Tuesday, November 30, 2010

Complete DHS Daily Report for November 30, 2010

Daily Report

Top Stories

• According to NBC News, the U.S. Secretary of State condemned the release of more than 250,000 classified State Department documents November 29, saying the United States was taking aggressive steps to hold responsible those who “stole” the information, which includes unflattering assessments of world leaders and revelations about backstage U.S. diplomacy. (See item 42)

42. November 29, NBC News, msnbc.com, Associated Press and Reuters – (National; International) Clinton: U.S. ‘deeply regrets’ WikiLeaks disclosures. The U.S. Secretary of State condemned the release of more than 250,000 classified State Department documents November 29, saying the United States was taking aggressive steps to hold responsible those who “stole” the information. In her first public comments since the November 28 release of the classified State Department cables, she said online whistleblower Wikileaks acted illegally in posting the material. She said the U.S. Presidential administration was “aggressively pursuing” those responsible for the leak. Her comments come as the Presidential administration moved into damage control mode, trying to contain fallout from unflattering assessments of world leaders and revelations about backstage U.S. diplomacy. The publication of the secret cables amplified widespread global alarm about Iran’s nuclear ambitions and unveiled occasional U.S. pressure tactics aimed at hot spots in Afghanistan, Pakistan, and North Korea. According to the vast cache of cables, a Saudi Arabian leader repeatedly urged the United States to attack Iran’s nuclear program, and China directed cyber attacks on the United States. The documents, given to five media groups by the whistle-blowing Web site WikiLeaks, provide candid and at times critical views of foreign leaders as well as sensitive information on terrorism and nuclear proliferation filed by U.S. diplomats, according to The New York Times. The White House condemned the release, and said the disclosures may endanger U.S. informants abroad. Source: http://www.msnbc.msn.com/id/40412689/ns/us_news-security

• A 19-year-old naturalized U.S. citizen from Somalia was arrested on charges of attempting to use a weapon of mass destruction in connection with a plot to detonate a vehicle bomb at an annual Christmas tree lighting ceremony in Portland, Oregon, the U.S. Justice Department announced. (See item 62)

62. November 26, U.S. Department of Justice – (Oregon) Oregon resident arrested in plot to bomb Christmas tree lighting ceremony in Portland. A 19-year-old naturalized U.S. citizen from Somalia and resident of Corvallis, Oregon, has been arrested on charges of attempting to use a weapon of mass destruction (explosives) in connection with a plot to detonate a vehicle bomb at an annual Christmas tree lighting ceremony November 26 in Portland, Oregon, the Justice Department announced. According to a criminal complaint signed in the District of Oregon, the man was arrested by the FBI and Portland Police Bureau November 26 after he attempted to detonate what he believed to be an explosives-laden van that was parked near the tree lighting ceremony in Portland’s Pioneer Courthouse Square. The arrest was the culmination of a long-term undercover operation, during which the man had been monitored closely for months as his alleged bomb plot developed. The device was in fact inert; and the public was never in danger from the device. The man is expected to make his initial appearance in federal court in Portland November 29. He faces a maximum statutory sentence of life in prison and a $250,000 fine if convicted of the charge of attempting to use a weapon of mass destruction. Source: http://portland.fbi.gov/dojpressrel/pressrel10/pd112610.htm


Banking and Finance Sector

17. November 29, FINalternatives – (National) First arrest in wide insider-trading probe. The FBI has made the first arrest in a sweeping insider-trading investigation targeting hedge funds and others. One male suspect was arrested November 24 at his Somerset, New Jersey, home and charged with conspiracy to commit securities fraud and conspiracy to commit wire fraud. According to prosecutors, while at Primary Global Research, the suspect provided confidential tips about Atheros Communications, Broadcom Corp., and Sierra Wireless Inc. to a hedge fund manager. The suspect’s arrest provides the first concrete link between the current insider-trading investigation, which has seen three hedge funds raided and dozens of others served with subpoenas, and the Galleon Group insider-trading case. The former hedge fund manager, who ran Spherix Capital, is a cooperating witness in the Galleon case. Source: http://www.finalternatives.com/node/14698

18. November 29, LoanSafe.org – (Virginia) Virginia woman indicted in multi-million dollar mortgage elimination scam. On November 29, a federal grand jury indicted a 51-year-old Manassas, Virginia woman for her alleged involvement in a “mortgage elimination” scheme that caused more than $10 million in losses. The U.S. Attorney for the Eastern District of Virginia, and the Assistant Director in Charge of the FBI’s Washington D.C. Field Office, made the announcement November 29. The indictment alleged the woman defrauded more than 150 homeowners of $10 million. It noted that from 2004 through 2008, the suspect is accused of marketing a scheme known as a “Mortgage Elimination Program.” The suspect allegedly falsely represented to potential homeowner clients that lenders were acting illegally with regard to refinanced mortgages, and that she could obtain a discharge of newly refinanced loans because of the lenders’ illegal actions. The suspect allegedly proposed that she, acting through her businesses, would represent homeowner clients and challenge the lenders for their purportedly illegal actions, and any monetary settlements obtained from successful challenges against the lenders would be applied against the balances due on the refinanced mortgages, thereby eliminating the mortgages. Source: http://www.loansafe.org/virginia-woman-indicted-in-multi-million-dollar-mortgage-elimination-scam

19. November 27, Greek Reporter – (National) Greek American Pihakis busted by feds for $5.8 million. An 80 year-old Greek-American living in Pensacola Beach, Florida, has been charged by federal authorities in Arizona with stealing $5.8 million in a financial scheme. He is also charged with conspiracy to commit wire fraud for his part in a scam that allowed him to receive $2.5 million. He asked his victims to invest in the trust and prove they have $10 million in a bank account to receive investments in their projects. In case they could not prove they had that much money, the investors were told they could pay a 4 percent fee instead. This money was used to purchase a “proof of funds” instrument from a bank; the trust was supposed to agree to provide funding for the investors’ projects. In order to convince his potential investors for his liability, the suspect often presented to them bank statements from various banks showing hundreds of millions of dollars in accounts. It was not until September that an FBI agent in Africa took a copy of one bank statement to Barclay’s Bank of Ghana. The bank statement read $677 million in the account that the suspect used to lure investors. Investors complained that they didn’t see any money for years. When the suspect was pressed by investors to make good on the investments, he would tell them that money was tied up in a fund for a Thailand tsunami relief project, or that they needed more investors before he could begin paying. Source: http://usa.greekreporter.com/2010/11/27/greek-american-pihakis-busted-by-feds-for-5-8-million/

20. November 27, Crystal Lake Northwest Herald – (Illinois) Huntley armed robbery suspect caught; LITH incident probed. A 29-year-old Huntley, Illinois, man is in police custody after he allegedly robbed a Harris Bank November 27. At about 11 a.m., police said the suspect entered the bank at 12920 Route 47 in Huntley. He approached the teller while carrying a shotgun and demanded money. After receiving an undisclosed amount of cash, he fled in a white Ford Tempo, according to a news release. A description of the suspect and his vehicle was given to Huntley police officers. They located the suspect driving the Tempo near Route 47 and Powers Road. Officers attempted to stop him, but he continued to flee. The pursuit continued onto Route 31 in Elgin with the assistance of the Elgin Police Department. The suspect then damaged his vehicle by driving over a curb. The vehicle came to a rest at the bottom of a grassy hill, where the suspect exited and attempted to flee on foot. Officers apprehended him and took him into custody. A Huntley Police spokesman said the suspect was transferred November 27 from the Huntley Police Department to FBI headquarters in Chicago, where he awaits charges. Source: http://www.nwherald.com/2010/11/27/huntley-armed-robbery-suspect-caught-lith-incident-probed/ad0vlv/

Information Technology

48. November 29, Help Net Security – (International) Fake Facebook ‘photo comment’ e-mail leads to malware. As Facebook has announced its new messaging system and its deployment in the coming months, online scammers have been trying to use that announcement against unsuspecting Facebook users that may have heard about it and believe that changes will be made in the way that the social network contacts and notifies its users. McAfee warns about the latest of these scams — a fake “Your friend commented on your photo” e-mail: The e-mail is coming from a Gmail address — a fact that should tell the recipients that the e-mail is not legitimate. And, if they run their mouse over the embedded link, they will also notice that the real link has nothing to do with Facebook. A click on it will redirect the user to a malicious page serving malware. Source: http://www.net-security.org/malware_news.php?id=1549

49. November 29, The Register – (International) Feds seize 70 ‘filesharing, dodgy goods’ sites. The U.S. government has seized 70 sites allegedly offering counterfeit goods or links to copyright-infringing material. Among the domains seized was a BitTorrent meta-search engine Torrent-Finder.com, along with other music linking sites. Other sites on the hitlist allegedly sold fake designer clothes. Surfers visiting the seized sites were confronted by a notice from Immigration and Customs Enforcement (ICE), instead of the expected content. ICE told the New York Times the seizures were part of an “ongoing investigation” but declined to elaborate, beyond saying court-issued seizure warrants were involved. The seizures happened as a new bill addressing this issue, the Combating Online Infringements and Counterfeits Act, has been introduced in Congress. Source: http://www.theregister.co.uk/2010/11/29/ice_piracy_domain_seizures/

50. November 29, The Register – (International) Lone hacker theory in Wikileaks DDoS attack. A denial of service attack against Wikileaks that brought the whistleblower site to its knees November 28 in the run up to its publication of classified State Department documents, may turn out to be the work of a lone hacker. The attack, which rendered the site inaccessible for several hours, might be blamed on an application level assault targeting a vulnerability in Wikileak’s Apache Web server, according to Internet reports. A hacker called The Jester has previously used the XerXeS attack tool to attack jihadist sites. Now, if the rumors are true, this tool was turned against Wikileaks, making the site unavailable at a critical time. “We are currently under a mass distributed denial of service attic,” Wikileaks said November 28 via updates to its Twitter feed. “El Pais, Le Monde, Speigel, Guardian & NYT will publish many U.S. embassy cables tonight, even if WikiLeaks goes down,” it added. Rather than a purely conventional packet flood, it seems probable the site was also hit by the XerXeS tool. The Jester claimed responsibility for an attack on Wikileaks via a Twitter update November 28. Source: http://www.theregister.co.uk/2010/11/29/wikileaks_ddos/

51. November 29, New New Internet – (National) Cocky hacker defaces Navy Memorial site, ridicules admin. A hacker broke into the U.S. Navy Memorial Web site and left a message for the administrator, mocking him for the inadequate security and offering his assistance, Softpedia reported. Operated by the U.S. Navy Memorial Foundation, the site provides visitors information about the memorial, as well as news, annual reports, and other services. The breach was detected by a senior threat researcher at GFI Software, who wrote on the company blog that the hacker had left his message in a .txt file inside a directory on the server. However, because the folder was accessible to search engine crawlers, the message got indexed and became available on Google. The hacker offered to help and left his contact information, something overly confident hackers sometimes do, according to Softpedia. Source: http://www.thenewnewinternet.com/2010/11/29/hackers-defaces-us-navy-memorial-site-ridicules-admin/

52. November 28, IDG News Service – (International) Leaked U.S. document links China to Google attack. The cache of more than 250,000 U.S. Department of State cables that WikiLeaks began releasing November 28 includes a document linking China’s Politburo to the December 2009 hack of Google’s computer systems. The U.S. Embassy in Beijing was told by an unidentified Chinese contact that China’s Politburo “directed the intrusion into Google’s computer systems,” the New York Times reported November 28, citing a single leaked State Department cable. “The Google hacking was part of a coordinated campaign of computer sabotage carried out by government operatives, private security experts, and Internet outlaws recruited by the Chinese government. They have broken into American government computers and those of Western allies, the Dalai Lama and American businesses since 2002, cables said,” the Times reported. The cable is another piece of evidence, albeit thinly sourced, linking China to the Google attack. Security experts have linked the attacks to servers at a university used by the Chinese military, and both Google and the State Department implied that they thought China was behind the attacks when they were first disclosed in January 2010, but nobody has produced conclusive proof that they were state-sponsored. Source: http://www.computerworld.com/s/article/9198198/Leaked_U.S._document_links_China_to_Google_attack

53. November 27, Computerworld – (International) ‘Nightmare’ kernel bug lets attackers evade Windows UAC security. Microsoft is investigating reports of an unpatched vulnerability in the Windows kernel that could be used by attackers to sidestep an important operating system security measure. One security firm dubbed the bug a potential “nightmare,” but Microsoft downplayed the threat by reminding users that hackers would need a second exploit to launch remote attacks. The exploit was disclosed November 24 — the same day proof-of-concept code went public — and lets attackers bypass the User Account Control (UAC) feature in Windows Vista and Windows 7. UAC, which was frequently panned when Vista debuted in 2007, displays prompts that users must read and react to. It was designed to make silent malware installation impossible, or at least more difficult. The bug is in the “win32k.sys” file, a part of the kernel, and exists in all versions of Windows, including XP, Vista, Server 2003, Windows 7, and Server 2008, a Sophos researcher said in a November 25 blog post. Several security companies, including Sophos and Vupen, have confirmed the vulnerability and reported that the publicly-released attack code works on systems running Vista, Windows 7, and Server 2008. Source: http://www.computerworld.com/s/article/9198158/_Nightmare_kernel_bug_lets_attackers_evade_Windows_UAC_security

54. November 25, TrendLabs Malware Blog – (International) ZeuS-SpyEye merger in progress? In late October 2010, it was reported the “rivalry” between the ZeuS and SpyEye malware families was ending with a merger of the two families. It was reported ZeuS author Slavik or Monstr had gone underground and had given his toolkit’s source code to SpyEye author Gribodemon or Harderman. This has prompted a lot of speculation about what will come next. Many researchers are waiting for a new malware family that will combine the features of SpyEye and ZeuS. For now, SpyEye and ZeuS remain separate malware families. Whether the merger pushes through or not, however, SpyEye is still growing as a threat. According to new data, the number of SpyEye infections has grown since July 2010 to as much as 20 times to date. Since news of this “merger” first came out, many security analysts rushed to gather intelligence on SpyEye. In anticipation, Gribodemon went through many underground forums and deleted his posts to cover up what he was doing. Trend Micro and the rest of the security industry are ready to respond. One of the more public signs of this is the ZeuS Tracker administrator has opened the SpyEye Tracker, to track SpyEye. This will aid law enforcement agencies and security companies in taking down and investigating SpyEye command-and-control (C&C) servers. Source: http://blog.trendmicro.com/zeus-spyeye-merger-in-progress/

Communications Sector

55. November 29, msnbc.com – (National) Comcast Internet outage hits eastern U.S. A failure of Comcast’s Internet services hit a wide swath of the Eastern United States. November 28, and the company said the issue was a problem with its DNS servers. Comcast told the Baltimore Sun that service was restored late November 28. A spokesman told the Sun that extra staff were brought in to fix the problem. Earlier, another Comcast spokesman told NBC News: “All other services are working properly. ... We certainly apologize for any inconvenience this may be causing our customers.” It was not clear how widespread the failure was. A technician who answered Comcast’s customer service line told NBC News that there were significant Internet outages in Connecticut, Maryland, Virginia, Massachusetts, New York, and New Hampshire. The “focus” of the outages was in the Boston and Washington D.C. areas. Television and telephone service from Comcast was unaffected. Source: http://www.msnbc.msn.com/id/40410491/ns/technology_and_science-tech_and_gadgets/

56. November 29, InformationWeek – (National) FBI warns of mobile cyber threats. People should be wary of criminal efforts targeting their cell phones, the FBI is warning. The agency’s Internet Crime Complaint Center (IC3) said that creative criminals will be using scams called “smishing” or “vishing” to steal people’s personal information, such as bank account numbers, personal identification number (PIN) codes, or credit card numbers. Smishing is a combination of SMS texting and the common online practice of phishing, which uses e-mails to direct people to Web sites where they are asked to give up personal information. In a smishing scam, people receive a text message on their phone telling them there is a problem with their bank account. The message will contain a phone number to call or a Web site to log into. To pull off these crimes, people set up an automated dialing system to text or call mobile phone subscribers in a particular region or area code. They also steal phone numbers from banks and credit companies and target people on these lists, according to the FBI. If a person follows through and follows directions, it is likely there is a criminal on the other end stealing personal information. Vishing is similar to smishing except instead of an SMS, a person will receive a voicemail giving them the same information. People who fall victim to mobile device scams could be in danger even if they stop short of giving up the information requested, the FBI warned. If they only log onto the fake Web site via their mobile device, they could end up downloading malicious software giving criminals access to anything on their phone, the agency said. Source: http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=228400096&cid=RSSfeed_IWK_All

57. November 26, KGO 7 San Francisco – (California) AT&T blames vandals for outages. AT&T is confirming reports of vandalism at several East and South Bay, California locations that cut off service to some customers November 25-26. A spokesperson said lines were cut in 15 locations causing a loss of both phone and Internet service to customers in Walnut Creek, Orinda, and Morgan Hill. The outages began November 25. AT&T crews worked through the night to repair those lines and expected all customers to be back up and running by November 26. They would not say how many customers were affected. Source: http://abclocal.go.com/kgo/story?section=news/local/east_bay&id=7811914