Wednesday, August 3, 2011

Complete DHS Daily Report for August 3, 2011

Daily Report

Top Stories

• A study said Iran recently had to replace thousands of expensive nuclear centrifuges damaged by the Stuxnet worm that targets supervisory control and data acquisition systems, eWeek reports. (See item 7)

7. July 26, eWeek – (International) Iran rips-and-replaces centrifuges post-Stuxnet. A new report suggests Iran's nuclear program has not recovered from the Stuxnet worm as previously believed. It appears Iran is still replacing thousands of expensive centrifuges that were damaged by the worm. Stuxnet was not entirely purged from Iran's nuclear facilities and it resurfaced again to damage more systems, "Western intelligence sources" told DEBKAfile July 20. DEBKAfile claimed Iran had replaced an estimated 5,000 centrifuges to remove the threat. "Iran finally resorted to the only sure-fire cure, scrapping all the tainted machines and replacing them with new ones," according to the report, noting a spokesperson from Iran's foreign ministry said July 19 it was installing newer and faster centrifuges at its nuclear plants to speed up operations. The worm was among the most sophisticated pieces of malware ever discovered in the wild. It exploited the AutoRun functionality on Windows to infect computers from USB drives. It then used a hardcoded default password for Siemens management applications to compromise the machine before taking over specialized industrial-control computers that ran a proprietary operating system from Siemens. The worm also hijacked the facility's monitoring system to falsely show the machines were functioning normally, preventing officials from catching on to what was really happening. While Stuxnet specifically targeted Siemens industrial process control computers used in nuclear centrifuge operations, an ESET researcher noted there are "plenty other" industrial process automation and control systems being used on "modern critical infrastructure", and that network operators have to assess their threat exposure level and how to mitigate it. Source:

• Hackers said they posted the names, addresses, and Social Security numbers of 7,000 law enforcement officers stolen from a Missouri Sheriff's Association Web site, according to The Register. (See item 32)

32. August 1, The Register – (International) Hackers dump secret info for thousands of cops. Hackers said they posted the names, addresses, and other personal information of 7,000 law enforcement officers that were stolen from a Missouri Sheriff's Association training academy Web site they compromised, The Register reported August 1. One of the identified individuals confirmed with The Register that the data listed for him in the 938 kilobyte file was accurate. Many of the entries include officers' Social Security numbers, e-mail addresses, and the usernames and passwords for their accounts on the Web site. AntiSec claimed responsibility and said the data dump was made in retaliation for the recent arrest of 14 people accused of participating in a Web attack in December that strained server capacity for PayPal. Many of the passwords employed by the officers were ordinary dictionary words, or were identical to their names or badge numbers, demonstrating some of the same mistakes other users make in setting up security pass codes. Assuming the officers used the same password for other accounts, as is common, their e-mail accounts would also be compromised. The file suggests the training site failed to follow industry best practices by securing the password database with one-time hashes to prevent them from being read by attackers. Source:


Banking and Finance Sector

12. August 2, – (New Jersey) Former TD Bank worker indicted in fraud scheme that included county branches. A federal grand jury July 28 indicted a former TD Bank employee for her alleged role in a scheme involving fraudulent withdrawals totaling nearly $70,000 from branches in Burlington and Camden counties in New Jersey between October 2010 and February 2011. The 27-year-old of Philadelphia was charged with conspiracy, bank fraud, and aggravated identity theft, states an indictment filed July 28 with the U.S. attorney’s office in Philadelphia. The woman, who worked as a call-center representative and then as a customer-service representative, faces a maximum sentence of 41 years in prison, a fine of $2 million, and 5 years of supervised release if convicted. The indictment alleges a co-conspirator provided Social Security numbers to the woman in exchange for account information. The co-conspirator then used the improperly obtained data to withdraw $67,800 from three accounts using check runners who presented fake identification to access the accounts, the indictment says. A federal complaint filed against the co-conspirator and another accomplice alleges the two executed, aided, and abetted a scheme to defraud a federally insured bank; committed, aided, and abetted aggravated identity theft; and possessed and conspired to distribute Oxycodone. TD Bank officials confirmed August 1 the woman no longer is employed with the company, and that the affected customers were notified. Source:

13. August 2, Philadelphia Inquirer – (Pennsylvania) Bandit wanted in spree of bank robberies captured. A convicted bandit wanted in a string of bank robberies last month was captured July 31 at a motel near Philadelphia, Pennsylvania. Authorities said the 48-year-old suspect had been holed up in Trevose at the Lincoln Motel on Route 1. The suspect, wanted in four bank heists and a suspect in several others, did not surrender peacefully, according to an FBI spokesman. When confronted by Bensalem police, he fled back to his room. The suspect, whom the FBI considered armed and dangerous, refused to follow officers' commands, authorities said. Police released a K-9 dog, and the suspect became less uncooperative and was taken into custody. He had previously served 6 years for bank robberies before being released from federal custody July 2. Nine days later, authorities said, he returned to his old tricks. According to the FBI, the suspect attempted to hold up the Bank of America office at 1841 E. Allegheny Avenue shortly after 12 p.m. July 11. Though he ran away without cash, authorities said, 5 successful heists came in quick succession. Source:

14. August 1, Houston Chronicle – (Texas) Regulators: Salinas' ruse topped $50M. A basketball booster, his companies, and an associate engaged in "fraudulent schemes" with more than $50 million in investors' money, including sales of bogus corporate bonds and loans to affiliated companies, regulators alleged in civil documents August 1. The booster committed suicide in July as regulators began investigating the alleged scheme that reportedly included prominent college coaches among its victims. In a lawsuit filed August 1 in U.S. district court in Houston, the U.S. Securities and Exchange Commission (SEC) alleged the booster, his companies, and the associate sold fake corporate bonds. The SEC also alleged the associate's firm, Select Asset Management, created two private funds that raised $13.9 million from investors without telling them the funds made loans to affiliated companies — including $2 million to Selected Market Insurance Group, a company owned mostly by the booster. The SEC asked the court to appoint a receiver to oversee the companies, and to freeze the assets of the companies and the estates of the booster and his associate. The State Securities Board also took action in the case August 1, moving to revoke the security registrations of the associate and Select Asset Management, which regulators allege sold bonds through the booster's firm. Source:

Information Technology Sector

35. August 2, IDG News Service – (International) Zero-day vulnerability found in a Wordpress image utility. Hackers are exploiting a problem with an image-resizing utility called TimThumb that is widely used in many themes for the blogging platform WordPress, although some fixes have been made to the latest version. The CEO of Feedjit discovered the problem when his own blog started loading ad content when previously his blog contained no ads. He blogged about the problem, tracing it to an issue with the "timthumb.php" library, which is used within the theme he purchased for his blog. TimThumb is "inherently insecure" because it writes files into a directory when it fetches an image and resizes it, the CEO said. An attacker can compromise the site by figuring out how to get TimThumb to grab a malicious PHP file and put it in the Wordpress directory. The code will be executed if an attacker then accesses the file using a Web browser. To stop the problem, the CEO said users should remove TimThumb or limit its access to other Web sites. And users should update to the latest version of TimThumb. Source:

36. August 1, The Register – (International) Sneaky trojan exploits e-commerce flaws. A security flaw in osCommerce, an open source e-commerce package, created a means for criminals to compromise 90,000 Web pages with redirection scripts that ultimately directed surfers towards a site serving up an exploit toolkit designed to compromise visitors' PCs. "The attackers inserted an iframe that leads to certain URLs in each of these sites, triggering several redirections," an analysis of the attack published by Trend Micro explains. "The redirections finally lead to an exploit kit that abuses the following vulnerabilities in an attempt to download a malicious file onto systems," it noted. "This malware searches for internet caches, cookies, and histories in order to steal login credentials and other data used for specific websites, usually banks and other financial institutions," Trend Micro adds. "Joric-BRU then forwards the stolen information to specific websites." The attack plants exploit code on e-commerce sites, where surfers expect a more trusted environment. In addition, the malware used in the attack attempts to delete itself from compromised systems after riffling compromised systems for log-in credentials, a feature that differentiates the banking trojan from better known threats such as the ZeuS Trojan. Older versions of osCommerce are subject to a directory traversal vulnerability as well as an XSS vulnerability for version 2.2-MS2. Source:

37. July 30, Softpedia – (International) Anonymous develops new denial of service tool. Anonymous supporters appear to have built a new denial of service tool that is said to exploit SQL vulnerabilities to support the group's future campaigns. The tool is very effective, a 17-second attack from a single machine resulted in a 42-minute outage on Pastebin July 29, Softpedia reported July 30. According to The Tech Herald which spoke with its creators, the new tool is called RefRef and is developed in JavaScript. This means that it works in any modern browser on any operating system, including those in smartphones and tablets. The effectiveness of RefRef is due to the fact it exploits a vulnerability in a widespread SQL service. The tool works by turning the servers against themselves. It sends malformed SQL queries carrying the payload, which in turn forces the servers to exhaust their own resources. The flaw is apparently known but not widely patched yet. The tool's creators do not expect their attacks to work on a high-profile target more than a couple of times before being blocked, but they do not believe organizations will rush to patch this flaw en masse before being hit. Source:

38. July 28, BBC News – (International) Millions hit in South Korean hack. South Korea has blamed Chinese hackers for stealing data from 35 million accounts on a popular social network. The attacks were directed at the Cyworld Web site as well as the Nate Web portal, both run by SK Communications. Hackers are believed to have stolen phone numbers, e-mail addresses, names, and encrypted information about the sites' many millions of members. It follows a series of recent cyber attacks directed at South Korea's government and financial firms. Government ministries, the National Assembly, the country's military HQ, and networks of U.S. Forces based in Korea were also hit. The Korean Communications Commission claimed to have traced the source of the incursion back to computer IP addresses based in China. Source:

Communications Sector

39. August 2, The Register – (International) Sun compo entrants' privates exposed in public. Security lapses at News International exposed the e-mail addresses and other personal data of readers who entered competitions in The Sun, England's biggest selling daily newspaper. The names, addresses, phone numbers and dates of birth of thousands of people were also exposed by the hack, reckoned to have probably taken place at the same time The Sun's Web site was hacked in July to redirect surfers towards a fictitious story on the supposed death of the paper's media mogul founder and owner. Some of the data, including applications for the Miss Scotland beauty contest, has already been posted online. Entrants to a Wrigleys football competition, an Xbox competition, details of royal wedding well-wishers, and information from a forum for bullied people was also uploaded to Pastebin, The Guardian reported. The data was uploaded by an individual who praised the actions of Anonymous as a whole and LulzSec, the hacktivist sub-group that returned from semi-retirement to carry out the July 19 Sun redirection hack. Miscreants could use the stolen data to mount targeting phishing scams. Neither financial information nor passwords were exposed by the breach. Source:

40. August 1, Nashville Tennessean – (Tennessee) AT&T cell tower problem affects Music Row-area customers. A problem with a cellular tower was leading to dropped calls and spotty service for AT&T customers in the Music Row area of Nashville, Tennessee, August 1. A spokeswoman for AT&T, said the company was aware of a problem in the area, and that technicians were working “around the clock” to address it. ”AT&T customers may be experiencing a temporary service interruption while placing or receiving calls on their wireless device,” she said. The company did not have a timetable for resolving the problem. Source:|newswell|text|FRONTPAGE|s

41. August 1, Federal Commincations Commission – (International) FCC announces major spectrum-sharing agreements with Canada and Mexico enabling 4G wireless broadband and public safety communications in the border areas. The Federal Communications Commission (FCC) announced August 1 it has reached arrangements with Industry Canada and Mexico's Secretariat of Communications and Transportation (SCT) for sharing commercial wireless broadband spectrum in the 700 MHz band along the U.S.-Canadian and U.S.-Mexican border areas. The FCC also reached an arrangement with Industry Canada for sharing spectrum in the 800 MHz band. These actions will help support commercial broadband services and public safety mission-critical voice communications. The technical sharing principles reached on 800 MHz will pave the way for completion of 800 MHz rebanding by U.S. public safety and commercial licensees operating along the U.S.-Canadian border. The FCC ordered rebanding to alleviate interference to public safety licensees in the band caused by commercial cellular licensees. The arrangement specifies (1) how primary channels will be allotted between the United States and Canada, (2) the technical parameters for operation on these channels within 140 kilometers (87 miles) of the common border, and (3) a schedule for transitioning facilities from the channels needed by the United States to complete rebanding along the U.S.-Canadian border. Source:

Tuesday, August 2, 2011

Complete DHS Daily Report for August 2, 2011

Daily Report

Top Stories

• An outbreak already infecting 77 people in 26 states with Salmonella Heidelberg prompted an unusual national health alert from a federal agency about safe handling of ground turkey, Food Safety News reports. (See item 31)

31. July 30, Food Safety News – (National) National health alert issued for ground turkey. An outbreak already infecting 77 people in 26 states with Salmonella Heidelberg prompted an unusual public health alert late July 29 about the "critical importance" of safe handling of ground turkey. The alert about all frozen and fresh ground turkey was issued by the U.S. Department of Agriculture (USDA) through its Food Safety and Inspection Service (FSIS). A public health alert not involving a specific brand or product recall is a rare action for the USDA. With the public health alert came the first notice that the federal Centers for Disease Control and Prevention (CDC), and state health departments have identified and are investigating the multistate outbreak of Salmonella Heidelberg. "The public health alert was initiated after continuous medical reports, ongoing investigations and testing conducted by various departments of health across the nation determined there is an association between consumption of ground turkey products and an estimated 77 illnesses reported in 26 states," the USDA statement said. The CDC and state health departments made the link through epidemiological investigation and pulsed-field gel electrophoresis analysis, the FSIS said. While the CDC and state health departments are investigating, the FSIS noted it is working to determine the source of the contamination. Source:

• Four people were shot, and one was killed by a male gunman after a fight at an outdoor festival at Luke Easter Park in Cleveland, Ohio, according to the Cleveland Plain Dealer. (See item 45)

45. July 31, Cleveland Plain Dealer – (Ohio) Shooting kills one, injures three after George Clinton concert at Luke Easter Park in Cleveland. Four people — two boys, a man and a woman — were shot July 30 at about 10 p.m. at Luke Easter Park in Cleveland, Ohio, during the eighth annual Unity in the Park festival. A 16 year-old male victim died July 31, and the rest of the wounded were being treated at MetroHealth Medical Center, a police sergeant said. A spokeswoman at Cleveland's Emergency Medical Services reported tone of the victims was in critical condition. Two others were stable. Authorities said they were searching for a male suspect who pulled out a handgun and fired into a group of people during the fight. No arrests were reported in the hours after the shooting, the police sergeant told the Associated Press. "It was a large fight. Somebody in the crowd produced a handgun and fired several times," the police sergeant said, adding all four victims were hit by gunfire. The 16-year-old who died was shot in the head, and a 20-year-old woman suffered a gunshot wound to the neck, police said. A police statement added that a 14-year-old boy and a 23-year-old man also were hospitalized — each with a gunshot wound in the left leg. It wasn't immediately clear how long after musicians had performed that the shooting erupted — nor how many people were still in the area. Police do not have a description of the shooter. Thousands of residents, many from the Mount Pleasant and Kinsman neighborhoods, gathered at the park earlier in the day for the celebration, aimed at strengthening the community and family. Source:


Banking and Finance Sector

16. July 31, KSAZ 10 and KUTP 45 Phoenix – (International) 'Poison Ivy fraud ring' members arrested. Police made a big fraud bust they said July 29 went all the way from Tempe, Arizona, to Bulgaria. The Maricopa County Attorney's Office said six people from the "Poison Ivy" fraud ring were arrested and are facing multiple felony charges including fraud, identity theft, computer tampering, and money laundering. They are accused of using devices to skim information from customers’ bank cards at a TruWest Credit Union ATM, and then using it to make fake ATM cards to withdraw as much as $300,000. Police said they have video tapes of one suspect installing the device, which was made in Eastern Europe. The devices, believed to be made in Bulgaria, could detect financial data and PIN numbers from the cards of customers using the ATMs. The information was then sent to computers belonging to those involved in the fraud ring. Other defendants were seen on surveillance video making numerous ATM withdrawals throughout the valley with fraudulent cards, police said. A cut of the funds was sent to Bulgaria by the defendants through illegal wire transfers, according to police. All of the defendants named in the 58-count indictment were in custody July 29, each on a $50,000 cash-only bond. Source:

17. July 30, U.S. Department of Justice – (National) Florida man pleads guilty to $30 million investment fraud scheme. A Gainesville, Florida man pleaded guilty July 30 to mail fraud in connection with his operation of a $30 million investment fraud scheme, the Assistant Attorney General of the U.S. Department of Justice Criminal Division, and a U.S. attorney of the Middle District of Florida announced. The 47-year-old faces a maximum penalty of 20 years in prison. According to court documents, the defendant, who operated a company called Botfly LLC, willfully engineered and executed a scheme to defraud by promising victim investors he could generate returns of up to 10 percent per month, compounded monthly, through his trading in the foreign currency (forex) market. In fact, the defendant operated an investment fraud scheme. The defendant and others working at his direction raised about $29.8 million from victim investors, but the defendant used only a small percentage for forex trading (about $2.6 million), the vast majority of which he lost. He admitted that instead of trading in the foreign currency market as he promised, he used the bulk of victim investor funds to make payments to other investors to perpetuate the scheme and make it appear as if he was generating the promised returns. He paid investors $14.3 million in “returns” that he led them to believe were generated by his forex trading when, in reality, he was merely paying them with other victim investors’ funds. He also spent millions of investor funds on personal expenses, including high end real estate, private jet travel, luxury automobiles, computer equipment, and jewelry. Source:

18. July 29, Security News Daily – (National) Fake 'wrong transaction' hotel spam hits e-mail. Hundreds of e-mails have been making the rounds in the past few days informing people a hotel made a "wrong transaction" while processing their credit card. In turn, the e-mails offer recipients a refund. The director of research in computer forensics at the University of Alabama at Birmingham (UAB) wrote he has spotted 434 slight variants of the scam, with subject titles such as "Hotel Renaissance Chicago made wrong transaction", "Hotel Hilton Las Vegas made wrong transaction", and "Wrong transaction from your credit card in Hilton Atlanta." To receive the refund from the erroneously charged credit card, victims are told to fill out a form attached to the e-mail. As with nearly all e-mail scams, the attached form is where the danger lies. In this case, the malicious file is masked as an executable download called RefundForm(dot)exe, but it's actually a Trojan that installs fake anti-virus software on victims' computers that they are then pressured into paying for. The UAB researcher said the hotel spam messages all appear to be originating from the same botnet of computers that recently spread the "overdue credit card" scam. Source:

19. July 29, The Southampton Press – (New York) Guldi pleads guilty to 35 counts, will receive concurrent sentence. A former Suffolk County, New York legislator pleaded guilty to 35 felony counts July 29 during jury selection for his second criminal trial, related to his role in a $82 million mortgage fraud scheme that targeted more than 60 homes. He pleaded guilty to 34 charges of grand larceny and one count of scheme to defraud, according to the Suffolk County district attorney’s office. In March, he was found guilty of insurance fraud and grand larceny, charges related to the misuse of insurance funds after his Westhampton Beach home burned down. The former legislator's co-defendant in the trial also pleaded guilty July 29, admitting to helping create millions in fraudulent mortgage deals to victimize Washington Mutual Bank, JP Morgan Chase, and other lenders in transactions to buy commercial and residential property in Sag Harbor, Cold Spring Harbor, Southampton, and Huntington. The co-defendant pleaded guilty to all of the charges in the indictment including two counts of grand larceny in the first degree, and one charge of grand larceny in the second degree. Both the former legislator and his co-defendant were facing 4 counts of grand larceny that were taken out of a 110-count mortgage fraud indictment filed against them in 2009. Two of those counts allege they stole more than $1 million in mortgage proceeds in separate fraudulent transactions. As part of a second-degree grand larceny charge, the former lawmaker was accused of stealing more than $1 million from Wachovia Bank in an incident involving a mortgage for a house in Southampton in 2008. Source:

20. July 29, Mobile Press-Register – (International) Daphne-born terror suspect placed on U.S. Treasury blacklist. The U.S. Treasury Department July 29 placed a Daphne, Alabama native on a terrorist blacklist to freeze any assets connected with him in the United States and lock him out of the U.S. financial system. The man attended Daphne High and the University of South Alabama before joining the terrorist group al-Shabaab in Somalia. The Office of Foreign Assets Control (OFAC) issued a notice July 29 naming the man and another member of the Somali group to that office’s list of “specially designated nationals.” The assets of those on the list are blocked and U.S. citizens are prohibited from dealing with them financially. The Alabama native has been linked to recruiting and fundraising activities for al-Shabaab in the United States, Canada, and elsewhere, according to published reports. In the background material published on the Treasury Department’s Web site, he is is described as ”one of al-Shabaab’s key figures.” The material further states that: “[He] serves as a military tactician, recruitment strategist and financial manager for al-Shabaab. [He] has commanded guerilla forces in combat, organized attacks and plotted strategy with al-Qa’ida. He was also involved in organizing a suicide bombing attack carried out by a Somali-American from Minnesota who traveled to Somalia to join al-Shabaab. That attack, and four others organized by [the man] and carried out in October 2008, killed more than 20 people.” Source:

21. July 28, Bloomberg – (National) Ex-Pegasus Wireless chief Jasper Knabb pleads guilty to securities fraud. The Ex-CEO of Pegasus Wireless Corp. pleaded guilty July 28 to securities fraud and other charges in connection with a $25 million scheme to sell shares for bogus debt and funnel the proceeds to himself, family and friends. The 44-year-old created 31 fake promissory notes and other documents representing that Pegasus had outstanding debt, a U.S. attorney in San Francisco said July 28. From 2005 to 2008, the ex-CEO caused 490 million shares to be issued to satisfy the bogus debt, prosecutors said. By selling some of the fraudulent shares, he netted $25 million for himself and others, according to the statement. The ex-CEO, a resident of Wenatchee, Washington, pleaded guilty to conspiracy to commit securities fraud, securities fraud, and maintaining false books and records. The maximum penalty for the conspiracy and securities fraud charges is 25 years in prison, and a fine of twice the loss or gain plus restitution. The maximum penalty for the false books charge is 20 years in prison, and twice the loss or gain plus restitution. Source:

22. July 27, Reuters – (International) Fannie/Freddie regulator sues UBS on $900 million loss. The regulator for Fannie Mae and Freddie Mac sued UBS AG July 27 to recover more than $900 million of losses after the Swiss bank misled the housing agencies into buying $4.5 billion of risky mortgage debt. In announcing the lawsuit, the U.S. Federal Housing Finance Agency (FHFA) said it also plans more lawsuits to recover additional losses by Fannie Mae and Freddie Mac from investments in private-label debt. Last July, the FHFA issued 64 subpoenas to banks, seeking details about subprime and other mortgage debt Fannie Mae and Freddie Mac bought when the housing market was healthy. The UBS case is part of a push by Washington D.C. to hold banks responsible for the nation's housing problems. It is also the latest effort to prop up the government-sponsored enterprises (GSEs), whose September 2008 federal seizure has so far cost taxpayers more than $135 billion. According to the UBS complaint, Fannie Mae and Freddie Mac lost more than 20 percent of their investment in more than $4.5 billion of residential mortgage-backed securities the bank sold in 16 securitizations from September 2005 to August 2007. Filed in the U.S. District Court in Manhattan, New York, the complaint also said UBS failed to do adequate due diligence, and hid or misstated the quality of the underlying loans and underwriting, as well as borrowers' ability to make payments. Many of the loans were issued by lenders that later failed or went bankrupt, including American Home Mortgage Investment Corp, IndyMac Bancorp Inc., and New Century Financial Corp. According to the complaint, a review of 966 randomly chosen loans from two "triple-A" rated securitizations in 2006 and 2007 found 78 percent were not underwritten properly. By May 2011, the complaint said, these securitizations were rated "CCC" by Standard & Poor's and "Ca" by Moody's Investors Service, among the lowest junk grades. The lawsuit seeks to recoup Fannie Mae's and Freddie Mac's losses and undo the purchases. Source:

Information Technology Sector

40. August 1, Softpedia – (International) New Mac trojan hijacks Google searches. Security researchers from F-Secure have identified a new Mac OS X click fraud trojan that hijacks Google searches by inserting a rogue DNS entry into the hosts file. The trojan comes hidden as a Fake Player installer so it is likely distributed as part of a social engineering attack that asks users to update Flash Player to see a video or something similar. Once run on the system, the trojan modifies the operating system's hosts file, and inserts an entry that points all Google sites (*) to a rogue IP address under the attackers' control. The hosts file can be used to manually specify DNS entries that take precedence over the responses sent by the system's DNS server. Source:

41. July 30, Softpedia – (International) SecurID data breach cost RSA $66 million. A data breach that resulted in the theft of information related to its SecurID authentication product cost RSA Security and its parent company EMC $66 million so far. According to the Washington Post, the sum was revealed in an earnings call July 26. The costs included expenses associated with monitoring the networks of defense contractors, federal agencies, and other customers who expressed concerns over the integrity of the product after the breach. The intrusion occurred in March and was the result of a spear phishing attack against RSA employees that exploited a zero-day Flash Player vulnerability. The company was very vague following the breach saying only that information regarding its SecurID product was targeted, but that its customers were not at risk. RSA was criticized by the information security community for its lack of transparency regarding this incident, and in May it was reported that a cyber attack against Lockheed Martin involved cloned SecurID devices. Following the attack and the revelation that other military contractors might also have been targeted as a result of its data breach, RSA Security offered to replace all SecurID tokens for concerned customers. Source:

Communications Sector

42. July 29, Pottstown Mercury – (Pennsylvania) Berks County man admits stealing copper from utility poles. A Berks County, Pennsylvania man will be under court supervision for 5 years for his role in copper wire thefts from utility poles in Pottstown and Upper Providence. The man was sentenced in Montgomery County Court to 5 years’ probation after he pleaded guilty to charges of theft by unlawful taking and conspiracy in connection with two incidents that occurred between March and May 2010. The judge also ordered him to share with his alleged co-defendants in the payment of $8,974 in restitution to Verizon Communications, which owned the copper wire. An investigation began in March 2010, when Verizon officials reported to Pottstown police a large section of communication cable had been cut and stolen, the arrest affidavit said. Witnesses told police they observed a subject climb two utility poles and cut off a section of wire, about 160 feet. Two suspects were then observed putting the wire into a Ford pickup truck and leaving the scene, court documents indicate. Pottstown police received a break in the case May 13, 2010, when Upper Providence police spotted two men attempting to steal wire from a utility pole, a criminal complaint said. On the ground near the men, authorities found about 50 feet of copper cable wire and some bolt cutters, according to the arrest affidavit. The men admitted they did not have permission to be on the pole or to take wires from the pole. Source: