Wednesday, October 5, 2011

Complete DHS Daily Report for October 5, 2011

Daily Report

Top Stories

• The hacktivist group Anonymous declared "war" on the New York Stock Exchange and vowed to "erase" it from the Internet on October 10. – PC Magazine See item 13 below in the Banking and Finance Sector

• A security hole found in some HTC Android phones could give apps with Internet permissions access to information such as a user’s location, text messages and system logs, Android Police reported October 2. – Ars Technica (See item 40 below in the Information Technology Sector


Banking and Finance Sector

10. October 4, Financial Industry Regulatory Authority – (Texas; National) FINRA fines Merrill Lynch $1 million for supervisory failures that allowed a registered representative to operate a ponzi scheme. The Financial Industry Regulatory Authority (FINRA) announced October 4 it has fined Merrill Lynch, Pierce, Fenner & Smith Inc., $1 million for supervisory failures that allowed a registered representative at Merrill Lynch's branch office in San Antonio to use a Merrill Lynch account to operate a ponzi scheme. The registered representative convinced 11 individuals to invest more than $1 million in a Ponzi scheme he created and ran as B&J Partnership for more than 10 months. Merrill Lynch supervisors approved the representative's request to open a business account for B&J and failed to supervise funds customers deposited and he withdrew. FINRA permanently barred the representative from the securities industry in December 2009. FINRA found Merrill Lynch failed to have an adequate supervisory system in place to monitor employee accounts for potential misconduct. Merrill Lynch's supervisory system automatically captured accounts an employee opened using a Social Security number (SSN) as the primary tax identification number. However, if the employee's SSN was not the primary number associated with the account, the system failed to capture the account in its database. Instead, Merrill Lynch solely relied on its employees to manually input these accounts into its supervisory system. FINRA also found that from January 2006 to June 2010, Merrill Lynch failed to monitor an additional 40,000 employee/employee-interested accounts, which were not reported for certain periods of time and therefore not available on the supervisory system. In concluding this settlement, Merrill Lynch neither admitted nor denied the charges, but consented to the entry of FINRA's findings. Source:

11. October 4, WTVB 1590 Coldwater – (Michigan) Serial bank robber believed to have held up area banks. The FBI said it believes the bandit who held up a Century Bank Branch in Coldwater, Michigan, in August and a Southern Michigan Bank & Trust branch in Tekonsha in September is a serial robber who may have been involved in up to 8 stickups or attempted holdups dating back to the fall 2009. The FBI announced there is a $10,000 reward being offered for information leading to the arrest of the bandit. The investigation includes Coldwater City Police, the Calhoun and Hillsdale County Sheriff’s Departments, and the Michigan State Police. Authorities said the first financial institution targeted was a bank in Manitou in Lenawee County November 20, 2009. The institution most recently hit was the Southern Michigan Bank and Trust branch in Tekonsha September 9. The suspect is described as a white male, approximately 6 feet tall, with an average build. He has worn vinyl Halloween masks, possibly of a former Democratic U.S. Vice President, and the current U.S. President, as well as camouflage clothing during hunting season to disguise his appearance. His weapon is a black semi-automatic pistol. Witnesses have described his getaway vehicle as a white, four-door passenger car with a gray or black strip along the bottom. Source:

12. October 3, Orange County Register – (California) Broker pleads guilty in Ponzi and real estate scheme. A broker for "hard-money lenders" pleaded guilty in California October 3 to multiple felony counts for stealing $6.9 million from investors in a Ponzi and real estate fraud scheme, authorities said. The 53-year-old of Tustin, California, faces a potential term of 15 years in prison. He pleaded guilty to 55 felony counts of grand theft, 7 felony counts of filing false recorded documents, 6 felony counts of elder financial exploitation, and sentencing enhancements for white-collar crime over $500,000 and excessive stealing. He defrauded as many as 12 people in a Ponzi and real estate fraud scheme from May 2004 to June 2007 while operating as a broker for "hard-money lenders" through his four Orange County-based businesses, including Sea View Investments, HLHS Financial Services Inc., Foothill Realty, and Sea View Mortgage, prosecutors said. The term "hard-money lender" is a private investor who provides money to borrowers looking for funds from non-bank lenders, prosecutors said. He stole from private investors, most of whom were long-time friends, by keeping the money they lent for borrowers and not funding the loans as promised, according to a news release from the Orange County District Attorney's Office. The convict supplied investors with bogus interest payments by taking small sums from their initial investment and providing them with falsified and forged documents to prevent them from discovering the loans had not been repaid, prosecutors said. He used funds from new investors to pay off old investor, prosecutors said. In December 2008, the Tustin Police Department began investigating after receiving complaints of checks bouncing. The convict was arrested in court June 12, 2009, after pleading guilty in an unrelated case to 6 felony counts, including grand theft and check fraud. Source:

13. October 3, PC Magazine – (New York) Anonymous threatens to 'erase NYSE from the Internet'. Anonymous declared "war" on the New York Stock Exchange (NYSE) the weekend of September 30 and vowed to "erase" it from the Internet October 10 as the Occupy Wall Street protest entered its third week in New York City after a weekend that saw hundreds of protesters arrested during a planned march across the Brooklyn Bridge. "On October 10, NYSE shall be erased from the Internet. On October 10, expect a day that will never, ever be forgotten," intoned a computer-generated male voice common to many Anonymous videos, in a warning posted on TheAnonMessage YouTube channel. The channel has been used to post several Occupy Wall Street-related video messages since the protest against lax regulation of the financial sector and economic inequality began September 17. Those messages include Anonymous' initial "official" video regarding Occupy Wall Street, and a warning sent last week to the New York Police Department that threatened retaliation if "the brutality does not stop" against Occupy Wall Street protestors. The threat to "erase" the NYSE from the Internet was not explained, though some speculated Anonymous was planning a Distributed Denial-of-Service (DDoS) attack on the public-facing Web site, similar to DDoS attacks the group has used to take down sites in the past. Others felt that would only be a minor setback for the NYSE and guessed that Anonymous was planning a larger attack, perhaps even an attempt to actually disable trading on the exchange. Source:,2817,2394071,00.asp#fbid=HVPcnsT7BOR

14. October 3, KSAZ 10 Phoenix – (Arizona) Bank robber threatens teller with flammable liquid. A woman walked into a Scottsdale, Arizona bank October 3, demanded money, and then set the counter on fire. Police said the woman tried to rob the Wells Fargo bank inside the Albertson's at Scottsdale Road and Thomas about 10 a.m. Officers spent the day going through surveillance video and talking to witnesses. "She does state that she has a flammable liquid of some sort in the cup, and that if she doesn't get money she's going to light it on fire, which she actually does," a Scottsdale police officer said. The suspect poured out the cup and lit it with a match. A small section of the counter ignited, but the fire died off quickly. She then fled empty-handed, and jumped into a silver 4-door getaway car. Police are looking into whether or not the suspect is tied to another robbery in Mesa, Arizona, October 3, but that has not been confirmed. Source:

15. October 3, Softpedia – (International) PayPal emails replicated in phishing campaign. An e-mail reading “Your PayPal account has been limited” has been received by many users, in what turned out to be a well-thought-out phishing expedition. Mxlabs informed Softpedia October 3 that the scam e-mails were very well designed and because the seemingly genuine address was spoofed, they looked even more credible. The body of the note reads ”Unfortunately one of your recent transaction with PayPal is not successful because your PayPal account has been limited. It is a measure taken to protect your account and help ensure the safety of the PayPal platform. We want to help you remove this limitation as soon as possible so he can continue to take advantage of the benefits from PayPal.” The whole layout of the e-mail is very well conceived, and all the graphics and content elements are a perfect match to what would normally be seen in a message coming from PayPal. Once the Click Here button is hit, the user is transferred to a site hosted on a domain called mittemaedchen(dot)de. The full address contains some fragments that refer to “pay pal” to make it look more realistic. The next page, which is also well built, contains a form in which the customer is asked for information such as name, date of birth, country, address, and credit card information. After the form is completed, the victim is redirected to the PayPal genuine site. Source:

For another story, see item 40 below in the Information Technology Sector

Information Technology Sector

37. October 4, Help Net Security – (International) Critical vulnerabilities in Adobe Photoshop Elements 8. Critical vulnerabilities have been identified in Adobe Photoshop Elements 8.0 and earlier versions, Help Net Security reported October 4. These two buffer overflow vulnerabilities (CVE-2011-2443) could cause a crash and potentially allow an attacker to take control of the affected system. An attacker would need to convince a user to open a malicious binary .grd or .abr file to successfully exploit the issue. Because Photoshop Elements 8 is no longer supported, Adobe recommends users upgrade to Photoshop Elements 10. Users who cannot upgrade to Photoshop Elements 10 should not open .grd or .abr files from untrusted sources. Source:

38. October 3, Softpedia – (International) Children's online games hide bank account stealing malware. Bitdefender experts warn users to pay closer attention to what their children access on the Internet as in many cases, harmless looking games hide dangerous malware that could compromise the entire information from a device. According to a Bitdefender researcher, “Some of these dangerous games are easily identified by adults –- who suspect that something is abnormal about them when they require permission to install various programs in the computer or they redirect to other Web sites," he said. ”Thus, attackers choose targets that are easier to dupe. Furthermore, a 4-year-old doesn't understand the concept of online vulnerability." The colorful images and playful sounds might look innocent, but in some cases they hide backdoor applications that surrender control of the machine to hackers looking to steal sensitive data. The phenomenon is expected to take off, as recent studies show that in the United States and in the United Kingdom, more than 40 percent of children are highly active in social networking environments. Also, 24 percent of parents do not monitor their children's Internet activity. Malware containing Flash applications seem to be among the most unsafe as in many cases they look like regular games. When they are executed, redirects are made, which lead kids to insecure locations that host malicious elements. Legitimate sites can also be overtaken by cybercriminals and infested with malevolent code that could hand over the controls to the system to a third party. Source:

39. October 3, – (International) U.S. signs international anti-piracy accord. The United States, Australia, Canada, Japan, Morocco, New Zealand, Singapore, and South Korea signed the Anti-Counterfeiting Trade Agreement October 1, an accord targeting intellectual property piracy. The European Union, Mexico, and Switzerland — the only other governments participating in the accord’s creation — did not sign the deal at a ceremony in Japan but “confirmed their continuing strong support for and preparations to sign the agreement as soon as practical,” the parties said in a joint statement. Among other things, the accord demands governments make it unlawful to market devices that circumvent copyright, such as devices that copy encrypted DVDs without authorization. The accord also calls on participating nations to maintain extensive seizure and forfeiture laws when it comes to counterfeited goods that are trademarked or copyrighted. Most important, countries must carry out a legal system where victims of intellectual property theft may be awarded monetary damages. Source:

40. October 2, Ars Technica – (International) Security hole in HTC phones gives up e-mail addresses, location. A security hole found in some HTC Android phones could give apps with Internet permissions access to information such as a user’s location and their text messages, Android Police reported October 2. The vulnerability is part of HTC’s Sense UI and affects a subset of the brand’s most popular phones, including the HTC Thunderbolt, and the EVO 4G. The affected HTC phones have an application package titled HTCLoggers.apk installed with root-level access. Apps with Internet permissions can access HTCLoggers.apk, which provides access to information such as GPS data, WiFi network data, memory information, running processes, SMS data (including phone numbers and encoded text), and system logs that can include information such as e-mail addresses and phone numbers. When called upon, the logging program opens a local port that will provide this data to any app that asks for it. Apps can send the data off to a remote server for safekeeping, as shown by a proof-of-concept app that Android Police researchers developed. Source:

41. October 1, Softpedia – (International) Google and Yahoo services become spammers' heaven. Since e-mail arriving from Yahoo or Google services is considered legitimate and useful, spammers take advantage of this to spread malevolent messages. A Sophos security researcher revealed he has been receiving a lot of spam e-mail from Google Picasa and Yahoo! Groups, all being attempts of hackers to cast “spammy” alerts. In the case of Google's Picasa, a random account is created that contains text and attached pictures that are then shared with other members. So users might end up receiving many Picasa Web albums. Because anything coming from the picture manager is considered to be harmless, it never ends up in the spam folder of the mailbox. Instead, it floods users' inboxes with myriad scam attempts. With Yahoo! Groups the principle is more complicated, but spammers can just as easily take advantage of the policy slip. The rules allow anyone who owns a group to add members without asking for permission. Instead, after a user is unwillingly made part of a group, they must unsubscribe to stop receiving alerts. This mechanism is utilized successfully and as the Sophos researcher pointed out, in many cases it is not easy to unsubscribe. Another one of Yahoo's policies makes certain links expire ”to prevent abuse,” thus making it impossible to cancel a subscription. Source:

For more stories, see items 13 and 15 above in the Banking and Finance Sector and 43 and 44 below in the Communications Sector

Communications Sector

42. October 3, KOTV 6 Tulsa – (Oklahoma) AT&T repairs cell tower after 6 month service interruption in Adair. Cell phone provider AT&T said October 3 it solved a chronic problem for customers in Adair, Oklahoma. Almost no one with an AT&T cell phone could make outgoing calls, and the problem lasted for more than 6 months, despite plenty of complaints. AT&T said the problem was limited to one tower. The cell phone company said they repaired it the day after KOTV 6 Tulsa reported the phone problems delayed the emergency response to a house fire. Source:

43. October 3, – (Florida) Frontier experiences Internet outage. Frontier Communications Internet customers across the North Escambia, Florida area were without service for about 6 hours October 3. Business and residential customers in the Walnut Hill, Bratt, Molino, and Atmore areas reported their Internet service failed about 9:10 a.m. Service returned about 3:15 p.m., according to the company. A spokesperson for Frontier said early the afternoon of October 3 that the outage was the result of an AT&T cable that was cut west of Atmore. Frontier high speed Internet customers have been plagued with numerous outages — some many hours in length — over the past several months. The company has said that most of those outages were caused by problems with AT&T, the provider for Frontier’s connection to the Internet. Source:

44. October 3, Riverside Press-Enterprise – (California) Verizon restores Wrightwood-area phone service. The San Bernardino County, California Sheriff’s Department announced telephone service was restored to Verizon customers living in an area west of Interstate 15 in the lower Cajon Pass October 3. The service had been disrupted early October 3, cutting land-line, cellular, and data services to residents of Wrightwood, Canyon Hill, Oak Springs, Cajon, West Cajon Valley, Big Pines, and Pinon Hills, including 911 service. Residents with an emergency were urged to go to one of three fire stations in the area, a spokeswoman said. The county fire department’s emergency communications center, and Wrightwood’s community emergency response team were checking on residents during the outage to help ensure no one with special needs, such as people with disabilities, or emergencies were going without aid, the spokeswoman said. A Verizon crew worked throughout the day to restore service, but neither Verizon nor the sheriff’s department announced what cause the service outage, or how many people it affected. Source:

For more stories, see items 38, 40, and 41 above in the Information Technology Sector

No comments: