Wednesday, April 13, 2011

Complete DHS Daily Report for April 13, 2011

Daily Report

Top Stories

• NHK World reports the Japanese government’s nuclear safety agency raised the crisis level of the Fukushima Daiichi power plant accident from 5 to 7, the worst on the International Nuclear and Radiological Event Scale. (See item 9)

9. April 12, NHK World – (International) Japan to raise Fukushima crisis level to worst. The Japanese government’s nuclear safety agency has decided to raise the crisis level of the Fukushima Daiichi power plant accident from 5 to 7, the worst on the International Nuclear and Radiological Event Scale (INES). The nuclear and industrial safety agency made the decision April 11. It said the damaged facilities have been releasing a massive amount of radioactive substances that are posing a threat to human health and the environment over a wide area. INES was designed by an international group of experts to indicate the significance of nuclear events with ratings of 0 to 7. On March 18, 1 week after the massive earthquake and tsunami, the agency declared the Fukushima trouble a level 5 incident, the same as the accident at Three Mile Island in the United States in 1979. Level 7 has formerly only been applied to the Chernobyl accident in the former Soviet Union in 1986 when hundreds of thousands of terabecquerels of radioactive iodine-131 were released into the air. One terabecquerel is 1 trillion becquerels. The agency believes the cumulative amount from the Fukushima plant is less than that from Chernobyl. Officials from the agency and Japan’s nuclear safety commission were scheduled to discuss the change of evaluation at an April 12 news conference. Source:

• According to the New York Post, some of the most heavily trafficked bridges, tunnels and transit hubs in the New York City area are on a list of facilities vulnerable to attack because of inadequate policing. (See item 26)

26. April 9, New York Post – (New York) Port Authority sites still vulnerable to terror attack. A virtual terrorist’s guide to New York City was revealed April 11. Some of the most heavily trafficked bridges, tunnels and transit hubs in the world are on a list of Port Authority of New York and New Jersey (PA) facilities vulnerable to attack, according to documents obtained by the New York Post. The Hudson River crossings to Manhattan — the Lincoln and Holland tunnels and the George Washington Bridge — along with the Bayonne Bridge, the roadway under the PA Bus Terminal and the AirTrain shuttle system at John F. Kennedy International Airport, all get inadequate policing, the documents show. “We have a real soft underbelly that can be used against us,” said a state senator, who is chairman of the New York’s Senate Committee on Veterans, Homeland Security and Military Affairs, which obtained the confidential document during a hearing on homeland security in Manhattan. The list was provided by the PA’s police union, the Police Benevolent Association, and meant to be confidential. But the state senator revealed the AirTrain vulnerability during the hearing after being handed the list. Especially vulnerable is the area near Terminal 4, which houses many international airlines — including Israeli carrier El Al and several others serving the Muslim world, such as Royal Jordanian, Pakistan International, and Emirates. In a statement, the PA said it had spent more than $6 billion since 9/11 on a “multilayered security protocol [that] includes technological elements as well as private security.” It said the way PA cops are deployed, “as well as cameras and the entirety of our security apparatus, means the traveling public should feel safe.” Source:


Banking and Finance Sector

18. April 12, WXIX 19 Cincinnati – (Kentucky) Remke Market evacuated after bank robbery in Crescent Springs. Remke Market customers in Crescent Springs, Kentucky were evacuated after a bank robbery led to the bomb squad being called. A man entered the First Security Trust inside the Remke Market on Buttermilk Pike just before 6:30 p.m. April 11. The unknown man handed the teller a note demanding money and placed a small package on the counter. He fled the scene with an undisclosed amount of money and left behind the small package. Police have not released what the note said, but it led to the Cincinnati Bomb Squad being called. The shopping center was evacuated while they investigated the package. Officials have not said what was inside the container, but have determined the contents were not dangerous. Employees and customers were let back inside the store at 8 p.m. No one was injured. The robbery suspect is described as a white male, thin build, and weighs 150 pounds. He appeared to be in his 40’s. He was last seen wearing a dark colored University of Michigan baseball cap, a white t-shirt under a dark colored hooded sweatshirt, and blue jeans with holes on the legs. The suspect has facial hair and was wearing glasses described as plastic safety glasses. Source:

19. April 11, KAAL 6 Austin – (Minnesota) Bank robber says ‘give me money,’ or lunch box bomb will explode. An Edina, Minnesota bank was robbed April 11, with the robber making an unusual threat. FBI agents said the robber put an insulated lunch box on the counter of M&I Bank on West 69th Street and told the teller there was a bomb inside. He told the teller to give him money, opened the lunch box, and put the cash inside. Authorities said the teller noticed brown paper and a light switch inside the box. Then the robber escaped in a white, 4-door sedan. The robbery occurred around 10 a.m. The suspect is described as a white male, between 20 and 30 years old, about 6 feet tall and 185 pounds. He wore a green jacket, dark pants and shoes, a wool cap, scarf, and multi-colored sunglasses. Authorities do not believe the robber is connected to any other bank robbery in the area. Source:

20. April 11, Washington Post and Bloomberg – (National) Middleman pleads guilty in alleged insider trading scheme. The middleman in an alleged insider trading conspiracy admitted April 11 that he personally placed trades in at least two instances, according to the U.S. attorney’s office for New Jersey. As part of the scheme, he conveyed information about corporate deals from a Washington D.C. lawyer to a New York trader using pay phones and prepaid cellphones, the government said. To collect his share of the profits, the government stated he sometimes met the trader in Atlantic City, where gambling could provide an alibi for cash withdrawals. And, by serving as the go-between for the lawyer who was the source of the tips and the trader who acted on them, he made it less likely law enforcement would connect the dots. But in 2009 and again last year, he let his guard down and placed trades on his own, leaving himself more vulnerable to detection. That lapse gave investigators a big break, and it ultimately led them to his door, a source familiar with the investigation said April 1. Based in part on his cooperation, the Justice Department and the Securities and Exchange Commission charged a trader and a corporate lawyer with collaborating in a 17-year scheme that netted more than $32 million since 2006 alone. The charges against the middleman could bring up to 45 years in prison and fines of more than $10 million, but under a plea agreement, the government is recommending a prison sentence of 70 to 87 months. Source:

21. April 11, Associated Press – (Virginia) Va. defendant admits guilt in investment scheme. A 62-year-old Richmond, Virginia man has pleaded guilty to bilking investors out of millions. The government said the man entered his plea April 11 in U.S. District Court in Richmond. The charges included one count of conspiracy to commit mail, wire, and bank fraud, and one count of engaging in unlawful monetary transactions. His sentencing is scheduled for July 19. He faces a maximum of 15 years in prison and a fine of $500,000. In connection with his guilty plea, the man stipulated that the restitution amount associated with this scheme is about $8.92 million. He will be ordered to repay the final restitution amount to his victims at sentencing. Last week, Virginia regulators imposed a $37.4 million penalty on the man and his partner for violations of the state securities act. Source:

22. April 11, Pittsburgh Post-Gazette – (Pennsylvania) Three plead guilty in 2008 Ligonier bank robbery. Three members of a crew of robbers involved in the violent takedown of a Ligonier bank in 2008, pleaded guilty April 11 and likely face sentences ranging from probation to 14 years. The man who wielded the gun used during the robbery of the First Commonwealth Bank, in which a teller was struck and $76,694 was stolen, agreed to a 14-year sentence, minus time served on a separate, 46-month sentence previously imposed for being a felon in possession of a firearm. The man was an accomplice of a woman who already is serving a sentence of nearly 20 years; a man due to be sentenced June 2; and a 22-year-old man who also pleaded guilty April 11. That man entered into a plea agreement recommending 7 years in prison. Also on April 11, a 35-year old New York woman pleaded guilty to misleading a FBI agent. She was involved in the reconnaissance of the inside of the bank, and lied to agents when confronted after the robbery. She will likely face probation. Source:

Information Technology

43. April 12, Help Net Security – (International) Holes found in majority of leading network firewalls. As a new generation of firewall technology is taking hold, NSS Labs has begun testing traditional network firewalls and so-called next generation firewalls. NSS Labs engineers have discovered serious flaws in these products, despite the maturity of the market and their certification by two other major certification bodies. Researchers have found that three out of six firewall products failed to remain operational when subjected to stability tests. This lack of resiliency is troublesome, especially considering the tested firewalls were ICSA Labs and Common Criteria certified. Also, five out of six vendors failed to correctly handle the TCP Split Handshake spoof (Sneak ACK attack), thus allowing an attacker to bypass the firewall. Lastly, measuring performance based upon RFC-2544 (UDP) does not provide an accurate representation of how the firewall will perform in live real-world environments. “IT organizations worldwide have relied on third-party testing and been misled,” said the CTO of NSS Labs. “These test results point towards the need for a much higher level of continuous testing of network firewalls to ensure they are delivering appropriate security and reliability.” Source:

44. April 12, Help Net Security – (International) Email malware jumps 400% after Rustock takedown. Malware sent via e-mail increased by 400 percent in the last week of March 2011, Commtouch reported April 12. The significant increase was detected 2 weeks after the takedown of the Rustock botnet had resulted in a 30 percent drop in spam levels. While overall spam activity dropped around the New Year, it rose significantly after the holiday period. From January to mid-March, spam averaged 168 billion e-mails per day until Rustock was eliminated, dropping spam to an average of nearly 119 billion messages daily. Zombie activity also dropped significantly after Rustock was taken down, but large increases of enslaved computers became evident following the malware outbreak at the end of the quarter. The report also describes attempts by spammers and phishers to save money by hiding their online presence in disused forums or making use of online form-filling services to ease the collection of phished user data. Source:

45. April 12, H Security – (International) New zero-day for Flash Player. An Adobe security advisory warns of a new critical vulnerability in Flash Player for Windows, Macintosh, Linux and Solaris, Flash Player for Android and the Authplay.dll component in Adobe Reader and Acrobat X 10.0.2 and all earlier versions. There are already reports the vulnerability is being exploited using crafted .swf files embedded in Microsoft Word .doc files sent as an e-mail attachment. The vulnerability can allow an attacker to take control of a system. The Krebs on Security blog reports the vulnerability has been used as part of a targeted spear-phishing campaign disguised as important government documents and launched against organizations or individuals who work for the U.S. government. Another example of the attack shows an e-mail with a title of “Disentangling Industrial Policy and Competition Policy In China” with a supposed copy of an article on that subject attached. Adobe said it is unaware of any attacks that have targeted Adobe Reader and Acrobat, and said Reader X’s protected mode would have mitigated against exploitation of the vulnerability. There is no date for when Adobe plans to release updates to close the hole. Source:

46. April 11, Computerworld – (International) Ransomware squeezes users with bogus Windows activation demand. A new Trojan tries to extort money from users by convincing them to dial international telephone numbers to reactive Windows, a security researcher said April 11. Once on a PC, the malware displays a message claiming that Windows is “locked” and must be reactivated, said the chief research officer of F-Secure. Users seeing the message cannot boot Windows in either normal or Safe mode, he said. To regain control of the PC, users are told to reactivate Windows online or via a phone call. The former, however, is not available; a follow-up message instructs users to dial one of six telephone numbers, then enter a six-digit code to reactivate the operating system. “The call from your country is free of charge,” the second message alleges, which is untrue. “They pretend to be Microsoft,” the research officer said, adding the telephone numbers actually lead to an automated call center where users are kept on hold for several minutes, racking up long-distance charges. The scammers make money through what he called “short stopping,” the practice of billing a call at a rate higher than the actual destination. Source:

47. April 11, IDG News Service – (International) Hacker breaks into Barracuda Networks database. A hacker has broken into a Barracuda Networks database and obtained names and e-mail addresses of some of the security company’s employees, channel partners, and sales leads. The hacker, who called himself Fdf, posted proof of his attack to the Web April 11, showing e-mail addresses of company employees and names, e-mail addresses, company affiliations, and phone numbers of sales leads registered by the company’s channel partners. The attack started the night of April 9 and was launched at a time when the Barracuda Web Application Firewall that was supposed to protect the site had been taken offline for maintenance, Barracuda said April 11. After a couple of hours of probing, the hacker found an SQL injection flaw — a common Web programming error — on a script used to display write-ups of customer case studies. That one mistake got him into a database the company used for its marketing program and sales lead development. Barracuda does not store financial information in that database, the company said. Source:

Communications Sector

Nothing to report