Thursday, March 3, 2011

Complete DHS Daily Report for March 3, 2011

Daily Report

Top Stories

• KITV 4 News reports an investigation is underway of at least 27 Transportation Security Administration officers at the Honolulu International Airport in Hawaii after security failures that could have allowed a terrorist attack on an airplane were allowed to continue for months. (See item 21)

21. March 2, KITV 4 Honolulu – (Hawaii) At least 27 Honolulu TSA officers under probe. An investigation is underway of more than two dozen Transportation Security Administration (TSA) officers at the Honolulu International Airport in Hawaii after security failures that could have allowed a terrorist attack on an airplane were allowed to continue for months, KITV 4 News has learned. TSA employees told KITV 4 News thousands of checked bags were loaded onto flights at Honolulu’s airport in recent months without having been screened for explosives. At least 27 TSA officers on the morning shift in Honolulu’s Lobby 4 are accused of not properly searching checking baggage before it was loaded on planes, sources said. Baggage there was supposed to be opened up and checked for traces of explosives, but sources said many pieces of luggage were never checked. In some cases, TSA agents simply marked suitcases as having been screened when those checked bags had not been checked at all, according to people familiar with the investigation. Sources said baggage checked on nine daily morning departures from Lobby 4 were not properly screened, a situation that could have lasted as long as 4 months, meaning thousands of suitcases went unchecked. Source:

• Heavily armed bandits stormed a high-tech company February 27 in Fremont, California, rounding up employees and escaping with at least $2 million worth of computer chips and other equipment, KTVU 2 Oakland and San Francisco Bay City News reported. See item 52 below in the Information Technology Sector


Banking and Finance Sector

15. March 2, Belleville News Democrat – (Illinois) Police say bank robberies in Caseyville, Fairview may be linked. Police in Caseyville, Illinois, are looking for the two masked gunmen who stormed into the First Collinsville Bank March 1 and robbed it. No one was injured. The robbers displayed guns before fleeing with an undetermined amount of money, the Caseyville police chief said. The police chief said there are similarities between this robbery and one that occurred February 28 at U.S. Bank in Fairview Heights, but declined to elaborate. The FBI is investigating both cases. The robbery occurred shortly before 2 p.m. in a trailer that temporarily housed the bank branch. Source:

16. March 1, WFSB 3 Hartford – (Connecticut) Bank bomb threats investigated. Police had opened up a criminal investigation after three bomb threats were called into Windsor Federal Savings Banks in Windsor, Bloomfield, and Granby on February 28. All three branches of the Windsor Federal Savings Bank received a call around 3:45 p.m. that a bomb would detonate in the buildings. “The call was received into the teller that a bomb was going to detonate within the building,” said a Granby police official. The police official said the branches in Bloomfield and Windsor received similar calls just minutes apart. Everyone inside the Granby bank was quickly evacuated as well as employees in nearby businesses. Connecticut State Police brought bomb-sniffing dogs to the scenes, however nothing suspicious was found. Source:

17. March 1, Boulder Daily Camera – (Colorado) Boulder police and FBI seek suspect in 3 robberies in 24 hours. Boulder, Colorado police are working with the FBI to investigate three robberies — including two bank heists — in the city in less than 24 hours that they believe could be the work of the same man. Still another bank robbery occurred March 1 in Longmont, and police are looking into whether that crime is also linked to the others. The first Boulder robbery took place at 5:26 p.m. February 28 at the Wells Fargo bank at 1690 Canyon Ave. The suspect was described by credit union employees as a 40- to 50-year-old white male, about 6 feet tall with pockmarks and acne scarring on his face. He was wearing a dark jacket, tan pants, a brown knit hat with tassels, and dark sunglasses. Source:

18. February 27, TG Daily – (International) FBI crime report highlights trends in Internet fraud. The recently published FBI 2010 Internet Crime Report reveals the most common types of Internet crimes in 2010 were non-delivery of payment or merchandise, impersonating the FBI, and identity theft. According to the joint FBI/National White Collar Crime Center’s Internet Crime Complaint Center (IC3), it received more than 300,000 complaints about these particular Internet scams and more. The majority of the filings came from U.S. males between the ages of 40 and 59 years old with targets primarily in California, Florida, Texas, and New York. International complaints came from Canada, the United Kingdom, Australia, and India. In the cases actually solved by the FBI or local law enforcement officials, the majority of perpetrators (around 75 percent) were males residing in California, Florida, New York, Texas, the District of Columbia, and Washington state. Internationally, the hotbeds for scammers were in the United Kingdom, Nigeria, and Canada. The top ten crimes were: computer crimes, miscellaneous fraud, advance feed fraud, spam, auction fraud, credit card fraud, and overpayment fraud. These crimes were mostly carried out through telephone calls claiming victims are delinquent on payday loans and should pay right away, online apartment and real estate scams, denial of service attacks on cell phones and landlines targeting bank accounts, as well as fake emails asking for donations for natural disasters like Hurricane Katrina and the tsunamis. Source:

19. February 26, Federal Bureau of Investigation – (Florida) Florida lawyer sentenced for stealing trust funds. The United States Attorney for the Southern District of Florida, along with several other law enforcement officials, announced the February 26 sentencing of a 63-year-old male, an attorney from Fort Lauderdale, on a mail fraud charge in connection with his embezzlement of funds from clients’ trust account. A United States District Judge sentenced the attorney to 48 months in prison and ordered the man to pay more than $3,879,896 in restitution to the victims. The attorney had previously pleaded guilty in December 2010. According to the criminal information and statements made in court during the February 26 sentencing hearing, the man practiced law from 1980 through August 2010 at his law firm in Fort Lauderdale. As an attorney, he handled real estate closings for clients, mortgage lenders, and the administration of estates in state court. During that time, the attorney misappropriated more than $3,879,896 of his clients’ funds. The attorney was permanently disbarred by the Florida Supreme Court on August 26, 2010. The United States Attorney for the Southern District of Florida commended the investigative efforts of the United States Postal Inspection Service, FBI, and the State of Florida Office of Financial Regulation. Source:

Information Technology

49. March 2, Computerworld – (International) Mozilla follows Google, patches Firefox as prep for Pwn2Own. Mozilla fixed 11 security flaws in Firefox March 1. Nine of the 11 flaws were rated “critical,” a threat rating that implies hackers could use the vulnerabilities to compromise a computer or infect it with malware. Of the two remaining bugs, one was labeled “high” and the second was tagged as “moderate.” The updates, which brought the open-source browser to versions 3.6.14 and 3.5.17, were the first since December, a longer-than-usual span between Mozilla patch shipments. Part of the reason was that the updates released March 1 were delayed. They had been slated to show in mid-February, but Mozilla held them to investigate a non-security bug that caused some users’ browsers to crash. The patches addressed three JavaScript flaws, two bugs in Firefox’s browser engine, a JPEG rendering vulnerability that could be exploited by serving a malicious image to users, and a cross-site forgery request (CSRF) bug. Source:

50. March 2, Help Net Security – (International) Rootcager trojan found on the official Android market. Free Android applications bundled up with malware have spilled over into the official Android marketplace. According to Symantec, the malware in question can root the phone, harvest data and open backdoors — similar to the recent Geimini Trojan spotted lurking on third-party Chinese Android app markets. “The applications in question are popular free apps, bundled with malware, that have then been republished in the official marketplace under different application and publisher names,” said a researcher. Google has removed the applications from the market, but according to Symantec’s sources somewhere between 50,000 and 200,000 downloads took place during the 4 days that the apps were available for download. This new trojan has been dubbed Rootcager because of the rageagainstthecage file included in the Android Package containing the affected apps. Rageagainstthecage is a file that can also be used to legitimately root a phone in order for the users to gain administrative rights, but in this case it is used to allow the trojan to do things like taking screenshots, harvesting IMEI and IMSI numbers and send them to remote sites, and drop a DownloadProvidersManager Android Package that will further execute downloads in the background. Source:

51. March 2, Softpedia – (International) Fake e-gift emails pass old style IRCBot as screensaver. A new spam campaign currently making the rounds produces e-mails that pose as e-gifts from friends, but in fact lead to an IRC-based trojan. The e-mails have spoofed headers to appear as originating from gifts@freeze(dot)com and bear a subject of “You have received a gift from one of our members !” is a Web site offering desktop customization downloads such as screensavers, wallpapers, icons, sounds, and mouse cursors. It might be possible that attackers have modified a legitimate e-mail template used by the Web site and replaced the real link with a malicious one. The e-mails use social engineering to attract people’s interest and convince them to click on the contained link. According to security researchers from Belgian email security provider MX Lab, the included link leads to a gift.pif file hosted on what is most likely a compromised Web site. The PIF format is not actually meant to contain executable code, but Windows treats it as such and because of this it has historically been abused to hide malware. Source:

52. March 1, KTVU 2 Oakland; San Francisco Bay City News – (California) Armed bandits stage high-tech plant takeover. Heavily armed bandits stormed a high-tech company February 27 in Fremont, California, rounding up employees and escaping with at least $2 million worth of computer chips and other equipment, authorities said. The masked bandits made their way into the Unigen plant at 8:40 a.m. by cutting through a security fence that was hidden by heavy undergrowth. There were only six employees in the loading dock area at the time, authorities said. Twelve to 15 bandits quickly overwhelmed the employees, brought them to a restroom, tied them up, and then backed a moving truck to the loading dock and began loading high-tech equipment. Authorities said the firm was targeted for the takeover. The employees were not injured, and were able to remove the restraints to call police after the intruders fled. The heist may have been captured on surveillance cameras, and it was being investigated by the Fremont police and the California Highway Patrol. Unigen makes computer chips, flash drives, and other high-tech components. Source:

53. March 1, Softpedia – (International) US points finger at Baidu and TaoBao for facilitating piracy. A report from the Office of the U.S. Trade Representative (USTR) has placed China’s biggest search engine Baidu, and eBay alternative Taobao, among the most notorious piracy markets. USTR puts Baidu and Taobao alongside MP3 download sites, torrent indexes like ThePirateBay, IsoHunt and Btjunkie, Russia’s vKontakte, or smartphone app market Baidu, which is among the top 10 Web sites in the world by traffic and offers a plethora of services in addition to Web search, has been included because of deep linking directly to pirated content. Taobao, which is an online auction and shopping site similar to eBay was named a “notorious market” for allowing sellers to deal in counterfeit goods that abuse the trademarks and intellectual property of others. Source:

For more stories, see item 18 above in the Banking and Finance Sector and item 55 below in the Communications Sector

Communications Sector

54. March 1, Charleston Gazette – (West Virginia) Fibernet reports 90-minute outage this morning. FiberNet customers in parts of Kanawha, Putnam, Cabell, Hancock, and Mason counties in West Virginia lost telephone service for more than 90 minutes March 1, state officials said. It was the third time in 6 months FiberNet has reported a major outage — and the first since Waynesboro, Virginia-based nTelos acquired FiberNet last December. FiberNet reported the outage to 911 emergency centers, the Federal Communications Commission, and state Public Service Commission and Division of Homeland Security and Emergency Management. “Everything was back up after about an hour and a half,” said West Virginia’s homeland security chief. FiberNet’s parent company, nTelos, blamed the outage on a “call routing error.” The company did not disclose how many customers were affected March 1. Source:

55. March 1, IDG NEWS Service – (National) Man gets 7 years for forcing modems to call premium numbers. A New Hampshire man who made $8 million by installing unwanted dial-up software on computers and then forcing them to call expensive premium telephone numbers was handed down an 82-month sentence February 28. Prosecutors say that between 2003 and 2007, the suspect and others put together a lucrative business by setting up premium telephone numbers in Germany — similar to the 1-900 numbers used in the U.S. — and then infecting German PCs with software that would automatically dial the numbers for short periods of time. “The victims were generally unaware that their computers’ telephone modems were calling these numbers and charging them with expenses,” the U.S. Department of Justice said in a press release. These dialers were a major, but largely unreported, problem in Europe in the early part of the last decade. In 2006, two men were given stiff sentences by an Austrian court for running a scam that brought in $16.5 million. And while dial-up modem usage has dwindled, shrinking the number of possible victims, this type of software is still in circulation in Europe. The suspect pleaded guilty to fraud and tax evasion charges in U.S. District Court for the District of Massachusetts in April 2010. Source:

No comments: