicensed signal at 1640 AM. The agent then detected an FM broadcast at 98.5 from the same location. The FCC’s Part 15 rules permit an unlicensed backyard-like AM signal to be no stronger than 14.6 microvolts per meter at a distance of 30 meters from the source. The one in Paulding was running 3,600 microvolts when measured at 84.1 meters. On the FM, the Part 15 limit is 250 microvolts per meter at 3 meters (about 10 feet). The Paulding Pirate was cranking out nearly 7,000 microvolts at a distance of 350 feet away. There could be a $10,000 fine if the violation continues. Source:

56. November 17, Jackson County Floridian – (Florida) Internet outage due to cut cable. A fiber optic cable cut between Ponce De Leon and DeFuniak Spring, Florida temporarily disabled Internet service for about 6,500 customers in Jackson and Holmes counties November 17. A spokesman for CenturyLink said November 18 a construction crew was responsible for cutting the cable. Some customers’ phone service was affected by the incident as well. Service was restored around 8 p.m. November 17. The Sneads Police Department and the Holmes County Sheriff’s Office were among the emergency response agencies that experienced outages. Source:

57. November 17, Lexington Herald-Leader – (Kentucky; Indiana) Rodent disrupts Insight cable system. Customers of Insight Communications in Lexington, Kentucky and Evansville, Indiana, suffered an outage November 18 after a rodent chewed through a fiber outside one of the cable company’s operations centers in Louisville. A spokesman said the channels affected were spread throughout the company’s lineup, and it took about 25 minutes for service to be restored by diverting traffic to another fiber system. “It was just a one-in-a-million type thing,” he said. Source:

For another story, see item 48 above in Information Technology