Friday, September 30, 2011

Complete DHS Daily Report for September 30, 2011

Daily Report

Top Stories

• An Arizona man pleaded guilty to several charges after being arrested with grenade-like devices in his truck that he planned to use at the Mexican border. – Tempe East Valley Tribune (See item 12)

12. September 28, Tempe East Valley Tribune – (Arizona; International) A.J. man indicted in case of bombs meant for border. An Apache Junction, Arizona man who was a former member of a group with neo-Nazi ties is facing up to 10 years in federal prison and a $250,000 fine for bomb-related offenses. The 28-year-old pleaded guilty September 27 in U.S. district court to possession of unregistered destructive devices and the unlawful transportation of explosive material. He will be sentenced December 13. The convict was charged with the crimes in January when he was pulled over in Apache Junction and officers discovered a grenade-like device in his truck. A search of his home turned up about a dozen of the devices. The U.S. attorney's office said the convict created them using polyvinyl chloride in a container filled with gunpowder, ball bearings, and an improvised fusing system. The convict, who was a member of the neo-Nazi-linked National Alliance and formerly in the National Socialist Movement, had planned to take the bombs to the Mexico border, according to court documents. Authorities said he used ball bearings to make them more dangerous. The investigation leading up to the convict's indictment was led by the FBI and members of the Phoenix Joint Terrorism Task Force. Source:

• U.S. authorities September 28 arrested and charged a Massachusetts man with plotting to damage or destroy the Pentagon and U.S. Capitol in Washington D.C. by using remote-controlled aircraft filled with plastic explosives. – Reuters (See item 38)

38. September 29, Reuters – (Washington, D.C.; International) U.S. man charged in Pentagon, Capitol explosive plot. U.S. authorities September 28 arrested and charged a Massachusetts man with plotting to damage or destroy the Pentagon and U.S. Capitol in Washington D.C. by using remote-controlled aircraft filled with plastic explosives. The man, 26, a U.S. citizen, was also charged with attempting to provide support and resources to al-Qa'ida to carry out attacks on U.S. soldiers overseas, the U.S. attorney's office in Boston said. He was arrested after an undercover operation. The statement said the public was never in danger from the devices, which were controlled by undercover FBI employees. If convicted, the alleged plotter faces up to 15 years in jail for providing support to foreign terrorists, up to 20 years on a charge of attempting to destroy national defense premises, and up to 20 years on a charge of attempting to damage and destroy buildings owned by the United States. Authorities said the physics graduate from Northeastern University in Boston began planning to commit a violent "jihad" against the US in early 2010, calling Americans "enemies of Allah." The man, allegedly modified mobile phones to act as electrical switches for improvised explosive devices. He is accused of supplying the phones to undercover FBI agents, whom he believed were members of, or recruiters for, al-Qa'ida. The man allegedly told a cooperating witness he planned to attack the Pentagon using "small drone airplanes" filled with explosives and guided by GPS equipment. He later expanded the plot to include an attack on the Capitol, and hoped to follow the aerial assault with a ground assault involving six people armed with automatic weapons, the affidavit said. Authorities said he traveled to Washington, D.C., to conduct surveillance and take photographs of his targets, and identified sites at East Potomac Park, near the Capitol, from which he planned to launch his explosive-filled aircraft. He then delivered two thumb drives to the agents with detailed attack plans with step-by-step instructions. An F-86 Sabre remote-controlled aircraft was delivered to the suspect's Framingham, Massachusetts, storage unit in August, according to the affidavit. His arrest came immediately after he took possession of various weaponry from the undercover agents –- including explosives, grenades, and AK-47 assault rifles –- and locked them in his storage unit, the affidavit said. Source:


Banking and Finance Sector

17. September 29, Federal Bureau of Investigation – (Illinois; International) Former CME group software engineer indicted for theft of Globex computer trade secrets while allegedly planning business to improve electronic trading exchange in China. A former senior software engineer for Chicago-based CME Group, Inc., was indicted September 29 for allegedly downloading and removing computer source code and other proprietary information while at the same time pursuing business plans to improve an electronic trading exchange in China. The defendant, who was arrested in July, was charged with two counts of theft of trade secrets in an indictment returned by a federal grand jury. The indictment seeks forfeiture of computers and related equipment that were seized from the suspect. According to the indictment, the engineer began working for CME Group in 2000, and was a senior software engineer at the time of his arrest. His responsibilities included writing computer code and, because of his position, he had access to the software programs that supported CME Group’s Globex electronic trading platform. The source code and algorithms that made up the supporting programs were proprietary and confidential business property of CME Group, which instituted internal measures to safeguard and protect its trade secrets. Between December 8, 2010, and June 30, 2011, the engineer allegedly downloaded more than 1,000 computer files containing CME computer source code from CME’s secure internal computer system to his CME-issued work computer; he then transferred many of these files from his work computer to his personal USB flash drives; and then transferred many of these files from his USB flash drives to his personal computer at home. During the same time, he downloaded and printed CME internal manuals and guidelines describing how many of the computer files that comprise Globex operate, the indictment alleged. The engineer and two unnamed business partners allegedly developed business plans to form a business referred to as the Tongmei Futures Exchange Software Technology Company (Gateway), with the purpose of increasing trading volume at the Zhangjiagang, China, chemical electronic trading exchange. The indictment alleges the engineer was to become Gateway’s president, and that he engaged in contract negotiations on behalf of Gateway with the Zhangjiagang Free Trade Board for Gateway to provide computer source code to the exchange. Each count of theft of trade secrets carries maximum penalty of 10 years in prison, and a $250,000 fine. Source:

18. September 29, Financial Industry Regulatory Authority – (National) FINRA orders Raymond James & Associates, Inc. and Raymond James Financial Services, Inc. to pay $1.69 million in restitution for charging unfair commissions. The Financial Industry Regulatory Authority September 29 (FINRA) ordered Raymond James & Associates, Inc. (RJA) and Raymond James Financial Services, Inc. (RJFS) to pay restitution of $1.69 million to more than 15,500 investors who were charged unfair and unreasonable commissions on securities transactions. FINRA also fined RJA $225,000 and RJFS $200,000. FINRA found that from January 1, 2006 to October 31, 2010, RJA and RJFS used automated commission schedules for equity transactions that charged more than15,500 customers nearly $1.69 million in excessive commissions on more than 27,000 transactions involving, in most instances, low-priced securities. The firms' supervisory systems were inadequate because they created inflated schedules and rates without consideration of the factors necessary to determine the fairness of the commissions, including the type of security and the size of the transaction. FINRA required the firms to revise their automated commission schedules to conform to the requirements of the Fair Prices and Commissions Rule. The firms also must calculate and repay extra overcharges from November 1, 2010, through the date they revised their schedules. Source:

19. September 28, San Francisco Chronicle – (California) Hells Angels accused of mortgage fraud. A Bay Area mortgage broker was charged September 27 with conspiring to arrange more than $10 million in fraudulent home loans for clients who included two leaders of the Hells Angels, federal prosecutors in California said. A newly unsealed federal grand jury indictment accuses the motorcycle club leaders, the mortgage broker, and five other defendants of taking part in a scheme to defraud banks by falsifying loan applications for real estate in San Francisco and several North Bay communities in 2006 and 2007. The applications misrepresented the borrowers' incomes, bank balances, and employment histories, and falsely stated they would live at the properties, some of which were later used for marijuana growing, the indictment said. Seven defendants have pleaded not guilty. The eighth, a 63-year-old from San Pablo, an accountant and tax preparer, has not been apprehended, prosecutors said. Among those charged was a 30-year-old man from San Francisco, who owned a company called Xanadu Global Investments and also worked at several San Francisco mortgage brokerage firms, prosecutors said. The indictment said he and his clients submitted fraudulent applications for loans, some for more than $1 million, to buy property in Santa Rosa, Petaluma, and Healdsburg. The clients included two local Hells Angels leaders prosecutors said. Source:

20. September 28, KAJ 18 Kalispell – (Montana) Bike Bandit strikes again. The robber who likes to wear a helmet during his holdups and escape on a motorcycle has struck again in Lakeside, Montana. Flathead County Sheriff's detectives said a man matching the same description as the suspect who robbed the Glacier Bank branch office in Lakeside hit the same bank around 2:30 p.m. September 28. Detectives said the suspect entered the bank wearing a helmet, demanded cash, and made his getaway on a motorcycle. They are not sure if a weapon was displayed, but no one was hurt. Deputies were searching a wide area in the mountains west of Lakeside for the suspect the afternoon of September 28. A detective commander said that includes logging roads in the Bierney Creek area, which go deep into the mountains west of Flathead Lake. The Flathead County sheriff said investigators are sure this is the same suspect that is wanted in the earlier holdups. Earlier in September, the FBI put forth a $5,000 reward for information leading to the arrest of the "Bike Bandit," who had already committed 5 holdups. Those include the robbery in Lakeside November 2010, robberies in Big Fork September 2010, at Muralt's Truck Stop at the Wye west of Missoula in September 2009, the First Valley Bank in Seeley Lake April 2010, and May 2011 in St. Regis. Source:

Information Technology Sector

45. September 29, IDG News Service – (International) Russian firm unveils tool to crack BlackBerry passwords. A Russian security company upgraded a phone-password cracking suite with the ability to figure out the master device password for Research in Motion's BlackBerry devices. Elcomsoft said September 29 that before it developed the product, it was believed there was no way to figure out a device password on a BlackBerry smartphone or PlayBook tablet. BlackBerry smartphones are configured to wipe all data on the phone if a password is typed incorrectly 10 times in a row, the company said. Elcomsoft said it figured a way around the problem using a BlackBerry's removable media card, but only if a user has configured their smartphone in a certain way. For the software to be successful, a user must have enabled the feature to encrypt data on the media card. The feature is disabled by default, but Elcomsoft said about 30 percent of BlackBerry users have it enabled for extra security. The company's software can then analyze the encrypted media card and use a brute-force method to figure out a password. Elcomsoft said it can recover a seven-character password in less than an hour if the password is all lower-case or all capital letters. The software does not need access to the actual BlackBerry device but just the encrypted media card. The new feature is wrapped into Elcomsoft's Phone Password Breaker. The software can also recover plain-text passwords used to access encrypted backup files for Apple's iPhone, iPad, and iPod Touch devices. To crack those passwords, a user does need to have the Apple device in hand. Source:

46. September 29, Help Net Security – (International) 25% of tested Google Chrome extensions allow data theft. Twenty-seven out of 100 tested Google Chrome extensions have been found vulnerable to data (passwords, history, etc.) extraction attacks though specially crafted malicious Web sites or by attackers on public WiFi networks. A trio of security researchers manually analyzed 50 of the most popular Chrome extensions and added to that list 50 more chosen by random. "We looked for JavaScript injection vulnerabilities in the cores of the extensions (the background, popup, and options pages); script injection into a core allows the complete takeover of an extension," explained one of the researchers. To prove their claim, they performed proof-of-concept attacks devised to take advantage of the vulnerabilities. Over 25 percent of the tested extensions were found to be vulnerable, and among them are 7 that used by more than 300,000 users. However, 49 of the 51 vulnerabilities found can be patched by simply adapting the extensions to use one of two offered content security policies. Source:

47. September 28, Computerworld – (International) Mozilla puts Firefox 7 on memory diet, patches 11 bugs. Mozilla September 27 patched 11 vulnerabilities in the desktop edition of Firefox as it upgraded the browser to version 7. Ten of the vulnerabilities were rated "critical," the company's most serious threat rating; the sole exception was labeled "moderate." Because Mozilla now bundles virtually security patches almost exclusively with each version upgrade, users stuck on Firefox 6 or earlier must update to quash the bugs. Two of the critical vulnerabilities patched were in Firefox's implementation of WebGL, a 3-D rendering standard that Firefox and Google's Chrome comply with. One of the pair was reported to Mozilla by a researcher with Context Information Security, a company that has cited serious security issues with WebGL. The other was credited to a member of Google's security team. Firefox has received several patches specific to WebGL since Context recommended users and administrators disable the standard in Mozilla's browser and in Chrome. Mozilla also released Firefox 3.6.23 September 27, a security update that patched four vulnerabilities. Source:

48. September 28, H Security – (International) Skype for iOS updates address XSS vulnerability. Skype released updates to its popular VoIP app for Apple's iOS mobile operating system. While not officially documented in the list of changes, a spokesperson for the company confirmed to H Security that version 3.5.84 of Skype for iOS addresses a previously reported vulnerability that could allow an attacker to gain access to a victim's contact list using a cross-site scripting exploit. Source:

For another story, see item 17 above in the Banking and Finance Sector

Communications Sector

See items 45 and 48 above in the Information Technology Sector

Thursday, September 29, 2011

Complete DHS Daily Report for September 29, 2011

Daily Report

Top Stories

• Federal authorities arrested a Michigan man who bought and hid more than 4,000 pounds of explosives with enough firepower to equal the Oklahoma City bombing, and made anti-government remarks. – Associated Press (See item 11)

11. September 27, Associated Press – (Michigan; National) Man charged after 4,000 pounds of explosives found. Federal authorities said a Michigan man bought and hid more than 4,000 pounds of explosives with enough firepower to equal the Oklahoma City bombing and told an undercover informant that "when the government takes over, we will be mercenaries." The 64-year-old was arrested the week of September 19 on a charge of possessing explosives while facing other charges, and ordered held following a September 26 court hearing. His attorney said the builder and farmer from Sault Ste. Marie obtained the materials years ago for construction projects. Prosecutors and agents with the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF) did not accuse the suspect of plotting to detonate the mixture of ammonium nitrate and fuel oil. An assistant U.S. attorney told the Associated Press he had "no idea" what the suspect planned to do with the materials. The federal charges were filed a month after the suspect was booked on many counts in Chippewa County, including larceny by false pretense, assaulting and resisting officers, falsely reporting a felony, and being a habitual offender. In an affidavit, an ATF agent said an informant told the Chippewa County Sheriff's Department the suspect sought help moving the explosive mixture from Sault Ste. Marie and hiding it in Dafter, a village a few miles away. The informant wore a recording device while performing the task September 20. The affidavit said a sheriff's detective listened to the recording and heard the "mercenaries" remark. The ATF agent said he obtained a search warrant the same day and found 83 bags of the mixture, each weighing about 50 pounds. The combined weight was about 4,150 pounds. The next day, he found explosive boosters, detonating cord, and blasting caps at the home of the suspect's mother. Another box of blasting caps was recovered in Sault Ste. Marie. The affidavit said many bags bore labels from companies in Iowa and Ohio. Federal law bars a person charged with a crime punishable by more than 1 year in prison from possessing an explosive shipped across state lines. The Mining Journal reported the ATF agent testified the suspect flew from Toronto to Cuba twice in 2008. A U.S. magistrate judge approved the government's request to keep the suspect in jail, describing the Cuba trips as "troubling." Source:

• A month-old outbreak of listeriosis in 18 states has resulted in at least 13 deaths and 72 illnesses, making it one of the deadliest food-borne outbreaks in the United States. – Food Safety News (See item 29)

29. September 28, Food Safety News – (Colorado; National) Listeria cantaloupe outbreak one of deadliest. A month-old outbreak of listeriosis in 18 states is officially the most deadly outbreak of food-borne illness since poison peanut butter killed nine people with Salmonella Typhimurium in late 2008 and early 2009. The U.S. Centers for Disease Control and Prevention (CDC) in Atlanta late September 27 reported the Listeria outbreak caused by contaminated whole cantaloupes has resulted in at least 13 deaths among 72 illnesses. In terms of fatalities, this food-borne illness outbreak is one of the worst in the United States. Cantaloupes have been responsible for at least 36 food-borne illness outbreaks since 1990, although this is the first one involving Listeria. In its update on the current outbreak investigation, the CDC said four people have died in New Mexico, two in Colorado, two in Texas and one each in Kansas, Maryland, Missouri, Nebraska, and Oklahoma after eating tainted cantaloupe. Local media reports have attributed a second death in Kansas and another in Wyoming to the Listeria outbreak, but those were not included in CDC figures through 11 a.m. September 26. The CDC report translates into a fatality rate of 18 percent. Based on past Listeria outbreaks, it will likely go higher. Fifteen illnesses have been reported in Colorado, 14 in Texas, 10 in New Mexico, eight in Oklahoma, six in Nebraska, five in Kansas and two each in Wisconsin and Indiana, with single cases in California, Florida, Illinois, Maryland, Missouri, Montana, North Dakota, Virginia, West Virginia and Wyoming, according to the CDC. Source:


Banking and Finance Sector

16. September 28, U.S. Department of Treasury – (International) Treasury sanctions Lashkar-e Tayyiba leaders and founders. The U.S. Department of the Treasury September 28 announced the designation of two Lashkar-e Tayyiba (LET) leaders and founding members, pursuant to Executive Order (E.O.) 13224. "[The designees] are two of LET's most significant leaders," said the Under Secretary for Terrorism and Financial Intelligence. "Over the past 20 years, [they] have been responsible for fundraising, recruitment, and indoctrination of operatives. By targeting the core of LET’s leadership, [this] action aims to degrade its ability to facilitate its terrorist activities.“ LET is a Pakistan-based terrorist group with links to the al-Qa’ida network that is responsible for the November 2008 Mumbai, India attacks, and July 2006 Mumbai train bombings. LET was designated by the United States pursuant to E.O. 13224 and named a Foreign Terrorist Organization in December 2001, and was added to the UN 1267/1989 list in May 2005. Jamaat-ud-Dawa (JUD) was designated as an alias of LET under E.O. 13224 in April 2006, and was added to the UN 1267/1989 list as an alias of LET in December 2008. As a result of the September 28 action, U.S. persons are generally prohibited from engaging in transactions with the men, and any assets they may have in the United States are frozen. Source:

17. September 28, Associated Press – (International) Dutch say raids conducted in 7 countries in alleged $200 million investment fraud; 4 arrests. Dutch authorities September 28 said raids have been conducted in 7 countries in connection with an alleged $200 million investment fraud scheme, and 4 men have been arrested. The country’s financial crime prosecutors said they suspect hundreds of investors were conned into fraudulent investments in U.S. life insurance policies by a firm called Quality Investments BV. Prosecutors said September 28 four Dutch men have been arrested, two in the Netherlands, and one each in Switzerland and Turkey. Raids were also conducted in Spain, Dubai, England, and the United States, in which millions of euros in assets were seized in hopes of recovering some money for duped investors. Source:

18. September 28, Financial Crimes Enforcement Network – (National) Second quarter mortgage loan fraud suspicious activity persists. The Financial Crimes Enforcement Network (FinCEN) September 28 reported in its Second Quarter 2011 Analysis of mortgage loan fraud suspicious activity reports (MLF SARs) that financial institutions filed 29,558 MLF SARs in the second quarter of 2011 up from 15,727 MLF SARs reported in the same quarter of 2010. A large majority of the MLF SARs examined in the second quarter involved mortgages closed during the height of the real estate bubble. The upward spike in second quarter MLF SAR numbers is directly attributable to mortgage repurchase demands and special filings generated by many institutions. For instance, FinCEN noted 81 percent of the MLF SARs filed during the quarter involved suspicious activities that occurred before 2008; 63 percent involved suspicious activities that occurred 4 or more years ago. Source:

19. September 28, Infoworld – (National) Businesses are failing to maintain data security. The Payment Card Industry's Data Security Standard (PCI DSS) has matured in the 6 years since it was enacted, but businesses are failing to maintain their compliance with the security standard, according to a report released by Verizon Business September 28. In the report, Verizon Business analyzed more than 100 PCI compliance cases conducted in the last year. Its basic finding: The vast majority of firms are unable to remain compliant with the 12 requirements of the standard over the course of a year. Only 21 percent of firms stayed compliant with the Data Security Standards between their last successful assessment and their checkup a year later, the report found. The director of global PCI services for Verizon Business said, "We see many organizations do successful implementations, but we see a backslide as the year progresses, and then they end out of compliance for the rest of the year." Firms had problems with protecting card holder data, tracking and monitoring access to sensitive data, and regularly testing system security and processes, the report states. Source:

20. September 27, Federal Bureau of Investigation – (New Jersey; Florida) Largest recruiter of investors to $930 million ponzi scheme admits lying to the IRS about millions in related income. The man who brought more individuals than anyone else to invest in a $930 million Ponzi scheme admitted September 27 to failing to report millions of the more than $12 million in related commissions he received to the Internal Revenue Service (IRS), a U.S. attorney for the District of New Jersey announced. The 63-year-old Naples, Florida man pleaded guilty to an information charging him with one count of subscribing to a false tax return. During the proceeding, he admitted he recruited more than 60 individuals to invest in Capitol Investments USA Inc., which a 42-year-old of Miami Beach, Florida man has admitted was a fraud. The 63-year-old was an investor in Capitol, which the 42-year-old used to solicit about $930 million between January 2005 and November 2009 from individuals who believed they were investing in the man's grocery distribution business. The 63-year-old personally invested more than $100 million. In return for bringing new investors to Capitol, he was paid commissions equal to as much as the interest payments for those investors. He received more than $12 million for bringing more than 60 investors to Capitol — more money than any other individual received and for more investors than any other individual recruited. Individuals recruited by the defendant invested more than $307 million with Capitol, eventually losing more than $38 million. In pleading guilty to subscribing to a false tax return that failed to report $1.7 million income for 2005, he admitted he also failed to report Capitol-related income for 2004 through 2007. According to the information, he failed to report more than $6.4 million in income during that time. The charge to which he pleaded guilty carries a maximum potential penalty of 3 years in prison, and fine of $250,000 or twice the gain or loss from the offense. Source:

21. September 27, United Press International – (Nevada) Morgan Stanely, Nevada, settle fraud case. U.S. banking giant Morgan Stanley and Nevada agreed September 27 to a $40 million settlement in a mortgage fraud case, the state's attorney general (AG) said. The AG said in a statement the settlement was reached with the bank to end an investigation involving 3,000 subprime mortgages the bank purchased and sold to investors. Morgan Stanley Capital Holdings also agreed to improve its practices and "refund and adjust interest rates for certain Nevada borrowers." In the settlement, the bank agreed to pay $7.2 million that will go toward combating foreclosures and preventing mortgage fraud in the state. The settlement, called an assurance of discontinuance, "will provide relief to between 600 and 700 customers, and will provide relief valued at between $21 million and $40 million," the AG said. The state said the New York bank deceived customers about interest rates, including the "payment shock" of rates that climbed "when an initial teaser rate expired." Some customers, the state said, qualified for loans only at the teaser rate, but not at the adjusted rate that would be in effect "for most of the loan's term." Source:

22. September 27, WJW 8 Cleveland – (Ohio) CEO pleads guilty to role in Croatian credit union collapse. The man that federal prosecutors said was responsible for issuing more than 1,000 fraudulent loans that ultimately led to one of the largest credit union failures in U.S. history pleaded guilty for his crimes September 27 in Ohio. The former chief operating officer (COO) of the St. Paul Croatian Federal Credit Union, pleaded guilty to 6 counts, including bank fraud, money laundering and bank bribery, for his role in the failure of the credit union, according to the U.S. Attorney for the Northern District of Ohio. The 52-year-old from Mentor, Ohio, issued more than 1,000 fraudulent loans totaling more than $70 million to more than 300 account holders at St. Paul from 2000 to April 2010, court documents said. Prosecutors claimed the man issued loans with no collateral and falsely represented them to the National Credit Union Administration (NCUA) as secured loans, when they were not. Prosecutors said for issuing the loans the man accepted more than $1 million worth of bribes, kickbacks, and gifts. He is one of 16 people who have been charged for their roles in the credit union collapse. At the time of the credit union being place into conservatorship, St. Paul served 5,400 members and was believed to have assets of about $238.8 million. Source:,0,4539769.story

23. September 27, St. Paul Pioneer-Press – (Minnesota) Third defendant pleads guilty in $20 million mortgage fraud case. A man pleaded guilty September 27 to his role in a $20 million mortgage fraud, making the Chanhassen, Minnesota man the third to admit his involvement in the case. The 52-year-old was a straw buyer in a scheme that involved 57 Minnesota properties from 2004 to 2007. The scam's participants identified properties that could be purchased, recruited straw buyers and submitted false financial information to obtain mortgages, court papers said. Straw buyers were allegedly told they could use the kickbacks to put toward the mortgage or improve the property. The defendant received about $580,000 in concealed payments from the six residential properties he purchased, according to the charges. The loans on the 57 properties totaled more than $20 million, and lenders suffered "significant losses" when the homes later went through foreclosures and short sales, prosecutors said. The loss specific to the defendant's involvement was calculated by prosecutors at between $1 million and $2.5 million. He pleaded guilty September 27 to one count of conspiracy to commit wire fraud before a U.S. district judge. The crime carries a maximum penalty of 20 years in prison. Source:

For another story, see item 52 below in the Information Technology Sector

Information Technology Sector

50. September 28, The Register – (International) Java, Adobe vulns blamed for Windows malware mayhem. Failure to patch third-party applications has become the main reason Windows machines get infected with malware, according to a report released by CSIS September 27. Systems running vulnerable versions of Java JRE, Adobe Reader and Acrobat, and Adobe Flash were particularly at risk of attack. Up to 85 percent of all virus infections happen as the result of drive-by attacks served up via commercial exploit kits, with 31.3 percent of users that were exposed to the exploit kits being secretly fed malware. CSIS concluded that "99.8 percent of all virus/malware infections caused by commercial exploit kits are a direct result of the lack of updating five specific software packages." Source:

51. September 28, Help Net Security – (International) Microsoft takes down Kelihos botnet. After having disrupted the operation of the Waledac and Rustock botnets, Microsoft set its sights on a smaller one that is thought to be an attempt to rebuild the Waledac botnet, Help Net Security reported September 28. Microsoft used the same tactics it employed in the previous cases — it asked a U.S. court for permission to shut down the Internet domains/command-and-control servers for the botnet. But what makes this case unique is the fact that for the first time a defendant was named in the suit and was notified of the action. In the complaint, Microsoft alleged that 23 individuals own a domain used to register other subdomains that were used to operate and control the Kelihos botnet. The Kelihos botnet is rather small. Nevertheless, it is capable of sending out nearly 4 billion spam e-mails per day from approximately 41,000 computers located worldwide. Source:

52. September 28, Softpedia – (National) Cyber security evaluation tool released by DHS. The DHS launched a product called Cyber Security Evaluation Tool (CSET) in the effort of aiding organizations in properly securing digital property, Softpedia reported September 28. The tool allows users to know the weak links in their systems and what needs to be improved so cybercriminal activities can be prevented and combated. The CSET application compares the network infrastructure of the user with industry rules. It then lists recommendations that should help enhance the safeguarding of the enterprises cyber structure. According to the product's fact sheet, it incorporates many standards from different organizations such as National Institute of Standards and Technology, North American Electric Reliability Corporation, International Organization for Standardization, and U.S. Department of Defense. When the operator selects one or more of the standards, the CSET will require her to answer a few questions. Based on these answers, a full report will be generated to show what can be improved. Source:

For more stories, see item 19 in the Banking and Finance Sector

Communications Sector

53. September 28, Williamsburg Yorktown Daily – (Virginia) Storm takes stations off air; repairs expected soon. A lightning strike at a transmitter near Williamsburg, Virginia, September 28 took Davis Media's two radio stations, 92.3FM The Tide and 107.9 BACHfm, off the air, but both stations were available by streaming online. Public utility companies and the stations' engineer were working to repair the issue, and they said the stations were expected to be back on the air soon. Source:

54. September 27, Visalia Times-Delta and Tulare Advance-Register – (California) Lindsay residents lose phone service for 2 hours. People trying to call Lindsay, California telephone numbers the afternoon of September 27 were greeted with busy signals or a message saying the phone circuits were temporarily overloaded. Telephone service was knocked out in Lindsay, according to the Tulare County Fire Department. The outage occurred around 4:30 p.m. Officials said contractors working in Sanger accidentally severed a fiber-optic line, disrupting phone service in Exeter. Cell phone customers were also affected. Communications to Tulare County fire stations in Lindsay, Strathmore, and Alpaugh were affected as well. The Lindsay Department of Public Safety was still able to receive calls for service at its business line as well as through the 911 system, so residents in need of emergency help were not in jeopardy. At 6:48 p.m., Tulare County Fire officials announced that phone service had been restored to Lindsay, Strathmore, and Alpaugh Stations in addition to City of Lindsay Fire Station #87. Source: