Friday, February 11, 2011

Complete DHS Daily Report for February 11, 2011

Daily Report

Top Stories

• The Associated Press reports that McAfee Inc. said hackers operating from China stole sensitive information from Western oil companies in several countries, including the United States. (See item 1)

1. February 10, Associated Press – (International) Report: Hackers in China hit Western oil companies. Hackers operating from China stole sensitive information from Western oil companies, McAfee Inc. reported February 10. The report did not identify the companies but said the “coordinated, covert and targeted” attacks began in November 2009 and targeted computers of oil and gas companies in the United States, Taiwan, Greece, and Kazakhstan. It said the attackers stole information on operations, bidding for oil fields, and financing. “We have identified the tools, techniques, and network activities used in these continuing attacks — which we have dubbed Night Dragon — as originating primarily in China,” the report said. The Chinese government has denied it is involved. Security consultants said China’s military or other government agencies might be stealing technology and trade secrets to help Chinese state companies. Source:

• At least three people were killed, and two others were missing after a natural gas explosion in an Allentown, Pennsylvania neighborhood destroyed 8 houses and damaged at least 16 others. (See item 2)

2. February 10, Associated Press – (Pennsylvania) 3 dead in Pa. natural gas explosion; 2 missing. A natural gas explosion rocked an Allentown, Pennsylvania, neighborhood, leveling two houses and spawning fires that burned for hours through an entire row of neighboring homes, February 9 into February 10. Three people were killed, including an infant, and at least two others were unaccounted for February 10. A couple in their 70s lived in a 2-story row house that blew up about 10:45 p.m. February 9, the city police chief said. The victims ranged in age from 4 months to 79 years old, the city fire chief said. The cause of the explosion was unclear. The blaze was put out early February 10, delayed by the difficulty of digging through packed layers of snow and ice to a ruptured underground gas line that was feeding the flames. About 500 to 600 people who were evacuated were allowed to return home. The fire chief predicted 8 houses would be lost and another 16 damaged. A routine leak-detection check of the gas main that serves the area on the day before the explosion found no problems, a spokesman for Reading-based UGI Utilities Inc. said. He said there is no history of leaks for that section of 12-inch cast-iron main, and there were no calls about gas odors before the explosion. The utility used foam to seal the gas main on both ends of a 1-block area at about 3:45 a.m. February 10. It took crews some time to cut through reinforced concrete underneath the pavement, the spokesman said. Source:


Banking and Finance Sector

11. February 9, The Register – (National) Credit crunch pushes US ID fraud to 8 year low. U.S. identity fraud losses fell sharply in 2010, bucking a long-running trend. The number of fraud victims decreased 28 percent in 2010 from 11 million to 8.1 million. The total value of fraudulent losses also fell from $56 billion in 2009 to $37 billion in 2010, according to an annual study by Javelin Strategy & Research. Javelin reports the figures for losses are the lowest it has seen in the 8 years it has run the study. The average fraudulent losses per victim also declined from $5,000 in 2009 to $4,600 in 2010. Javelin reckons a significant drop in reported data breaches goes some way toward explaining the decline in identity fraud. More stringent checks by lenders to “authenticate users and determine credit risk” as well as improved consumer awareness of ID fraud risks and the use of account monitoring tools, are also credited in the decline. “Economic conditions also appear to have contributed to this year-over-year decline, as well as increased security measures and some significant law enforcement successes,” the president and founder of Javelin said. Source:

12. February 9, First Coast News – (Georgia) Bank robber in Brunswick uses fake explosive. A bank robber February 8 in Brunswick, Georgia, used the drive-thru lane at the Southeastern Bank to demand money from the teller. A fake explosive led to an evacuation of the bank. According to the Glynn County Police Department, the suspect drove up about 5 p.m. Bank employees said the man placed a device in the drawer and demanded money from the teller. The teller put money in the drawer and slid it to the driver, who took the money and drove off, leaving the device in the drawer. Bank employees called police, then evacuated the building as the device sat in the drawer. Police determined the device was a fake explosive. Surveillance cameras captures several images of the suspect and his truck, a dark Chevrolet Silverado. Source:

13. February 9, WCSC 5 Charleston – (South Carolina) Three indicted for Lowcountry bank robbery spree. The FBI said a 48-year-old male suspect robbed eight banks in Charleston and North Charleston, South Carolina, and had help from a man and woman in several of them. Federal prosecutors said the suspect was indicted in U.S. District Court the week of February 7 on eight counts of armed robbery. The indictments said the suspect robbed the banks between January 14 and June 21 of 2010. Investigators said the suspect robbed two BB&T branches, a Harbor National Bank branch, and a Wachovia and First Citizens branch two times. The targeted banks were located west of the Ashley and in North Charleston. The two people police said helped the suspect in most of the robberies also were indicted. A 26-year-old female from North Charleston was indicted on six counts, and a 38-year-old male was indicted on five counts of bank robbery. So far no trial dates have been set for any of the three suspects. Source:

14. February 9, St. Joseph’s News-Press – (Missouri) Local suspect may be linked to other robberies. The suspect in the robbery of Midwest Federal Savings & Loan in St. Joseph, Missouri, February 7 may be a suspect in a series of other bank robberies. A Web site called BanditTrackerKansasCity(dot)com, a partnership with the FBI and local law enforcement agencies, identifies the suspect as a potential suspect in three other robberies: Union Bank, 9221 N. Oak Trafficway, in Kansas City, Missouri, July 9, 2010; KCB Bank in Liberty, Missouri, November 5, 2010; and U.S. Bank, 6098 Antioch Road, in Gladstone, Missouri, January 7. The suspect is described as a white male, around 30 years old, between 5 feet, 5 inches and 5 feet, 8 inches tall and between 170 and 190 pounds. He was wearing a black hoodie, blue jeans, and a black and red Minnesota Twins baseball hat when he robbed the Midwest Federal Savings & Loan, February 7 at 2:30 p.m. Source:

Information Technology

45. February 10, IDG News Service – (International) IPhone attack reveals passwords in six minutes. Researchers in Germany say they have been able to reveal passwords stored in a locked iPhone in just 6 minutes and they did it without cracking the phone’s passcode. The attack, which requires possession of the phone, targets keychain, Apple’s password management system. Passwords for networks and corporate information systems can be revealed if an iPhone or iPad is lost or stolen, said the researchers at the state-sponsored Fraunhofer Institute Secure Information Technology. It is based on existing exploits that provide access to large parts of the iOS file system even if a device is locked. The attack works because the cryptographic key on current iOS devices is based on material available within the device and is independent of the passcode, the researchers said. This means attackers with access to the phone can create the key from the phone in their possession without having to hack the encrypted and secret passcode. Using the attack, researchers were able to access and decrypt passwords in the keychain, but not passwords in other protection classes. Source:

46. February 10, Help Net Security – (International) 400,000 e-mail addresses stolen in Irish job website breach. Names and e-mail addresses of some 400,000 job seekers were harvested by hackers who breached the RecruitIreland(dot)com site and its systems. The site was taken offline for a while, and the server and the database were shut down to prevent further access. “The present indicators are that our database was breached to get e-mail addresses and names for spamming,” it said in a notice posted on the main page of the site. They notified the data protection commissioner and the Gardai about the breach, and internal and external investigations are under way. The external investigation is being handled by the founder and head of Ireland’s CERT and owner of BH Consulting, and the Gardai. Sophos reported the e-mails that have been landing into in-boxes belonging to the users confirm the theory the e-mail addresses have been harvested for spamming purposes and recruiting money mules. Source:

47. February 10, Softpedia – (International) Trojan-rigged software keygens aggressively distributed in January. Serial key generators carrying trojans have made it to the number two spot in BitDefender’s malware detection statistics for January, suggesting that this infection vector was aggressively used in January. Trojan(dot)Crack(dot)I accounted for 5.82 percent of all detections seen by BitDefender in January and was only surpassed by a generic signature for AutoRun malware. “This application is a keygen, a binary file designed to defeat the commercial protection of shareware software products by generating false registration keys. Its emergence on the second place is an indicator of the fact that the worldwide software landscape is affected by piracy and the subsequent threats posed by this practice,” the BitDefender security researchers wrote. The keygen appears harmless, but it actually has a trojan attached that steals registration data for other applications and games installed on the systems. Therefore, users looking to use a commercial product without paying might end up becoming a victim of piracy themselves if they also have legitimate software installed on their computers. Source:

48. February 9, Softpedia – (International) Microsoft moves to kill AutoRun malware propagation vector. Microsoft released an optional software update February 8 that restricts the AutoRun functionality on older Windows operating systems, therefore blocking a common malware propagation vector. AutoRun is the feature responsible for automatically parsing autorun(dot)inf files found on removable media devices, such as USB memory sticks, external HDDs, portable audio players, mobile phones, and optical discs. For years, security experts have campaigned against AutoRun, because it poses more security risks than usability benefits and is constantly abused by malware. Microsoft recognized the dangers and limited the functionality by default in Windows 7 and Windows Server 2008 R2. However, for older versions of Windows, such as XP, Vista, Server 2003, and Server 2008, the company only provided a fix that needed to be manually downloaded and installed. That changed February 8, when KB971029 was released as optional through Windows Update. Source:

49. February 9, Help Net Security – (International) List of top e-threats points to computer use trends. BitDefender issued its monthly top 10 list of e-threats, which offers some insight into security and computer use trends. The list (for January) is as follows: 1. Trojan.AutorunINF.Gen — 7.40 percent; 2. Trojan.Crack.I — 5.82 percent; 3. Win32.Worm.Downadup.Gen — 5.78 percent; 4. Gen:Variant.Adware.Hotbar.2 — 4.26 percent; 5. Java.Trojan.Downloader.OpenConnection.AI — 3.56 percent; 6. Win32.Sality.OG — 2.24 percent; 7. Gen:Variant.Adware.Hotbar.1 — 2.23 percent; 8. Exploit.CplLnk.Gen — 2.19 percent; 9. Win32.Sality.3 — 2.00 percent; and 10. Win32.Worm.DownadupJob.A — 1.92 percent Comparing it to previous lists, they noticed that the Downadup/Conficker worm has dropped from the first to the third place and concluded that computer users have finally recognized the need of regularly applying patches to their Windows and that possibly some of them have migrated form the XP to version 7 of the OS. The bad news is that the list also reflects that software piracy is on the rise. Source:

50. February 9, Softpedia – (International) Oracle releases fix for dangerous Java denial of service bug. Oracle has released a fix for a serious vulnerability in the Java Runtime Environment that could allow attackers to execute remote denial of service attacks against Java-based applications and servers. The bug, which was recently documented, triggers an infinite loop in the runtime when trying to convert the decimal number 2.2250738585072012e-308 to a double-precision binary floating-point. Reports of the same issue, but described a bit differently have been found going back to 2001 and according to a computer expert, equivalent forms of the number trigger the same problem at all. Oracle has published a Security Alert regarding this vulnerability, which has received the CVE-2010-4476 identifier and has a CVSS base score of 5.0. According to the company, the affected products are Java SE 6 Update 23 and before, 5.0 Update 27 and before and 1.4.2_29 and before. Source:

51. February 8, Reuters – (International) Cellphone security threats rise sharply: McAfee. In its fourth-quarter threat report, released February 8, McAfee said the number of pieces of new cellphone malware it found in 2010 rose 46 percent over 2009’s level. “As more users access the Internet from an ever-expanding pool of devices — computer, tablet, smartphone or Internet TV — Web-based threats will continue to grow in size and sophistication,” the report said. McAfree attributed the trend to Adobe’s greater popularity in mobile devices and non-Microsoft environments, coupled with the ongoing widespread use of PDF document files to convey malware. Source:

Communications Sector

Nothing to report