Wednesday, August 17, 2011

Complete DHS Daily Report for August 17, 2011

Daily Report

Top Stories

• The source code for SpyEye, a data-stealing Trojan, was published online and could be used by cybercriminals with little chance of getting caught, a researcher said August 15. – DarkReading, See item 43 below in the Information Technology Sector

• Witnesses at Echo Resort in Coalville, Utah, said a group of men rented two boats early August 7, piloted them to Echo Dam, and spent hours shining lights along the width of the structure. – KSL 5 Salt Lake City (See item 56)

56. August 16, KSL 5 Salt Lake City – (Utah) Suspicious activity prompts investigation at Echo Dam. Witnesses at the Echo Resort in Coalville, Utah, said a group of men arrived at the Echo Dam early August 7, KSL-TV 5 Salt Lake City reported August 16. They paid a resort worker $35 to launch at least two boats. Several of the men remained on shore while others piloted their boats to the dam and spent hours shining lights along the width of the structure. They were gone by daylight. The resort employee mentioned it to his boss later the next day, and the boss called police. "Well it certainly was an unusual event," said a spokesman for the U.S. Bureau of Reclamation, which oversees Echo Dam and numerous other dams in Utah. The witnesses said the men did not appear to be from the United States. Summit County sheriff's deputies, along with federal authorities, were on the scene the next morning. The dam was deemed safe. Witnesses at the resort said authorities used what appeared to be a remote submarine to check out the dam under the surface. Echo Resort enhanced security and printed up flyers for campers describing the event and asking them to be on the lookout. Source: http://www.ksl.com/?nid=148&sid=16825521

Details

Banking and Finance Sector

19. August 16, Bank Info Security – (International) Global card fraud ring busted. New South Wales (NSW) Police in Australia said the department's fraud squad has arrested and charged five Malaysian and Sri Lankan nationals suspected of being behind an elaborate international card-skimming scheme that spanned the United Kingdom, mainland Europe, and North America. The alleged scheme, which authorities have been investigating for several months, involved skimming at point-of-sale terminals in numerous merchant locations. Police did not say how the accused are suspected of pulling off the scam, but did say authorities seized numerous point-of-sale (POS) terminals, PIN overlays, and other electronics, such as laptops and mobile phones. Authorities also discovered $10,000 in Canadian dollars, falsified identification and travel documents, and a number of Canadian credit cards. Over the last several months, investigators in connection with the case have seized more than 50 stolen POS terminals, dozens of skimmers, and more than 18,000 blank and counterfeit cards. So far, 25 people have been arrested and charged. Source: http://www.bankinfosecurity.com/articles.php?art_id=3963

20. August 15, Fierce Government IT – (National) GAO: FDIC cybersecurity lacking. The confidentiality and integrity of the Federal Deposit Insurance Corporation's (FDIC) information systems are vulnerable, said a Government Accountability Office (GAO) report published August 12. Weak passwords, poor user-access policies, inconsistent encryption and unsatisfactory patch implementation threaten the FDIC's financial systems and databases, the GAO found. While security risks persist at the FDIC, the situation is an improvement when compared to past cybersecurity problems at the agency. FDIC remediated 26 of the 33 control weaknesses the GAO identified in a similar 2009 audit, the government watchdog found. However, the report authors noted, "the corporation did not always fully implement key information security program activities, such as effectively developing and implementing security policies." The GAO suggested the FDIC develop, document, and implement information security fixes for its loss-share loss estimation process. The GAO also made 38 new cybersecurity recommendations to address 37 findings from the audit, which were outlined "in a separate report with limited distribution," report authors wrote. Source: http://www.fiercegovernmentit.com/story/gao-fdic-cybersecurity-lacking/2011-08-15

21. August 15, Bloomberg – (International) Ex-Optionable chief admits to scheme to hide losses at Bank of Montreal. The former CEO of Optionable Inc. pleaded guilty August 15 to his role in a scheme to hide millions of dollars in losses at the Bank of Montreal. The 52-year-old pleaded guilty in federal court in Manhattan, New York, to one count of conspiracy to commit wire fraud. The case stems from $690.5 million of pretax commodity-trading losses the bank announced in April 2007. Those losses grew to C$853 million for the fiscal year, paring profit by C$440 million. The former CEO was charged with fraud in 2008 for helping a former trader at the bank conceal the losses. The former CEO, an ex-convict who hid his criminal record, helped a former trader hide commodity losses from the bank to win business for Optionable, a brokerage firm focusing on energy derivatives, according to prosecutors. The former CEO was sentenced to 30 months in prison for credit-card fraud in 1997, and 6 months for income-tax evasion in 1993, court records show. Source: http://www.bloomberg.com/news/2011-08-15/ex-optionable-chief-kevin-cassidy-pleads-guilty-to-conspiracy-in-new-york.html

22. August 15, Bloomberg – (International) Ex-Ahold executive Mark Kaiser pleads guilty in $800 million fraud case. The ex-marketing chief of a former U.S. unit of Dutch grocer Royal Ahold NV pleaded guilty August 15 to conspiracy 13 months after his previous conviction for overstating earnings was overturned. The 54-year-old former U.S. Foodservice Inc. admitted in a federal court in Manhattan, New York, to participating in an $800 million securities fraud. He could receive as much as 5 years in prison. Prosecutors alleged he made fraudulent representations about U.S. Foodservice’s financial condition in a bid to burnish his resume for a promotion at the Columbia, Maryland-based unit. He was convicted in 2006 of helping the subsidiary inflate profits from 2000 to 2003 by wrongly recording promotional rebates as income, and sentenced to 7 years in prison. In July 2010, the U.S. Court of Appeals in New York threw out his convictions for securities fraud, conspiracy and our counts of making false filings with the Securities and Exchange Commission. The appeals court said he was entitled to a new trial because the lower court judge erred by admitting into evidence the statement of the unit’s general counsel. Source: http://www.bloomberg.com/news/2011-08-15/ex-ahold-executive-mark-kaiser-to-plead-guilty-in-800-million-fraud-case.html

23. August 15, ABC News – (Oregon; Washington; Montana) 'Bad Hair Bandit': 18 bank robberies in 9 months. A woman known as the "Bad Hair Bandit" for the assortment of ill-fitting wigs she has worn while robbing at least 18 banks since December 2010 may have struck again, authorities said August 15. After a spree that had apparently been confined to Washington and Oregon, the FBI is investigating whether the same bandit robbed a bank in Montana the week of August 8. On August 11, an unidentified woman wearing a short, dark-haired wig walked into the Bank of Butte in Butte, Montana, passed a note to the teller, and walked out with more than $1,000. The Butte-Silver Bow County sheriff told the Montana Standard that the FBI is now investigating whether the Butte robber was the infamous "bad hair bandit." Witnesses described the woman at the Butte robbery as a white female, 40, 5 foot 8 to 5 foot 10 inches tall and with a heavy build. According to the FBI Web site, the bad hair bandit typically enters the bank and passes a note to a teller in which she demands cash and states that she is armed. She tends to wear a zippered hoodie, eyeglasses, a baseball cap, and some type of wig, and appears to flee by car, which the bureau describes as possibly a newer silver or gold sedan similar to a Honda Accord. Source: http://abcnews.go.com/US/bad-hair-bandit-18-bank-robberies-months/story?id=14305020

For another story see item 43 below in the Information Technology Sector

Information Technology Sector

41. August 16, CNET News – (International) iOS dev to pay $50,000 fine over child privacy. An iOS developer has been fined $50,000 for allegedly violating the Children's Online Privacy Protection Act (COPPA), the Federal Trade Commission (FTC) announced August 15. COPPA is a far-reaching act, requiring Web site operators to notify and obtain parent or guardian consent before children's personal information is collected, used, or disclosed. Privacy policies that are clear and understandable for parents are also required. According to the government organization, iOS developer W3 Innovations, which is doing business as Broken Thumb Apps, violated COPPA in several of its applications, including Emily's Girl World, Emily's Dress Up, Emily's Dress Up & Shop, and Emily's Runway High Fashion. According to the FTC, the company's games, which let kids design outfits and create virtual models, have been downloaded more than 50,000 times. The violation, the FTC alleges, relates to W3's collection of "thousands of e-mail addresses" from kids who posted comments and requests for advice on "Emily's Blog." In addition, the FTC alleges the company allowed kids to post personal information on message boards without "verifiable parental consent." Source: http://news.cnet.com/8301-13506_3-20092913-17/ios-dev-to-pay-$50000-fine-over-child-privacy/

42. August 16, The Register – (International) Man reveals secret recipe behind undeletable cookies. A privacy researcher has revealed the evil genius behind a for-profit Web analytics service capable of following users across more than 500 sites, even when all cookie storage was disabled and sites were viewed using a browser's privacy mode. The technique, which worked with sites including Hulu, Spotify, and GigaOm, is controversial because it allowed analytics startup KISSmetrics to construct detailed browsing histories even when users went through considerable trouble to prevent tracking of the Web sites they viewed. It had the ability to resurrect cookies that were deleted, and could also compile a user's browsing history across two or more different browsers. It came to light only after academic researchers published a paper late last month. The KISSmetrics CEO responded with a post on the firm's Web site claiming the research “significantly distorts our technology and business practices.” The company also added a ”consumer-level opt-out for those who wish to be entirely removed from all KISSmetrics tracking. One of the researchers stands by the findings and said KISSmetrics' recently updated privacy policy does not make it clear how users go about opting out of tracking. The researcher said the only way to block the tracking using the technique is to block all cookies and to clear the browser cache after each site visited. Source: http://www.theregister.co.uk/2011/08/16/cookie_respawning_secrets_revealed/

43. August 15, DarkReading – (International) Source code for SpyEye Trojan published; more exploits on the horizon, researcher says. The source code for SpyEye, an infamous data-stealing Trojan, has been published on the Web and could easily be adapted and used by any savvy cybercriminal with virtually no cost or chance of getting caught, a researcher said August 15. "One of the most dangerous Swiss Army knives in malware is now available to billions," said a senior threat intelligence analyst at security vendor Damballa. According to a blog posted by the analyst on the Damballa Web site, the SpyEye builder patch source code was leaked by French security researcher Xyliton, part of the Reverse Engineers Dream (RED) Crew. The SpyEye malware kit has been widely used in cyberspace for some time now, but it generally was sold at a price of around $10,000. Now, with the crack, the kit is being sold inexpensively on hacker forums. "What this means is that anybody can use it," the analyst said. Perhaps just as important, the "crack" enables malware developers to avoid the attribution that was previously associated with the high-priced toolkit, he stated. Where previous exploits using the kit could often be traced back to the original buyer of the toolkit, there have already been some SpyEye exploits spotted that have no attribution. "This will make it more difficult to track SpyEye botnets back to the source," the analyst said. SpyEye, which incorporated elements of the popular Zeus Trojan earlier this year, was already ranked as one of the top three threats on the Web this year, infecting some 2 million devices. Source: http://www.darkreading.com/security/attacks-breaches/231500009/

For more stories, see item 25, above in the Banking and Finance Sector and 44 below in the Communications Sector

Communications Sector

44. August 16, FierceTelecom – (National) Verizon network sabotage claims hit 143 as strike continues. Verizon told The New York Times August 15 that the number of network damage incidents suspected to have been caused in the last week or so by sabotage —allegedly by striking union workers — had reached 143. Meanwhile, a New York City anti-terrorism unit reportedly was called upon to keep an eye on possible incidents of sabotage on Verizon's network, a report that drew criticism from union workers who wondered why Verizon was not providing for its own security efforts. Each day, the activity around the ongoing strike seems to find a new fever pitch. Several union rallies were held around the country August 15, while Verizon continued to accuse the striking workers of illegal tactics. Source: http://www.fiercetelecom.com/story/verizon-network-sabotage-claims-hit-143-strike-continues/2011-08-16

45. August 15, Muskegon Chronicle – (Michigan) Phone outage affects 3,900 in Shelby area. About 3,900 people were without land-line phone service, and 550 lost their high-speed Internet connection August 15 due to an outage in the Shelby, Michigan area, according to Mason-Oceana 911. The Mason-Oceana 911 director advised people without service who experience an emergency during the outage to go to the Shelby Police Department, 36 W. Third, or Shelby Fire Department, 466 N. Industrial Park. The outage also has affected some cellular carriers in the Shelby area. A Frontier spokesman said technicians were rebooting the phone system in the Shelby office, and service should be restored shortly. Source: http://www.mlive.com/news/muskegon/index.ssf/2011/08/phone_outage_affects_3900_in_s.html

For another story see item 41 above in the Information Technology Sector

No comments: