Thursday, December 30, 2010

Complete DHS Daily Report for December 30, 2010

Daily Report

Top Stories

• National Defense Magazine reports that defense companies should expect to come under non-stop attack by countries engaging in cyberespionage in 2011, experts at McAfee Labs predicted. (See items 12, 39)

12. December 28, National Defense Magazine – (National) Report: Cyber-spies to wage non-stop assaults on defense firms in 2011. Defense companies should expect to come under non-stop attack by countries engaging in cyberespionage in 2011, experts at McAfee Labs predicted. January 2010’s Operation Aurora helped coin a new term, the advanced persistent threat (APT). Aurora, believed to have originated in China, successfully infiltrated dozens of U.S. companies with the goal of stealing source codes and other data. “Companies of all sizes that have any involvement in national security or major global economic activities — even peripherally, such as a law firm advising a corporate conglomerate starting business in another country — should expect to come under pervasive and continuous APT attacks that go after email archives, document stores, intellectual property repositories, and other databases,” the report said. Source: http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=277

39. December 28, NextGov – (National) McAfee: Coming cyber threats to target mobile devices, official secrets. The biggest cyber threats in 2011 are expected to include malicious applications on mobile devices and attacks aimed at stealing government secrets and sabotaging business operations, according to McAfee. The computer security firm annually issues a list predicting what will be the biggest cyber scares during the coming year. New for 2011 is the projection that perpetrators will target social media communications on mobile devices — a means of interaction that businesses, including agencies, increasingly depend on for work. The societal shift from desk-based e-mail communications to mobile instant messaging and Twitter insta-blogging has transformed the threat landscape, the report said. McAfee anticipates attackers will hide malicious software in programs that look like legitimate applications, including federal data apps, the study’s co-author and McAfee’s vice president for threat research said in an interview. According to the threat list, “friendly fire” malware, which appears to come from contacts on social networks, will grow. The motivation of attackers also is changing, according to the study. Instead of carrying out attacks to steal money or to send a political message, some groups, including nation-states and corporations, increasingly are interested in stealing intelligence. Source: http://www.nextgov.com/nextgov/ng_20101228_6846.php?oref=topnews

• According to Detroit News, a massive furniture store explosion December 29 in Wayne, Michigan, injured several people. Consumers Energy was alerted to the smell of gas near the store before the explosion. (See item 51)

51. December 29, Detroit News – (Michigan) Owner in hospital after blast at Wayne furniture store. One person has been pulled from the rubble and two others are believed trapped inside a furniture store in Wayne, Michigan that exploded the morning of December 29, shaking area homes and frightening residents, officials said. The man rescued is the owner of the William C. Franks Furniture store. He is listed in critical condition at the University of Michigan Trauma Burn Center in Ann Arbor. Officials believe two other store employees are still missing. The massive furniture store explosion occurred after 9 a.m. near Glenwood. The gas line in the area has been shut off since 11 a.m. Consumers Energy was alerted to the smell of gas near the store before the explosion and was investigating. The city has set up an emergency warming center for residents affected by the shutoff. The store, which had been a mainstay business in this community since 1963, has been reduced to rubble. The windows of buildings next door were blown out. There also were motorists injured in vehicles nearby. Preliminary information indicates that the explosion was caused by natural gas. Officials noted that the U.S. Department of Homeland Security has joined in the investigation. Source: http://www.detnews.com/article/20101229/METRO01/12290387/1409/metro

Details

Banking and Finance Sector

13. December 29, San Diego Union-Tribune – (California) FBI on the lookout for ‘Drywaller Bandit’. A $20,000 reward is being offered for information leading to the arrest and conviction of a man authorities believe committed six bank robberies in the North County area of San Diego, California since September. Dubbed the “Drywaller Bandit” because he wore a construction dust mask in some of the thefts, the robber walks into the banks, points a black semi-automatic gun at the tellers, and demands cash, FBI officials said. He has robbed three banks in Encinitas, including a U.S. Bank and a Citibank, both of which he robbed twice, as well as a Wells Fargo, officials said. All three branches are on North El Camino Real between Leucadia Boulevard and Encinitas Boulevard. Officials also believe the same man robbed a Chase Bank on College Boulevard near state Route 76 in Oceanside. The thief is described as white and in his late 20s to early 40s, about 5 feet 8 to 5 feet 10 inches tall with a medium build, about 160 to 190 pounds and brown hair. He wears dark baseball caps, gloves, sunglasses, and a dark hooded jacket with fleece lining and jeans. He covers his face with a black ski mask or a dust mask, officials said. Source: http://www.signonsandiego.com/news/2010/dec/29/fbi-lookout-drywaller-bandit/

14. December 28, KATU 2 Portland – (Oregon) FBI: Wanted Coos Bay banker turns self in. A former bank employee accused of stealing up to $1.2 million from customers of the Wells Fargo in Coos Bay, Oregon turned herself in to the FBI around 3 p.m. December 28 in Los Angeles, California. A federal judge issued an arrest warrant for the female suspect October 27 based on charges of identity theft, aggravated identity theft, credit card fraud, wire fraud, bank fraud, and money laundering. A criminal complaint charges the suspect with stealing substantial funds from Wells Fargo during her time as a bank employee. The suspect worked at the Coos Bay Wells Fargo from August 2006 to August 2010. Source: http://www.katu.com/news/business/112547934.html

15. December 28, WBNS 10 Columbus – (Ohio) Woman questioned in ‘Church Lady’ robbery at Ohio Union. Hours after a judge released an alleged bank robber on bond, she was taken back into police custody in connection with a previous robbery. The suspect was arrested December 24, minutes after police said she robbed a Fifth Third bank at 155 W. Nationwide Blvd. in Columbus, Ohio. The suspect, 46, posted $50,000 bond December 27. She was taken into custody by Columbus police shortly after 6 p.m. and transported to the Ohio State University Police Department. The FBI said it is not releasing the suspect’s photo because it is investigating the possibility that she is connected to other robberies, including those allegedly committed by the “Church Lady Bandit,” who is believed to be responsible for robberies dating back to 2008. An OSU police officer said the woman was brought in for questioning in connection with the October robbery of a U.S. Bank at the Ohio Student Union. The FBI said it believed the robbery was the work of the “Church Lady Bandit.” The woman got the church lady nickname because a witness in 2008 told police she was dressed as if she had just come from church. Source: http://www.10tv.com/live/content/local/stories/2010/12/27/story-columbus-alleged-female-bank-robber-back-in-custody.html?sid=102

16. December 27, Bloomberg – (National) JPMorgan, Citigroup delay branch openings in U.S. Northeast after storm. JPMorgan Chase & Co. and Citigroup Inc. were among U.S. banks that closed or delayed opening most of their branches in the Northeast December 27 after a blizzard dumped more than a foot of snow on the region. Business in cities from Philadelphia to Boston ground to a crawl and travel was disrupted for a second consecutive day as airports closed and train service was interrupted or halted amid waist-high snow drifts and winds gusting to 30 mph. JPMorgan, the second-largest U.S. bank by assets, and Citigroup closed all retail branches in New Jersey where authorities declared a state of emergency and closed state offices, according to company representatives. Citigroup closed branches in Boston and planned to open some in New York and Connecticut late December 27, a company spokeswoman said. Source: http://www.bloomberg.com/news/2010-12-27/jpmorgan-citigroup-delay-branch-openings-in-u-s-northeast-after-storm.html

17. December 27, WTAM 1100 Cleveland – (Ohio) FBI investigating ATM thefts in malls. Two recent ATM thefts at Cleveland, Ohio-area malls have a lot in common. The first happened December 2 at SouthPark Mall in Strongsville. A Fifth Third stand-alone ATM was taken out at night. About 3 weeks later, a Bank of America ATM was taken out of Summit Mall in Fairlawn. The FBI has joined police in trying to find the people responsible. An FBI spokesman in Cleveland thinks more than one person was involved because of the size of the ATMs. They do not know how the thieves got into the malls because, in both cases, there were no signs of a break in. Since the cases are similar, the FBI believes the same people may be responsible for both crimes. Source: http://www.wtam.com/cc-common/news/sections/newsarticle.html?feed=122520&article=7978806

Information Technology

46. December 29, Softpedia – (International) New drive-by download attack exploits recently patched IE flaw. Security Researchers from Trend Micro have intercepted a new drive-by download attack which exploits a critical Internet Explorer vulnerability to install multiple malware components on targeted systems. Drive-by download attacks are a common and effective malware propagation method and are usually launched from legitimate Web sites that have been compromised. They involve exploiting vulnerabilities in outdated versions of popular applications like Adobe Reader, Flash Player, Java, Internet Explorer, Firefox or the operating system itself, in order to silently infect computers. The exploit used in this case is detected as JS_SHELLCOD.SMGU by Trend Micro products and targets an IE vulnerability patched in Microsoft’s MS10-090 security bulletin released December 14. This bulletin is rated as critical and addresses seven vulnerabilities in Internet Explorer. Trend Micro does not mention, which one is targeted in the attack, but the most likely candidate is CVE-2010-3962. CVE-2010-3962 is an uninitialized memory corruption vulnerability, which affects all supported IE versions (6, 7, and 8) and has been actively exploited in the wild since its discovery in November. Source: http://news.softpedia.com/news/New-Drive-By-Download-Attack-Exploits-Recently-Patched-IE-Flaw-175183.shtml

47. December 29, Bloomberg – (International) Apple sued over applications giving information to advertisers. Apple Inc., maker of the iPhone and iPad, was accused in a lawsuit of allowing applications for those devices to transmit users’ personal information to advertising networks without customers’ consent. The complaint, which seeks class action, or group, status, was filed December 23 in federal court in San Jose, California. The suit claims Cupertino, California-based Apple’s iPhones and iPads are encoded with identifying devices that allow advertising networks to track what applications users download, how frequently they are used, and for how long. Apple iPhones and iPads are set with a Unique Device Identifier, or UDID, which cannot be blocked by users, according to the complaint. Apple claims it reviews all applications on its App Store and does not allow them to transmit user data without customer permission, according to the complaint. Source: http://www.businessweek.com/news/2010-12-29/apple-sued-over-applications-giving-information-to-advertisers.html

48. December 28, IDG News Service – (International) Mozilla site exposed encrypted passwords. A database of inactive Mozilla usernames and passwords was exposed on the Internet in early December, the Mozilla Foundation disclosed December 28. The database, which contained 44,000 inactive user accounts for the addons.mozilla.org site, was inadvertently placed on a public-facing Web server, wrote the Mozilla director of infrastructure security. He stressed the exposure “posed minimal risk to users.” The organization erased all the passwords, which were encrypted. It also accounted for every download of the database. Current users of addons.mozilla.org are not affected, because the organization upgraded its procedure for encrypting passwords in April 2009, he stated. Mozilla security officials were first notified of the exposure December 17 through the organization’s Web bounty program, which allows volunteers to submit security-related bugs. Source: http://www.computerworld.com/s/article/9202658/Mozilla_site_exposed_encrypted_passwords

For more stories, see items 11 and 49 below

11. December 29, Tech Herald – (National) Attackers walk with 4.9 million customer records in Honda breach. American Honda Motor Company recently discovered that 2.2 million customers were impacted by a data breach exposing the Owner Link e-mail list maintained by outsourced vendor Silverpop. In addition, a further 2.7 million records were lost when the My Acura list was hit. In a letter to customers, American Honda Motor Company said it recently became aware of “unauthorized access to an e-mail list used by a vendor to create a welcome e-mail to customers who have an Owner Link or My Acura vehicle account.” The Owner Link e-mail list contained customer names, email addresses, user names, and Vehicle Identification Numbers. The compromised My Acura list only contained e-mail addresses. Source: http://www.thetechherald.com/article.php/201052/6623/Attackers-walk-with-4-9-million-customer-records-in-Honda-breach

Communications Sector

49. December 29, The H Security – (International) 27C3 presentation claims many mobiles vulnerable to SMS attacks. According to security experts, an “SMS of death” threatens to disable many current Sony Ericsson, Samsung, Motorola, Micromax, and LG mobiles. In a presentation given to the 27th Chaos Communication Congress (27C3) in Berlin December 27, security researchers at TU Berlin claimed sending malicious text or MMS messages represents a relatively simple means of crashing current mobile phones. Some of the bugs discovered have the potential to cause problems for entire mobile networks. In recent months, the tendency has been for hackers and security testers to focus their efforts on smartphones such as the iPhone or Android-based phones. However, only 16 percent of mobile phone users possess sophisticated handsets of this type. One of the researchers suggests the possibility of targeted attacks on the entire mobile network infrastructure by, for example, causing “ten thousand mobiles to try to reconnect simultaneously.” An attack could also be concentrated on users of a specific brand of mobile. To prevent such occurrences, he called for phone manufacturers to provide more security updates and to simplify the dissemination of updates. Source: http://www.h-online.com/security/news/item/27C3-presentation-claims-many-mobiles-vulnerable-to-SMS-attacks-1159568.html

For more stories, see item 47 above in the Information Technology Sector