Monday, August 8, 2011

Complete DHS Daily Report for August 8, 2011

Daily Report

Top Stories

• The drought drying up Texas and the Plains, causing about $8 billion in losses to agriculture this year, could persist into 2012, Associated Press reports. (See item 26)

26. August 4, Associated Press – (Texas; National) Drought in Texas, plains may persist until 2012. The drought drying up Texas and parts of the Plains could persist into 2012, prolonging the misery of farmers and ranchers who have endured a dry spell that is now expected to be the state's worst since the 1950s. The U.S. Climate Prediction Center said August 4 the La Nina weather phenomenon blamed for the crippling lack of rain might be back soon, just 2 months after the last La Nina ended. If that happens, the drought would almost certainly extend into 2012. The extreme dry conditions have been made worse by week after week of triple-digit temperatures, which have caused reservoirs to evaporate, crops to wither, and animals and fish to die off by the thousands. Statewide demand for power was expected to approach the maximum August 4 for a fourth straight day. Some large industrial plants were forced off the overburdened electric grid, requiring them to shut down or rely on their own power reserves. Utilities warned residential customers of the potential for rolling outages. Farms and dead pastures have been hurt the most. The agriculture industry, which accounts for nearly 9 percent of the Texas economy, may be headed for the biggest single-year losses ever — potentially as high as $8 billion, according to the Texas AgriLife Extension Service. About 70 percent of Texas rangeland and pastures are classified as being in very poor condition, which means there has been complete or near-complete crop failure or there is no food for grazing livestock. Source: http://news.yahoo.com/drought-texas-plains-may-persist-until-2012-013036089.html

• A cybersecurity researcher at a conference showed how to take control of Siemens S7 computers that control industrial control systems, according to IDG News Service. See item 44 below in the Information Technology Sector

Details

Banking and Finance Sector

15. August 4, FOX News – (New York; Florida) 14 charged in $60 million mortgage fraud scheme. Fourteen people were charged with participating in a nearly $60 million mortgage fraud ring August 4 following an FBI crackdown, according to FoxNews.com. The alleged members of the mortgage fraud ring include real estate attorneys, title closers, appraisers, and straw buyers. They were charged with conspiracy to commit bank fraud and wire fraud charges. The scheme involved more than 100 properties in New York and Florida, many of which are now in default or foreclosure. The FBI has 10 of the suspects in custody, and is negotiating the surrender of others. Thirteen live in the New York area. The other alleged member of the mortgage fraud ring was arrested in Texas August 4. The alleged leader of the ring, according to the indictment, is a man who created numerous mortgage brokerages, including First Class Equities of Long Island, and TAT Mutual Capital. Through these brokerages, the subject allegedly facilitated fraudulent real estate loan transactions throughout the New York metropolitan area. Five loan officers, four attorneys, and one disbarred attorney also were charged in connection to the alleged mortgage fraud. From 2004 to 2009, the head of the scheme and his co-conspirators allegedly arranged home sales between "straw buyers" — persons who posed as home buyers, but who had no intention of living in, or paying for, the mortgaged properties — and homeowners, often people in financial distress, who were willing to sell their homes. These straw buyers were allegedly paid hefty sums to obtain fraudulent mortgages, which were obtained by submitting fraudulent applications and documents, including fake W-2s and tax stubs, according to the indictment. Source: http://www.foxnews.com/us/2011/08/04/exclusive-13-charged-in-60-million-mortgage-fraud-scheme/

16. August 4, Associated Press – (Texas) Former Laredo bank employee charged in fraud. U.S. Secret Service agents August 4 arrested a former Laredo, Texas bank employee indicted on 73 counts related to a scheme that agents said took about $8 million from customer accounts. A federal indictment accuses the 35-year-old woman of conspiracy to commit bank fraud, money laundering, and other crimes. The statement said she transferred the money from several customers' accounts at Compass Bank. She is also accused of giving handouts to friends and investments in businesses, including more than $3 million in a local night club. The money was also used to buy vehicles and a South Padre Island condominium. The bank has already sued the former employee. Source: http://www.chron.com/disp/story.mpl/ap/tx/7684061.html

For another story, see item 45 below in the Information Technology Sector

Information Technology Sector

42. August 4, Softpedia – (International) Cisco CDs lead to rogue website. Cisco warns customers who received warranty CDs between December 2010 and August 2011 that they led to a Web site known as a malware repository. "When the CD is opened with a web browser, it automatically and without warning accesses this third-party website. Additionally, on computers where the operating system is configured to automatically open inserted media, the computer's default web browser will access the third-party site when the CD is inserted, without requiring any further action by the user," the company explained. Cisco does not believe customers were at risk of being infected at any time during this period because the Web site was inactive. However, since this might change in the future, users were advised not to use the CDs. CDs that do not have a revision number printed on them in the form of "Revision -#0," where # is a letter, and were received during the aforementioned period, most likely point to the rogue Web site. "Warranty CDs with the revision '-F0' or later do not contain a reference to the third-party website," the company noted. The affected CDs have the titles: Cisco 1-Year Limited Hardware Warranty Terms, Cisco Limited 5-Year Hardware and 1-Year Software Warranty Terms, Cisco 90-Day Limited Hardware Warranty Terms, Cisco Information Packet - Cisco Limited Warranty, Disclaimer of Warranty, End User License Agreement, and US FCC Notice, Cisco Limited Lifetime Hardware Warranty Terms, and End User License Agreement. Clean images of these CDs can be downloaded from Cisco's Web site, and all of the contained documents are also available online. Source: http://news.softpedia.com/news/Cisco-CDs-Lead-to-Rogue-Website-215228.shtml

43. August 4, IDG News Services – (National) Spam king Sanford Wallace indicted for Facebook spam. A notorious spam king is facing federal fraud charges for allegedly breaking into Facebook accounts and sending 27 million spam messages in 2008 and 2009. The suspect, age 43, allegedly used a phishing attack to steal usernames and passwords from victims, and then used the stolen credentials to post spam to victims walls, the U.S. Department of Justice said. He allegedly made money from the scam by driving Web traffic to affiliate marketing companies, who pay their members by the number of clicks they can deliver to Web sites. The charges are outlined in an indictment, filed July 6 but made public August 4 after the suspect turned himself in to federal authorities. He could get more than 16 years in prison, if convicted. The suspect was released August 4 on a $100,000 bond. His next appearance is set for August 22 at the U.S. District Court for the Northern District of California in San Jose, California. Source: http://www.computerworld.com/s/article/9218897/Spam_king_Sanford_Wallace_indicted_for_Facebook_spam

44. August 4, IDG News Services – (International) A power plant hack that anybody could use. The night before the start of the Black Hat hacker conference in Las Vegas, a security researcher gave a demonstration to a small audience. The topic: how a hacker could take over the Siemens S7 computers that are used to control engines, machines and turbines in tens of thousands of industrial facilities. The NSS Labs researcher said he has found ways to bypass the S7's security measures and read and write data into the computer's memory — even when the system has password protection enabled. He can steal sensitive information from the systems, he said. And on one model, the S7 300, he found a command shell, apparently left in the system's firmware by Siemens engineers, that he can connect to and use to run commands on the system. After poking around for a bit, he discovered a hard-coded username and password that allowed him access to a Unix-like shell program on the systems, where he can run his own commands. This shell is a "back door" to the system that could be misused by an attacker, he said. Source: http://www.computerworld.com/s/article/9218892/A_power_plant_hack_that_anybody_could_use

45. August 4, DarkReading – (International) Wardriving evolves into warflying. August 3 at the Black Hat conference, two security researchers demonstrated how a radio-controlled model airplane outfitted with a computer and 4G connectivity could be used to create a nearly undetectable aerial hacking device that could perpetrate aerial attacks on targets otherwise unreachable by land. Created completely with off-the-shelf equipment and open-source software — and with a budget of only about $6,100 — the demo plane they brought on stage with them was capable of wireless network sniffing and cracking, cell tower spoofing, cell phone tracking and call interception, data exfiltration, and video surveillance. Built on top of a surplus Army target drone, the device has been equipped with multiple wireless antennae and a microcomputer loaded with GPS, wireless sniffing tools, and the Backtrack 5 penetration testing toolkit. The 14-pound, 6-foot-long plane connects through a 4G dongle with a small base station that controls it using Google Earth and an open-source autopilot software solution. The base station streams data gathered by the plane and sends it over a VPN connection to a more robust back-end PC, which can take care of the heavy-lifting, such as crunching through large dictionaries to perform brute-force attacks. The Internet connectivity would make it possible to also crowdsource data to multiple hackers with different skill sets if a project needed the manpower. The plane itself is powered off of an electric engine that is hard to detect by ear once it is as close as 50 feet away. Though Federal Aviation Administration regulations prohibit flight of such devices from going above 400 feet, the drone itself would be capable of going well above 20,000 feet in altitude. Source: http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/231300240/wardriving-evolves-into-warflying.html

46. August 4, Kaspersky Lab Security News Service – (International) Securing mobile devices may be an impossible task. A panel of researchers focused on looking for attacks and bugs at various levels of the mobile device and infrastructure said at the Black Hat conference that there are so many ways an attacker can compromise phones from the infrastructure all the way down to the application level, defending against all of them is highly problematic. Attacks against smartphones such as BlackBerrys, iPhones, and Android phones have become quite prevalent in recent years and many of them have focused on getting malicious apps on users' phones. That is a quick and easy way to get access to user data and sensitive information. But there are a slew of other real and potential vectors attackers have at their disposal now, as well. Going after the device firmware is one potential method, as is attacking the mobile infrastructure itself. "If I can update your phone remotely, I own the phone at every level and I own you. It's game over," a senior security consultant at iSEC Partners said during the panel discussion. Such an attack against a widely deployed smartphone platform would give an attacker easy access to the data of millions of customers. But that kind of attack so far has not been necessary to get malware or backdoors on users' phones. In many cases, they will just install them themselves when they download Trojaned or malicious apps from mobile app store. There have been several incidents in the last year in which malicious apps were found in the Android Market, and Google has had to remove them and sometimes remotely remove the apps from victims' devices. Those kinds of attacks also can serve to hand over large amounts of user data to attackers in a short amount of time. Some of the panelists said restricting what apps users can download and taking away their ability to set permissions for those apps would be a good step in the right direction. Source: http://threatpost.com/en_us/blogs/securing-mobile-devices-may-be-impossible-task-080411

For another story, see item 49 below in the Communications Sector

Communications Sector

47. August 5, Salina Journal – (National) Lightning knocks KINA off air. Apparent lightning strikes at or near the corner of Cloud and Ohio streets in Salina, Kansas, caused KINA and 99 KG radio stations to go off the air August 5. A captain with the Salina Police Department said firefighters and paramedics were sent to Cloud and Ohio street after lightning struck a car at 5:27 a.m. A KINA announcer said he was at the Eagle Communications radio station at 5:30 a.m. when the lightning struck. The radio station’s studio link transmitter, satellite systems, and other equipment were taken out by what is believed to have been a direct hit, he said, and the Eagle Communications phone system also was damaged. Source: http://www.salina.com/news/story/KINA8-5-11

48. August 5, Duluth News Tribune – (Minnesota) Copper thieves tied to phone, Internet outage near Cloquet. The damage to a Qwest fiber optic line that knocked out communications in Carlton County, Minnesota, July 20 might have been caused by copper thieves, authorities said. The Duluth News Tribune reported August 5 that although no one has been arrested, the Cloquet Police chief said he believes copper thieves were responsible for the act that disabled most 911 service in Carlton County. The same cut line affected Qwest-provided phone and Internet services in Cloquet, Carlton, Barnum, and Moose Lake from about 4:30 a.m. to 3 p.m. July 20. “We don’t know if (the fiber optic line) was cut with the intention of disrupting the 911 system or to steal the cable for financial gain,” the St. Louis County sheriff said, confirming the cable was cut deliberately, rather than by accident or force of nature. The perpetrators were down a manhole when they cut the fiber optic cable and, while a small amount of copper could have been inside, it likely would be worthless as scrap, police said. Source: http://www.duluthnewstribune.com/event/article/id/206034/group/homepage/

49. August 4, TMC Net – (New York) Cellphone service restored to AT&T users in New York City. Users who were trying to use their AT&T wireless devices August 4 in New York City were finding they could neither make a call nor receive one –- because of a “software upgrade”, according to media reports. NBC News reported the glitch started at about 1:30 a.m. based on what they were told by a company representative. Smart phones were not as affected as mobile phones, NBC reported. When AT&T mobile phone users tried to make a call, a message appeared that the circuit or channel was not available, NBC added. Calls were also going right to voicemail, media reports said. The issue was apparently limited to phones within New York City. But, NBC reported smart phone users apparently could still text, and send/receive e-mails. Service later in the day was restored after ”a software issue occurred during routine maintenance which caused some customers on Long Island and in parts of Brooklyn, Queens, and Manhattan to experience voice service disruptions this morning,” Engadget said. Source: http://www.tmcnet.com/topics/articles/204568-cellphone-service-restored-att-users-new-york-city.htm

For more stories, see items 45 and 46 above in the Information Technology Sector