Thursday, July 14, 2011

Complete DHS Daily Report for July 14, 2011

Daily Report

Top Stories

• Military contractor Booz Allen Hamilton confirmed it was the victim of an attack July 12, resulting in the posting of 90,000 military e-mail addresses stolen from a server, CNET reports. The alleged hackers, Anonymous, claimed they attacked agricultural firm Monsanto and would target oil companies. (See item 13)

13. July 12, CNET – (International) Anonymous targets Monsanto, oil firms. Military contractor Booz Allen Hamilton confirmed it was the victim of an "illegal attack" July 12, 1 day after hackers posted what they said were about 90,000 military e-mail addresses purloined from a server of the consulting firm. "Booz Allen Hamilton has confirmed today that the posting of certain data files on the Internet yesterday was the result of an illegal attack. We are conducting a full review of the nature and extent of the attack. At this time, we do not believe that the attack extended beyond data pertaining to a learning management system for a government agency," the company said in a statement after refusing to comment July 11. "Our policy and security practice is generally not to comment on such matters; however, given the publicity about this event, we believe it is important to set out our preliminary understanding of the facts," the company added. "We are communicating with our clients and analyzing the nature of this attack and the data files affected. We maintain our commitment to protect our clients and our firm from illegal thefts of information." Meanwhile, the Anonymous online activist collective, which is part of the AntiSec campaign that claimed it had attacked Booz Allen, said July 12 it had attacked Web servers of Monsanto, and released data on employees to protest the company's lawsuits against organic dairy farmers for stating on labels their products do not contain growth hormones. A list of more than 2,550 names, addresses, and e-mail addresses — many that appeared related to Monsanto — were posted to the Web site. Anonymous also announced "Operation Green Rights/Project Tarmaggedon," against Exxon Mobil, ConocoPhillips, Canada Oil Sands, Imperial Oil, the Royal Bank of Scotland, and others. Source:

• The nation's airports have suffered more than 25,000 security breaches since November 2001, according to information a House committee said it received from the Transportation Security Administration, CNN reports. (See item 21)

21. July 13, CNN – (National) Figures show thousands of security breaches at U.S. airports. The nation's airports have suffered more than 25,000 security breaches since November 2001, according to a House committee, citing information it said it received from the Transportation Security Administration (TSA). The breaches — amounting to about seven a day — include everything from people who accidentally leave a bag on a checkpoint conveyor belt to those who purposefully evade security and get onto airplanes without proper screening. A TSA spokesman did not contest the figure, but questioned its significance, saying all breaches are investigated and resolved. The agency said it did not have a breakdown of breaches by severity. With about 25,000 of these incidents over a decade at more than 450 TSA-regulated airports, the number of breaches amounted to just over five such incidents per airport per year, according to the TSA. The information was released by the House Oversight and Government Reform subcommittee on national security, homeland defense, and foreign operations in advance of a hearing July 13 on airport perimeter security. Source:


Banking and Finance Sector

16. July 13, WCTI 12 New Bern – (National) East coast credit card scam busted. Two suspected credit card counterfeiters were behind bars July 12 after Carteret County, North Carolina deputies seized more than $100,000 in electronics, and more than 70 fake credit cards. The Brooklyn, New York pair found themselves facing blue lights after a traffic stop on Highway 70. Carteret County Sheriff’s deputies arrested the two in connection with a credit card scam ring that spans seven states on the East Coast. The scammers are accused of creating fake credit cards with unsuspecting victims’ valid credit card account numbers embedded into the magnetic strips. These valid account numbers were obtained from victims whose identity had been stolen. The counterfeit cards were then used as payment for electronics such as brand new laptops, iPads, and gift cards. The suspects are believed to have been accompanied by two other men who have not yet been identified and were not in the vehicle when it was stopped. Investigators located more than 70 counterfeit credit cards, more than $1,500 in cash, 46 gift cards, and 87 pre-paid credit cards. During the investigation, deputies learned that the pair had traveled through numerous states including New York, New Jersey, Delaware, West Virginia, Virginia, and North Carolina. The fake credit card ring is believed to be operating out of the Washington, D.C. area. The pair were charged July 11 with 68 counts of possession of counterfeit credit cards. Source:

17. July 12, Orange County Register – (California) Man suspected in 'drifter bandit' heists charged with robbery. A man suspected of being the serial robber known as the "Drifter Bandit" was charged with felony robbery and burglary July 11 after police said he struck four South County banks in California. The 45-year-old of Santa Ana was charged July 11 with four felony counts each of second-degree robbery and second-degree burglary, as well as sentencing enhancements for prior convictions stemming from a half-dozen previous robberies and a pair of assaults, according to the Orange County District Attorney's office. The "Drifter Bandit" — so named for his unkempt appearance — is believed to have robbed a Chase bank branch in San Juan Capistrano May 3, a U.S. Bank branch in Dana Point May 26, a Citibank in Laguna Niguel July 5 and a Farmers & Merchants Bank branch in San Juan Capistrano July 6. He brandished a handgun during at least two of the robberies. A task force consisting of Orange County Sheriff's Department and FBI personnel put the suspect under surveillance after identifying him as the suspected robber. Sheriff's deputies took him into custody after a felony car stop in Santa Ana July 8. If convicted, he faces a maximum sentence of 110 years to life in state prison, prosecutors said. Source:

18. July 12, Kansas City Star – (Kansas) Four plead guilty to $4.9 million mortgage scheme. Four Kansas City, Kansas-area men pleaded guilty to federal charges in a $4.9 million home rehabilitation scheme. According to records in U.S. District Court in Kansas City, the leader of the scheme obtained $4.9 million in loans to rehabilitate more than 40 properties in the Kansas City area to resell them. He obtained the loans based on “subject to” appraisals in which he could receive funds for up to 80 percent of what the dwellings would be appraised for after renovations were completed. He stopped rehabilitating houses in October 2006, and began making false representations to lenders, according to a July 12 news release from a U.S. attorney. The man enlisted friends and family to buy some of the properties, and the group falsified information on loan documents. In some cases, the convict made down payments on behalf of the borrowers and falsified documents to make it appear the buyers made the payments. He pleaded guilty to conspiracy to commit bank fraud and money laundering. One of his accomplices pleaded guilty to conspiracy to commit wire fraud and money laundering, a second to conspiracy to commit bank fraud, and a third to conspiracy to commit wire fraud. Source:

19. July 12, Contra Costsa Times – (California) Two arrested in Pleasant Hill, suspected of making fake ATM cards. Police arrested two people at a Pleasant Hill, California bank July 10 after they were found in possession of several loaded firearms, hundreds of cloned debit cards, and tens of thousands of dollars in cash. Officers responded to a call at 12:10 p.m. about two people acting suspiciously and loitering near the Citibank ATM on Contra Costa Boulevard, according to a news release. When officers made contact with the suspects, one tried to flee on foot but was caught by police. Officers eventually arrested two men on suspicion of committing several felonies. Investigators believe the suspects somehow gained access to customers' bank account information and personal identification numbers, then "made their own cards with those PIN numbers, went into ATMs, and started making withdrawals," a Pleasant Hill police lieutenant said. Source:

20. July 12, Associated Press – (International) Europol helps dismantle debit card fraud ring. The European Union's police organization (Europol) said July 12 it has helped dismantle a major debit card fraud ring believed to have stolen $70 million from bank accounts around the world. Europol said the fraudsters used sophisticated "skimming" devices to copy personal information from cards and then used the details to clone the cards and empty bank accounts linked to them. Europol said July 12 that a months-long investigation code-named "Night Clone" led to dozens of arrests earlier this month. Bulgarian police arrested 47 suspects, while police in Italy detained nine. U.S. police arrested two suspects as did their Spanish counterparts, and one person was held in Poland. Europol said more arrests are likely in the future. Source:

For another story, see item 13 above in Top Stories

Information Technology Sector

44. July 12, Computerworld – (International) Microsoft patches 'sexy' Bluetooth bug in Vista, Windows 7. Microsoft patched 22 vulnerabilities in Windows and Office July 12, including a bug in the Bluetooth technology within Vista and Windows 7 that could be used to hijack a nearby PC. Of the four updates, called "bulletins" by Microsoft, only one was labeled "critical" — the most-serious rating in the company's four-step scoring system — while the other three were marked "important," the next-most-dangerous category. The 22 individual bugs patched were more than in most odd-numbered months, which are typically light months for Microsoft. The standout bulletin was the sole critical update, MS11-053, researchers said. "It's quirky, and it's remotely exploitable," said the director of security operations for nCircle Security, of the Vista and Windows update that plugs a hole in the operating systems' Bluetooth stack. "It's at the top of our priority list," echoed the manager of Qualys' vulnerability research lab. "It could be exploited against someone using a Bluetooth mouse or headset, perhaps in a coffee shop, so it's tremendously important that people apply the patch, or if they can't do that, disable Bluetooth [on Vista and Windows 7]." Source:

45. July 12, Computerworld – (International) Mac security firm ships first-ever iPhone malware scanner. French security company Intego released VirusBarrier, the first malware-scanning application for the iPhone, iPad, and iPod touch. The software for iOS was approved by Apple, and debuted on the App Store July 12. Because iOS prevents the program from accessing the file system or conducting automatic or scheduled scans, VirusBarrier must be manually engaged, and then scans only file attachments and files on remote servers, according to a spokesman for Intego. VirusBarrier cannot scan apps for possible infection. When an e-mail attachment is received by the iPhone, iPad, or iPod Touch, the user can intercede by utilizing VirusBarrier, which then scans the file for infection before it is opened or forwarded to others. The spokesman characterized VirusBarrier for iOS as a way for iPhone and iPad users to prevent hardware from spreading malware. VirusBarrier for iOS can scan e-mail attachments in a many formats, including Microsoft's Word, Excel, and PowerPoint; PDF documents; JavaScript files; and Windows executables, those files tagged with the .exe extension. It can also scan files in a Dropbox folder, those stored on MobileMe's iDisk, or files downloaded via the iOS version of Safari. Source:

46. July 12, Help Net Security – (International) Scammers lure users with fake Google+ invites. Google's move to temporarily shut down the invite mechanism for its new social network, Google+, played into the hands of online scammers, who have been sending fake invites and setting up fake sites where users can supposedly download a personal invite. Trend Micro researchers spotted a site purportedly set up by a friend of a Google employee that has given him 1,000 extra invites to pass out. However, before users can download the invite, they must complete a survey. Even if users close that window and continue, they are taken to a file-sharing site where they can download the file for free if they complete another survey, or pay money to download it. If users select not to pay, the option to take the free survey remains. After having chosen the survey, victims are warned to enter valid ata about themselves when prompted — including their mobile phone number — or lose the option of downloading the invite. Submitting such information gives scammers permission to subscribe victims to a number of mobile services that are not free. Users are never given an invite to Google+. Source:

Communications Sector

47. July 13, Nashua Telegraph – (New Hampshire; Maine, Vermont) Cable failure knocks out Net. A 90-minute outage in part of Manchester, New Hampshire, July 11 killed Internet and voice mail service for at least 5 hours, affecting thousands of FairPoint customers around northern New England. The problem did not affect voice telephone service or 911 emergency service. The problem started with the failure around 1:20 p.m. of a primary underground power cable in the Manchester Millyard area, near the WMUR office, said a Public Service of New Hampshire (PSNH) spokeswoman. Power was lost in a number of downtown blocks, and engineers returned power about 2:40 p.m., she said. The cause of the failure is still being determined. Among the buildings affected was FairPoint’s Network Operations Center at 770 Elm Street. The center has a generator to provide backup power in such circumstances. A FairPoint spokeswoman said “equipment that controls the handoff between commercial power and generator power” failed to work. The operations center is distinct from the centers and switches that handle telephone voice service. She said DSL broadband and voice-mail service was lost for an uncertain number of customers in the three New England states served by FairPoint — Maine, Vermont, and New Hampshire — through the evening. Some issues also occurred with dial-up Internet, which usually travels through standard telephone switches, and in New Hampshire, there were problems with ”static DSL,” a type of broadband service, as late as July 12. Source:

48. July 13, – (National) Big telecom firms make millions from cramming fees, senator says. Mysterious fees and services crammed onto phone bills are a “nationwide epidemic” for U.S. consumers, but a reliable source of revenue for some of America's biggest telecommunications companies, a year-long Congressional investigation has found. A report issued July 13 by a West Virginia U.S. Senator said that three firms — Verizon, AT&T, and CenturyLink/Quest — earned $650 million as their cut of cramming charges levied by third-parties since 2006. The Federal Communications Commission (FCC) estimates that 15 million to 20 million consumers are crammed every year. The Senator’s report said cramming could cost U.S. consumers $2 billion annually. Cramming complaints have piled into state consumer offices, the Federal Trade Commission, and the FCC since at least 1995, but neither Congress nor the phone companies that collect the money have been able to slow the problem or find the companies behind it. On July 12, however, the FCC proposed new rules that would require more obvious disclosures by third parties on phone bills. Source:

49. July 12, Springfield News-Sun – (Ohio) Utilities work to restore power. A quick moving storm that ripped through Clark County, Ohio, July 11 knocked WYSO (91.3) public radio off the air after its studios in Yellow Springs and a tower were both struck by lightning. By the late afternoon July 12, the FM signal had not been restored, but the online stream was working, according to a news release. The Clark County Emergency Management Association (EMA) was on site July 11 in Springfield Township to perform a damage assessment and gather information, including witness accounts, to send to the National Weather Service, said the director of the Clark County EMA. Source:

50. July 12, KQTV 2 St. Joseph – (Missouri) 911 and communication services restored to four counties. 911 and communication services were restored July 12 in four northwest Missouri counties. According to the Clinton County emergency manager, a CenturyLink fiber optic communication line in Stewartsville was accidentally cut knocking out service. The outage began around 7:30 a.m. in Andrew, Clinton, Caldwell, and Dekalb counties. The service interruption also impacted cell phone coverage and some land lines. The emergency manager said at least 50,000 people were impacted. Source:

51. July 12, FCC – (National) FCC strengthens E911 location accuracy for wireless wervices. The Federal Communications Commission (FCC) took action July 12 to enhance the public's ability to contact emergency services during times of crisis and to enable public safety personnel to obtain more accurate data regarding the location of the caller. Specifically, the FCC strengthened Enhanced 911 (E911) location accuracy rules for wireless carriers, and sought comment on improving 911 availability and E911 location determination for Voice over Internet Protocol (VoIP) services. E911 technology automatically provides a 911 call operator with the caller's telephone number and location data from either a landline or a wireless phone. Wireless carriers have historically provided E911 location information by one of two methods: "handset-based," where it is generated by a Global Positioning System or similar technology installed in the caller's handset, or "network-based," where location data is generated by triangulating the caller's wireless signal in relation to nearby cell sites. The FCC's rules require wireless carriers to identify the caller's location for a specified percentage of 911 calls within a range of 50 to 150 meters for carriers that use handset-based technology, and 100 to 300 meters for carriers that use network-based technology. In September 2010, the panel adopted benchmarks for wireless carriers to meet these handset- and network-based accuracy thresholds at the county or Public Safety Answering Point (PSAP) level for increasing percentages of 911 calls over an 8-year period. In the July 12 action, the FCC announced that after the conclusion of the 8-year implementation period in early 2019, it will sunset the existing network-based rule, and require all wireless carriers to meet the more stringent location accuracy standards in the handset-based rule. Source:

For more stories, see items 44, 45 and 46 above in the Information Technology Sector