Tuesday, February 15, 2011

Complete DHS Daily Report for February 15, 2011

Daily Report

Top Stories

• Associated Press reports a South African man was arrested on suspicion of threatening to attack Great Britain and the United States with foot and mouth disease. (See item 35)

35. February 14, Associated Press – (International) South African appears in court on terror charges. A South African businessman accused of threatening to unleash biological weapons on Great Britain and the United States may have been driven by concern over the plight of white farmers in neighboring Zimbabwe, a spokesman for the prosecution said February 14. The suspect did not have the means to carry out his threats to spread foot and mouth disease. The 64-year-old man, who owns an engineering firm outside Johannesburg, South Africa, appeared in a Johannesburg court after his arrest February 12 on terror charges. He threatened in letters and e-mails sent to the British government to spread the disease in Britain and the United States unless he was given $4 million. “We have the expertise and resources to do this very effectively and will be able to devastate the industry in the U.K. which will cost billions to the economy,” he wrote in an e-mail to the British government. “We will devastate your farms and then we will then take the problem to your coconspirator the USA.” South African police said a 6-month terror investigation by South African, British, and U.S. officials culminated with his arrest. U.S. and British officials confirmed they had worked closely with the South Africans. Police charged the man with terrorist activity and money laundering. Source: http://news.yahoo.com/s/ap/20110214/ap_on_re_af/af_south_africa_terror_arrest

• The U.S. Coast Guard does not have enough working icebreakers to respond to a major oil spill in Alaskan waters, the top official who oversaw containment of the BP oil spill warned Congress February 11. (See item 45)

45. February 11, Reuters – (National) U.S. icebreakers can’t handle Alaska oil spills: official. The U.S. Coast Guard does not have enough working icebreakers to respond to a major oil spill in Alaskan waters, the top official who oversaw the containment of the BP oil spill warned Congress February 11. “The current condition of the Coast Guard icebreaker fleet should be of great concern to the senior leaders of this nation,” the general testified at a House Transportation subcommittee hearing on the 2010 oil spill in the Gulf of Mexico. He said two of the three ice breakers do not work, and decisions on future funding for the fleet continued to be delayed. Similar concerns about icebreakers were raised by the special presidential commission that looked into the BP oil spill and government offshore drilling regulations. He said current infrastructure is inadequate to support extensive response and recovery operations off Alaska’s North Slope, except for oil industry facilities at Dead Horse and Prudhoe Bay. “Point Barrow, the only location close to the new Beaufort and Chukchi Sea lease areas, has limited access and no ability to support large-scale operations,” he said. Source: http://www.reuters.com/article/2011/02/11/us-arctic-oil-vessels-idUSTRE71A5RM20110211?feedType=RSS&feedName=domesticNews


Banking and Finance Sector

17. February 14, Newark Star-Ledger – (New Jersey) Authorities release photo of suspect in multiple Howell bank robberies. Federal authorities February 14 released security camera photos of a man who held up a Howell, New Jersey, bank February 12 and threatened a teller with a gun. He is believed responsible for other violent bank robberies in which people were injured, authorities said. At 9:19 a.m. the man entered the PNC Bank, 4620 Route 9 South, and handed the teller a note demanding money and threatening the worker, the FBI said in a statement. The man also stated the threat verbally and pulled out a handgun, believed to be a black revolver, authorities said. The man was described as an African-American, about 30- to 40-years-old, with a stocky build and clean shaven except for chin hairs. He was wearing a dark knit hat and one black glove with white writing on it. “The robber is considered armed and dangerous and believed to be connected with several armed holdups in the Howell area that resulted in violence with injuries,” the FBI said in its statement. Source: http://www.nj.com/news/index.ssf/2011/02/authorities_release_photo_of_s_1.html

18. February 11, KSAZ 10 Phoenix – (Arizona) FBI agents search for ‘Thou Shalt Not Steal’ bandit. A serial bank robber is still on the loose in the Phoenix, Arizona area, and FBI agents recently revealed new details about him. He is concealed in dark clothing and authorities have named him the “Thou Shalt Not Steal” bandit. He got the name after breaking into a Christian book store to get access to a nearby bank. “Thou Shalt Not Steal does his homework more than most bank robbers, he plans, does surveillance.” an FBI Special Agent said. The suspect has robbed four banks. The break-ins were 6 months apart, which tells agents he studies each bank carefully. In October, agents said the suspect robbed a Johnson Bank in Scottsdale. Police said he cut a hole in the roof — an unconventional break-in, now his trademark. “First three, he tunneled through a wall ... adjoining wall with another business,” thSpecial Agent said. Once inside, the robber terrorizes employees. The Special Agent said “He is very violent when he gets inside the bank..confronts employees at gunpoint,” and he handcuffs bank workers, then flees with stolen money. “Based on his preparation and how meticulous he is, we suspect some type of military background,” the FBI Special Agent said. The suspect seems to understand how bank security works and may have been a former banker. FBI agents are searching for a man who is white or Hispanic, 5’ 6” to 5’ 10” inches tall, 25 to 45 years old, and athletic. Source: http://www.myfoxphoenix.com/dpp/news/local/phoenix/fbi-agents-search-for-thou-shalt-not-steal-bandit-02112011

19. February 11, Chicago Tribune – (Illinois) 3 men charged in Chicago area bank robberies. Three men have been charged with robbing several banks in Chicago and Waukegan, Illinois, FBI officials said February 11. All three appeared in U.S. District Court and were ordered held in connection with the robberies, FBI officials said in a press release. Waukegan police and Illinois State police investigators arrested the 21-year-old suspect, who hails from Kenosha, during a February 10 robbery. The suspect was arrested after he and two others committed a “take-over style” robbery of the Associated Bank, 1 South Genesse Street. On February 11, FBI officials arrested a 45-year-old suspect from Chicago. He was charged in connection with a bank robbery that occurred February 9 at the Chase Bank branch, 5715 N. Broadway. He is also suspected in the May 5, 2010 bank robbery of a North Community Bank branch, 5342 N. Broadway, FBI officials said. Also arrested and charged with bank robbery was a 53-year-old male from Chicago, officials said. He was charged in connection with the January 21 robbery of a Bank of America branch, 9233 S. Commercial Ave. in Chicago. He is also suspected in the attempted January 21 robbery of the Bank of America branch, 1651 E. 95th St., and/or the December 28 bank robbery of the Bank of America bank branch, 9233 S. Commercial Ave. He appeared in U.S. District Court in Chicago before a U.S. Magistrate Judge February 10.

Source: http://www.chicagotribune.com/news/local/breaking/chibrknews-3-men-charged-in-chicago-area-bank-robberies-20110211,0,4939436.story

20. February 10, Department of Treasury – (International) Treasury identifies Lebanese Canadian bank SAL as a ‘primary money laundering concern’. The U.S. Department of the Treasury announced February 10 the identification of The Lebanese Canadian Bank SAL together with its subsidiaries (LCB) as a financial institution of primary money laundering concern under Section 311 of the USA PATRIOT Act (Section 311) for the bank’s role in facilitating activities of an international narcotics trafficking and money laundering network. This network moves illegal drugs from South America to Europe and the Middle East via West Africa and launders hundreds of millions of dollars monthly through accounts held at LCB, as well as through trade-based money laundering involving consumer goods throughout the world, including used car dealerships in the United States. Treasury has reason to believe LCB managers are complicit in the network’s money laundering. The action also exposes the terrorist organization Hezbollah’s links to LCB and the international narcotics trafficking and money laundering network. “This action seeks to protect the U.S. financial system from the illicit proceeds flowing through LCB and to deprive this international narcotics trafficking and money laundering network of its preferred access point into the formal financial system,” said the Under Secretary for Terrorism and Financial Intelligence. “Any financial institution that collaborates in illicit conduct on this scale risks losing its access to the United States.” Source: http://www.treasury.gov/press-center/press-releases/Pages/tg1057.aspx

21. February 9, The Eugene Register-Guard – (Oregon) Albany man pleads guilty to fraud. The former chief financial officer for Willamette Development Services, an Albany-based real estate company with residential projects in Lane County, pleaded guilty February 8 to conspiring to commit securities fraud. The 36-year-old male admitted he helped facilitate financial improprieties and made false statements that caused investors to lose more than $5.25 million in WDS securities, according to a statement by the U.S. Attorney in Portland. The Albany man is scheduled to be sentenced August 9 before a U.S. District Judge in Eugene. The maximum penalty for conspiring to commit securities fraud is 5 years in prison and a $250,000 fine.The collapse of WDS in 2008 left hanging at least two half-built subdivisions in Lane County — Lenore Estates, a 23-home subdivision in Eugene’s Santa Clara neighborhood, and Wisteria Estates, 10 high-end homes near the Sandpines Golf Course in Florence. WDS had sought $1.2 million from investors for the Santa Clara project, and $300,000 for the Florence project, according to a 2008 Register-Guard story about the company. Source: http://www.registerguard.com/csp/cms/sites/web/news/cityregion/25870170-41/company-financial-fraud-investors-securities.csp

For another story, see item 50 below in the Information Technology Sector

Information Technology

47. February 14, Help Net Security – (International) SMS trojan masquerading as Valentine-sending mobile application. Microsoft researchers have detected a mobile trojan masquerading as an MMS-sending application that is currently available online. The file in question is named love_mm(dot)rar, and contains a JAR installer named jimm2010(dot)jar, which is actually the trojan. The file also contains a number of Valentine-themed pictures which, by the look of it, indicate the trojan is targeting Russian mobile users. While the messages are being sent, the trojan sends a message to a Russian premium SMS short code number. “Note that the JAR installer runs on any mobile platform that supports Java, such as Symbian and Windows CE operating systems,” experts warned. Source: http://www.net-security.org/malware_news.php?id=1630

48. February 14, Softpedia – (International) Rootkit.com compromise poses risks to other sites. People who analyzed the recently leaked rootkit(dot)com user database warned the compromise also has implications for accounts on other sites due to password reuse. The week of February 6, the Anonymous collective hacked into the systems of a security firm called HBGary, which threatened to expose its high-ranking members. The group leaked tens of thousands of corporate e-mails and other confidential information, along with the user database of rootkit.com, a research Web site maintained by HBGary’s founder and CEO. Because the passwords in the database were hashed with the vulnerable RC5 algorithm, they were relatively trivial to crack. Dazzlepod managed to recover the passwords for 64,489 accounts out of the nearly 81,000 in the database using the popular John the Ripper password cracking software. Source: http://news.softpedia.com/news/Rootkit-com-Compromise-Poses-Risks-to-Other-Sites-184099.shtml

49. February 14, Softpedia – (International) Microsoft accuses former employee of stealing confidential data. Microsoft is accusing one of its former managers of breaking a non-competition agreement and leaving the company with around 600 MB in confidential information. In January, the software giant sued a former market development manager with its customer relations management (CRM) and online services division in order to prevent him from accepting a position at Salesforce.com. Salesforce is one of Microsoft’s primary competitors on the hosted CRM solutions market and the Windows maker claims the employee had signed an agreement preventing him from accepting a job from a rival company. The judge sided with Microsoft and issued a temporary restraining order preventing the former manager from starting work at Salesforce. Microsoft now wants to make that decision permanent. They filed a motion the week of February 6 alleging that, despite claiming otherwise, when he left the company December 31, the employee took with him over 900 files consisting of business plans for 2011. Microsoft claims allowing its former manager to go work for Salesforce would cause it significant damages because of the knowledge he has about Microsoft’s operations. Source: http://news.softpedia.com/news/Microsoft-Accuses-Former-Employee-of-Stealing-Confidential-Data-184043.shtml

50. February 11, Help Net Security – (International) Fake scanned documents lead to Zeus infection. A new spam e-mail campaign is currently underway, and takes the form of a document scanned and sent by a Xerox WorkCentre Pro scanner. The attachment is a specially crafted PDF document, BitDefender warned, and it is able to exploit four Adobe Acrobat Reader vulnerabilities — all of which can be used by an attacker to remotely execute arbitrary code on a vulnerable system. In this case, the ultimate goal of the people behind this spam campaign is to spread the credentials-stealing Zeus trojan. Source: http://www.net-security.org/malware_news.php?id=1629

51. February 11, Softpedia – (International) Security experts fear iframes on Facebook pages could spell trouble. Security experts fear the introduction of iframes for Facebook pages will open the door to abuse and will make the job of attackers on the social network much easier. Facebook announced February 10 Page administrators could start creating Page Tabs that load apps inside iframes instead of the more restrictive Facebook Markup Language. “While this is no doubt great news for legitimate developers, it will undoubtedly make life for those with malicious intent much easier too,” a senior security advisor at antivirus vendor Trend Micro said. “No more likejacking required, no more having to persuade users to install your app, if a criminal can make the bait sweet enough just to get you to visit the page, that is all they will require to start the chain that leads to your computer being compromised and used for criminal purposes,” he explained. Source: http://news.softpedia.com/news/Security-Experts-Fear-IFrames-on-Facebook-Pages-Could-Spell-Trouble-183981.shtml

Communications Sector

52. February 13, Network World – (International) Reports conflict on Internet, Facebook blackout in Algeria. Reports said Algeria has shut down Internet access and eliminated Facebook accounts as pro-democracy protesters seek to topple the government much as Egyptians did in their nation the week of February 7. Reports of the international hacking group Anonymous blocking an Algerian government Web site have also surfaced. An Internet monitoring company that closely tracked the Egyptian Internet shutdown, said in a blog post February 12 that it was not seeing an Internet shutdown in Algeria: “Algeria typically has about 135 routed network prefixes in the global routing table, and our data show that they are all still routed and relatively stable.” Protesters against the Algerian president’s regime have been encouraged by the success of anti-government movements in Egypt and Tunisia, which were organized to a great extent via the Internet and social media. The protests and Internet crackdowns in these countries have revived talk in the United States of giving the U.S. President an Internet kill switch. Source: http://www.computerworld.com/s/article/9209238/Update_Reports_conflict_on_Internet_Facebook_blackout_in_Algeria

53. February 12, Associated Press – (National) FCC acts against cell phone jamming. The enforcement arm of the Federal Communications Commission (FCC) has launched a new effort to crack down on cell phone and GPS jamming devices. The FCC Enforcement Bureau warned consumers, manufacturers, and retailers, including online and Web-only companies, that the marketing, sale, or use of cell, GPS, and other jamming devices is illegal. The Enforcement Bureau chief said plans include education, outreach, and aggressive enforcement. Jamming devices are radio frequency transmitters that intentionally block, jam, or interfere with wireless communications. Increasingly, online retailers tout small, inexpensive jammers as the solution for noisy classrooms, theaters, restaurants, or business meetings. But jammers are indiscriminate and can block critical public safety and other emergency communications. Source: http://www.wsbt.com/business/wsbt-fcc-acts-against-cell-phone-jamming-20110212,0,4312719.story?

54. February 11, New Scientist – (National) The cyberweapon that could take down the Internet. A new cyberweapon could take down the entire Internet – and there is not much current defenses can do to stop it. So say a student at the University of Minnesota (UM) in Minneapolis and his colleagues, the masterminds who have created the digital ordnance. They are suggesting improvements to its defenses. The students’ new attack pits the structure of the Internet against itself. Hundreds of connection points in the net fall offline every minute, but it goes unnoticed because the net routes around them. It can do this because the smaller networks that make up the Internet, known as autonomous systems, communicate with each other through routers. When a communication path changes, nearby routers inform their neighbors through a system known as the border gateway protocol (BGP). These routers inform other neighbors in turn, eventually spreading knowledge of the new path throughout the Internet. A previously discovered method of attack, dubbed ZMW – after its three creators, U.S. researchers who came up with their version 4 years ago – disrupts the connection between two routers by interfering with BGP to make it appear he link is offline. The UM student and his colleagues worked out how to spread this disruption to the entire Internet and simulated its effects. Source: http://www.newscientist.com/article/dn20113-the-cyberweapon-that-could-take-down-the-internet.html