Tuesday, February 1, 2011
Complete DHS Daily Report for February 1, 2011
Daily Report
Top Stories
• Federal law enforcement officials announced the arrest of an Ohio man for possessing ricin, a deadly toxin that can be used as a biological weapon, CNN reports. (See item 34)
34. January 28, CNN – (Ohio) FBI charges Ohio man with possessing toxin. Federal law enforcement officials announced the arrest of an Ohio man for possessing a toxin that can be used as a biological weapon January 28. FBI officers arrested the man after tests showed a substance removed from the Coventry Township man’s home was ricin. Ricin is a poison manufactured from castor beans. The suspect was charged with one count of unlawful possession of a biological agent. Authorities do not believe the substance was to be used in a terrorist act. The arrest took place 3 days after special FBI hazardous materials teams from Pittsburgh, Pennsylvania, and Quantico, Virginia, Summit County sheriff’s deputies, and firefighters from three Ohio departments responded to the suspect’s home, which was in foreclosure. Tests conducted at the National Bioforensic Analysis Center in Maryland confirmed the substance was ricin, an FBI special agent said. “Ricin is a very poisonous toxin that certainly can be fatal if it’s injected or you breathe it in or you eat it,” he said. Source: http://articles.cnn.com/2011-01-28/us/ohio.ricin.arrest_1_castor-beans-ricin-ohio-man?_s=PM:US
• According to Associated Press, authorities arrested a California man traveling with explosives in his vehicle with the intention of blowing up one of the nation’s largest mosques in Dearborn, Michigan. (See item 56)
56. January 31, Associated Press – (Michigan) Man arrested with explosives at Michigan mosque. A 63-year-old Southern California man who was traveling with explosives in his vehicle with the intention of blowing up one of the nation’s largest mosques where mourners had gathered for a funeral was arrested in the Detroit suburb of Dearborn, Michigan, authorities said January 30. Dearborn police said the man was arraigned January 26 on one count of making a false report or threat of terrorism, and one count of possessing explosives with an unlawful intent. He had a large but undisclosed quantity of class-C fireworks including M-80s, which are outlawed in Michigan, a police chief said. He was arrested January 24 without incident in the parking lot of Islamic Center of America, while a large group was gathered inside. He said police received a 911 call from a resident. The police chief said authorities believe he was acting alone but still take him “very seriously.” He said the suspect has “a long history of anti-government activities.” The police chief said he called the mosque leader January 25 to let him know of the arrest, and later met with mosque board members. He said members shared concerns about copycat crimes if the arrest was publicized. The suspect remained jailed January 30 on a $500,000 bond. A preliminary examination is scheduled for February 4. Source: http://www.google.com/hostednews/ap/article/ALeqM5iOXULcE-kwqDvZ3kAHtVJhIRgLtA?docId=949fec1a2202400bb04855d3b943d1ca
Details
Banking and Finance Sector
12. January 31, Help Net Security – (National) ATM skimmers don’t even have to be on the ATM. Careful ATM users know enough to give a hasty visual check to the machine before using it and to hide the keyboard while entering their PIN. Unfortunately, sometimes even that is not enough to stop fraudsters. A security analyst has discovered a type of attack that can not be detected by users because there’s nothing off on the machine or close enough to it to make them suspicious. The analyst said the new tactic is employed to steal data from users who prefer to use ATMs located in the antechamber of a bank or building lobby. Access to these machines is usually controlled by a key card lock that allows customers to enter only after they have swiped their ATM card. The analyst said crooks have devised a way to add a skimmer to these locks, so they record card information. When customers finally access the ATM, those of them who do not take particular care to hide the keyboard from view with the palm of their hand or another object, have their PINs stolen through the use of a zoom-in camera hiding behind a mirror located on the wall above the ATM — which they assume is there to allow them to see if someone is standing behind them. Source: http://www.net-security.org/secworld.php?id=10513
13. January 30, TulsaWorld – (Oklahoma) Bank robbed minutes after gunman thwarted elsewhere. Tulsa police are investigating a bank robbery and an attempted bank robbery that happened within a half-hour January 29. Police were called to the Arvest Bank at 2500 E. Edison St. just after 10:45 a.m. after a masked man tried to enter the bank. A teller saw the man approach and locked the front door before he could enter. When he could not open the door, the man fired a shot into the ground before leaving, a police official said. The man was described as black, between 5 foot 7 inches and 5 foot 10 inches tall and weighing between 160 to 175 pounds. He wore a red hooded sweatshirt, black bandanna, black pants and black shoes and carried a small-caliber revolver. Twenty minutes later, a man with a similar description robbed the Arvest Bank at 36th Street and Yale Avenue. The man jumped the counter and demanded money; he ran west from the bank, police said. The suspect wore a multicolored stocking cap, blue nylon rain jacket, black pants and black-and-red shoes. He also carried a small-caliber pistol. Source: http://www.tulsaworld.com/webextra/content/2010/crimesite/article.aspx?subjectid=450&articleid=20110130_11_A12_Tlaplc366774
14. January 30, McClatchy-Tribune Information Services – (California) Skimming device at Terra Linda Chase Bank results in thefts. Chase Bank has confirmed a skimming device attached to an ATM at its Terra Linda, California branch siphoned money from customers’ accounts. Customers said perpetrators withdrew money from victims’ accounts just after the Martin Luther King Jr. Day weekend, but the bank declined to provide details about the thefts, citing an active investigation. “We investigate all reported skimming activity and are working closely with law enforcement,” a JPMorgan Chase spokeswoman said in a statement. “Any customer who sees unusual or suspicious activity on their account should report it to the bank immediately. If we confirm a transaction was not initiated by the customer, the customer has zero liability.” Skimming devices often work with cameras and other equipment to record bank account data and personal identification numbers from ATM machines, and from debit card scanners at gas stations. Source: http://robotics.tmcnet.com/news/2011/01/30/5276520.htm
15. January 29, San Diego North County Times – (California) ‘Geezer bandit’ hits bank No. 13. The “Geezer Bandit” has struck again, this time in Santa Barbara County, California the 13th strike for the notorious bank robber. And it appears he is continuing to work his way north. The latest heist took place in Goleta, near Santa Barbara, at a Bank of America branch on 5892 Calle Real about 6 p.m. January 28. The man believed to be the Geezer Bandit reportedly threatened a teller with a weapon and demanded money, according to a written news release from the FBI. The teller complied with his demand and delivered a sum of money to the robber. Any information leading to the arrest and conviction of the Geezer Bandit still has a hefty reward attached to it. The FBI. has been offering a $20,000 reward for information on the thief since December 2010. Source: http://www.nctimes.com/news/local/sdcounty/article_a2f1a2eb-637d-56da-b23d-db84dfc12ed3.html
16. January 29, United Press International – (Illinois) Guards foil robbery attempt, killing one. The attempted robbery of an armored truck in Chicago, Illinois, left one of the would-be robbers’ dead and the other in critical condition, police said. The two men attempted to rob a Garda armored truck as it was making a pickup at a Family Dollar store January 28, and a guard shot and killed one of the men, the Chicago Tribune reported January 30. The dead man was a 52 year-old from Chicago who had served time in prison for armed robbery in 1990. Police said one suspect held a guard in a choke hold while the second put what turned out to be a fake shotgun to his chin. The guard broke loose and fatally shot one of the suspects in the head. Another guard, who had been inside the armored vehicle, stepped out and shot and critically wounded the second man. He was in critical condition at Mt. Sinai Hospital. Neither guard was injured. Source: http://www.upi.com/Top_News/US/2011/01/29/Guards-foil-robbery-attempt-killing-one/UPI-72411296314792/
17. January 29, BankInfoSecurity.com – (National) 4 banks close on Jan. 28. First Community Bank, Taos, New Mexico, is the largest of four banks to fail January 28. The $2.31 billion institution was subsequently acquired by U.S. Bank, National Association, Minneapolis, Minnesota. It was the 11th failed bank so far in 2011. FirsTier Bank, Louisville, Colorado, was closed by the Colorado Division of Banking, which appointed the Federal Deposit Insurance Corporation (FDIC) as receiver. To protect depositors, FDIC created the Deposit Insurance National Bank of Louisville (DINB), which will remain open until February 28, to allow depositors access to insured deposits and time to open accounts at other insured institutions. As of September 30, FirsTier Bank had $781.5 million in total assets and $722.8 million in total deposits. FDIC estimates the cost to the Depositors Insurance Fund (DIF) will be $242.6 million. Evergreen State Bank, Stoughton, Wisconsin, was closed by the Wisconsin Department of Financial Institutions, which appointed FDIC as receiver. FDIC entered into a purchase and assumption agreement with McFarland State Bank, McFarland, Wisconsin, to assume all of Evergreen deposits. As of September 30, Evergreen had about $246.5 million in total assets and $195.2 million in total deposits. McFarland assumed all of Evergreen’s deposits and agreed to purchase all assets. FDIC estimates the cost to the DIF will be $22.8 million. The First State Bank, Camargo, Oklahoma, was closed by the Oklahoma State Banking Department, which appointed FDIC as receiver. FDIC entered into a purchase and assumption agreement with Bank 7, Oklahoma City, Oklahoma, to assume all deposits of First State. As of September 30, First State had about $43.5 million in total assets and $40.3 million in total deposits. Source: http://www.bankinfosecurity.com/articles.php?art_id=3307
Information Technology
48. January 31, H Security – (International) New critical vulnerability in VLC Media Player. Update 1.1.6, released the week of January 23, fixed a critical vulnerability in the VideoLAN project’s VLC Media Player. Now the project has reported a new vulnerability that can be exploited using specially crafted MKV (Matroska Video and WebM) films to inject malicious code onto a system and execute that code with the user’s privileges. All versions up to and including 1.1.6 are affected. The root of the problem lies with insufficient input validation in the MKV demuxer plugin (libmkv_plugin.*). The update consists of swapping a single line within a macro. The change has already found its way into the Git repository. An official update, version 1.1.7, is expected to be released shortly. Source: http://www.h-online.com/security/news/item/New-critical-vulnerability-in-VLC-Media-Player-1180905.html
49. January 31, H Security – (International) Data theft vulnerability in Android 2.3 not plugged. A security vulnerability in the Android browser that could be exploited to steal data, and was disclosed back in November 2010, is still exploitable in the latest version of the smartphone operating system (version 2.3, “Gingerbread”). A security researcher from the University of North Carolina (UNC) reports that it is possible to bypass the patch that was supposed to fix the vulnerability. He said he informed the Android Security Team of the problem January 26, and provided them with exploit code tested on a Nexus S. He stressed that it is not a root exploit. It runs within the Android sandbox and consequently only has access to some data, such as that stored on the SD card. No exploit for the vulnerability has been observed in the wild. Source: http://www.h-online.com/security/news/item/Data-theft-vulnerability-in-Android-2-3-not-plugged-1180183.html
50. January 29, Softpedia – (International) SourceForge resets all passwords following security breach. SourceForge, the world’s largest open source software repository, has reset the password for all of its users following a successful attack against its infrastructure. The SourceForge team discovered the security breach January 27 when exploits were found uploaded on several servers. A preliminary investigation revealed the attack originated on the CVS hosting server, but the actual attack vector has not been identified yet. As a result of the incident, some functionality was suspended, including CVS hosting, Web-based source code browsing (ViewVC), the capability to upload new releases, and the Interactive Shell services. A subsequent update posted on the site’s official blog did not reveal any more information except the team better understands what happened and how it can prevent it in the future. An e-mail went out to all users January 29, notifying them their passwords had been reset. SourceForge is operated by Geeknet, a firm that also owns and runs Slashdot, freshmeat, and ThinkGeek. Source: http://news.softpedia.com/news/Sourceforge-Servers-Compromise-Leads-to-Service-Downtime-181335.shtml
51. January 29, Softpedia – (International) Former Kaspersky employee responsible for leaked source code. The Kaspersky source code that recently made its way onto public Web sites was leaked by a former employee of the antivirus vendor who received a suspended prison sentence for intellectual property theft. Russian technology publication CNews quotes a Kaspersky Lab spokesperson, according to whom a former employee with legitimate access to the source code stole it in early 2008. It is not clear if he did it out of revenge or entirely for profit, but he ended up offering it for sale on the black market. Kaspersky issued a statement January 31 noting its former employee received a 3-year suspended prison sentence for his actions, and warning everyone against downloading the publicly available source code. Kaspersky claims the security of its current products is not at risk because they only contain a small part of the leaked code that does not concern protection functions. It is likely that having knowledge of the leak for almost 2 years, the company rewrote the most critical parts of the code and made significant changes to its technology. Source: http://news.softpedia.com/news/Former-Kaspersky-Employee-Responsible-for-Leaked-Source-Code-181367.shtml
52. January 28, Computerworld – (International) Microsoft warns of new Windows zero-day bug. Microsoft warned Windows users January 28 of a new unpatched vulnerability attackers could exploit to steal information and dupe people into installing malware. In a security advisory, Microsoft said a bug in its MHTML (MIME HTML) protocol handler can be used by attackers to run malicious scripts within Internet Explorer. “The best way to think of this is to call it a variant of a cross-side scripting vulnerability,” the director of security operations at nCircle Security said. Cross-site scripting bugs (XSS), can be used to insert malicious script into a Web page that can then take control of the session. “An attacker could pretend to be the user, and act if as he was you on that specific site,” the security director said. “If you were at Gmail.com or Hotmail.com, he could send e-mail as you.” Source: http://www.computerworld.com/s/article/9206999/Microsoft_warns_of_new_Windows_zero_day_bug
Communications Sector
53. February 1, SC Magazine – (International) Egypt cuts off Internet to starve protests. Week-long protests against the Egyptian government have resulted in the state cutting Internet and mobile phone data services. US news organization National Public Radio said Egypt’s four primary Internet providers: Link Egypt; Vodafone/Raya; Telecom Egypt; and Etisalat Misr all stopped moving data in and out of the country at 12:34 a.m. January 31. Telecom experts said Egyptian authorities could have engineered the cut-off with a simple change to the instructions for the companies’ networking equipment. A statement by Vodafone Egypt said: “All mobile operators in Egypt have been instructed to suspend services in selected areas. Under Egyptian legislation, the authorities have the right to issue such an order and we are obliged to comply with it. The Egyptian authorities will be clarifying the situation in due course.” Those still able to access social media confirmed “Egypt now is a total black hole.” An Egyptian based in South Africa said: “We should be prepared for total mobile phone blackout tomorrow also (or at least in protest hotspots).” Source: http://www.securecomputing.net.au/News/246580,egypt-cuts-off-internet-to-starve-protests.aspx
54. January 31, IT Pro – (National) AASIP gives IPv6 as standard. Internet service provider (ISP) Andres and Arnold (AAISP) has confirmed it will be offering IPv6 capabilities as standard to customers. The ISP has been offering IPv6 as an opt-in choice for more than 8 years but, in light of the news IPv4 addresses are soon to run out, it has decided to bundle in IPv6 ability at no extra cost. “With the announcement that the final blocks of IPv4 address space have been allocated, it is clear that all ISPs, business and home users alike have to get themselves IPv6 ready,” the company said. Although it will be automatic for new customers, existing ones need to ask AAISP’s support to turn on the capability. Business customers should already have an IPv6 capable router but consumers may not. However, AAISP confirmed it hoped to have these available by the end of February. IPv4 is the Internet protocol numbering system in use since 1995, but a number of industry experts have warned it could be a matter of weeks before the allocation runs out. Back in November, one of the fathers of the Internet, called for government incentives to make people migrate to the new IPv6 system. Source: http://www.itpro.co.uk/630505/aasip-gives-ipv6-as-standard
55. January 31, Fierce Government IT – (National) White House supports D block reallocation to public safety. The Presidential administration will now support efforts to grant public safety license to a 10 megahertz swath of spectrum known as the D block, the DHS Secretary said January 27. She spoke at George Washington University, delivering what she said was the first of an annual address on the state of homeland security. The Federal Communications Commission (FCC) is under congressional mandate to auction the D block, which is located in the 700 MHz band, with the proviso the commercial licensee give public safety priority access to the band during emergencies. Many public safety groups have said that without them controlling the D block license, plans for a national broadband wireless network would not come to fruition. FCC’s position has been that public safety’s existing 10 MHz broadband license in the 700 MHz band is sufficient, and that failure to hold an auction would make the network unattainably expensive for many public safety agencies. FCC has envisioned growth of a private sector market for end-user devices that would be compatible with the D block and public safety’s existing 10 MHz license. If that market doesn’t materialize, due to there being no customers, costs of building out the network infrastructure would increase by billions of dollars, and that would “create a patchwork system across the country of haves and have-nots,” the chief of the FCC’s public safety and homeland security bureau has said. Source: http://www.fiercegovernmentit.com/story/white-house-supports-d-block-reallocation-public-safety/2011-01-31
For more stories, see item 49 above in the Information Technology Sector
No comments:
Post a Comment