Tuesday, September 27, 2011

Complete DHS Daily Report for September 27, 2011

Daily Report

Top Stories

• Torrential rain September 26 piled water 8-feet high in streets and basements in Colerain Township, Ohio, and led to the rescue of scores of stranded motorists. – Cincinnati Enquirer (See item 20)

20. September 26, Cincinnati Enquirer – (Ohio) Torrential rain, flooding prompts evacuation in Colerain Twp. Torrential rain early September 26 dumped more than 3 inches across Greater Cincinnati, Ohio, and led to flooding and evacuations in a section of Colerain Township. The Colerain Township Fire Department began rescuing and evacuating residents at Blanchetta and Sheldon about 7 a.m. Motorists were pulled from cars after becoming trapped while driving into high water. The water spilled into the street from a flooded creek, a fire spokesman said. Water as high as 8 feet also flooded basements. One person was taken to a hospital for minor injuries. A tornado watch and flood advisory were in effect September 26 as heavy showers and thunderstorms that started falling overnight continued. More than 3.5 inches of rain was recorded between midnight and 6:30 a.m. at Cincinnati/Northern Kentucky International Airport, a meteorologist said. The storms knocked out power to more than 7,400 Duke Energy customers, mostly in Hamilton County, according to the utility’s Web site. North College Hill schools were on a 2-hour delay due to power outages. Source: http://news.cincinnati.com/article/20110926/NEWS01/110926015

• The mayor of Sparks, Nevada, declared a state of emergency and canceled a road rally after a huge brawl September 23 outside a casino led to shootings, one death, and several injuries. – CNN (See item 59)

59. September 25, CNN – (Nevada) Hell's Angels motorcycle club member facing charges in deadly casino brawl. A member of the Hell's Angels motorcycle club was facing charges including assault with a deadly weapon September 25 after a brawl between club members devolved into a gunfight that left one person dead in Sparks, Nevada. Police said the victim of the shooting at John Ascuaga's Nugget Casino Resort was a 51-year-old man who was president of the San Jose, California, chapter of the Hell's Angels. Two other people, both members of the Vagos motorcycle club, were in stable condition at hospitals after being shot in the abdomen and the leg, respectively. A 36-year-old was arrested after surveillance video showed him "shooting into the crowd" during the late September 23 melee, Sparks police said in a statement. The riot occurred during the Street Vibrations Fall Rally, an event that began September 21 and was expected to continue into September 25. After the shootings, however, the Sparks portion of the event was canceled through the weekend, the city announced September 24. The mayor of Sparks also declared a state of emergency. Besides assault with a deadly weapon, the shooting suspect also faces charges of carrying a concealed weapon; aiming a firearm at another; aiming or discharging a firearm where a person is endangered; and possession of stolen property/firearm, jail records show. His bail was set at $500,000 cash only. Authorities reported that as many as 30 people took part in the casino brawl. Police responded with assistance from overhead helicopters. Source: http://www.cnn.com/2011/09/25/justice/nevada-casino-brawl/index.html?eref=rss_topstories&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+rss/cnn_topstories+(RSS:+Top+Stories)

Details

Banking and Finance Sector

14. September 24, Contra Costa Times – (California) Two bay area men charged in $8 million fraud scheme. The Securities and Exchange Commission (SEC) September 23 charged two Bay Area men with fraud in California, claiming they promised investors up to a 6,300 percent return but instead spent millions of dollars on themselves, including luxurious parties and cars. The two are accused of defrauding more than 35 investors out of nearly $8 million, according to SEC documents. The agency's complaint seeks to force the two men to return the money as well as pay civil penalties. The scheme began in 2007 when one of the men, who previously worked in real estate, raised about $4.5 million with the promise of "financial freedom" and "maximum results with minimum risk" in a brochure to investors, the SEC said. In 2008, he teamed up with the second man, an unemployed construction worker with no experience in investing, and continued to promise investors an astronomical return. An additional $3.2 million was raised over the next few years. Instead of investing the money, the SEC claims, the man with real estate experience spent $360,000 on a surprise party for his wife as well as several Mercedes-Benz automobiles, jewelry, and basketball season tickets. He also spent about $2.6 million of investors' funds to make improvements on his 8,000-square-foot Alamo home. Source: http://www.mercurynews.com/news/ci_18971213

15. September 24, Associated Press – (Arizona; Colorado) Tucson man pleads guilty in investment scheme. A Tucson, Arizona man accused of bilking investors out of millions of dollars pleaded guilty September 24 to two felonies, ending 8 years of litigation. Pima County prosecutors said the 70-year-old man pleaded guilty to fraud and illegally conducting an enterprise, and agreed to pay up to $5 million in restitution. He could be placed on probation or be sentenced to between 7 and 21.25 years in prison. The Arizona Daily Star said the man and two other defendants originally were indicted in 2003 on charges they illegally sold promissory notes for a Colorado shopping center north of Denver. By the time the Dacono Mall project collapsed, authorities said about 110 investors had put up more than $5 million between 1995 and 2000. Source: http://www.chron.com/news/article/Tucson-man-pleads-guilty-in-investment-scheme-2187081.php

16. September 24, Hartford Courant – (Connecticut) Bomb threats called in to Mansfield, Coventry bank branches. A woman called in bomb threats to First Niagara bank branches in Mansfield and Coventry, Connecticut September 24, police said. The woman said "an explosion" would occur in the buildings, police said. The state police bomb squad and K-9 teams responded and searched the banks, but found nothing, police said. Coventry police were working with state police and said they had developed leads in the case. They said they are searching for a woman wearing a light-colored top and a ponytail, and released a video showing her talking on the phone in a store. Investigators said she may be driving a green sport utility vehicle, but they did not call her a suspect. Source: http://articles.courant.com/2011-09-24/community/hc-bank-threat-0925-20110924_1_coventry-police-state-police-bomb-threats

17. September 24, DNAinfo.com – (New York) Bomb threat bank robber arrested for string of heists, police say. A Harlem, New York ex-con who threatened bank tellers with bomb threats and claimed to have a gun was arrested for a string of heists around the borough beginning in July, DNAinfo.com reported September 24. The 33-year-old was hit with seven counts of robbery and one count of attempted robbery for the alleged 2-month spree, which included hitting two banks in one day and even trying to rob the same bank twice just days apart. The suspect, who has done stints in state prison for robbery and drug sale, first struck at a Chase Bank at 2030 Broadway, near West 70th Street claiming to have a bomb, police said. But the teller refused to fork over cash and he fled empty handed. Less than 2 hours later, the man, who was released from prison in April, allegedly pulled the same stunt at a Sovereign Bank branch at 250 Lexington Avenue, near East 35th Street. This time, the teller gave him money, although the amount was not clear. On August 15, he returned to the same branch and again made off with cash, police said. During the series of heists, the suspect robbed a Sovereign Bank at 1350 Broadway, near 36th Street, a Sovereign Bank at 1062 Third Avenue, near 63rd Street, an HSBC Bank at 885 Eighth Avenue, near 53rd Stree,t and a Sovereign Bank at 2275 Broadway, near 82nd Street, police said. He last struck September 19, claiming to have a gun at the Capital One Bank on 1536 Third Avenue, near 87th Street. Source: http://www.dnainfo.com/20110924/upper-west-side/bomb-threat-bank-robber-arrested-for-string-of-heists-police-say

18. September 24, Los Angeles Times – (California) Well-dressed bandit hits 10th bank in San Diego area. The FBI in San Diego is asking the public for information about a bank robber with an apparent taste for nice clothing and luxury automobiles. Dubbed the Well-Dressed Bandit, the robber has hit 10 banks and credit unions in San Diego County since May 2010. His latest job was September 23 when he robbed a Chase Bank in the Sorrento Valley area of San Diego — the third time he has robbed the same branch, according to authorities. Witnesses reported seeing him leave in a Lexus or Mercedes. He prefers dark clothing and sometimes wears a cap to cover a balding or shaved head. He is described as black, in his mid-30s, about 6-foot-2 and weighing 220 pounds. Source: http://latimesblogs.latimes.com/lanow/2011/09/well-dressed-bandit-hits-10-banks-in-san-diego-area.html

19. September 23, Financial Advisor – (California) SEC bars former California securities dealer. The Securities and Exchange Commission (SEC) has permanently barred a former California-based broker from the securities industry on charges he fraudulently raised $14.1 million from over 100 investors in a Ponzi scheme disguised as a futures investment, according to a ruling issued by an administrative law judge September 22. The SEC said the man and his firm Axcess Automation LLC devised a scheme in which he solicited friends, neighbors, and business acquaintances to wire transfer funds into bank accounts over which he had sole discretionary authority. The SEC alleged the man prepared and provided false statements to certain investors and misappropriated about $10.7 million from new investors to pay old investors and about $1.1 million for personal use. Source: http://www.fa-mag.com/fa-news/8627-sec-bars-former-california-securities-dealer-.html

Information Technology Sector

48. September 26, Softpedia – (International) Data stealing apps released on Android Market. Five new tools have hit the Android Market, which can be used by app developers who want to make a profit. Bitdefender has identified the threat as Android.Spyware(dot)GoneSixty.Gen. The stealer has to be downloaded and installed to the victim's device first, but after this job is done, the rest of the operation is straightforward. The tool is then capable of uploading to an Internet location all the information found on the phone, such as messages, contact lists, and browser history. The stolen data can be accessed by entering a code on the developer's site and while contact lists are free, the more sensitive information is made available if a $5 fee is paid. Source: http://news.softpedia.com/news/Data-Stealing-Apps-Released-on-Android-Market-223660.shtml

49. September 26, Softpedia – (International) 700,000 InMotion Websites hacked by TiGER-M@TE. InMotion's data center was hit by the hacker that calls himself TiGER-M@TE, leaving a few hundred thousand Web site owners with nonfunctional pages. “At around 4 a.m. EST, our system administration team identified a website defacement attack affecting a large number of customers. We are still investigating, but it appears that files named index.php have been defaced,” InMotion representatives said. The hacker claims to be working alone, his modus operandi narrowing to private exploits and zero-day attacks. It appears he did not do much harm to the sites, only replacing the index file on each with his own. The hosting company already started the repair process, guiding members who possess the necessary knowledge to make the repairs themselves. After a few hours, the company successfully restored 65 percent of the affected pages, urging users to refresh their browsers if they were still viewing the hacked site. Source: http://news.softpedia.com/news/700-000-InMotion-Websites-Hacked-by-TiGER-M-TE-223607.shtml

50. September 26, Softpedia – (International) Alureon trojan uses steganography techniques. A version of the Alureon trojan was discovered hiding command and control (C&C) backup locations in regular jpeg files. The images were posted on random domains so in case the virus could not contact the primary servers, it would make use of these encrypted addresses. Microsoft researchers came across this form of the malware after a period of monitoring in which they determined exactly the way the new Alureon does its job. Win32/Alureon is part of the data-stealing family of trojans. Its multiple functionality allows its master to intercept private data, send distructive commands to the infected device, leaving behind a trail of damaged DNS settings. Keyboard and other drivers might malfunction after an attack from this specific malware. A closer investigation revealed the new variant downloads an extra component file called com32. The new element tries to communicate with many image files hosted on a few blogs. The images contain a string of data interpreted by com32, allowing Alureon to obtain a list of C&C servers it would seek to retrieve in the event the primary hosts' become unavailable. This technique of embedding a hidden code inside a message is called steganography. It appears hackers are using it more often to strengthen their malicious programs. According to the TechNet blog, the configuration files are masqueraded as pictures representing an old woman, a young man, and a bowl of Chinese herbs, and they are posted on Livejournal and Wordpress sites. Source: http://news.softpedia.com/news/Alureon-Trojan-Uses-Steganography-Techniques-223587.shtml

51. September 24, Softpedia – (International) Malware spreads as browser update. A worm has been discovered that when unleashed, takes over DHCP and DNS servers, sending undesired requests to more malware containing locations. Identified by the name of Worm(dot)Ropian.E, it immediately seizes the DNS and DHCP servers. Because these are some of the most important services that control Internet connections, the virus can make sure users are redirected to a single place, no matter what URL they type in the address bar of their Web application. According to Malware City, the malicious destination looks like an error page that alerts “Your browser is no longer supported. Please upgrade to a modern software.” Users might be tempted to believe this message and click on the ”Browser update” button at the bottom of the screen because every single request goes to the same site. If the update button is clicked, the device will be infected even further, acting as a DHCP server for the entire network of computers. To make everything more credible, the worm downloads a file called upbrowsers[date].exe, where the date is a variable that always matches the current date. Once executed, the infection spreads even further, installing a TDSS rootkit that does even more damage. Source: http://news.softpedia.com/news/Malware-Spreads-as-Browser-Update-223486.shtml

52. September 23, Computerworld – (International) Facebook's Timeline will be boon for hackers. Facebook's new Timeline will make it easier for criminals and others to mine the social network for personal data they can use to launch malicious attacks and steal passwords, a researcher said September 23. Timeline, which Facebook unveiled September 22 at a developer conference and plans to roll out in a few weeks, summarizes important past events in a 1-page display. The change has experts at England-based Sophos concerned. "Timeline makes it a heck of a lot easier to collect information on people," said a Sophos security researcher. "It's not that the data isn't already there on Facebook, but it's currently not in an easy-to-use format." Cyber criminals often unearth personal details from social networking sites to craft targeted attacks, he noted, and Timeline will make their job simpler. "And Facebook encourages people to fill in the blanks [in the Timeline]," he said, referring to the tool prompting users to add details to blank sections. Because people often use personal data to craft passwords or security questions and answers, the more someone adds to Timeline, the more they may put themselves at risk, the researcher said. Source: http://www.computerworld.com/s/article/9220240/Facebook_s_Timeline_will_be_boon_for_hackers

53. September 23, The Register – (International) Experts suggest SSL changes to keep BEAST at bay. Cryptographers have described a simple way Web site operators can insulate themselves against a new attack that decrypts sensitive Web traffic protected by secure sockets layer protocol. The suggestions published September 23 by two-factor authentication service PhoneFactor suggest Web sites use the RC4 cipher to encrypt SSL traffic instead of newer, and cryptographically stronger, algorithms such as AES and DES. Google Web servers are already configured to favor RC4, according to this analysis tool from security firm Qualys. A Google spokesman said the company used those settings "for years." In stark contrast, eBay's PayPal payment service favors AES, making the site at least theoretically vulnerable to BEAST, an attack toolscheduled to be demonstrated September 23. Short for Browser Exploit Against SSL/TLS, its creators said it targets a long-documented vulnerability in some encryption algorithms that cryptographers previously believed was not practical to exploit. The researches said they refined the attack enough to decrypt SSL-protected Web traffic using a piece of JavaScript that injects plaintext into the encrypted request stream. They said they plan to prove the attack is practical by using it to recover an encrypted cookie used to access a user account on PayPal. The chosen plaintext-recovery at the heart of BEAST attacks algorithms that use a mode known as CBC, or cipher block chaining, in which information from a previously encrypted block of data is used to encode the next block. CBC is present in both AES and DES, but not in RC4. Source: http://www.theregister.co.uk/2011/09/23/google_ssl_not_vulnerable_to_beast/

54. September 23, Softpedia – (International) Internet Explorer malware plugin also infects Firefox. A new malware threat has been discovered that, after infecting Internet Explorer, drops a piece of spyware onto a user's Firefox. With the aid of Bitdefender, MalwareCity identified the virus as being Trojan.Tracur.C. When Internet Explorer users decide to update their Flash Player, the rogue plug-in that compromises the browser also infects Mozilla Firefox by snapping a malicious add-on to it. Trojan.JS.Redirector.KY monitors all the Web pages loaded in Mozilla's browser. Once the unsuspecting user types the URL address of a search engine, a piece of Java Script code gets injected into the resulting pages, making sure the first link points to a malware containing location. From here on, the infection process continues, victims being subjected to attacks coming from all sorts of threats. According to Sophos, Trojan.Tracur.C affects Windows platforms and it runs automatically in an attempt to establish a communication channel with a remote server via HTTP. It changes Internet Explorer settings by creating registries Trojan.JS.Redirector viruses operate by launching a SQL injection attack that inserts JavaScript into the HTML pages they target. They can also be contained in HTML-based e-mail messages that embed the script or malevolent Web sites and redirect to unwanted locations. Source: http://news.softpedia.com/news/Internet-Explorer-Malware-Plugin-Infects-Firefox-223449.shtml

For more stories, see item 56 below in the Communications Sector

Communications Sector

55. September 26, TG Daily – (California) AT&T restores service after California outage. AT&T customers in southern California experienced a service outage lasting from the afternoon of September 24 through to September 25. The problem, which at its height affected about 1,000 cell towers, is said to have been caused by mechanical problems with the switching equipment that routes calls through the network. Most of the affected towers handled calls to and from Los Angeles County and Orange County. The problem started about 3 p.m. Six hours later, the company confirmed on Twitter: "Los Angeles area AT&T customers may have issues with wireless service. We are working now to resolve. We apologize for any inconvenience." It is not known how many users were affected. Data and text services continued to function normally. Service was restored for most customers by the morning of September 25. Source: http://www.tgdaily.com/mobility-features/58680-att-restores-service-after-california-outage

56. September 26, ARLnow.com – (Virginia) Clarendon/Courthouse Verizon outage continues. Hundreds of Verizon landline phone and DSL Internet customers in the Clarendon and Courthouse area of Arlington, Virginia were still without service September 26, a week after a contractor taking a soil sample struck several cables buried under Rocky Run Park. “Our restoral efforts continue,” a Verizon spokesman told ARLnow.com. ”We’ve replaced and completed work on one of the damaged cables, and we’re at work on the second cable. We also found that a third cable was damaged, and we’ll be replacing a section of that one as well.” The cables contain thousands of individual copper lines, which carry phone conversations and Internet service to hundreds of Verizon customers in the area. Each copper line must be painstakingly spliced together to restore service. Source: http://www.arlnow.com/2011/09/26/clarendoncourthouse-verizon-outage-continues/

For more stories, see items 48 and 52 above in the Information Technology Sector

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)