Monday, January 31, 2011

Complete DHS Daily Report for January 31, 2011

Daily Report

Top Stories

• Crews from the Northern Indiana Public Service Co. January 28 stopped and repaired a gas leak, which prompted the evacuation of hundreds of residents within a four-block radius the night before, in East Chicago, Indiana, the Indiana Post-Tribune reports. (See item 2)

2. January 28, Indiana Post-Tribune – (Indiana) Gas leak forces hundreds from East Chicago homes. Crews from the Northern Indiana Public Service Co. (NIPSCO) on January 28 stopped and repaired a gas leak in East Chicago, Indiana, that led to the evacuation of hundreds of residents the night of January 27. East Chicago Fire Department and police evacuated residents in a four-block radius in buses and emergency vehicles around 10 p.m. January 27 after NIPSCO and police received several calls about a potential gas leak in the area. As a safety precaution, NIPSCO disconnected gas for 21 to 22 residences from the time the leak was detected until January 28 when the company finished repairing a crack in welding that caused the leak. The welding connects the 6-inch steel main. “[It] can be a number of causes, none of which are preventable. It can be caused from ground movement, from the change in climate and temperature. Frost can play a factor or even things on the external surface, like work and other projects above the ground that can have an impact on things beneath the surface” a spokesman said. NIPSCO will take the part of the pipeline that leaked to additional testing, he said. Source:,ecgaslk-ptb-0128.article

• According to Network World, a new study shows half of U.S. government Web sites are vulnerable to commonplace denial of service (DNS) attacks because they have not deployed a new authentication mechanism that was mandated in 2008. See item 61 below in the Communications Sector.


Banking and Finance Sector

15. January 28, Washington Post – (Maryland) ATM skimmer investigated in Md. A 48-year-old woman discovered what appeared to be an ATM skimmer while using an ATM at a Bank of America in Anne Arundel County, Maryland on January 22, police said. At approximately 5:26 p.m., officers responded to a call from to the Bank of - America in the 600 block of Annapolis Boulevard in Severna Park, for a recovered ATM skimmer affixed to the ATM machine. The woman told police she observed what appeared to be a fraudulent device attached to the machine for the purpose of scanning the ATM cards of customers. She had pried the device from the machine before the suspect could return to retrieve the device and obtain customer data. This appeared to be an isolated incident and no personal account information has been compromised for individuals that used the ATM, police said. The case is being investigated by the United States Secret Service with the assistance of the Anne Arundel County Police Department. Source:

16. January 28, Washington Post – (Maryland) Takoma Park bank robbery suspect killed. A man was fatally shot by police January 28 after he attempted to rob a bank in Takoma Park, Maryland, authorities said. Three people were also injured. The incident began at 9:25 a.m. when police officers were called to the Capital One bank at New Hampshire Avenue and University Boulevard for a report of a suspicious package. When officers from Takoma Park and Prince George’s County police departments arrived on the scene, they discovered that a suspect was holding a weapon to the head of a woman. Six people were in the bank at the time of the robbery. Video shown on a number of local television stations showed the suspect and a female hostage leaving the bank and walking toward a parking lot. The two were surrounded by armed police officers nearby. Shortly after a red dye pack exploded, the suspect slipped on ice and the hostage broke free, the video showed. Authorities said three Takoma Park officers and three Prince George’s County officers opened fire on the suspect. He was taken into custody, taken to authorities and later pronounced dead. Officials said one hostage was pistol whipped and a second was taken to the hospital after experiencing shock. A Prince George’s officer was grazed by a bullet. Authorities said it is possible the officer’s wound may have come from another police officer. Source:

17. January 28, Columbia Broadcasting System; Associated Press – (National) “Granddad Bandit” Michael Mara to plead guilty to bank robberies in Virginia, Alabama, Arkansas. The 53-year-old man dubbed the “Granddad Bandit” by the FBI will pleaded guilty to multiple bank robbery counts February 10, according to the federal prosecutor’s office in Richmond, Virginia. A representative of the federal public defender’s office confirmed January 26 that the suspect will plead guilty, but would not discuss details of the case. The man, who is suspected in 25 bank robberies in 13 states, is charged with two robberies in Virginia and has apparently agreed to plead guilty in Richmond to four robberies in Alabama and one in Arkansas. The man was captured at his home in Baton Rouge August 11, 2010 after the FBI and police received a tip from someone who identified the suspect as the “Granddad Bandit” and gave authorities photographs to match bank surveillance videos. Source:

18. January 28, Medford Mail Tribune – (Oregon) Man armed with ‘Uzi-style’ gun robs Medford bank. The hunt is on for two men suspected in an armed robbery of a Key Bank branch January 27 on East Barnett Road in Medford, Oregon. A white man, about 5 feet 9 inches tall, wearing a knit cap, a camouflage shirt and baggy pants showed an Uzi-style submachine gun and fled the bank at the corner of Black Oak Drive and Barnett Road with what a deputy chief described as “a significant amount of cash.” The robber had a getaway driver, police said. A suspicious man was seen in the area in a white, four-wheel-drive Dodge pickup, which police are still looking for. A police tracking dog was called to the area and sniffed through the complex, but was unable to locate a suspect. Officers taped off the bank while detectives and FBI agents spoke with witnesses. As detectives collected more statements, they learned the truck was fitted with a canopy and might have had red lettering on one side reading “sport.” It also had chrome rims, a spokesman said. The suspect brandished a silver-colored handgun and shouted at employees and customers. He stuffed an undisclosed amount of money into a green bag and ran from the bank, police said. Source:

19. January 28, KGTV 10 San Diego – (California) Man accused of robbing bank, attacking detective. A San Diego, California man was behind bars January 27 on suspicion of robbing a Kearny Mesa bank and attacking a detective at police headquarters after being arrested at the end of a freeway and foot chase. The man allegedly handed a demand note to a teller at the Wells Fargo branch in the 9300 block of Clairemont Mesa Boulevard January 25. The employee complied, but the money she turned over had an electronic tracking device hidden inside it, according to the FBI. A few minutes later, San Diego police caught up with the white sport utility vehicle he was driving and tried to pull it over. He fled to the south and west before running over a tire-flattening spike strip laid in his path by the California Highway Patrol on southbound Interstate 805. He then jumped out of the SUV and ran off, but officers arrested him a short distance away with help from a K-9. At downtown San Diego Police Department headquarters, he asked to use the restroom, and officers took off his handcuffs. He allegedly made two attempts to overpower a detective and get hold of his gun. Both times, he was subdued by officers. Source:

20. January 27, Fort Bend Now – (National) Two Fresno residents found guilty In $3.7 million mortgage scheme. Two Fresno, California, residents, along with a Katy resident, have been found guilty of defrauding residential mortgage lenders of more than $3.7 in loans in connection with home purchases in the Houston, Texas, area. Members of the United States Attorney’s office, FBI, and IRS — Criminal Investigations Section announced January 26 that a jury in United States District Judge Sim Lake’s Courtroom found the suspect, former fee attorney for First Southwestern Title Company and attorney for Aldridge and Associates, along with the other suspect, a former employee of First Southwestern Title Company and a third man, a co-owner of Waterford Homes, guilty of charges of wire fraud and money laundering. The first two suspects, both of Fresno, were found guilty of 19 counts which included conspiracy to commit wire and mail fraud, wire fraud, conspiracy to commit money laundering and money laundering charges. The third man, of Katy, was found guilty of 13 counts which included conspiracy to commit wire and mail fraud, wire fraud and conspiracy to commit money laundering. Source:

Information Technology

54. January 28, The Register – (International) braces for Anonymous hacklash. U.K. government websites have been warned to brace themselves for website attacks in the wake of the arrest of five Britons as part of an investigation into Anonymous the week of January 23. Members of the Anonymous hacking collective condemned the arrests, arguing that denial of services attacks are a legitimate protest tactic, comparable with staging a sit-in or picketing. In a statement, the group criticizedthe police operation as disproportionate, describing it as “a serious declaration of war from yourself, the U.K. government, to us, Anonymous, the people.” Information security agency GovCertUK has taken this implied threat seriously, issuing an advisorurging government websites to prepare defenses against possible attack. Source:

55. January 28, Softpedia – (International) Kapersky anti-virus source code leaks online. The source code for one of Kaspersky’s security suite products has been leakedonline and is available for download from torrent and file hosting websites. According to a description accompanying the release, the sources were stolen from Kaspersky Lain 2008 and the last changes made to them date from December 2007. The code is written in C++ and Delphi and covers the anti-virus engine, as well as the anti-phishing, anti-dialer, anti-spam, parental control, and other modules. It is unknown what version of Kaspersky’s security suite the sources actually correspond to, but 8.0 is the most likely candidate. The Russian vendor’s line of products is now at version 11.0, which is publicly marketed as 2011 and PURE, for the most complete offering. Source:

56. January 28, Softpedia – (International) Eight-character password bug identified on Amazon. A password bug has been identified on Amazon, where the casing and everything after the first eight characters is ignored for older access codes. The discussion about this problem was started on Reddit by a user who noticed that Amazon’s system would authenticate him even if he mistyped the ending of his password. Apparently, the issue exists only for access codes longer than eight characters. And, after analyzing the implications, that the impact is quite limited — if an attacker would decide to hack a user whose password is common eight-letter word, they would still need to find out their e-mail addresses. Giving the sheer size of Amazon and the likely protection against brute force attacks, finding even a single match would probably take a lot of time, even with lists of already harvested e-mail addresses. In addition, the password must not have been changed in a long time, because this trick does not appear to work with newer access codes, probably because the source of the bug is an old password hashing algorithm. Source:

57. January 27, H Security – (International) 50 million viruses and rising. IT security lab AV-Test registered the 50 millionth new entry into its malware repository January 27. The malware in question is a PDF file which exploits a security hole in Adobe Reader to infect Windows systems. It has not been given a name yet because it has not been fully identified. So far, only the heuristics of Authentium, Eset, F-Prot, Kaspersky, and McAfee have issued a generic message such as: “HEUR:Exploit.Script.Generic.” This new item of malware confirms the trend that attackers trying to infect PCs no longer use mainly the security holes in operating systems or browsers as their point of entry. Instead, malware authors are focusing on third party applications. Source:

58. January 27, IDG News Service – (International) FBI executes 40 search warrants in quest for ‘Anonymous’. Police agencies worldwide are turning up the heat on a loosely organized group of WikiLeaks activists. U.K. police arrested five people January 27, and U.S. authorities said more than 40 search warrants have been executed in the United States in connection with December’s Web-based attacks against companies that had severed ties with WikiLeaks. Investigations are also ongoing in the Netherlands, Germany, and France, the FBI said January 27. Acting on information from German authorities, the FBI raided Dallas ISP Tailor Made Services in December, looking for evidence relating to one of the chat servers used by Anonymous. Another server was traced to Fremont, California’s Hurricane Electric. The actions come after Anonymous knocked websites for MasterCard, Visa and others offline briefly by - recruiting volunteers to target them with a network stress-testing tool called LOIC (Low Orbit Ion Cannon). LOIC flooded the sites with data, making them unable to serve legitimate visitors. Source:

59. January 27, Softpedia – (International) Most computers infected with SpyEye are located in Poland. Security researchers from Trend Micro have recently investigated new developments surrounding the SpyEye crimeware and have discovered that most computers infected with this threat are located in Poland. SpyEye is a sophisticated banking trojan which appeared around a year ago and positioned itself as an alternative to the ZeuS crimeware toolkit. With a similar set of features for a much lower price, SpyEye not only competed with ZeuS for market share, but also removed it from the computers it infected. In a Twitter update, TrendLabs announces that most SpyEye-infected computers are located in Poland, which is unusual giving that most banking trojans usually target users and companies in U.S. and U.K. Source:

60. January 26, The H Security – (International) Conficker: Lessons learned report published. The Conficker Working Group has published a report by the Rendon Group, based on work funded by the Department of Homeland Security, on the “Lessons Learned” from the international effort to contain the virulent Conficker worm, a botnet infection that spread throughout the world in 2009. The report, written in the summer of 2010, documents the history of the Conficker worm, from the early reports in November of 2008 through to 2009 when Conficker infections were widely reported. Security researchers started to work together on solving the problems posed by the worm in 2008, a cooperation which eventually became the Conficker Working Group. Source:

Communications Sector

61. January 27, Network World – (International) Half of federal Web sites fail DNS security test. Half of U.S. government Web sites are vulnerable to commonplace denial of service (DNS) attacks because they have not deployed a new authentication mechanism that was mandated in 2008, a new study shows. The Office of Management and Budget issued a mandate requiring federal agencies to deploy an extra layer of security — called DNS Security Extensions (DNSSEC) — on their .gov Web sites by December 31, 2009. However, an independent study conducted in January 2010 shows that 51 percent of agencies are out of compliance with the requirement to deploy DNSSEC, which is also necessary for high marks in agency report cards under the Federal Information Security Management Act. Source:

62. January 27, International – (Unknown Geographic Scope) To avert Internet crisis, the IPv6 scramble begins. The Internet is running out of Web addresses that computers need to communicate with each other. It is likely that within a week, the central supplier of Internet Protocol version 4 (IPv4) addresses will dole out the last ones at the wholesale level. That will set the clock ticking for the moment in coming months when those addresses will all be snapped by corporate Web sites, Internet service providers, or other eventual owners. And that means it is now a necessity to rebuild the Net on a more modern foundation called IPv6. It has taken a long time because there was little immediate payback for companies spending money and time to build IPv6 support. Source:

63. January 27, Softpedia – (International) Top Russian cybercrime host shut down. Malicious host-tracking outfit HostExploit announced that the number one cybercrime hosting provider, VolgaHost, has been offline since January 17. Russian-based VolgaHost made it to the first position of HostExploit’s “Bad Hosts” list for the fourth quarter of 2010 and ranked third in previous tops. The provider used to offer bulletproof hosting services to people running command and control servers for various botnets, with ZeuS in particular. Other malicious activity detected on VolgaHost’s IP space consisted of infected Web sites, phishing pages, exploit servers, and spam. VolgaHost went offline after it was depeered by its upstream provider,, the Russian State Institute of Information Technologies and Telecommunications, along with several other ISPs known for hosting ZeuS domains. Source:

64. January 27, USA Today – (National) Comcast to broadcast info on missing children. Starting January 27, a missing child’s story and photo will be available to nearly 20 million Comcast cable customers in more than 25 cities in partnership with the National Center for Missing & Exploited Children. “Somebody knows where this child is,” says center President. “If we reach that one person, we increase the likelihood that we’ll get that one lead that will bring the child home.” The public service campaign comes a day before Comcast closes its deal with General Electric for 51 percent of a joint venture that includes NBC Universal. The deal makes Comcast the nation’s most powerful media, entertainment and news company. Comcast created the missing kids videos after having some success with its Police Blotter program, which features fugitives. Police credit the crime videos with generating tips that led to 90 arrests, said vice president of entertainment services for Philadelphia-based Comcast. Twenty, 2-minute video profiles are available. The videos include the child’s name, description, photo, possible whereabouts, and a narrative of the disappearance. Each month, the missing children’s center and Comcast will rotate new videos into the lineup. Each video will be available for at least 12 weeks. Source: