Monday, July 18, 2011

Complete DHS Daily Report for July 18, 2011

Daily Report

Top Stories

• Reuters reports police in Arizona arrested a U.S. soldier after he attempted to board a flight to Los Angeles with a small amount of high-velocity plastic explosive in his baggage, authorities said. (See item 16)

16. July 15, Reuters – (Arizona) U.S. soldier nabbed boarding flight with explosives. Police in Arizona arrested a U.S. soldier after he attempted to board a flight to Los Angeles, California, with a small amount of high-velocity plastic explosive in his baggage, authorities said July 14. The U.S. Army Private First Class, 19, was arrested July 13 after he tried to board a United Airlines flight to Los Angeles from Yuma, the U.S. Attorney's office for Arizona said. Transportation Security Administration officers detected explosives in his baggage during security screening at Yuma International Airport, officials said. A subsequent search found a half ounce of C4 explosive hidden in a tobacco can inside one of the bags. The soldier was detained for investigation and interviewed by FBI agents. The complaint said he stole the C4 while attending an explosive training course. Authorities found no evidence he intended any harm with the small amount of explosives in his possession. A conviction for attempting to carry an explosive on an aircraft, and transportation of a stolen explosive carries a maximum penalty of 10 years in prison and a $250,000 fine. Source:

• A Delta jet clipped the tail of a regional plane at an airport in Boston, causing both aircraft to be removed from service, according to the Associated Press. (See item 17)

17. July 15, Associated Press – (Massachusetts) Delta planes collide on taxiway at Boston airport. The wing of a Delta jet clipped the tail of an aircraft that provides regional air service for the carrier while both planes were on the taxiway and preparing to fly out of Boston, Massachusetts, July 14, forcing officials to remove them from service for inspections. Local TV footage showed the crash sheared off the tip of the Delta Boeing 767 and crumpled part of the smaller plane's tail. A Logan International Airport spokesman said one person complained of neck pain after the crash. There were no other injuries. The incident involved Delta Flight 266 from Boston to Amsterdam, Netherlands, which hit the vertical stabilizer of Atlantic Southeast Airlines (ASA) Flight 4904, also on departure from Boston to Raleigh-Durham, North Carolina, a Delta spokesman said. Investigators interviewed crew and passengers of both aircraft, to try to figure out the circumstances surrounding the crash. The Delta jet returned to the gate, and ASA passengers were transported by bus to the terminal. Delta said both aircraft were removed from service for inspections. Passengers were put on other planes. Source:


Banking and Finance Sector

11. July 14, KHOU 11 Houston – (Texas) 13 men now charged in series of Houston-area bank robberies. Six more Houston, Texas men have been charged for their alleged involvement in a series of Houston-area bank robberies, including the New Year’s Eve robbery of a Pearland, Texas, bank, authorities said July 14. Authorities said the six were all charged with conspiring to, and committing a series of armed bank robberies. A total of 13 men have now been charged in the robberies. All 13 suspects are accused of robbing several area banks, including Wells Fargo bank branches August 23, 2010 and October 7, 2010, a Citibank September 14, 2010, an Amegy Bank September 15, 2010, and a Chase bank October 27, 2010. Authorities said the suspects chose banks that did not have security guards or bullet-resistant bandit barriers. During the robberies, the suspects used lookouts and stolen cars as getaway vehicles. Conspiracy to commit a bank robbery carries a maximum punishment of 5 years in prison and/or a $250,000 fine if found guilty. Each count of bank robbery carries a maximum punishment upon conviction of 20 years in prison, or 25 years if a firearm is displayed. Source:

12. July 14, – (Pennsylvania; New Jersey) Former West Chester broker charged with mortgage fraud. A Las Vegas man who once worked in West Chester, Pennsylvania, was charged July 14 in a $7-million mortgage fraud scheme. Authorities said the 30-year-old who formerly worked as a mortgage broker for companies in West Chester and Newtown Square, defrauded at least seven financial institutions as part of a scheme that lasted from May 2005 to October 2008. The court filing alleged he found buyers, including family members, to purchase homes-primarily located in North Wildwood, New Jersey for inflated prices so buyers could get kickbacks of between $30,000 and $50,000 at closing. The charging document said he allegedly helped the buyers qualify for mortgages using false information, including bogus income and asset information, fake employment information, and underreported debt information. The charging papers said the suspect profited from the scheme by making inflated commissions on sales, kickbacks on his own purchases, and by receiving other kickbacks from sellers of the properties for finding them willing buyers. He allegedly brokered 35 transactions that involved inflated sales prices. Source:

13. July 14, Dow Jones Newswires – (International) DOJ accuses 5 in alleged Iraq construction-kickback scheme. A federal court July 14 unsealed charges against five people accused of corrupting more than $50 million worth of U.S. Army infrastructure projects in Iraq. The 54-count indictment accuses three U.S. citizens and two foreign contractors of siphoning funds from several U.S. Army Corps of Engineers (USACE) projects in Iraq by trading information about the Corps' bidding process in exchange for kickbacks. The indictments for bribery, wire fraud, and depriving the government of honest services, among others, include charges against a former project engineer for the USACE. He allegedly took about $4.2 million in bribes from July 2007 to June 2008 for USACE contracts awarded to companies associated with an Iraqi businessman. Another defendant allegedly accepted at least $170,000 in bribes through the project engineer in 2008. The project engineer "used his position to undermine the process of fair and open competition by soliciting bribes in exchange for confidential bidding information," an IRS criminal investigator said. The government charged the man with other conspiracy and money laundering counts in October 2010. The other defendants indicted July 14 remain at large. Source:

14. July 14, Atlanta Journal-Constitution – (Georgia) FDIC sues insiders at failed Ga. bank. Federal bank regulators sued 15 former directors and officers of a failed Duluth, Georgia bank July 14, accusing the officials of gross negligence and other breaches of their duties. The Federal Deposit Insurance Corp. (FDIC) alleges improper lending practices and other violations of banking rules, and is seeking to recover nearly $40 million in losses to Haven Trust Bank. The bank failed in December 2008. The latest lawsuit details a litany of alleged regulatory violations, including improper loans to family members of two bank insiders that resulted in more than $7 million in losses. Much of the case centers around loans made to family members of the bank's two largest shareholders. The FDIC also alleges as the bank's condition worsened, it was ordered to reduce its exposure to real estate and raise investor cash. Instead of pulling back, the FDIC alleges, the bank produced more than $175 million in new or renewed loans in the final year of its existence. Source:

For another story, see item 40 below in the Information Technology Sector

Information Technology Sector

38. July 15, IDG News Service – (International) Researcher finds serious vulnerability in Skype. A security consultant notified Skype of a cross-site scripting flaw that could be used to change the password on someone's account, according to details posted online. Skype said it would issue a fix the week of July 18. The consultant, based in Berlin, posted details of the flaw on his blog July 13 and notified Skype July 14. The problem lies in a field where a person can input their mobile phone number. The consultant said a malicious user can insert JavaScript into the mobile phone field of their profile. When one of their contacts comes online, the malicious user's profile will be updated, and the JavaScript will be executed when the other contact logs in. The other person's session could be hijacked, and it may be possible to gain control of that person's computer. An attacker could also change the password on someone's account. The problem affects the latest version of Skype,, on Windows XP, Vista, and 7, as well as the Mac OS X operating system. Source:

39. July 15, Help Net Security – (International) New Hotmail security features against account hijacking. Microsoft will introduce two new security features for its Web-based Hotmail service to make accounts more difficult to hijack, and to make spotting hijackings faster. The first feature makes the use of extremely common passwords impossible. The feature will be rolled out soon, and it will work to prevent successful brute force attacks. The second feature is already released, and allows users to report compromised accounts to Microsoft immediately after receiving a spam or scam e-mail from a contact's e-mail account. Source:

40. July 14, Softpedia – (International) Android trojans pose as legit security applications. Spoofing security software is common with desktop threats, however, the trend is new with mobile malware. The Android trojan that poses as the Trusteer Rapport security application is the new ZeuS-in-the-mobile (Zitmo) variant discovered by security researchers recently. Researchers from Kaspersky found Web pages generated by a desktop ZeuS variant that informs users about a new mobile security app for online banking. Users are asked to choose their mobile operating system and if Android is selected, they are served an .apk file that installs the fake Rapport application. The application monitors SMS messages and send copies of them to a remote server, which is done to intercept mobile transaction authentication numbers. Meanwhile, security researchers from Sophos came across an Android trojan that poses as Kaspersky Anti-Virus 2011. The application appears to be a test and not an actual malicious trojan, but is an indication malware creators are trying to impersonate security vendors. Similar to the Zitmo component, after installation, the fake Kaspersky app tries to generate and display an activation code. After this, it intercepts SMS messages and sends them to a remote server. Source:

41. July 14, Help Net Security – (International) Apple iDisk users targeted by phishers. Users of iDisk — Apple's paid online file-hosting service bundled up in the MobileMe package — are being targeted by phishers, warned Symantec. The company's researchers recently discovered a string of phishing pages mimicking the iDisk log-in page, and once the victim enters their log-in credentials, the page redirects him/her to a legitimate Apple MobileMe error page saying the password is not valid. In the meantime, the phishers harvest the credentials and use them to access the paid accounts for free, and use them to store their own data. The phishing links were delivered to potential victims via bogus e-mails. To make the e-mail more believable, the phishers used the name portion of the victims' e-mail address in the phishing URL, and as the user ID with which they addressed the victims. Source:

42. July 14, Softpedia – (International) Cyber criminals switch to alternative second-level domains after ban. Pushed by the recent Google ban on, cyber criminals began migrating to alternative bulk domain providers, making it harder for Google and others to block the malicious sites en masse. At the beginning of July, Google deindexed all Web sites from its search engine because of the unusually high abuse registered under the domain. The second-level domain (SLD) is used as a bulk domain registration service and had become a favorite for cyber criminals to host their scareware and phishing pages. Now, security researchers from Kaspersky warned cyber criminals began dropping in favor of alternative SDLs like,, and "Google’s actions may not have been very beneficial. On the one hand, they have removed a huge amount of malicious resources from their resource. On the other hand, they have forced out a lot of legitimate Web sites," a Kaspersky Lab researcher said. "Moreover, as there are many services like, the cybercriminals will quickly switch over to another service, making the blocking of just one zone completely pointless," he concluded. Source:

43. July 14, ZDNet – (International) RIM warns of data leakage, denial-of-service vulnerability. Research in Motion (RIM) shipped a patch to cover a serious security vulnerability that could allow attackers to read files that contain only printable characters on the BlackBerry Enterprise Server, including unencrypted text files. The flaw, which may also allow denial-of-service attacks, is limited to the user permissions granted to the BlackBerry Administration API component, RIM said in an advisory. "Successful exploitation of this issue could allow information disclosure. Successful exploitation may also result in resource exhaustion and therefore could be leveraged as a partial denial of service." RIM said the issue affects the BlackBerry Administration Application Programming Interface (API) component within the BlackBerry Administration Service component of several software versions. The BlackBerry Device Software, Desktop Software, and Internet Service are not affected by this vulnerability. Source:

44. July 14, IDG News Service – (International) Oracle to issue 78 bug fixes on Tuesday. Oracle plans to issue 78 patches covering a number of its software products July 19, including 13 fixes for its flagship database, according to a statement posted to its Web site July 14. The database patches cover a number of database editions, including 11g R1 and R2, as well as 10G R1 and R2. Two of the vulnerabilities can be exploited over a network without log-in credentials. Another three patches cover Oracle's Secure Backup product, all of which can be exploited remotely without authentication. Oracle plans to issue 7 patches for various modules in its Fusion Middleware line, while Enterprise Manager Grid Control will receive 18 fixes. E-Business Suite and Oracle's supply chain products will get one patch each, while a dozen are scheduled to be released for PeopleSoft. Oracle is also rolling out 23 patches for products gained through the acquisition of Sun Microsystems, including GlassFish Server, VirtualBox, Solaris, SPARC Enterprise M Series, and SPARC T3 series. Nine of the weaknesses can be exploited over a network without requiring a username or password, Oracle said. Source:

Communications Sector

45. July 15, Parkersburg News and Sentinel – (West Virginia) Verizon remedies service problem. Problems with Verizon Wireless cell service from July 7 to July 13 have been rectified, a company spokesperson said. Customers were reporting problems receiving calls on their wireless phones from traditional landline phones. A spokeswoman for Verizon, said there was a handoff issue between landlines and cells, but the issue has been fixed. She said she thought the problem could be with landline service providers, and suggested Frontier Communications might know what happened. A general manager for Frontier's Parkersburg office, said he was not aware of any problem between landlines and cell service. The only problems they had over the last week was line damage from storms that hit the area July 12. Those problems were fixed within 12 hours. The Verizon spokesperson did not know how many customers were impacted. Source:

46. July 14, The Register – (International) Voda: Femtocell phone-hacking vuln was fixed in 2010. Vodafone said July 14 that claims of a vulnerability involving its femtocell base station technology relate to a flaw it fixed a year ago. Security shortcomings in Vodafone's femtocell signal booster technology create a possible means for a hacker to intercept calls or impersonate users that connect via a compromised device, The Hacker's Choice (THC) claims. THC claims to have reverse-engineered allegedly insecure base station kit, so turning hacked femtocells into an interception device in the process. The bug ultimately stems from default root passwords on a insecure device console. The research was first published in a blog on July 12, rapidly reaching notoriety in the process. In a statement, Vodafone said the underlying security bug was actually fixed as long ago as 2010. "The claims regarding Vodafone Sure Signal, which is a signal booster used indoors, relate to a vulnerability that was detected at the start of 2010. A security patch was issued a few weeks later automatically to all Sure Signal boxes. As a result, Vodafone Sure Signal customers do not need to take any action to secure their device," Vodafone said in a statement issued July 14. Source:

For more stories, see items 40 and 43 above in the Information Technology Sector

No comments: