Friday, December 9, 2011
Complete DHS Daily Report for December 9, 2011
Daily Report
Top Stories
• Security researchers at Symantec confirmed December 7 that hackers used an unpatched Adobe Reader vulnerability to target people who worked at defense, telecommunications, chemical, and computer hardware companies. – Computerworld (See item 12)
12. December 7, Computerworld – (International) Symantec confirms Flash exploits targeted defense companies. Security researchers at Symantec confirmed December 7 that exploits of an unpatched Adobe Reader vulnerability targeted defense contractors, among other businesses. "We've seen [this targeting] people at telecommunications, manufacturing, computer hardware and chemical companies, as well as those in the defense sector," said a senior security manager in Symantec's security response group. Symantec mined its global network of honeypots and security detectors — and located e-mail messages with attached malicious PDF documents — to reach that conclusion. Adobe warned Reader and Acrobat users hackers were exploiting a "zero-day" bug on Windows PCs December 6, crediting Lockheed Martin's security response team and the Defense Security Information Exchange (DSIE), a group of major defense contractors that share information about computer attacks, with reporting the vulnerability. Symantec found attack e-mails dated November 1 and November 5. It also published an image of a redacted e-mail of the attack's bait — the promise of a 2012 guide to policies on new contract awards — that it said was a sample of the pitches that tried to dupe recipients into opening the attached PDF. Opening the PDF also executed the malicious code — likely malformed 3-D graphics data — compromising the targeted PC and letting the attacker infect the machine with malware. That malware, Symantec's senior security manager said, was identical to what was used in early 2010 by hackers exploiting a then-unpatched bug in Microsoft's Internet Explorer 6 (IE6) and IE7. Symantec labeled the malware "Sykipot" in 2010. "[The malware] is a general-purpose backdoor. One of the interesting things about it is it uses a form of encryption of the stolen information, which helps the attack hide what information is stolen," the security manager said. Sykipot encrypts the pilfered data after it has been retrieved, but while it is still stored on the company's network, as well as when it is transmitted to a hacker-controlled server. Those command-and-control servers are still operating, the manager said. Because of the similarities — using Sykipot, which is not widely in play, and exploiting zero-day vulnerabilities — Symantec suspects the same group of hackers who launched the attacks against IE6 and IE7 in 2010 were also responsible for the Reader-based attacks seen in November. Source: http://www.computerworld.com/s/article/9222496/Symantec_confirms_Flash_exploits_targeted_defense_companies?taxonomyId=17
• A gunman who killed a police officer December 8 after being pulled over in a traffic stop at Virginia Tech University in Blacksburg, Virginia, is believed to be dead, a law enforcement official said. – Associated Press (See item 32)
32. December 8, Associated Press – (Virginia) Official: Virginia Tech gunman who killed cop believed to be dead. The gunman who killed a police officer December 8 after being pulled over in a traffic stop at Virginia Polytechnic Institute and State University (Virginia Tech) in Blacksburg, Virginia, is believed to be dead, a law enforcement official told the Associated Press. Virginia Tech officials said on the school’s Web site that a weapon was recovered near a second body found in a parking lot on campus. It was not immediately clear if the second body was that of the gunman. School officials also said there was no longer an active threat that afternoon and that normal activities could resume. The officer’s shooting prompted a lockdown that lasted for hours. As police hunted for the killer, the school applied the lessons learned nearly 5 years ago, warning students and faculty members via e-mail and text message to stay indoors. It was the first gunfire on campus since 33 people were killed in the deadliest mass shooting in modern U.S. history. The university sent updates about every 30 minutes, regardless of whether they had any new information, a school spokesman said. The campus was quieter than usual because classes ended December 7 and students were preparing for exams, which were to begin December 9. The school postponed those tests. The shooting came soon after the conclusion of a hearing where Virginia Tech was appealing a $55,000 fine by the U.S. Education Department in connection with the university’s response to the 2007 rampage. Since the massacre, the school expanded its emergency notification systems. Alerts now go out by electronic message boards in classrooms, by text messages, and other methods. Other colleges and universities have put in place similar systems. Universities are required under the Clery Act to provide warnings in a timely manner and to report the number of crimes on campus. During about a 1-hour period during the December 8 incident, the university issued four separate alerts. Source: http://www.suntimes.com/9324302-417/official-virginia-tech-gunman-who-killed-cop-believed-dead.html
Details
Banking and Finance Sector
13. December 8, Pasadena Star-News – (California) Tri-Cities Bandit pleads guilty. A serial robber pleaded guilty to six bank heists which included banks in Pasadena and La Verne, California, officials said December 7. The robber, who was dubbed by the FBI as the "Tri-Cities Bandit," entered his plea December 6 at a Los Angeles federal court. His alleged accomplice and getaway driver has a trial set for January 10. The FBI created the moniker because the bandit initially robbed banks in Pasadena, Glendale, and Burbank. He started robbing banks in June and presented tellers a note demanding large bills. He was charged with 10 bank robberies and 2 attempted robberies in communities that included Pasadena, Los Angeles, Chino Hills, La Verne, and Glendale. Court documents estimated the amount taken at $21,229. Both the robber and getaway driver were arrested by deputies after robbing the First California Bank in Westlake Village August 19. Source: http://www.pasadenastarnews.com/ci_19495192
14. December 8, Associated Press – (International) Letter bomb sent to Deutsche Bank chief. German authorities said December 8 a letter bomb addressed to the chief executive of Deutsche Bank in Frankfurt, Germany, contained a fully functional bomb, capable of exploding had it not been intercepted in the bank's mailroom. The bomb was intercepted after a routine X-ray screening December 7 in the mailroom of the bank's Frankfurt headquarters, prosecutors and police from Hesse state said in a joint statement. The authorities refused to give details on the matter, citing an ongoing investigation. A Deutsche Bank spokesman said the bank alerted police immediately after the package came to the attention of mailroom workers during a routine screening. The New York City Police Department (NYPD) said it was alerted to the scare late December 7, causing the department to dispatch patrols to the bank's offices in the city "solely as a precaution." A NYPD spokesman said the return address on the letter was the European Central Bank — the governing body for the 17-nation common European currency, which has its headquarters just across the park from Deutsche Bank in downtown Frankfurt. Source: http://www.cbsnews.com/8301-202_162-57339174/letter-bomb-sent-to-deutsche-bank-chief/
15. December 8, Softpedia – (Massachusetts; International) Jeanne D’Arc Credit Union insider breach discovered after one year. A recent security incident involving a Massachusetts financial institution called Jeanne D’Arc Credit Union shows it is not necessary for hackers to be involved for data leaks to occur, Softpedia reported December 8. More precisely, one of their employees that left the company in December 2010 took with her some files that contained private data belonging to customers, including Social Security numbers and loan account numbers, reported DataBreaches. The incident would not have been discovered if the woman's latest employer did not notice the information after she left her new job. She claimed the data was taken on a USB drive to be used in her new job, and the files were never copied to other computing devices. "We have recovered the thumb drive device that contained the computer files in question. We have obtained a sworn affidavit from our former employee indicating that she made no unauthorized use or further disclosure of the disclosed personal information," reads a letter sent by the organization to the state attorney general's office. Jeanne D’Arc also stated their former employee and her new employer assured them the data would not be disclosed to other parties, and they implemented new systems to prevent such incidents in the future. All individuals were notified on the breach and they were advised on how to monitor their bank accounts. Source: http://news.softpedia.com/news/Jeanne-D-Arc-Credit-Union-Insider-Breach-Discovered-After-One-Year-239326.shtml
16. December 8, U.S. Securities and Exchange Commission – (National) SEC charges Wachovia with fraudulent bid rigging in municipal bond proceeds. The Securities and Exchange Commission (SEC) December 8 charged Wachovia Bank N.A. with fraudulently engaging in secret arrangements with bidding agents to improperly win business from municipalities and guarantee itself profits in the reinvestment of municipal bond proceeds. The SEC alleges Wachovia generated millions in illicit gains during an 8-year period when it fraudulently rigged at least 58 municipal bond reinvestment transactions in 25 states, and Puerto Rico. Wachovia won some bids through a practice known as "last looks" in which it obtained information from bidding agents about competing bids. It also won bids through "set-ups" where the bidding agent deliberately obtained non-winning bids from other providers to rig the field in Wachovia’s favor. Wachovia facilitated some bids rigged for others to win by deliberately submitting non-winning bids. It agreed to settle the charges by paying $46 million to the SEC that will be returned to affected municipalities or conduit borrowers. Wachovia also entered into agreements with the Justice Department, Office of the Comptroller of the Currency, Internal Revenue Service, and 26 state attorneys general that include the payment of an additional $102 million. The settlements arise out of long-standing parallel investigations into widespread corruption in the municipal securities reinvestment industry in which 18 individuals have been criminally charged by the Justice Department’s Antitrust Division. Source: http://www.sec.gov/news/press/2011/2011-257.htm
17. December 7, Associated Press – (New York) Nearly 100 people charged in New York check fraud ring. Nearly 100 people formed a check fraud ring in New York that systematically exploited a banking loophole to steal more than $450,000 by depositing bogus checks and withdrawing money before they bounced, prosecutors said December 7. With a handful of bosses recruiting dozens of people to carry out the scheme — and even driving them to out-of-state casinost — the group methodically overdrew TD Bank accounts, a Manhattan district attorney (DA) said as he announced 94 people were indicted. The bank noted no customer account data were compromised. Three main bosses, aided by six other leaders, enlisted people to open savings accounts at TD locations with nominal sums and then had them deposit worthless checks, the DA said. The accounts were not subject to policies that prevent money deposited into checking accounts from being available immediately and the ringleaders knew that The suspects quickly transferred the money to TD checking accounts they also opened, prosecutors said. Then, they withdrew as much as they could at cash machines, sometimes getting as much as $5,000 at once, by traveling to casinos in Connecticut and Atlantic City, New Jersey, where the machines had high or no limits on the size of withdrawals. The group's leaders would escort the complicit account-holders to the casinos one by one. The account-holders then made themselves scarce when the bank tried to contact them to discuss the overdrawn accounts, which were opened under their real names, prosecutors said. The recruiters got most of the stolen money, generally paying each account-holder a few hundred dollars, prosecutors said. The DA said prosecutors believe the bank's losses may be more than $1 million. The bank spotted the pattern, which dates at least to August 2009, and brought in authorities. The U.S. Postal Inspection Service aided the 18-month investigation, which involved video and physical surveillance, computer forensics, and extensive analysis of credit card, banking, and phone records, authorities said. Each defendant faces grand larceny or conspiracy charges, or both. Source: http://www.foxnews.com/us/2011/12/07/nearly-100-people-charged-in-new-york-check-fraud-ring/
18. December 7, Orange County Register – (California) O.C. pair nabbed in $6 million loan-mod scam. Two Orange County, California men were arrested December 7 on charges of theft and conspiracy in what state prosecutors called a $6 million mortgage modification scam that victimized thousands of financially troubled homeowners across the nation. Both pleaded not guilty at an arraignment in Orange County Superior Court December 7 and were expected to post bail later. They face a maximum of 36 years in state prison if convicted on all counts. A third man, a disbarred Tennessee lawyer, also was charged in the case, state prosecutors said. According to the 37-count felony complaint, the Orange County men operated Green Credit Solutions in Irvine, which charged thousands of homeowners facing foreclosure $3,500 apiece in up-front fees in exchange for attorney services that never were provided. Instead, state prosecutors maintain, Green Credit and its related companies did little, if anything, on behalf of its clients. The mortgage-aid firm also maintained falsely it had a lawyer on staff and was affiliated with a law firm with a network of attorneys, state prosecutors said. According to the attorney general's office, Green Credit later was renamed as Guardian Credit Services and Get My Credit Grade as complaints to the California Department of Real Estate, the California State Bar, and the Better Business Bureau began piling up. The state bar successfully petitioned to have the mortgage-aid firms shut down in January 2010, along with four other firms affiliated with the men: Green Credit Services, Erickson Law Group, Green Credit Law, and PacWest Funding. Source: http://www.ocregister.com/articles/state-330475-credit-law.html
19. December 7, San Antonio Express-News – (Texas) S.A. couple indicted in mortgage fraud. A San Antonio couple was indicted December 7 on allegations of helping out in a mortgage fraud scheme that resulted in $50 million in losses to lenders. They face federal charges of bank fraud, engaging in a monetary transaction in property derived from unlawful activity, and conspiracy. They are the latest to be charged in a sweep called "Operation Stolen Dreams" by the Justice Department, FBI, and Internal Revenue Service. According to court records, the couple is accused of aiding a mortgage scam by a man who ran Supreme Mortgage Group LLC, one of several entities used in a scheme blamed primarily on a Dallas man. The man and his wife are among 22 people indicted in San Antonio in June 2010 on charges they conspired in a flipping scheme that caused $50 million in loans to go into default. That indictment said that from May 17, 2005, through February 21, 2008, the man obtained properties at or about market value, then offered people $10,000 to $25,000 each to act as straw buyers for the homes at inflated prices. Using falsified documents, he obtained mortgage loans for the straw buyers and then let the mortgages go into default. The scheme, the indictment alleges, was aided by appraisers, title officers, escrow officers, mortgage processors, and others who helped submit false documentation and information to lenders. Source: http://www.mysanantonio.com/news/local_news/article/S-A-couple-indicted-in-mortgage-fraud-2373857.php
Information Technology
40. December 7, Computerworld – (International) Facebook disables bug used to expose Zuckerberg photos. A spokeswoman for Facebook confirmed December 7 a flaw was discovered in the mechanism that allows the social network's users to report photos on the site that violate the company's terms of service. Before it was disabled, the flaw was used to gain access to users' photos, including private photos. "The bug allowed anyone to view a limited number of another user's most recently uploaded photos irrespective of the privacy settings for these photos," the company said in a statement. "This was the result of one of our recent code pushes and was live for a limited period of time. Upon discovering the bug, we immediately disabled the system, and will only return functionality once we can confirm the bug has been fixed," the statement added. Source: http://www.computerworld.com/s/article/9222494/Facebook_disables_bug_used_to_expose_Zuckerberg_photos?taxonomyId=17
41. December 6, Sophos – (International) Beware Adobe software upgrade notification – malware attached! Cybercriminals have widely spammed out a malware attack posing as upgrades for Adobe Acrobat Reader and Adobe X Suite Advanced. The e-mails, which pretend to come from Adobe, have a ZIP file attached that contains a version of the Zeus trojan, designed to steal banking information from compromised computers. The risk is that less technical-savvy computer users might believe the e-mail is legitimate, and be tricked into installing malware onto their computer thinking it is an official Adobe update. Each e-mail is slightly different, incorporating different reference numbers in the subject line, attached filename, and message body. The samples seen so far by Sophos all carry malware in the file "Adobe Systems Software Critical Update Dec 2011.exe" contained within the ZIP. Source: http://nakedsecurity.sophos.com/2011/12/06/beware-adobe-software-upgrade-notification-malware-attached/
For more stories, see items 12 above in Top Stories and 42 below in the Communications Sector
Communications Sector
42. December 8, CNET – (National) Verizon says 4G LTE back up and running. Verizon Wireless said December 8 it restored 4G LTE service to customers across the country who got stuck on a slower connection for the past day and a half. The company's network operations team resolved a technical issue the night of December 7, but did not disclose the cause of the problem, which forced some customers off its high-speed network and on to the slower 3G service since late December 6. Some customers complained of losing 3G access as well, dropping down to the 2G level, which is primarily designed for voice and text messages. For this outage, Verizon noted customers were still able to make calls, send and receive text messages, and use 3G data. The outage appeared to be intermittent, with customers affected at random times and locations. Source: http://news.cnet.com/8301-1035_3-57339218-94/verizon-says-4g-lte-back-up-and-running/
For more stories, see items 12 above in Top Stories and 40 above in the Information Technologies Sector
No comments:
Post a Comment