Wednesday, September 7, 2011
Complete DHS Daily Report for September 7, 2011
Daily Report
Top Stories
• The tally of digital certificates stolen from a Dutch company in July exploded to more than 500, including ones for intelligence services such as the CIA, England's MI6, and Israel's Mossad, a Mozilla developer said September 4. – Computerworld (See item 46 below in the Information Technology Sector
• A man with an automatic rifle opened fire at an IHOP restaurant in Carson City, Nevada, September 6, killing two National Guard members, another person, and himself, and wounding 6 others. – msnbc.com and Associated Press (See item 51)
51. September 6, msnbc.com and Associated Press – (Nevada) 4 dead, 6 wounded in Nevada shooting. A man with an automatic rifle opened fire at an IHOP restaurant in Carson City, Nevada, September 6, killing two National Guard members, another person, and himself in a hail of gunfire during the morning breakfast hour, authorities and witnesses said. Six people were wounded in the attack. The suspect apparently acted alone and died at a hospital in Reno. Authorities were not saying whether the attack targeted the Guard members, who were meeting at the restaurant in a strip mall on Carson City's main street. Witnesses said the gunman pulled up in a blue minivan around 9 a.m. and shot a man on a motorcycle, then walked inside the restaurant and started shooting. He then walked outside and fired shots at a barbecue restaurant and an H&R Block in the strip mall, and then a casino across the street before turning the gun on himself. The state capitol and supreme court buildings were locked down for about 40 minutes, and extra security measures were put in place at state and military buildings in northern Nevada, but the shooting appeared to be an isolated incident, said the Carson City sheriff. Local, state police, and the FBI responded. The minivan was registered locally. A public relations manager for Care Flight told the Reno Gazette-Journal that three victims were taken to the hospital by helicopter, and that two were in critical condition. Source: http://today.msnbc.msn.com/id/44410882/ns/today-today_news/t/wounded-shooting-nevada-restaurant/
Details
Banking and Finance Sector
16. September 6, Orlando Sentinel – (Florida) Suspected bank robber linked to five hold-ups. A convicted robber suspected of holding up 5 banks in central Florida shortly after he was released from prison was scheduled to be arraigned September 6 in circuit court. The 25-year-old man was charged with robbing banks in Fruitland Park, Lady Lake, and Leesburg by handing tellers a note and warning them that he had a gun and would use it if necessary. Police said he never showed a gun. The Marion County resident also is a suspect in similar bank robberies in Ormond Beach in Volusia, and Wesley Chapel in Hernando. According to an assistant state attorney, the man was released from the state department of corrections June 22, 14 days before he allegedly struck a branch of Bank of America on North 14th Street in Leesburg. He served 3 years for strong-arm robbery in Marion. He also is accused of robbing the BB&T bank branch in Fruitland Park July 22, and a SunTrust Bank branch in Lady Lake 3 days later. He was identified by witnesses who picked his picture from photo lineups. He could face mandatory 15-year prison sentences in each robbery. Source: http://www.orlandosentinel.com/news/local/lake/os-lk-bank-robber-in-court-20110906,0,784192.story
17. September 5, Prescott Daily Courier – (Arizona) 'Skeletor Bandit' pleads guilty to robbing Prescott bank, others. A man charged with robbing the Wells Fargo Bank in Prescott, Arizona, December 8, 2010, plead guilty to four counts of armed bank robbery and two counts of bank robbery the week of August 29 in a federal court in Phoenix. The 51-year-old was charged with robbing banks in Prescott, Flagstaff, Surprise, and Phoenix between October 22 and December 11, 2010, and stealing $42,391. He also was charged in a bank robbery in Chico, California, July 13, 2010, stealing $2,154. The suspect was called the "Skeletor Bandit" because in the first four robberies, he wore a Halloween-style rubber mask, along with a black-hooded sweatshirt, said a spokesman for the U.S. attorney of the district of Arizona. The suspect also allegedly displayed a gun in those robberies. As part of the plea agreement filed August 31, the man faces a federal prison sentence of 8 to 11 years, must pay restitution to victims of as much as $100,000, and could possibly receive a reduction of one to two levels in his sentencing guidelines if certain conditions are met. Phoenix police officers arrested the man December 11, 2010, in connection with a bank robbery at a Bank of America near 50th Avenue and Baseline Road. They stopped the man after using a tracking device, and found a pellet gun that matched the description of the gun used during the robbery, according to the plea agreement. Source: http://www.dcourier.com/main.asp?SectionID=1&SubSectionID=1&ArticleID=97665
18. September 5, Help Net Security – (International) New Zeus-based variant targets banks around the world. Another Zeus-based offering was unearthed September 5 by Trend Micros researchers, and experts surmised this one may be better crafted than the recently discovered Ice IX crimeware. Having analyzed the code, they believe it was created by using version 2.3.2.0. of the Zeus toolkit, and that it was created specifically for a professional gang. Experts note this solution is likely to succeed where Ice IX has failed: an updated encryption/decryption algorithm that should prevent trackers from analyzing its configuration file. Also, an update of the Zeus builder capability of checking for bot information and uninstalling it should make antivirus solutions unable to use it for detecting the bot and automatically purging the system of it. "It is also worth mentioning that this malware targets a wide selection of financial firms including those in the United States, Spain, Brazil, Germany, Belgium, France, Italy, Ireland, etc.," said the researchers. "More interestingly, it targets HSBC Hong Kong, which suggests that this new Zeus variant may be used in a global campaign, which may already include Asian countries." Source: http://www.net-security.org/malware_news.php?id=1828
19. September 2, U.S. Securities and Exchange Commission – (California) SEC halts fraud conducted by purported life settlement company. The U.S. Securities and Exchange Commission (SEC) September 2 announced it obtained an emergency court order to halt an alleged $4.5 million investment scheme by a Los Angeles company that purports to broker life settlements. The SEC alleged a man and his compnay, Christian Stanley Inc., have spent the past 7 years creating the illusion that it was a legitimate company. Contrary to what investors were told, Christian Stanley has never purchased or generated any revenue as a result of brokering the sale of a single life settlement, and has barely derived any revenue from any of its purported business ventures. Instead, the head of the company simply used the Christian Stanley name as a vehicle to raise at least $4.5 million in an unregistered offering of debenture notes, and spent most of the money for purposes unrelated to its ostensible business operations. He misused investor funds to finance his stays at luxury hotels, visits to nightclubs and restaurants, and purchases of high-end vehicles. A judge for the U.S. District Court for the Central District of California September 1 granted the SEC’s request for a temporary restraining order and asset freeze against the man and his companies. According to the SEC’s complaint, the man raised funds from at least 50 investors nationwide, promising investors fixed interest returns ranging from 5 to 15.5 percent annually for 5-year terms. He claimed the notes were backed by assets such as a gold mine in Nevada and a coal mine in Kentucky that he said held coal deposits valued at $11.8 billion. The SEC alleges that instead of using investor money to purchase life settlements or develop the mines, the man and Christian Stanley used investors’ money for such unrelated purposes as sales commissions, and Ponzi-like payments to existing note holders. Source: http://www.sec.gov/news/press/2011/2011-177.htm
20. September 2, IDG News – (National) Internet clothing seller charged with wire fraud. The owner of a defunct online clothing retail operation was arrested and charged September 2 with wire fraud for allegedly overcharging customers by more than $5 million. The owner of New York-based Classic Closeouts allegedly used customer credit and debit card numbers on file to charge accounts multiple times for items customers did not order, the U.S. Department of Justice (DOJ) said in a press release. Between June and December 2008, the operation charged customers for unordered items more than 70,000 times, the DOJ said. In some cases, the same card was charged "multiple" times over many weeks, the agency said. The charges ranged from $59.99 to $79.99, said the U.S. Federal Trade Commission (FTC), which filed its own civil complaint against ClassicCloseouts.com and the owner in June 2009. When customers disputed the unauthorized charges with their credit card companies and banks, Classic Closeouts' owner asserted the charges were valid because the customers had enrolled in an alleged "frequent shopper club," the DOJ said. In some cases, customers were denied credit cards after the disputes or were pressured into paying the fraudulent charges, plus late fees and interest. The FTC announced a settlement with the owner in January, with the owner banned from owning Internet businesses that handle credit or debit accounts. The settlement also imposed a monetary judgment of nearly $2.1 million. It's uncommon for the DOJ to bring criminal charges after the FTC settles a civil case. The suspect faces a maximum sentence of 20 years in prison on the wire fraud charges. Source: http://www.pcworld.com/businesscenter/article/239452/internet_clothing_seller_charged_with_wire_fraud.html
21. August 31, United States Department of Justice – (Connecticut) Former waitress at Stamford restaurante admits role in credit card fraud scheme. The U.S. Attorney for the District of Connecticut announced August 31 a 25-year-old from Georgia, formerly of New York, waived her right to indictment and pleaded guilty August 30 in Bridgeport to one count of conspiracy to commit access device fraud. According to court documents, from September 2008 to January 2009, she worked as a waitress at a restaurant in Stamford. In pleading guilty, the convict admitted that, while working at the restaurant, she and a co-worker stole credit card information from customers through the use of “skimming” devices. When restaurant customers would pay with credit cards, the pair would swipe them through hand-held skimmers before running them through the restaurant’s own legitimate credit card verification system. The skimming devices would copy and store the account data encoded on the magnetic strips on the back of the credit cards. Every few weeks, an individual who supplied the skimming devices would meet with one of the employees so they could turn over to him the credit card information. That person would pay them either $20 or $25 for each credit card they successfully swiped through the device, and then give them new skimmers. The stolen data was later used by members of the conspiracy to make unauthorized purchases. While the pair were employed at the Stamford restaurant, about 92 credit cards were compromised, the majority of which were compromised by the 25-year-old's co-worker, resulting in losses of about $135,888. Source: http://www.justice.gov/usao/ct/Press2011/20110831.html
For another story, see item 45 below in the Information Technology Sector
Information Technology Sector
43. September 6, Softpedia – (International) Incognito exploit kit discovered after Web Directories attack. Users who visited the Web Directories site September 4 may have been redirected to a third party page leveraging the Incognito exploit kit. One of the largest directories on the Internet, the site was compromised after a program line, representing a redirect to a malicious address containing exploit codes, was inserted. An analysis made by Websense Security Labs revealed the hacking tool involved is known as Incognito, which silently infects the client computers with a trojan. According to the Security Labs blog, Incognito is a Malware as a Service (MaaS) which has two versions running in the wild. Underground communities use it to launch automated attacks with the purpose of spreading malware. Source: http://news.softpedia.com/news/Web-Directories-Site-Attacked-220361.shtml
44. September 6, Softpedia – (International) Phishers use new tricks. Internet users are becoming more aware of the dangers of phishing. As a result, phishers are implementing new methods of luring unsuspecting people into their nets. The latest “phishing expedition” was observed by Symantec. The malicious site was masked as a software company that offered considerable discounts. Users were then led to a page where they would be required to give out all their personal information, including credit card details, which would later be used to gain control of the person's financial records. Many people were drawn to the page by the up to 80 percent savings they could make on the site's main page. Researchers indicated the page containing the offers was hosted on a newly registered domain that ranked high in most of the popular search engines. This was achieved by using keywords in the domain name that are very common in related searches. The people behind this practice managed to make fake trust seals. The seals seemed legitimate because of some sub-domain randomization techniques used by the phishers. Source: http://news.softpedia.com/news/Phishers-Use-New-Tricks-220334.shtml
45. September 5, IDG News Service – (International) Turkish hackers strike Websites with DNS hack. A Turkish hacking group managed to tamper with Internet addressing records September 4, redirecting dozens of Web sites belonging to companies including Microsoft, UPS, and Vodafone to a different Web pages controlled by the hackers. According to Zone-H, a Web site that tracks defacements, 186 Web sites were redirected to a page controlled by "Turkguvenligi." All of the Web sites were registered through NetNames, part of NBT group. NetNames provides Domain Name System (DNS) services. Turkguvenligi hacked the servers through a SQL injection attack. In the case of NetNames, the group put a redelegation order into the system and changed the address of the master DNS servers that served data for the Web sites, a statement from NetNames said. The attack occurred around 9 p.m. September 4. Although it appears the goal was just to vandalize the sites for a while, the group could have set up lookalike sites for the real ones, tricking users into thinking they were on the legitimate site and possibly stealing logins and passwords. Two of HSBC's banking sites — one with a country-code Top Level Domain in South Korea and one in Canada — were targeted, according to the list compiled by Zone-H. Other Web sites affected were those belonging to The Telegraph newspaper, The Register technology news site, Coca-Cola, Interpol, Adobe, Dell, several Microsoft country sites, Peugeot, Harvard University, and the security companies F-Secure, BitDefender, and Secunia. Source: http://www.computerworld.com/s/article/9219728/Turkish_hackers_strike_websites_with_DNS_hack
46. September 4, Computerworld – (International) Hackers steal SSL certificates for CIA, MI6, Mossad. The tally of digital certificates stolen from a Dutch company in July exploded to more than 500, including ones for intelligence services such as the CIA, England's MI6, and Israel's Mossad, a Mozilla developer said September 4. The confirmed count of fraudulently-issued secure socket layer (SSL) certificates now stands at 531, said the Mozilla developer, who is part of the team working to modify Firefox to block all sites signed with the purloined certificates. Among the affected domains are those for the CIA, MI6, Mossad, Microsoft, Yahoo, Skype, Facebook, Twitter, and Microsoft's Windows Update service. All the certificates were issued by DigiNotar, a Dutch issuing firm that admitted the week of August 29 that its network had been hacked in July. Source: http://www.computerworld.com/s/article/9219727/Hackers_steal_SSL_certificates_for_CIA_MI6_Mossad
For more stories, see items 18 above in the Banking and Finance Sector and 47 below in the Communications Sector
Communications Sector
47. September 6, New Tampa Patch – (Florida) Bright House Networks outages reported in Tampa Bay area. A Bright House Networks outage left much of the Tampa Bay, Florida area without phone, high-speed Internet and some cable service September 6. Service was reported down in much of the area, including Hillsborough, Pinellas, Pasco and Manatee counties. On Twitter, there were dozens of tweets September 6 by customers reporting outages. The company was aware of the issues, which began around 10:40 a.m. a Bright House spokesman said. It was unclear how widespread the outages were, he said. The company's customer service and public relations phone lines were also down. In Manatee County, several customers drove to the local Bright House Networks office to get updates because they could not reach anyone by phone. Source: http://newtampa.patch.com/articles/bright-house-networks-outages-reported-in-tampa-bay-area
48. September 4, Muncie Star-Press – (National) Local Indiana public radio stations down after lightning strike. A lightning strike was responsible for three Indiana Public Radio (IPR) stations being off the air late September 3 into Septmeber 4. According to a release from IPR, the WBST 92.1 FM transmitter was hit by lightning September 3 around 7:30 p.m., when a wave of thunderstorms rolled through the area. The strike damaged the main blower for the transmitter to the point of three IPR stations — WBST 92.1 in Muncie, WBSB 89.5 in Anderson and WBSH 91.1 in Hagerstown — going off the air, according to the release. A replacement part was being flown in September 4 from Quincy, Illinois, and radio officials believed the earliest these three stations could be back on the air was by 7 p.m. September 4. IPR was still on the air at WBSJ 91.7 in Portland and WBSW 90.9 in Marion, September 4, and listeners could also tune in to the stations online at www.indianapublicradio.org. Source: http://www.thestarpress.com/article/20110904/NEWS06/110904006
49. September 3, Hutchinson News – (Kansas) Fire destroys radio station studios. An early morning fire September 2 destroyed the downtown Hutchinson, Kansas, studios of radio stations KSKU, KXKU, KNZS, and KWHK, and caused smoke damage to Sparks Music and the Wiley Building, which were on opposite sides of the radio stations. Sparks Music and the soda fountain at Fraese Drug Store in the Wiley building were closed, but the downtown development director said other businesses in the 100 block of North Main would be opening later September 2, despite the fact the block was closed to traffic and parking. A fire department inspector September 2 said they were awaiting heavy equipment that would be used to begin tearing the building down. He said the fire was reported at 2:30 a.m. The last employee of the stations had gone home between 10 and 11 p.m. September 1, and the stations were playing automated programming until the fire knocked them off the air. The owner of the stations said he was told firefighters found the back door broken open, and that the fire might be arson. The stations broadcast from four towers scattered around Reno County, but the Main Street studio was the hub for all four. Source: http://www.firefightingnews.com/article-us.cfm?articleID=100439
For more stories, see items 45 and 46 above in the Information Technology Sector
No comments:
Post a Comment