Wednesday, February 23, 2011

Complete DHS Daily Report for February 23, 2011

Daily Report

Top Stories

• WUSA 9 reports the failure of thousands of wireless 911 calls during a snowstorm in the Washington D.C. area could be a problem occurring nationwide, and is a major weakness that could be exploited by terrorists, according to a federal communications official, and an anti-terrorism expert. (See item 49)

49. February 17, WUSA 9 District of Columbia – (District of Columbia) January snow storm exposes flaws ideal for terrorist attack. After a January 26 snowstorm crippled much of the Washington, D.C. metropolitan area, 9-1-1 communications systems were being criticized by many, including officials with the Federal Communications Commission (FCC). Various jurisdictions, including the District of Columbia and Montgomery County, reported that during the height of the storm, thousands of 9-1-1 emergency calls made by cell phones went dead. The callers heard busy signals, and in other cases, nothing at all. Emergency officials said the disruption in communication was caused by Verizon wireless trunk lines that went down as a result of an extremely high call volume and snow damage to actual phone towers and lines. The chief of the FCC public safety and homeland security bureau said that problem may be occurring nationwide. In Washington, a local anti-terrorism expert said failed 9-1-1 calls are a clear weakness that could be exploited by those wanting to cause harm. “The system is going to go down if it gets overloaded. That’s just a fact,” he said. “We should be looking at snowstorms as an opportunity to test and perfect our systems. If we can’t handle a snowstorm, there is a very good likelihood that we can’t handle a terrorist attack, and that’s the problem.” Source: http://www.wusa9.com/news/local/story.aspx?storyid=136520&catid=189

• According to the Associated Press, gusty winds led to more than 100 wildfires across Virginia, damaging federal and state land and other homes and property, and closing major highways. (See item 63)

63. February 19, Associated Press – (Virginia) Va. officials battling 100-plus wildfires. State and local officials were fighting more than 100 wildfires February 19 across Virginia. The Virginia Department of Forestry said firefighters in at least 50 localities were battling outdoor fires for much of the day. The department also said it is working two significant fires in Rockingham and Warren counties. The National Park Service and U.S. Forest Service are working fires in western Virginia. Fires temporarily closed several roads in Virginia, including Interstate 64 in New Kent County and Interstate 95 ramps in Prince William County. The Virginia Department of Transportation and Virginia State Police have been handling traffic control and detours. Officials said about 100 Louisa County residents were evacuated because their homes were threatened. Source: http://www.wset.com/Global/story.asp?S=14064262

Details

Banking and Finance Sector

13. February 22, Help Net Security – (International) New type of financial malware hijacks online banking sessions. A new type of financial malware has the ability to hijack customers’ online banking sessions in real time using their session ID tokens. OddJob, which is the name Trusteer gave to this trojan, keeps sessions open after customers think they have “logged off,” enabling criminals to extract money and commit fraud unnoticed. This is a completely new piece of malware that pushes the hacking envelope through the evolution of existing attack methodologies. It shows how hacker ingenuity can side-step many commercial IT security applications traditionally used to defend users’ digital and online monetary assets. Trusteer has been monitoring OddJob for a few months, but had not been able to report on its activities until now due to ongoing investigations by law enforcement agencies. These have just been completed. Trusteer’s research team reverse engineered and dissected OddJob’s code methodology, right down to the banks it targets and its attack methods. Financial institutions have been warned OddJob is being used by criminals based in Eastern Europe to attack their customers in several countries including the United States, Poland, and Denmark. Source: http://www.net-security.org/malware_news.php?id=1636

14. February 22, Help Net Security – (International) New type of financial malware hijacks online banking sessions. A new type of financial malware has the ability to hijack customers’ online banking sessions in real time using their session ID tokens. OddJob, which is the name Trusteer gave to this Trojan, keeps sessions open after customers think they have “logged off”, enabling criminals to extract money and commit fraud unnoticed. This is a completely new piece of malware that pushes the hacking envelope through the evolution of existing attack methodologies. It shows how hacker ingenuity can side-step many commercial IT security applications traditionally used to defend users’ digital - and online monetary - assets. Trusteer have been monitoring OddJob for a few months, but have not been able to report on its activities until now due to ongoing investigations by law enforcement agencies. These have just been completed. Trusteer’s research team has reverse engineered and dissected OddJob’s code methodology, right down to the banks it targets and its attack methods. Financial institutions have been warned that OddJob is being used by criminals based in Eastern Europe to attack their customers in several countries including the USA, Poland and Denmark. Source: http://www.net-security.org/malware_news.php?id=1636

15. February 21, Kansas City Star – (Missouri) Hacking creates chaos for Snow Creek and its customers. Snow Creek ski resort in Weston, Missouri and many of its credit card customers appear to be victims of an attack by Internet hackers that first came to light the morning of February 18. By midday the Platte County business had cut its on-site credit card processing system from the Internet and was warning customers to keep close track of their bills. The resort was told by credit card processing companies, banks, and the Secret Service that a large number of dubious credit card transactions appeared to be linked to customers who had done business at Snow Creek. “The Secret Service thinks we got hacked in that nanosecond before the information is encrypted,” said Snow Creek’s general manager February 21. “It’s still not clear what happened.” The fraud, he said, does not appear to have taken place at Snow Creek. The credit card theft does not apply to people who bought lift tickets or other passes online. Fraudulent charges to credit cards belonging to customers and employees of Snow Creek came from around the world, the general manager said. The numbers reported February 18 seemed to grow exponentially in the following days, he said. Source: http://www.kansascity.com/2011/02/21/2672504/hacking-creates-chaos-for-snow.html

16. February 19, Federal Bureau of Investigation – (Maryland; National) Three convicted in Maryland in $78 Mmllion mortgage fraud scheme. A federal jury convicted three individuals February 19 in district court in Greenbelt, Maryland, of fraud conspiracy, wire fraud, and conspiracy to commit money laundering in connection with their participation in a massive mortgage fraud scheme which promised to pay off homeowners’ mortgages on their “Dream Homes,” but left them to fend for themselves. In addition to the above described convictions, one of the individuals, chief financial officer of Metro Dream Homes (MDH), was also convicted of making a false statement in a federal court proceeding. According to evidence presented at the 6-week trial, beginning in 2005, the defendants targeted homeowners and home purchasers to participate in the Dream Homes Program. In exchange for a minimum of $50,000 initial investment and an “administrative fee” of up to $5,000, the conspirators promised to make the homeowners’ future monthly mortgage payments and pay off the homeowners’ mortgage within 5 to 7 years. To give investors the impression that the program was successful, MDH spent hundreds of thousands of dollars making presentations at luxury hotels, and set up offices in several states, including Maryland, the District of Columbia, Virginia, North Carolina, New York, Delaware, Florida, Georgia, and California. Source: http://7thspace.com/headlines/373359/three_convicted_in_maryland_in_78_million_mortgage_fraud_scheme.html

17. February 19, Associated Press – (Alaska) Anchorage woman charged with $7M Ponzi scheme. An Anchorage, Alaska woman is facing federal charges she operated a Ponzi scheme that defrauded investors of $7 million, the U.S. attorney’s office said February 18. The 64-year-old woman was named in a 26-count indictment. A grand jury in Anchorage indicted her for securities fraud, wire fraud, mail fraud, money laundering, bankruptcy fraud and bank fraud. She was arrested February 18, said a special agent and spokesman for the IRS Criminal Investigation’s Seattle field office. Prosecutors said the suspect carried out the scheme from 1996 to 2009, guaranteeing investors a high-rate of return and making false claims regarding how she was going to invest the victims’ money. They said she told victims she would invest their money in a global investment fund, European subprime loans, and an investment banking company. Prosecutors said she used the victims’ money for her personal expenses and to pay out early investors. The indictment alleges she fraudulently obtained money, ranging from $25,000 to around $3.7 million, from 14 victims. Source: http://www.adn.com/2011/02/19/1711330/anchorage-woman-charged-with-7m.html

18. February 18, BankInfoSecurity.com – (International) Rising global payments and emerging tech pose new fraud concerns. Global payment schemes are converging, but the convergence has been more by necessity than design. Payments instruments vary widely in various global markets, and those differences pose challenges for payments providers, and growing fraud opportunities for criminals. At the top of the list of growing fraud is money laundering; it’s the fraud that most-often gets through cross-border security gaps said an official who heads up banking and corporate strategy in the Americas for SWIFT, The Society for Worldwide Interbank Financial Telecommunication. The official said security is a top concern for any payments processor. But unique risks must be addressed in unique markets, and that’s making standardization and sweeping regulatory guidance aimed at fraud prevention next-to impossible. “Globalization will continue to bring new issues to bear, and compliance is something all institutions try to balance,” the official said. “We always want to think about security and maintaining integrity across the payments chain; sometimes it’s a difficult balance bringing innovation to market and security.” The year ahead, she said, will mark a tipping point for innovation, as well as cultural challenges. While the use of payment cards continues to grow or remains steady in the United States, usage in other parts of the world, even Europe, is not quite so accelerated. So, developing innovative solutions that enhance security to meet the demands of all markets is not easy. From a money-laundering perspective and overall fraud perspective, cultural differences create opportunity for fraudsters. Fake payments cards, created with account details from European accountholders, can easily be used in the United States, where cards are widely accepted and card technology is not so secure. Source: http://www.bankinfosecurity.com/articles.php?art_id=3365

19. February 17, KSTP 5 St. Paul – (Minnesota) FBI Says Robbery Suspect Hits 4th Metro Bank. With a mask and a small knife in hand, a man robbed a bank in Orono, Minnesota February 17, and FBI Agents said they believe it may be the same person who robbed three or four other banks in the metro area the past few weeks. FBI Agents said the First National Bank of the Lakes branch at 2445 Shadywood Road was robbed around 7:15 a.m. A bank employee arrived for work, and officials said the robber approached her from behind, told her he had a gun and to go into the bank. The employee told authorities she gave an undisclosed amount of money out of the night deposit safe to the man. She said the suspect left the bank through the front door. She was not hurt. The suspect is described as a white male, about 5 feet 9 inches tall, with a medium build. He was wearing dark clothing, along with a dark mask and gloves, white sneakers and carried a small blue, zippered bank bag. Source: http://kstp.com/article/stories/s1979532.shtml

Information Technology

51. February 22, Help Net Security – (International) Phishing scam and malware distribution scheme combined. The Facebook phishing campaign spotted February 21 turned out not to be so unimaginative after all. F-Secure researchers decided to see it through and entered log-in credentials to a dummy account of theirs to see it it would be compromised. And immediately after having entered them and having pressed the “Login” button, a notice offering free laptops and iPads pops up. A click on any of the “Claim Now” buttons takes the victim to a page offering a free Smiley toolbar, but no free iPad. “No Spyware,” it says. “We take pride in our products!” But if the user falls for the claim and downloads the offered (dot)exe file, spyware is what they will get. It is a phishing scam combined with malware distribution. If the user does not have an AV solution installed on their computer, they might not notice the spyware is hard at work in the background. Source: http://www.net-security.org/malware_news.php?id=1637

52. February 18, Darkreading – (International) New fast-flux botnet unmasked. A researcher at the RSA Conference 2011 said February 17 he discovered a new botnet that uses the rare fast-flux method to stay alive and evade takedown. He showed a sample of the botnet’s malware he had reverse-engineered, with evidence the botnet uses fast-flux. Fast-flux is basically load-balancing with a twist. It is a round-robin method where infected bot machines serve as proxies or hosts for malicious sites and are constantly rotated, changing their DNS records to prevent discovery by researchers. The now-defunct Storm and Warezov/Stration botnets were the first major ones to use fast-flux, but despite worries by researchers this method would catch on, it has remained rare. Avalanche/RockPhish and Warezov also used fast-flux to keep a low profile. “When fast-flux first came out, it was thought everybody was going to use it. That never materialized,” the researcher said. That is because an extra level of expertise and effort is required to design the botnet this way, he said. Source: http://www.darkreading.com/insider-threat/167801100/security/vulnerabilities/229218915/new-fast-flux-botnet-unmasked.html

Communications Sector

53. February 19, PC Magazine – (International) Libya cuts internet access for several hours. Internet access in Libya was severed for several hours the weekend of February 19 and 20, as protestors took to the streets to demand an end to the 40-year reign of their ruler. On February 19, Internet monitoring firm Renesys said in a blog post “Libya is off the Internet.” By February 20, Renesys said Internet access in Libya had been restored. “At the moment, spot checks of Libyan domains and traceroutes into affected networks indicate that connectivity has been restored, and Libya is back on the Internet,” the company wrote. Source: http://www.pcmag.com/article2/0,2817,2380677,00.asp

No comments: