Friday, June 17, 2011

Complete DHS Daily Report for June 17, 2011

Daily Report

Top Stories

• KSAZ 10 Phoenix reports a special agent with Homeland Security Investigations in Nogales, Arizona, was charged with sharing sensitive data with relatives and friends with strong ties to drug trafficking organizations. (See item 41)

41. June 15, KSAZ 10 Phoenix – (Arizona) HSI special agent accused of sharing classified info. A special agent with Immigration and Customs Enforcement's Homeland Security Investigations (HSI) in Nogales, Arizona, has been arrested and accused of sharing sensitive information with family members and associates with strong ties to drug trafficking organizations, KSAZ 10 Phoenix reported June 15. After a 2-year investigation, the 33-year-old woman was indicted on charges including computer fraud, theft of government records, and making false statements/entries. The FBI said she illegally accessed, stole, and transferred sensitive U.S. government documents classified as For Official Use Only. Three of the 12 counts are felonies, each punishable by a maximum of 5 years in prison. The woman started working for the U.S. government in 2003 as a Customs and Border Protection officer at the Nogales port of entry. In 2008, she became a special agent at the HSI Nogales office. After an initial appearance June 14, she was released on bond. Source:

• According to PC Pro, the Lulz Security hacker group released 62,000 e-mail addresses and passwords, encouraging followers to test the details on Facebook, and other Web sites. See item 44 below in the Information Technology Sector


Banking and Finance Sector

14. June 16, IDG News – (International) Citigroup reveals breach affected over 360,000 cards. Over 360,083 Citigroup credit card accounts in North America were affected as a result of a compromise of its card account management Web site in May, the bank said in an update June 15. These were accounts issued in the United States, the bank said. Citigroup first disclosed publicly the compromise of Citi Account Online the week of June 6, when it said that about 210,000 accounts had been affected. Customers are not liable for any unauthorized use of their accounts, Citigroup said June 15 in a statement. The main cards processing systems and other consumer banking online systems were not compromised, the bank said. The customers' account information such as name, account number, and contact information, including e-mail address were viewed by the hackers. The majority of accounts impacted were identified within 7 days of discovery. Notification letters were sent beginning June 3, the majority of which included reissued credit cards. Source:

15. June 16, Fort Lauderdale Sun Sentinel – (Florida) Serial bank robber strikes again in Fort Lauderdale. Officials said a serial bank robber struck again June 15 in Fort Lauderdale, Florida. According to the FBI, he walked into the Bank of America at 3600 N. Federal Highway at about 3:45 p.m. and demanded money from a teller, who complied. The robber then left the bank on foot. The FBI said the same robber – who is bald and has kept his sunglasses on during the robberies — on June 10 held up both the Bank of America at 13450 W. Dixie Highway, in North Miami Beach, and the Bank Atlantic at 1745 E. Sunrise Boulevard, in Fort Lauderdale. Authorities are not saying how much money was stolen. Source:

16. June 15, Tampa Bay Business Journal – (International) Morgan European Holdings principal pleads guilty in investment scheme. A man pleaded guilty June 15 to federal charges in a fraudulent investment scheme associated with Morgan European Holdings APS. The Sarasota, Florida man faces up to 5 years in federal prison on a charge of conspiracy and 10 years on a money laundering charge, a press statement from the U.S. attorney for the Middle District of Florida said. The man and others were accused of using $10.7 million of the $27 million invested in MEH accounts for their personal benefit. Source:

17. June 15, Associated Press – (Missouri; Kansas) 8 more indicted in KC-area securities fraud case. A federal grand jury June 15 indicted eight more people for their roles in a $7.2 million securities fraud conspiracy involving a Kansas City, Missouri company. Federal prosecutors in Kansas City said in a release that the eight new defendants and four earlier defendants were charged June 15. They were charged in a 20-count indictment that accuses them of promoting Petro America to potential investors, despite cease and desist orders from both Missouri and Kansas. The new indictment adds charges and alleges that the 12 defendants tried to create the appearance that Petro America had assets worth about $284 billion, when it did not. Prosecutors said about 12,000 victims invested more than $7.2 million in Petro America. Source:

18. June 15, Pittsburgh Post-Gazette – (Pennsylvania) Lawrenceville woman pleads guilty to bank fraud. A Lawrenceville, Pennsylvania woman pleaded guilty June 15 to filing deceptive paperwork that contributed to the 2007 federal takeover of 115-year-old Metropolitan Savings Bank, but prosecutors and her defense attorney disagreed on the amount of loss she caused. The 46-year-old woman could get as much as 10 years in jail if the entire $10.2 million loss incurred by the bank's collapse is attributed to her. The woman admitted that in late 2006, she input data on disclosures to the Federal Deposit Insurance Corporation (FDIC) indicating the bank had no overdue loans. Actually, it had $1.4 million in payments overdue by 30 to 89 days, and $5.6 million in payments overdue 90 days or more. When the FDIC took over the bank, it bore most of the loss, but 24 depositors had amounts in the bank that were above the agency's $100,000 insurance limit. The woman pleaded guilty to one of five counts of false entry of bank records. Source:

Information Technology Sector

44. June 16, PC Pro – (International) LulzSec hackers leak 62,000 email logins. Hackers Lulz Security released a collection of 62,000 e-mail addresses and passwords, encouraging their followers to test the details on Facebook and other Web sites. The collection of log-in details was seemingly released as a reward for "flooding" an online forum. The document does not say where the e-mail addresses and passwords were taken from, but suggests they were from a variety of sources. "These are random assortments from a collection, so don't ask which site they're from or how old they are, because we have no idea," LulzSec said in the file. "We also can't confirm what percentage still work, but be creative or something." Followers have done just that, and started posting screenshots of hacked Facebook, Amazon, and other accounts, showing they gained access. One user bought several books on Amazon using one of the accounts, while another accessed an online dating service, changing profile pictures to sexual content. Others claimed to have gained entry to online retailers and PayPal. The LulzSec Twitter feed suggested the e-mail collection had been downloaded thousands of times within the first few minutes. Source:

45. June 16, The Register – (International) Microsoft warns on support scams. A survey from Microsoft revealed how widespread the fake tech support call scam is becoming. The crooks cold-call people at home and claim to be calling from Microsoft or a well-known security firm, and offer "free security checks." The software giant surveyed 7,000 computer users in the United Kingdom, Ireland, the United States, and Canada, and found an average of 16 percent of people had received such calls. More than a fifth of those who received such a call, or 3 percent of the total surveyed, were tricked into following the crooks instructions which ranged from allowing remote access of their machines, downloading dodgy code, or in some cases giving credit card information to make purchases. Microsoft said if someone claiming to be from Windows or Microsoft Tech Support calls you: "Do not purchase any software or services. Ask if there is a fee or subscription associated with the 'service'. If there is, hang up." Microsoft said 79 percent of those tricked suffered financial loss –- the average loss was $875. The company advised anyone who had already fallen for such a scam to change their passwords, scan their machines for malware, and contact their bank and credit card providers. Source:

46. June 16, Softpedia – (International) BioWare warns users of stolen emails and passwords. Canadian video game developer BioWare notified 18,000 users who had accounts registered on an old system that their e-mail addresses and passwords were stolen by hackers. The compromised community server, which dates back almost 10 years according to the developer, was associated with the forums for Neverwinter Nights, an extremely popular role-playing game. "We immediately took appropriate steps to protect our consumers’ data and launched an ongoing evaluation of the seriousness of the breach," the company said. "We have determined that no credit card data was compromised, nor did we ever have or store sensitive data like social security numbers," it added. The hack affected around 18,000 accounts, which are only a small percentage of the total number of those registered on the server. The exposed information includes account names and passwords, e-mail addresses, and birth dates. The compromised accounts were either disabled or had their password reset. Their owners were e-mailed and asked to set new passwords. Since 2007, BioWare is owned by video game giant Electronic Arts (EA) and many of the accounts were merged into EA's systems. Source:

47. June 15, Computerworld – (International) Adobe pushes Reader silent updates. Adobe has switched on silent updating for its popular Reader PDF viewer, the company announced June 14. "[We're] turning the automatic update option on by default for all Adobe Reader users on Windows," the senior director of product security and privacy at Adobe said. The next time an update is detected by Reader, Adobe will present a dialog box asking users to allow silent updating. In the dialog, the box "Install updates automatically" will be checked by default. Users can decline to switch to silent, in-the-background updating, the director added. Adobe debuted silent updating for Reader in April 2010 when it revamped the update tool bundled with the free PDF viewer, and with Acrobat, the for-a-fee PDF creation tool. At the time, however, Adobe retained users' previous settings — which defaulted to a semi-automatic mode that notified users before beginning to download an update — and required them to manually set the new tool for silent updating. Source:

48. June 15, Computerworld – (International) LulzSec's Sony hack shows rampant password re-use. An analysis of nearly 40,000 passwords stolen from Sony Pictures by LulzSec shows people persist in re-using passwords, a dangerous practice in light of frequent Web site break-ins, a researcher said June 15. Using publicly-available copies of the password files put online by LulzSec, an Australian software architect crunched the numbers to come up with some disturbing trends. "What surprised me was the extent of [password] re-use," he said. "People use and re-use the same password. That's one of the most dangerous of all the bad password practices." LulzSec announced June 2 it hacked several Sony Pictures Web sites and walked off with personal information on more than 1 million users, including e-mail addresses, usernames, and passwords for a pair of Sony-sponsored promotional campaigns. LulzSec also claimed it hacked several other Sony databases. Source:

49. June 15, threatpost – (International) Use of exploit kits on the rise. Online attacks are increasingly being carried out by multi-function exploit kits, according to research by Web security firm Zscaler. A Zscaler researcher claims to have observed an increase in the prevalence and usage of exploit kits in recent months, a development he attributes to hackers' preference for the kind of multi-leveled attacks the kits provide. In a post on Zscaler's research blog, he said an exploit kit dubbed "Incognito" is gaining traction in the cyber underground. Incognito targets vulnerabilities in Java and Adobe products. His analysis of obfuscation techniques and URL patterns associated with Incognito show the kit is carrying out multiple attack vectors, which increase the chance of a successful compromise. The growing use of Incognito and similar tools such as the Blackhole exploit kit and Eleonore exploit kit are indicative of a trend toward the use of automated tools to deliver exploits. In this way, he said, attackers can launch frequent and effective campaigns with little technical knowledge. Source:

For another story see item 14 in the Banking and Finance Sector

Communications Sector

Nothing to report.