Wednesday, March 30, 2011

Complete DHS Daily Report for March 30, 2011

Daily Report

Top Stories

• According to Reuters, a man was arrested and charged with illegally selling an unmanned U.S. spy plane on Ebay. (See item 14)

14. March 28, Reuters – (International) Man accused of selling U.S. spy plane on Ebay. A man was arrested and charged with illegally selling an unmanned U.S. spy plane known as the Raven, the U.S. attorney’s office in Tampa, Florida, said March 28. A grand jury indicted the man, 47, of Manila, Philippines, March 10 on charges he sold the Raven to undercover federal agents on Ebay. He faces up to 20 years in federal prison if convicted of smuggling and violating the Arms Export Control Act. The man was arrested when he came to Los Angeles, California, in February. The Raven is a 4-pound plane equipped with three cameras that U.S. troops use for battlefield surveillance. It can be taken apart and carried by troops and then reassembled for use. According to the U.S. attorney’s office, agents with the Homeland Security Department found out last May the man was offering a Raven for sale on Ebay for $13,000. They exchanged messages with him over several months, and he sent the Raven to them in separate packages in exchange for the money, officials said. Source:

• SecurityNewsDaily reports an audit found NASA has not corrected problems identified in 2009 that have left its internal computer network vulnerable to cyberattack. (See item 47)

47. March 28, SecurityNewsDaily and – (National) Serious flaws found in NASA’s computer network. NASA’s internal computer network is full of holes and is vulnerable to an external cyberattack, an audit by the agency’s Office of the Inspector General (IG) found. It appears several of the vulnerabilities were known about for months yet remained unpatched. “Six computer servers associated with IT [information technology] assets that control spacecraft and contain critical data had vulnerabilities that would allow a remote attacker to take control of or render them unavailable,” said the audit report released March 28. “The attacker could use the compromised computers to exploit other weaknesses we identified, a situation that could severely degrade or cripple NASA’s operations,” the report said. “We also found network servers that revealed encryption keys, encrypted passwords, and user account information to potential attackers.” The IG’s office released a previous audit report nearly a year ago, but nothing had been done to remedy the situation. A Government Accountability Office report in October 2009 was similarly critical of the agency. The IG report was based on an audit of the agency-wide mission network, using a program called NESSUS that scans for vulnerabilities. Investigators found 54 computer servers on the network were accessible via the Internet, and 6 had high-risk vulnerabilities to a cyberattack. Six other servers not directly accessible via the Internet also had high-risk vulnerabilities. Source:


Banking and Finance Sector

16. March 29, Associated Press – (Illinois) Chicago man charged in suburban bank robberies. The FBI said authorities have charged a 42-year-old Chicago, Illinois, man in the armed robberies of two suburban banks in 2010. The suspect allegedly beat several people during the holdups in June at the First Bank and Trust in Winnetka and the Brickyard Bank in Skokie. Court documents allege the man got away with more than $9,200 from the bank in Winnetka, and nearly $7,400 from the one in Skokie. An FBI statement said the man is charged with two counts of aggravated bank robbery. If convicted, he faces up to 25 years in prison on each count. The FBI said the man is being held without bond and is scheduled to appear in U.S. District Court in Chicago later the week of March 28. Source:

17. March 28, Bank Info Security – (Michigan) Bank of America denies breach. Bank of America (BofA) branches in Detroit, Michigan were reportedly flooded over the weekend of March 26 and 27, after many BofA debit cardholders noticed fraudulent transactions on their accounts. According to one local news report, the incident involves more than $100,000 in fraudulent transactions. Over the weekend, BofA branches were working to assess the geographic breadth of the incident, the news report states. How the cards may were compromised was not known. A BofA spokeswoman said the bank has not released any information about debit fraud, adding, “There was no breach at Bank of America.” BofA does not provide details about potential debit compromises, she said. “If we think a customer’s card has been compromised at a third-party location, we’ll block and reissue the card, which is what we did in this case,” she said. The director of education and professional services for The Payments Authority, a regional payments association in Michigan affiliated with the National Automated Clearing House Association, said the association heard reports of local BofA branches being overwhelmed with customers who believed their debit cards had been compromised. Source:

18. March 28, St. Petersburg Times – (Florida) Brooksville police search for two bank robbers. Brooksville, Florida police are searching for two men they say robbed the Chase Bank at 7179 Broad Street about 9:10 a.m. March 28. According to a department press release, the robbers threatened to ignite an incendiary device and demanded money from a clerk. After taking an undisclosed amount of cash, the men ran from the bank. Investigators said the suspects may have fled north on S. Broad Street in a newer-model white Dodge Charger. One robber was described as a black man, 5 feet 9, weighing about 160 pounds. He was last seen wearing a long-sleeved white shirt, white pants, gloves, framed glasses and a white baseball-type hat. The other robber was described as 6 feet tall, 180 pounds and wearing a long-sleeved white shirt with a light blue over shirt, dark pants, dark glasses and a black skull-type hat. Source:

19. March 28, Associated Press – (National) Ariz. man, his mother face charges in fraud scheme. A mother and son are facing charges stemming from an alleged 16-year fraud scheme that affected residents in 28 states. The Arizona Attorney General (AG) said a 55-year-old Scottsdale man and a 78-year-old Dallas, Texas woman are believed to have received more than $8 million. The AG said the defendants advertised a series of short-term investment or loan programs in an aviation magazine asking for a minimum $25,000 contribution. He said investors were told their money would be used to purchase, refurbish and sell airplanes for profit, and that they would get a full return of their money plus interest. More than 60 people claimed they had not received their promised payments. The suspects are scheduled for a pre-trial conference May 11 in Maricopa County Superior Court. Source:

20. March 28, KCTV 5 Kansas City – (Kansas) Man pleads guilty to role in staged kidnapping, bank robbery. An 18-year-old Overland Park, Kansas, man pleaded guilty March 28 to one count of aiding and abetting embezzlement by a bank employee. He is one of four men charged with staging a kidnapping and bank robbery November 10 at the U.S. Bank at 10100 West 119th Street in Overland Park. FBI agents were called to the bank in response to a report of a kidnapping and bank robbery. When they arrived, an employee told them he had been kidnapped and forced to get money for the robber. The employee was discovered at 7:20 a.m., bound with duct tape, seated in a chair, with a bloody nose. Surveillance footage from the bank showed the employee being led around the empty bank by a masked man. No weapon could be seen. FBI agents said they learned during their investigation the employee had not been kidnapped, and that the kidnapping was staged to embezzle money from the bank. The man who pleaded guilty March 28 admitted he was the person wearing a mask in the surveillance video. He also admitted he and the bank employee used the worker’s key to steal money from the bank’s ATM, and that he hit the employee in the face to make it look like he had been beaten. He is set for sentencing July 13. He faces a maximum penalty of 30 years in federal prison and a fine up to $250,000. Source:

Information Technology

53. March 29, The Register – (International) McAfee site crawling with scripting bugs say researchers. Flaws on McAfee’s Web site leave it vulnerable to cross-site scripting and other attacks, security researchers warned. YGN Ethical Hacker Group also discovered various lesser information disclosure bugs on the security firm’s Web site, according to an advisory published on a full disclosure mailing list March 28. YGN said it published the details only after notifying McAfee privately of the problems February 10. Cross-site scripting (XSS) flaws create a means to present content from a third-party Web site in the context of a vulnerable site. The class of flaw, which is a perennial problem in Web site development, creates a possible mechanism to mount phishing attacks or other sorts of malfeasance. Source:

54. March 28, Softpedia – (International) New variant of destructive ransomware identified. Security researchers from Kaspersky Lab have identified a new variant of a destructive ransomware program that encrypts personal files with an uncrackable algorithm. Ransomware applications block critical system functionality or lock access to important documents and ask for money to restore normal operations. While many ransomware programs can be cleaned from the system, others are uncrackable. This is the case of programs in the Gpcode ransomware family, which make use of the secure RSA public-key algorithm with an 1024-bit key. Once installed, these applications start encrypting files with predefined extensions, including documents and images, and post a warning message on the desktop advising users to read an instructions file that tells them to send money if they want the special encryption key. One of the changes in the new variant is criminals have switched to ukash or psc pre-paid cards as payment method and have raised the ransom from $120 to $125. There is little users can do to recover their files if they have been affected. Source:

55. March 28, Automotive News – (International) Key automotive chip plant in Japan down until July. Renesas Electronics Corp., the world’s biggest maker of automotive microcontrollers and a key bottleneck in Japan’s parts shortage, said one of two auto-related factories damaged by the March 11 earthquake will not be operational until July. Renesas only recently restored electricity and lighting to its Naka plant in the quake zone and will now start assessing damage to its clean rooms and wafer fabrication lines. Renesas is the world’s top producer of automotive microcontrollers, the tiny microprocessors that control electronic components in vehicles, with 22 percent of the global market, according to Strategy Analytics, a market research firm. Such chips are used in everything from engine control units and transmissions to pre-crash safety technologies and onboard telematics. Renesas had eight factories damaged by the earthquake, including two that make microcontrollers for automotive use. One of those auto-related chipmaking plants, the company’s Tsugaru factory, has already resumed limited production. But the Naka plant will be offline for months and accounts for 15 percent of the company’s total chip output, according to Japan’s Nikkei business daily. Source:

56. March 28, Softpedia – (International) Vulnerabilities disclosed on Sun Websites. The hackers who disclosed vulnerabilities in also published details about SQL injection flaws in older Sun Microsystems Web sites. Sun Microsystems was acquired by Oracle at the beginning of 2010 and its products were integrated into the latter’s portfolio. However, given the sheer size of Sun, many of its Web properties still need to be moved under Oracle’s brand and some have been neglected security-wise. Such is the case of and, two sites dedicated to remanufactured systems and spare parts. Although some might think that hacking such sites has little value, a Romanian hacker’s proof-of-concept attack shows their databases can still contain sensitive information. In his report, he published a list of tables and columns taken from the remandb database, as well as a list of e-mail addresses found inside. SQL injection is the result of insufficient input validation in forms that interact with databases. By exploiting such vulnerabilities, attackers can gain unauthorized read and write access. Source:

57. March 25, IDG News Service – (International) Two weeks after quake, Japanese IT industry faces hurdles. Many factories in Japan closed immediately following the earthquake and tsunami March 11, and most have been gradually returning to production the week of March 21. A handful of plants were hit harder and could be offline for months. For IT companies, the loss of production at these plants could have widespread effects on the electronics industry. Texas Instruments’ plant in Miho is one of the factories that was hard hit. The plant, which produced chips and DLP devices for projectors, suffered “substantial damage” and it will not be until May when partial production resumes. Full production is not due until mid-July, and that could be further delayed by power problems, the company said. Toshiba estimates production at its mobile phone display factory in Saitama will be stopped for a month because of damage sustained in the earthquake. A Sony plant responsible for magnetic tape and Blu-ray Discs is one of six Sony plants currently idle. Two Nikon plants were severely damaged and will not be back online until at least the end of March. Fujitsu’s major chip plant in Aizu Wakamatsu is still closed with no estimate of when production will begin again. Some of the potentially biggest disruptions could come from the closure of two plants run by Shin-Etsu Chemical. The company is a major supplier of silicon wafers. One of the halted plants, its Shirakawa facility in Fukushima prefecture, is responsible for approximately 20 percent of the world’s supply of such wafers, IHS iSuppli said. “The wafers made by this facility mainly are used in the manufacturing of memory devices, such as flash memory and DRAM,” an IHS iSuppli analyst said in a statement. “Because of this, the global supply of memory semiconductors will be impacted the most severely of any segment of the chip industry by the production stoppage.” Source:

58. March 25, IDG News Service – (International) Russian security team to upgrade SCADA exploit tool. The Russian security company Gleg, which specialized in vulnerability research, plans to release an upgraded exploit pack for industrial control software that incorporates a raft of new vulnerabilities released by an Italian security researcher. The company recently began focusing on problems within supervisory control and data acquisition (SCADA) systems, which are used in factories, utilities and many other kinds of industrial applications, said Gleg’s CEO. Gleg works with the Miami, Florida company Immunity, which sells a tool called Canvas, which is a framework for penetration testers wanting to try out the latest exploits against software vulnerabilities. Gleg supplies Immunity with exploit packs, which are add-ons with specific kinds of exploits, for Canvas. Gleg’s main product is Agora, which integrates with Canvas. Agora is regularly updated with publicly disclosed zero-day vulnerabilties and those discovered by its research team. Canvas allows companies to figure out what kind of information a hacker could obtain, the CTO for Immunity said. Source:

Communications Sector

59. March 27, Green Bay Press Gazette – (Wisconsin) Permit to build communications tower near Baileys Harbor denied. Opposition has halted plans for a 400-foot communications tower in Baileys Harbor, Wisconsin, a short distance from the Mud Life Wildlife Area. The Door County Resource Planning Committee March 24, voted 3-2 to deny GCGI Development LLC’s request to build the tower, which the company hoped to lease to the U.S. Coast Guard for its Rescue 21 marine distress response system. The committee acted after the second part of a public hearing that began February 17 and included testimony from residents concerned about the proposed tower’s proximity to the wildlife area. Several speakers suggested a cluster of radio towers on the bluff near Ellison Bay would better suit the Guard’s needs. The Coast Guard was not present at the earlier hearing to respond to questions. Source:|newswell|text|GPG-News|s

60. March 25, Reuters – (International) US develops ‘panic button’ for democracy activists. Some day soon, when pro-democracy campaigners have their cellphones confiscated by police, they will be able to hit the “panic button” — a special app that will both wipe out the phone’s address book and emit emergency alerts to other activists. The panic button is one of the new technologies the U.S. State Department is promoting to equip pro-democracy activists in countries ranging from the Middle East to China with the tools to fight back against repressive governments. “We’ve been trying to keep below the radar on this, because a lot of the people we are working with are operating in very sensitive environments,” said the Assistant U.S. Secretary of State for Human Rights and Labor. The U.S. technology initiative is part of the Secretary of State’s push to expand Internet freedoms, pointing out the crucial role that on-line resources such as Twitter and Facebook have had in fueling pro-democracy movements in Iran, Egypt, Tunisia, and elsewhere. The United States had budgeted some $50 million since 2008 to promote new technologies for social activists, focusing both on “circumvention” technology to help them work around government-imposed firewalls and on new strategies to protect their own communications and data from government intrusion. Source: