Monday, July 11, 2011

Complete DHS Daily Report for July 11, 2011

Daily Report

Top Stories

• German authorities report malware that enables people to exploit bugs in iPhones and iPads that have been jailbroken, has been posted on the Internet, according to Computerworld. See item 45 below in the Information Technology Sector

• Morgan Hill Times reports that if a large earthquake struck within 1.25 miles of Anderson Dam, the city of Morgan Hill, California, would be hit with a 35-foot wall of water within 15 minutes. (See item 61)

61. July 7, Morgan Hill Times – (California) Anderson Dam unsafe, $110M fix. The Santa Clara Valley Water District confirmed — in the form of a capital project proposal — worries that arose in 2009: if a large earthquake struck within 1.25 miles of Anderson Dam in California, downtown Morgan Hill would be underwater within 15 minutes. An independent seismic study conducted 2 years ago set the water district into motion July 6 with the announcement that the 60-year-old dam will be retrofitted at the estimated cost of $110 million. Construction is set to begin in 2015. In 2009, the California Division of Safety of Dams banned Anderson Reservoir from keeping a water level more than 74 percent, because the dam's foundation contains sand and gravel that could liquefy in a big quake. The study claims that if the dam did fail, the city of Morgan Hill and its roughly 38,000 population would be hit with a 35-foot wall of water, and flood waters could reach Gilroy, population 48,821, in 2.5 hours. Source:


Banking and Finance Sector

13. July 8, Banking Times – (National) J.P. Morgan pays $52m to settles fraud charges. J.P. Morgan Securities agreed to pay $51.2 million to settle fraud charges brought by the U.S. Securities and Exchange Commission. July 7, the regulator accused the firm of “fraudulently rigging at least 93 municipal bond reinvestment transactions in 31 states, generating millions of dollars in ill-gotten gains.” The firm will be redressing the affected municipalities or conduit borrowers, and will pay $177 million to settle parallel charges brought by other federal and state authorities. Source:

14. July 8, San Luis Obispo Tribune – (California; International) Officials trying to trace Atascadero bank hacker. The city of Atascadero and Rabobank in California are investigating how a computer hacker managed to breach multiple levels of security in an attempt to steal $83,000 in wire transfers from a city account at the bank, the San Luis Obispo Times reported July 8. According to the city manager, the hacker sent a phony e-mail ostensibly from the National Automated Clearing House Association (NACHA), which annually facilitates billions of electronic payments such as direct deposit and direct payment. When a city computer tech opened the e-mail, it released a virus that used the wire transfer system the city has with the bank to transfer funds to accounts at several banks across the country that the city has no dealings with. NACHA’s Web site said that since February, it has been “the victim of sustained and evolving phishing attacks in which consumers and businesses are receiving e-mails that appear to come from NACHA. The attacks are occurring with greater frequency and increased sophistication.” Source:

15. July 8, The Register – (International) Portuguese hackers strike back at Moody's downgrade. Portuguese hackers responded to a negative assessment of the country's ability to repay loans by defacing the Web site of credit reference agency Moody's, The Register reported July 8. The defacement restores the rating of the debt-crippled nation to the highest (A++) mark, while simultaneously attacking Moody's Web site security and business practices. The defacement comes a day after Moody's downgraded Portugal's sovereign-debt rating to junk status, a development criticized by local government officials and by executives from the European Central Bank, the Wall Street Journal reported. Source:

16. July 7, United Press International – (Washington) Seattle man held in $20 million Ponzi scam. A man from Seattle, Washington, was arrested July 7 for allegedly swindling investors out of more than $20 million in a real estate Ponzi scheme, federal prosecutors announced. The 28-year-old man was picked up in Los Angeles, California, and was transported to Seattle to face five counts of wire fraud in the sale of real estate investments in Peru. He pitched potential investors at exclusive downtown clubs and hotels, and allegedly victimized friends of people with whom he had worked during a brief stint at a Seattle bank. Source:

17. July 6, Bloomberg – (Illinois) CME Group software engineer accused of stealing source code for start-up. A Chicago Mercantile Exchange (CME) Group employee was charged with stealing trade secrets from the world’s largest futures exchange for a Chinese start-up company in which he was to hold a financial stake. The man, 49, of Libertyville, Illinois, has been in federal custody since his July 1 arrest on a single theft-of- trade-secrets count, punishable by as long as 10 years in prison, according to the FBI. He appeared for a detention hearing July 6 before a U.S. magistrate judge in Chicago, Illinois. The hearing is scheduled to continue July 8. The man, a software engineer, worked at CME since 2000, the FBI said in a July 1 statement. In May, exchange security personnel began monitoring his computer activity. “They discovered that thousands of files had been downloaded to his computer and some were then copied to removable storage devices,” including files that were ”critical to the operation of the CME Group,” according to the FBI. Source:

Information Technology Sector

44. July 8, H Security – (International) Microsoft to fix critical vulnerability in Windows 7 and Vista. Microsoft announced it plans to release four security bulletins July 12. The company rates one of the bulletins as "Critical;" the remaining three are considered to be "Important." According to Microsoft, the bulletins will patch 22 vulnerabilities. The remotely exploitable critical holes only affect Windows 7 and Vista. Other issues include a remote code execution problem in Microsoft Visio 2003 Service Pack 3, as well as privilege elevation issues in Windows XP, and Windows Server 2003 and 2008. Source:

45. July 7, Computerworld – (International) PDFs that exploit iPhone, iPad zero-day available on the Web. Hours after developers revealed they exploited bugs in Apple's iOS to "jailbreak" iPhones and iPads, German government security authorities warned one of the flaws could be put to malicious use. Now, malformed files that exploit the vulnerability have been publicly posted on the Internet. Germany's Federal Office for Information Security (BSI) warned citizens July 6 the iOS bug could be used by criminals to hijack iPhones, iPads, and iPod Touches. "Even clicking a crafted PDF document or surfing to a website with the PDF documents are sufficient to infect the mobile device with malicious software," the BSI said. PDF files that successfully exploit the vulnerability are available on the Web, according to the chief research officer of antivirus company F-Secure. PDFs could be used by miscreants to hack iOS devices by luring users to malicious sites, said the director of security operations at nCircle Security. iPhone and iPad users steered to a malicious PDF — via a link embedded in an e-mail — would not receive any warning or be required to take additional action. The BSI warning came hours after a group of developers released an updated version of JailbreakMe, a tool that hacks iOS so iPhone and iPad users can install software not sanctioned by Apple. Source:

46. July 7, Softpedia – (International) New Android spyware can switch C&C servers. Security researchers identified a new piece of Android spyware that spreads via repackaged applications and is capable of switching between different command and control servers. Dubbed GoldDream, the trojan was discovered on alternative Android markets by an assistant professor at North Carolina State University. The malware is designed to spy on victims by uploading their call log and SMS messages to a remote server. In addition, the trojan notifies the attacker when a call is initiated or when an SMS message is received. It acts like a botnet client that can receive commands remotely. According to the security researcher, GoldDream can be ordered to send SMS messages, make phone calls, install or uninstall apps, and upload a file to a remote server. Malware analysts from Trend Micro said the spyware has an unusual ability to update itself and change its command and control servers. Source:

47. July 7, Softpedia – (International) Cross-domain WebGL resources disabled in Chrome. Google will disable cross-domain WebGL resources in the next version of its Chrome browser because of security issues with the feature. In May, Context Information Security, a consultancy company, identified several vulnerabilities in the WebGL technology. One of the issues was the cross-domain theft of images when used as WebGL textures, the company providing a proof-of-concept exploit for this type of attack. The Khronos Group, which develops WebGL, started to update the specification to address the problem, but in the meantime, Mozilla disabled support for cross-domain WebGL textures in Firefox 5. Google has followed suit, however it provided an alternative for developers requiring this functionality. "As a result, Chrome 13 (and Firefox 5) will no longer allow cross-domain media as a WebGL texture. The default behavior will be a DOM_SECURITY_ERR. However, applications may still utilize images and videos from another domain with the cooperation of the server hosting the media, otherwise known as CORS," the Chrome developers wrote. CORS, cross-origin resource sharing, is a mechanism that enables cross-origin requests. This allows Web masters to use cross-origin resources only if the resource owners agree. Source:

48. July 6, Reuters – (International) Accused hacker indicted over AT&T-iPad breach. A man accused of hacking into AT&T servers and stealing personal data belonging to 120,000 Apple iPad users was indicted July 6, 2 weeks after a co-defendant pleaded guilty. The man was charged by a Newark, New Jersey grand jury with one count of conspiracy to gain unauthorized access to computers and one count of identity theft, the office of the U.S. attorney in New Jersey said. The indictment follows the co-defendant's guilty plea June 23 to the same charges. The co-defendant could face a 12- to 18-month prison term at his sentencing, which is scheduled for September 28. The man indicted July 6 is a resident of Fayetteville, Arkansas, and has been free on bail. Prosecutors in January accused the two men of using an "account slurper" to conduct a "brute force" attack over 5 days in June 2010 to extract data about iPad users who used the Internet through AT&T's network. Both were affiliated with Goatse Security, a group of "self-professed Internet 'trolls' " who try to disrupt online content and services, prosecutors said. Source:

For more stories, see items 14, 15, and 17 above in the Banking and Finance Sector

Communications Sector

49. July 7, Wired – (National) Sprint confirms text-message problems. A number of Sprint customers reported difficulties receiving SMS text messages from cellular customers outside the Sprint network beginning in late June. Customers complained of long delays in receiving SMS text messages — sometimes hours, sometimes days — while others said some of their texts did not arrive at all. “We are aware of a text-messaging issue that is impacting a small percentage of incoming text messages,” wrote a Sprint representative in a statement provided to ”We are working to resolve the issue as quickly as possible.” The problems were isolated to inbound texts coming from people not on the Sprint network, as user reported claim messages from other Sprint users were being received intact and on time. Customers were able to send outbound texts with no difficulty. The problem was not isolated to a specific type of device, as both feature-phone and smartphone users complained about disrupted service on the Sprint forums. The incident is not the first time Sprint faced customer ire due to network disruption. As recently as May, Sprint acknowledged downtime for both its SMS and voice services across multiple states. Source:

For more stories, see items 45, 46, and 48 in the Information Technology Sector