Wednesday, May 4, 2011

Complete DHS Daily Report for May 4, 2011

Daily Report

Top Stories

• IDG News Service reports Sony took the Sony Online Entertainment network offline May 2 after it was revealed the breach of its computer networks the week of April 24 was worse than previously thought. The hack is believed to have affected 24.6 million accounts in addition to the 77 million already compromised. See item 40 below in the Information Technology Sector

• CNN reports the U.S. Army Corps of Engineers began blowing up a Mississippi River levee in Missouri overnight May 2, flooding about 200 square miles of farmland in an effort to bring down historic river levels and spare the city of Cairo, Illinois, and other communities. (See item 53)

53. May 3, CNN – (Missouri; Illinois) Army Corps starts to blow up levee to flood 130,000 acres in Missouri. The U.S. Army Corps of Engineers began blowing up a Mississippi River levee overnight May 2, flooding about 200 square miles of rich farmland in an effort to bring down historic river levels and spare the city of Cairo, Illinois, and other communities. The decision to breach the Birds Point-New Madrid levee appeared to be working, the commander of the Corps’ Memphis district said. The Ohio River at Cairo peaked at 61.72 feet just before the blast May 1 — the highest level on record, according to the National Weather Service. By 6 a.m. May 3, it had fallen to 60.62 feet, according to river gauge readings provided by the Corps. Even that still exceeds the previous record of 59.5 feet set in 1937, according to Weather Service records. The breach could cause river levels to fall by three to four feet over the next few days, according to the major general who is the commander of the Corps’ Mississippi River Valley Division. Without an intentional breach, authorities had warned of massive flooding that could wipe out the city of Cairo, which sits at the confluence of the Ohio and Mississippi rivers. Cairo’s mayor had already ordered the city’s 2,800 residents to evacuate. Missouri officials took the Corps to court over the plan, questioning the agency’s authority to intentionally breach the levee. The state argued the flood waters would deposit silt on the some 130,000 acres of farmland. The U.S. Supreme Court declined to intervene in the case May 30, clearing the way for the commander’s decision to blow the levee. Even as the river was falling, the Corps commander did not rule out similar moves elsewhere along the Mississippi and its tributaries, saying the levee system is already under unprecedented pressure and warning water levels could rise again. ―This doesn’t end this historic flood,‖ he said. Source:


Banking and Finance Sector

11. May 3, Reuters – (International) Deutsche Bank faces U.S. mortgage fraud lawsuit. The United States sued Deutsche Bank AG May 3, accusing the German bank and its MortgageIT Inc unit of repeatedly lying to be included in a federal program to select mortgages to be insured by the government. In a civil complaint filed in U.S. District Court in Manhattan, New York, the government said that defendants recklessly chose mortgages that violated program rules ―in blatant disregard‖ of whether borrowers could make mortgage payments. The lawsuit seeks triple damages and other penalties for violations of the federal False Claims Act. According to the complaint, MortgageIT from 1999 to 2009 endorsed in excess of 39,000 mortgages with principal totaling more than $5 billion for Federal Housing Administration insurance, meaning they were backed by the federal government. The government said the defendants profited from the resale of the mortgages, even as thousands of U.S. homeowners faced default and eviction. It said it has paid out more than $386 million of FHA insurance claims and related costs, and expects to pay out hundreds of millions of dollars more. ―Deutsche Bank and MortgageIT had powerful financial incentives to invest resources into generating as many FHA-insured mortgages as quickly as possible for resale to investors,‖ the complaint said. ―By contrast, Deutsche Bank and MortgageIT had few financial incentives to invest resources into ensuring the quality of its FHA-insured mortgages.‖ Source:

12. May 2, – (International) POS skimming scam stopped. Waterloo, Canada, Regional Police have arrested two Toronto men for the role they played in a card-skimming scam that bypasses the Europay, MasterCard, Visa chip-based security standard. The scheme involves swapping legitimate PIN pads or card readers at merchant locations with bogus readers that have been manipulated to collect card numbers. When debit or credit cards are inserted or swiped, their card numbers are collected and stored on the reader. In some cases, numbers are actually transmitted wirelessly, to criminals who are waiting nearby. The scheme is effective at compromising magnetic-stripe and EMV-compliant chip cards, said a financial-security consultant. ―They get around EMV by disabling the part of the POS device that reads the chip,‖ he says. ―So, then the customer is forced to swipe the mag-stripe to make the transaction.‖ It’s not until after the customer swipes the card that the clerk realizes the reader is inoperable. But by then, however, it is too late; the fraudsters have the card details. In this case, Waterloo Regional Police stopped the attack before many cards were compromised. A customer at an unnamed retail location contacted police April 19 after seeing two men in the store handling the checkout counter’s card reader. The two men face charges of theft, mischief, attempting to defraud the public, possession of instruments used to forge credit cards, and conspiracy to commit fraud. Source:

13. May 2, Fort Myers New-Press – (Florida) Three plead guilty in Orion Bank fraud case. Three men pleaded guilty May 2 in federal court to their involvement in the fraud case against the Naples, Florida-based president of now defunct Orion Bank. All three had previously signed plea agreements but had to appear before judges to make sure they really intended to plead guilty to the charges. A 41-year-old Tamarac businessman admitted that in 2009 he pretended to buy stock and helped the failing bank hide bad loans — both to make Orion seem to federal and state regulators that it was in good shape. A 42-year-old bank vice president who worked in Orion’s Palm Beach Gardens

office acknowledged that he helped get two bank loans approved for a total of $80 million even though he knew the information provided to back them was false. The third man, another bank vice president, who worked in Naples, admitted to committing similar crimes as a bank officer: helping the bank to raise purchases of its stock and inserting false documents into loan files to fool regulators into thinking all was well. All three pleaded guilty to one count of conspiracy. The 41-year-old businessman faces up to 30 years in prison and a $1 million fine while the other two could get as much as five years and $250,000. They were charged separately from the bank president, who was indicted March 31 for 13 counts of conspiracy, misapplication of bank funds, making false entries, making false statements, mail fraud, wire fraud, and money laundering. Source:|topnews|text|Home

14. April 29, Reading Eagle – (Pennsylvania) Temple man arrested in bomb-threat bank heist. A Temple, Pennsylvania man was arrested April 28 on charges he robbed a Lehigh County bank 3 days earlier by sending what he reportedly said was a bomb to a teller through the pneumatic delivery tube at the drive-through window. State police at Fogelsville picked up the 43-year-old man about 6:25 p.m. Troopers got an arrest warrant for the suspect April 27 and released his name and picture to the media. According to police, the man drove a 1996 pickup truck up to the drive-through window at the TD Bank branch on Hamilton Boulevard in Lower Macungie Township shortly after 7 p.m. April 25. After showing a teller what he said was a bomb, he placed the object in the delivery tube and sent it into the bank. He demanded money from the tellers and told them the device would explode if they did not comply. The tellers used the delivery tube to send the purported bomb back to the suspect along with an undisclosed amount of money. He took the money and fled. Source:

For another story, see item 40 below in the Information Technology Sector

Information Technology

39. May 3, Softpedia – (International) Facebook scammers use Osama bin Laden’s death as lure. Facebook scammers are trying to capitalize on the news of the death of al-Qaeda’s leader by using the event as lure to trick users into spreading spam and participating in rogue surveys. Cyber criminals wasted no time in trying to exploit it for their own benefit. On Facebook, there were several ongoing malicious campaigns using the leader’s death as lure. One of them spreads through internal chat messages and advertises a video of the killing. It leads users to a Facebook-hosted page that asks them to copy and paste some JavaScript code into their browser’s address bar. The rogue code misuses the user’s active session to grab their friends list and send them spam messages via Facebook chat. A second, more sophisticated, death scam is using clickjacking and rogue wall messages to spread. Users are directed to a page asking them to solve a captcha-like test consisting of a simple math operation. Trying to input the answer will result in the click being hijacked and used to post a spam message on people’s walls without their authorization. Source:

40. May 2, IDG News Service – (International) Sony cuts off Sony Online Entertainment service after hack. The widely publicized hack of Sony’s computer networks is worse than previously thought, also affecting 24.6 million Sony Online Entertainment network accounts. Sony — which has kept its Sony PlayStation Network offline for nearly 2 weeks as it investigates a computer intrusion — took a second gaming network offline May 2, saying it too appears to have been hacked. It said banking and credit card information belonging to more than 23,000 customers outside the United States may have been compromised. The Sony Online Entertainment network, used for massively multiplayer online games, has been suspended temporarily, Sony said May 1. Add this to the 77 million accounts that may have been compromised the week of April 24, and Sony is responsible for one of the largest recorded data breaches. The entertainment network is separate from the PlayStation Network, but both hacks have similar traits, a spokeswoman for Sony Computer Entertainment said. In both cases, the stolen data includes customer names, e-mail addresses, and hashed versions of their account passwords. That data could be used to spam customers or trick them with phishing e-mails. Source:

41. May 2, threatpost – (International) Report: Vishing attack targets Skype users. Skype users are being targeted in an ongoing voice-phishing, or ―vishing,‖ attack, according to a report by ZDNet’s Zero Day blog. Skype users reported receiving a pre-recorded call informing them that their computer had been infected with malware. In order to remove this malware users are advised to visit a site which pushes rogue AV and malware cleanup services, according to the report. So-called ―vishing‖ attacks are akin to phishing attacks and use voice messages — rather than e-mail messages or Web links — to lure unsuspecting users to malicious Web sites. Skype users report receiving calls from unknown numbers. Pre-recorded messages tell those who answer the call that they are infected with a ―fatal virus‖ and direct them to a Web address to get disinfected. Source:

42. May 2, Network World – (International) VMware causes second outage while recovering from first. VMware’s attempt to recover from an outage in its new cloud computing service inadvertently caused a second outage the next day, the company said. VMware’s new Cloud Foundry service — which is still in beta — suffered downtime over the course of 2 days the week of April 24. Cloud Foundry, a platform-as-a-service offering for developers to build and host Web applications, was announced April 12 and suffered ―service interruptions‖ April 25 and 26. The first downtime incident was caused by a power outage in the supply for a storage cabinet. Applications remained online, but developers were unable to perform basic tasks, like logging in or creating new applications. The outage lasted nearly 10 hours and was fixed by the afternoon. But the next day, VMware officials accidentally caused a second outage while developing an early detection plan to prevent the kind of problem that hit the service the previous day. Source:

43. May 2, Darkreading – (International) ERP apps often left exposed. Among Oracle’s latest round of patches in April were eight flaws in its JD Edwards enterprise resource planning (ERP) applications — underscoring how ERP apps are often forgotten when it comes to security, overshadowed by database flaws and other worries. The JD Edwardapplication flaws might represent only a small fraction of the 78 total bugs fixed in theupdate, but they demonstrate a growing concern among security experts of an emerginprime attack vector. Most enterprises do not consider their ERP apps as a big target forattackers, and assume segregation of duties is enough security for them. ERP systems, which are tied in with a database platform and often contain multiple interfaces to otheapps, run sensitive business processes, such as financial, sales, production, expenditures, billing, and payroll, so any such targeted attacks would be damaging financially and production-wise, experts say. Source:

Communications Sector

44. May 2, Akron Beacon-Journal – (Ohio) WEAO (Channel 49) resumes over-the-air signal. WEAO (Channel 49) resumed broadcasts after more than two weeks off the air in Ohio. The public-broadcasting station, part of Western Reserve PBS, went off the air April 14 because of problems with an 800-foot line running from its Copley transmitter to its antenna tower. Rain and heavy winds delayed repairs. Viewers who received the station via Time Warner Cable, AT&T Uverse, Massillon Cable, and DirecTV have been able to get broadcasts after those services picked up the signal from its companion station, WNEO (Channel 45). But people getting the WEAO signal over the air or from other service providers have been out of luck — unless they got Channel 45 over the air. A station representative said viewers getting the over-the-air signal might have to rescan their receivers to pick up WEAO again. Source:

No comments: