Friday, February 25, 2011
Complete DHS Daily Report for February 25, 2011
Daily Report
Top Stories
• According to Bloomberg, computer hackers working through Internet servers in China broke into and stole proprietary data from the networks of six U.S. and European energy companies, including Exxon Mobil Corp., Royal Dutch Shell Plc and BP Plc. (See item 3)
3. February 24, Bloomberg – (National) Exxon, Shell, BP said to have been hacked through Chinese internet servers. Computer hackers working through Internet servers in China broke into and stole proprietary information from the networks of six U.S. and European energy companies, February 10, including Exxon Mobil Corp., Royal Dutch Shell Plc and BP Plc, according to one of the companies and investigators who spoke about the incident February 23. The attacks, dubbed “Night Dragon,” originated “primarily in China” and occurred during the past 3 years. The list of companies hit also include Marathon Oil, ConocoPhillips, and Baker Hughes Inc. In some of the cases, hackers had undetected access to company networks for more than 1 year, said a chief executive officer of HBGary Inc., a cyber-security company that investigated some of the security breaches. “Legal information, information on deals and financial information are all things that appear to be targeted,” the CEO said, summing up conclusions his firm made from the types of documents and persons targeted by the hackers. “This is straight up industrial espionage.” Hackers targeted computerized topographical maps worth “millions of dollars” that show locations of potential oil reserves, said an InGuardians Inc. employee, whose company investigated two recent breaches of U.S. oil companies’ networks. McAfee Inc., a cyber-security firm, reported February 10 that such attacks had resulted in the loss of “project-financing information with regard to oil and gas field bids and operations.” The McAfee report described the techniques used to get into the computers as “unsophisticated” and commonly used by Chinese hackers. The attacks began in November 2009, McAfee said. Two cyber investigators familiar with the probes said the attacks began even earlier, in 2008, and involved several well-financed groups. A former head of U.S. counterintelligence during the Bush and Obama administrations said the thefts of oil company data like those in the McAfee report match the profile of industrial espionage operations that have the backing or consent of the Chinese government. Source: http://www.bloomberg.com/news/2011-02-24/exxon-shell-bp-said-to-have-been-hacked-through-chinese-internet-servers.html
• The Dallas Morning News reports a 20-year-old Saudi Arabian national was arrested by theFBI in Lubbock, Texas for plotting to carry out terrorist attacks against dams, nuclear power plants, and the home of a former U.S. President. (See item 28)
28. February 24, Dallas Morning News – (Texas; Colorado; California) FBI: Lubbock college student from Saudi Arabia targeted Bush’s Dallas home in bombing plot. A 20-year-old Saudi Arabian national arrested by the FBI in Lubbock, Texas, for allegedly plotting to carry out terrorist attacks, also allegedly targeted the Dallas home of the 43rd U.S. President, documents show. The Saudi citizen was arrested February 23 and was scheduled to appear before a federal judge in Lubbock February 25. Agents also found lists of various targets, including reservoir dams in Colorado and California, and nuclear power plants. According to an arrest warrant affidavit, FBI agents learned of the man’s alleged plotting February 1, when a chemical supplier reported a suspicious attempted purchase of concentrated phenol. Phenol can be used to make explosives. The suspect had successfully purchased concentrated nitric and sulfuric acids in December. He also allegedly purchased many other items, including a gas mask, a haz-mat suit, a soldering iron kit, glass beakers and flasks, wiring, a stun gun, clocks, and a battery tester. A spokesman said the terrorism investigation is ongoing, but “the federal complaint contains no allegations that he received direction from or was under the control of a foreign terrorist organization. We are confident that we have eliminated the alleged threat by [the accused],” he said. The suspect was lawfully admitted into the United States in 2008 on a student visa, and is enrolled at South Plains College near Lubbock. In online blog entries agents found, the man allegedly wrote of his plans to carry out violent jihad, or holy war, in the United States. The affidavit also alleged he conducted research indicating he considered using infant dolls to conceal explosives, and considered targeting of a nightclub with an explosive concealed in a backpack. A search of his Lubbock residence revealed a journal, which showed he had been allegedly plotting for years. Source: http://www.dallasnews.com/news/state/headlines/20110224-fbi-lubbock-college-student-from-saudi-arabia-targeted-bushs-dallas-home-in-terror-plot.ece
Details
Banking and Finance Sector
10. February 24, WGHP 8 Sophia – (North Carolina) ‘Ball cap bandit’ wanted in 3 Triad bank robberies. Detectives in High Point and Thomasville in North Carolina believe a man labeled the “Ball Cap Bandit” by the FBI is responsible for robbing 3 local banks over the past 2 weeks. Detectives with High Point Police Department and Thomasville Police Department believe the suspect who robbed the High Point Bank and Trust on Eastchester Drive might be the same suspect that robbed the BB&T on Randolph Street in Thomasville, and the State Employees’ Credit Union in Asheboro. The suspect in all three robberies is described as a white male, approximately 50 years old, short, about 150 lbs and with a “scruffy” beard. The suspect was reportedly wearing blue jeans, a light green or blue jacket, tan colored camouflage hat, and sunglasses. Source: http://www.myfox8.com/news/wghp-story-ball-cap-bandit-110224,0,2436322.story
11. February 24, Bucks County Courier Times – (Pennsylvania) Man charged in bank robberies. A Bensalem, Pennsylvania man is in jail on a $1 million bail, accused of robbing two Bucks County banks February 18 and February 19, netting him more than $26,000. The suspect was arraigned February 23 in connection with the robberies at the TD Bank at 624 S. Oxford Valley Road in Bristol Township February 18, and the Bank of America at 381 Easton Road in Warrington February 19, according to court documents. In both robberies, investigators said the suspect asked for a withdrawal slip and wrote on it that he wanted money, then he handed the note to the teller. Source: http://www.phillyburbs.com/news/local/courier_times/courier_times_news_details/article/28/2011/february/24/man-charged-in-bank-robberies.html
12. February 23, H Security – (International) Online banking trojan attacks Windows Mobile smartphones. According to reports from F-Secure and Kaspersky, fraudsters are using a special trojan for smartphones to target users who use mTANs for online banking. As well as a Symbian version, there is now a version which specifically targets Windows Mobile. It uses the same trick as the September 2010 wave of trojans which targeted Symbian mobiles. After infecting a PC, the Zeus trojan displays additional fields on online banking Web sites, into which the victim is requested to enter the number and make of his or her mobile phone. The victim then receives a text containing a URL for what claims to be a certificate update. After installation, this turns out to be a trojan which secretly forwards texts containing mTANs to a phone number in the United Kingdom. Source: http://www.h-online.com/security/news/item/Online-banking-trojan-attacks-Windows-Mobile-smartphones-1195623.html
13. February 23, New Orleans Times-Picayune – (Louisiana) Credit card fraud investigation leads to four arrests. An organized group of 16 suspects illegally acquired more than $250,000 in goods by taking credit cards from more than 100 people, a Louisiana State Police (LSP) superintendent said February 23. Individuals in the French Quarter and Central Business District of New Orleans have been the primary target of the bandits whose reach extended far beyond the area, a LSP spokesman said. Four of the 16 suspects have been arrested. Warrants have been issued for the others. Two of the people arrested are charged with access device fraud. The other two arrested are charged with attempted device fraud. All four suspects live in New Orleans. A task force of the members of the LSP, the New Orleans Police Department, and the U.S. Secret Service have been investigating the organized group. Police said the 16 suspects shared stolen cards with each other. Source: http://www.nola.com/crime/index.ssf/2011/02/law-enforement_team_goes_after.html
14. February 23, IDG News – (International) Belarus man pleads guilty to running identity theft site. A 26-year-old Belarusian man entered a guilty plea February 23 to running an identity theft Web site designed to thwart the antifraud measures used by many banks. Until he was arrested in April 2010, the man had been the mastermind behind CallService(dot)biz, a Web site that helped more than 2,000 identity thieves commit fraud. CallService employed a network of English and German speakers who would call up banks, pretending to be ID theft victims, and confirm fraudulent transactions rung up by the criminals. This enabled them to skirt antifraud measures put in place by many U.S. banks, which often ask cardholders to phone in to confirm suspicious transactions. The man would make sure his callers were the correct gender, and then tell them exactly what to say to ensure the bogus purchases went through. He’d give his callers a dossier on the victim, including the name, e-mail address, Social Security number and answers to security questions such as “What city were you married in?” and “What is the name of your oldest sibling?” In online advertisements, CallService(dot)biz claimed to have done over 5,400 of these confirmation calls. The suspect faces a maximum sentence of nearly 38 years in prison on wire and credit card fraud charges, and is set to be sentenced May 26. Source: http://www.pcworld.com/businesscenter/article/220506/belarus_man_pleads_guilty_to_running_identity_theft_site.html
Information Technology
37. February 24, The Register – (International) Man admits hacking into NASA, e-commerce servers. A man from Houston, Texas, has admitted hacking into servers owned by an e-commerce company and making off with about $275,000. The man also admitted to charges of breaking into servers maintained by NASA’s Goddard Space Flight Center in Maryland and causing $43,000 in damages. The hacking spree spanned a 10-month stretch starting in December 2008 with the breach of systems owned by SWReg. A subsidiary of Digital River of Minnesota, the company manages royalties for independent software developers. “[The man] hacked into SWReg’s system, created the money by crediting the SWReg accounts, and then caused that money to be wire transferred to his bank account instead of the accounts of several developers,” a press release issued by the U.S. Attorney’s office in Minnesota said. The NASA servers the man hacked gave paying members of the scientific community access to oceanic data being sent to Earth from satellites. Eventually, the data was made available to everyone. Source: http://www.theregister.co.uk/2011/02/24/nasa_hacker_guilty/
38. February 24, H Security – (International) The unintended kill switch in Bind. The developers of the Bind server software have warned of a security problem that could prevent DNS servers from responding to requests. This is a serious problem, as many of the central DNS servers on the Internet use Bind, and hardly anything works without domain name resolution. However, the developers said no public exploits have so far been found. A domain’s master servers are vulnerable while they are performing an incremental zone transfer –- a type of DNS zone transfer – or a dynamic update. The relevant security advisory lists versions 9.7.1-9.7.2-P3 as being affected. Source: http://www.h-online.com/security/news/item/The-unintended-kill-switch-in-Bind-1196567.html
39. February 24, Help Net Security – (International) Malware-driven pervasive memory scraping. Reports are coming in of a new trend in hacking techniques. Known as “pervasive memory scraping,” the technique relies on the fact certain areas of Windows memory are only occasionally overwritten, meaning data from software that has been closed down on the PC can still remain for some time after. “The SANS Institute is reported to have spotted evidence of this type of attack methodology on an increasing basis. This means that, where a Windows PC user loads a secure application to view data, views that data and then closes the application, there is a chance that the data may continue to reside in the computer’s memory for some time after,” the CEO of Lieberman Software said. “Put simply, this means that, even if the secure software checks for the presence of trojans and similar credential scanning malware — and locks down the malware whilst it is loaded - once the application is closed, the contents of the computer memory can still be subsequently lifted by a remote scanning piece of malcode,” he added. Source: http://www.net-security.org/malware_news.php?id=1641
40. February 24, The Register – (International) Security shocker: Android apps send private data in clear. Cellphones running the Android operating system fail to encrypt data sent to and from Facebook and Google Calendar, shortcomings that could jeopardize hundreds of millions of users’ privacy, a computer scientist said. In a simple exercise for his security class, a professor at Rice University in Houston, Texas connected a packet sniffer to his network and observed the traffic sent to and from his Android handset when he used various apps available for Google’s mobile platform. The official Facebook app transmitted everything except for the password in the clear, the professor blogged February 22. This meant that all private messages, photo uploads, and other transactions were visible to eavesdroppers, even though the account had been configured to use Facebook’s recently unveiled always-on SSL encryption setting to prevent snooping over insecure networks. Google Calendar showed a similar carelessness in the experiment by also sending and receiving data in the clear. That makes it possible for hackers to see users’ schedules when the service is accessed on unsecured networks. Source: http://www.theregister.co.uk/2011/02/24/android_phone_privacy_shocker/
41. February 24, Softpedia – (International) Fake YouTube pages serve trojan via malicious Java applets. Security researchers from antivirus vendor BitDefender warn of scams that make use of fake YouTube pages to install trojans via a malicious Java applet. The scammers worked to make the pages look as close as possible to the real YouTube Web site. When visitors land on these rogue sites, a Java applet is launched automatically and they are prompted to run it. The dialog appears because the applet is unsigned and since Java is rarely used for mainstream Web services, users unfamiliar with it might be tempted to hit “run” to see the video they have been promised. The applet uses the OpenConnection Java method to download and executes a trojan. The malware has botnet capabilities and connects to an IRC server from where it receives commands. It is mainly used as a distribution platform for additional threats. Among those seen by BitDefender is a trojan that can use the Facebook accounts of its victims to send spam and record conversations from the most popular IM clients. There is also a worm with DDoS capabilities that can spread via removable USB drives, and a click fraud trojan that hijacks searches performed in Firefox, Internet Explorer, and Chrome on Google or Bing. Source: http://news.softpedia.com/news/Fake-YouTube-Pages-Serve-Trojan-via-Malicious-Java-Applets-186033.shtml
42. February 23, IDG News Service – (International) Microsoft fixes a security bug in its virus-scanner. Microsoft has patched a bug in its malware scanning engine that could be used as a stepping stone for an attacker looking to seize control of a Windows box. The bug is fixed in an update to the Microsoft Malware Protection Engine that was pushed out to users of Microsoft’s security products February 23. The bug is classified as an elevation of privilege vulnerability — something that could be used by an attacker who already has access to the Windows system to gain complete administrative control. Microsoft has not seen anyone take advantage of the bug yet, but the company thinks hackers could develop code that reliably exploits the issue. Source: http://www.computerworld.com/s/article/9211059/Microsoft_fixes_a_security_bug_in_its_virus_scanner
Communications Sector
44. February 24, OzarksFirst.com – (Missouri) Apartments evacuated when active meth lab found. Several families in Springfield, Missouri, were evacuated February 24 after an active meth lab was discovered outside their apartments. A police spokesman said officers were called about 1 a.m. to the 600 block of South Jefferson, just west of the Missouri State University campus. They found the components of a working meth lab behind a garage in the yard of the apartments. People living in several apartments were evacuated as haz-mat crews and the fire department arrived. They said the lab was reacting and there was a high risk of explosion. Springfield police said they did not have any suspects yet. Source: http://ozarksfirst.com/fulltext?nxd_id=410606
45. February 23, Associated Press – (Florida) Officer shoots man reportedly wielding knife. A police officer in South Florida shot a man reportedly wielding a knife inside Luther Memorial Lutheran Church February 23. Someone in the church called authorities for help saying a man with a knife was inside a classroom. Authorities said an officer who feared for his life shot the man once in the torso. The man was taken to a hospital. His condition was not known. Source: http://www.miamiherald.com/2011/02/23/2081609/officer-shoots-man-reportedly.html
46. February 23, New England Cable News – (Massachusetts) Police search for suspects in Lynn home-made bomb plot. Four home-made bombs went off in Lynn, Massachusetts, February 21, and now police are looking for those responsible. The one bomb police did manage to recover was 5 inches long, and had the strength of a stick of dynamite. Police believe as many as three other bombs have yet to be found. All the bombs went off within a span of about 15 minutes of each other. Lynn police and fire departments are working on the case along with the state fire marshal’s office. Source: http://www.necn.com/02/23/11/Police-search-for-suspects-in-Lynn-home-/landing_newengland.html?blockID=416265&feedID=4206
47. February 23, Computerworld – (Kansas) Hacker claims credit for knocking church’s site offline. A Twitter message February 21 suggested a self-proclaimed “hacktivist” using the handle The Jester may have been responsible for knocking the Topeka, Kansas-based Westboro Baptist Church (WBC) offline. In the message, the hacker claimed to have temporarily taken down the public Web site of the church “for celebrating the death of U.S. troops.” The message, however, made no direct mention if The Jester (atth3j35t3r on Twitter) was also responsible for the unavailability February 23 of several other Web sites affiliated to the WBC. The week of February 14, someone purporting to be from the hacking collective known as Anonymous, posted a letter on an Anonymous site, warning WBC members of attacks against their church public Web sites if they did not stop their protests. That letter was later dismissed as a hoax by Anonymous. All of the church’s sites were unavailable February 23. Source: http://www.computerworld.com/s/article/9211038/Hacker_claims_credit_for_knocking_church_s_site_offline
48. February 22, Orange County Register – (California) Object used in GPS treasure hunt closes Downtown Disney. Downtown Disney in Anaheim, California, was reopened after about 90 minutes February 22 following a report of a suspicious object that turned out to be part of a high-tech treasure-hunt. An Anaheim police sergeant said police received a call of a suspicious object in Downtown Disney at 11:07 a.m. Assisted by Disney security, the object was located on a box on a walking bridge east of the ESPN Zone and west of the House of Blues, and the Orange County Sheriff’s Department Bomb Squad was called. A Disneyland Resort spokeswoman said about half of the shops and restaurants in Downtown Disney were evacuated at 11:30 a.m. At 12:38 p.m., the sergeant said the object was discovered to be a “geocaching” site –- a location for high-tech scavenger hunters, who use GPS devices to find objects left at specific locations. Source: http://www.ocregister.com/news/suspicious-289321-object-downtown.html
No comments:
Post a Comment