Wednesday, August 24, 2011

Complete DHS Daily Report for August 24, 2011

Daily Report

Top Stories

• More than three dozen protesters were arrested August 22 after a chaotic demonstration through downtown San Francisco that snarled traffic and train service during the evening commute. – Associated Press (See item 23)

23. August 23, Associated Press – (California) BART protests: Police arrest demonstrators, multiple stations closed. More than three dozen protesters were arrested August 22 during a chaotic run through downtown San Francisco that snarled traffic and train service during the evening commute. The demonstrations started small at about 5 p.m. in the Bay Area Rapid Transit (BART) agency's Civic Center platform, where two dozen protesters gathered to vent their frustration over BART's shutting wireless service in its downtown stations August 11 to quell a brewing protest. On August 22, BART police arrested four demonstrators on the platform for trespassing on transit property, closed the station, and forced the remaining protesters above ground onto Market Street. The Civic Center and nearby Powell Street stations remained closed during most of the 3-hour protest, angering commuters who were unable to catch trains and had to compete for scarce cabs stuck in a massive traffic jam caused by demonstrators blocking streets. From the Civic Center station, the protesters grew to more than 100 and marched up and down Market Street, with occasional splinter groups breaking off down side streets. Along the way, they tipped over trash cans, threw firecrackers, and shouted at police. Police asked an upscale mall to briefly close as the demonstration passed by and one man was arrested for attempting to start a fire on a corner. Source:

• A 5.9 magnitude earthquake struck the Washington D.C. area August 23, damaging and forcing the closure of schools, and government and commercial buildings, and disrupting car, train, and air transportation. – Washington Post (See item 41)

41. August 23, Washington Post – (Virginia; National) Earthquake rattles Washington area. A 5.9 magnitude earthquake struck the Washington D.C. area August 23, shaking buildings and prompting office workers to pour into the streets of the U.S. Capital. The earthquake’s epicenter was 9 miles south of Mineral, Virginia, and 87 miles southwest of Washington, D.C., according to the U.S. Geological Survey (USGS). At 2.8 magnitude aftershock was reported at 2:46 p.m. Employees fled the U.S. Capitol, and the House and Senate office buildings were evacuated. Most members of Congress were back in their home districts for the August recess. The Union Station complex of train and bus terminals and shops and restaurants was also evacuated. All buildings of the Smithsonian Institution, including Washington’s major museums, closed for the day. The quake caused major transportation tie-ups, with trains running slowly because of track inspections and massive traffic jams reported in parts of the region. All Fairfax County Public Schools activities were canceled for the evening, although those schools that house polling places for the Virginia primary elections will remain open until the polls close, officials said. The quake shook the foundations of the Pentagon, which was temporarily evacuated. A Congressional staffer reported that a portion of a building collapsed on the 300 block of Pennsylvania Avenue in Southeast. At the National Cathedral, the tip of a spire crashed down onto the steps on Pilgrim Road. A U.S. Park Police helicopter did a “preliminary survey” of Washington’s monuments by air and did not find any ”obvious damage,” a spokesman said. D.C. Fire officials were investigating reports of significant cracks in buildings at the Ecuadoran Embassy and Bell Multicultural School, a spokesman said. According to federal officials, two nuclear reactors were taken offline near the quake epicenter, but there were no initial reports of damage. In New York City, buildings shook briefly. Government buildings in the city, including city hall, were evacuated. Early reports on the USGS Web site indicated the quake was felt from New York City to Charlotte, North Carolina, and as far west as Cleveland, Ohio. Source:


Banking and Finance Sector

16. August 23, Inland Valley Daily Bulletin – (California) Authorities arrest suspected 'Tri-Cities Bandit'. An alleged bank robber believed to be the "Tri-Cities Bandit" was arrested August 19 in Topanga Canyon, California, and is suspected in 10 bank robberies. The 39-year-old man was arrested on suspicion of bank robbery following a robbery at a First California Bank in Westlake Village. Authorities stopped his getaway vehicle on the 101 Freeway and recovered the money stolen from the Westlake Village bank. The man is allegedly linked to robberies at banks in Chino Hills, La Verne, Westlake Village, Pasadena, Los Angeles, Brentwood, Tarzana, Glendale, and Burbank during the month of August. A 42-year-old alleged getaway driver was also arrested. Source:

17. August 23, Help Net Security – (International) Ramnit worm uses Zeus Trojan tactics for banking fraud. Trusteer reported August 23 they discovered the 18-month-old, file-infecting worm Win32.Ramnit has morphed into financial malware and is actively attacking banks to commit online fraud. Ramnit configurations captured and reverse engineered by Trusteer were found to incorporate tactics from the Zeus financial malware platform. Ramnit has borrowed from Zeus the ability to inject HTML code into a Web browser, which it is using to bypass two-factor authentication and transaction-signing systems used by financial institutions to protect online banking sessions. Ramnit’s command and control servers are located in Germany and are currently live. According to the Symantec Intelligence Report for July, Ramnit accounts for 17.3 percent of all new malicious software infections. Ramnit was first detected in 2010 and targets .EXE, .SCR, .DLL, .HTML, and other file types. File infection is an old school virus technique that is rarely seen in modern financial malware. Trusteer researchers found the method used to configure Ramnit to target a specific bank is identical to the one used by Zeus. This allows fraudsters who have written configurations for Zeus to easily port their configuration to Ramnit. Source:

18. August 22, Bloomberg – (National) FDIC sues ex-Silverton board, officers for $71 million in bank’s collapse. The Federal Deposit Insurance Corporation (FDIC) sued former directors and officers of Atlanta-based Silverton Bank NA, seeking $71 million to help recoup costs caused by the biggest bank collapse in Georgia history. Silverton consistently disregarded its own policies when making loans, according to the suit filed August 22 in federal court in Atlanta. At the same time, it built a “large and lavish” office building and spent millions of dollars on new corporate aircraft, the FDIC said. The damages sought represent less than a fifth of the $386 million the FDIC spent on Silverton, the lawsuit alleges. The bank was declared insolvent in May 2009. Silverton, a wholesale bank with no consumer operations, was owned and overseen by more than 400 community lenders in the region. It provided banking services, including wire-transfer systems, bond trading and credit-card operations, to about 1,400 institutions in 44 states. Source:

19. August 22, Miami Herald – (Florida) Ocean Bank to pay nearly $11 million in drug money case. Ocean Bank agreed August 22 to pay nearly $11 million to the federal government in a deferred prosecution agreement, to resolve charges that it willfully failed to establish an anti-money laundering program from 2001 through June 2008. The agreement follows a lengthy, multi-agency investigation, dubbed “Operation Dirty Dinero,” that delved into Miami-based Ocean Bank’s handling of several of its customers’ accounts, including transactions with Mexican currency exchange houses, or ” casas de cambio.” In addition to charges the bank failed to set up an anti-money laundering program, the U.S. attorney’s office said Ocean Bank failed to monitor potential money laundering activity in five accounts allegedly used to launder narcotics money. The U.S. attorney’s office said the amount of the payment represents the proceeds of illegal narcotics sales that were laundered. Ocean Bank said the five accounts involved in the investigation have been closed. Source:

20. August 22, IDG News Service – (International) Ukraine arrests four in payment card scam. Ukraine's security service, the SBU, said August 22 it had arrested four people for allegedly creating fake payment cards with stolen information in an operation estimated to have caused $20 million in damages. The SBU said raids conducted earlier this month yielded 1,000 plastic cards and more than 100,000 financial records used to make the cards, according to a translation of a news release. An official contacted at the SBU was unable to immediately give further information. The SBU said it worked with U.S. law enforcement on the operation. Source:

21. August 22, IDG News Service – (International) Hong Kong police say they've arrested stock exchange hacker. Hong Kong police have arrested a local man in connection with an August 10 computer attack on the Hong Kong Stock Exchange. The Hong Kong Exchange was forced to suspend some trading after an attack prevented companies from publishing financial news on the HKExnews website, ComputerWorld reported August 22. The half-day shutdown halted trading for eight companies that had announced results that day, including HSBC, Cathay Pacific, and Dah Sing Bank. Computers were attacked again on the following day, although that attack was thwarted, according to the Hong Kong Exchange. On August 20, the Hong Kong Police Force said it had arrested a 29-year-old suspect in the Kwun Tong district 2 days earlier, seizing computers, mobile phones, and digital storage devices in the raid. Source:

Information Technology Sector

48. August 23, H Security – (International) Chrome 13 update patches security vulnerabilities. Google released version 13.0.782.215 of Chrome for all of its supported platforms, including Chromebooks. According to Google, this maintenance and security update to Chrome 13 addresses 11 vulnerabilities. The latest Stable channel release of the Web browser corrects a Windows-only memory corruption issue, rated as "critical" by Google, in vertex handing. Other holes closed include nine "high-risk" bugs, ranging from multiple use-after-free errors, a cross-origin violation, an integer overflow in uniform arrays and an out-of-bounds write problem in the V8 JavaScript engine, to memory corruption bugs and problems with the built-in PDF viewer. A medium-risk bug related to URL parsing on Windows systems has also been fixed.


49. August 22, The Register – (International) Skype bug may expose users to malicious code. The latest version of Skype for Windows contains a security vulnerability that allows attackers to inject potentially dangerous code into a user's phone session, a German security researcher reported. The XSS, or cross-site scripting, vulnerability in Skype is the result of the voice-over-IP client failing to inspect user-supplied phone numbers for malicious code, the researcher said. As a result, attackers might be able to exploit the bug to inject commands or scripts that hijack the machine running the program. “An attacker could for example inject HTML/JavaScript code,” the researcher wrote in an advisory published August 23. ”It has not been verified though, if it's possible to hijack cookies or to attack the underlying operating system.” An attacker might also exploit the vulnerability to remotely execute malicious JavaScript files on external Web sites, he said. A Skype spokeswoman disputed the researcher's account: "We have had this reported to us by various media outlets and have confirmed that the person is mistaken, this is not a Web window and while it does cause a phone number to be underlined, it does nothing other than this." Source:

For more stories, see items 17 and 21above in the Banking and Finance Sector

Communications Sector

50. August 23, CNN – (National) East Coast quake causes major cell service disruptions. Cell service along the East Coast was spotty for about a half hour August 23 following a Virginia-based earthquake that was felt as far away as New England. There were no reports of downed cell towers or wires, but mobile providers said the fact that millions of people tried to make cell phone calls at the same time overwhelmed cellular relay stations. Verizon Wireless reported network congestion for some customers in the Eastern United States for about 20 minutes following the earthquake, which hit just before 2 p.m. The quake measured at 5.9 on the Richter scale. A Verizon spokesman said the mobile company's infrastructure was built to withstand earthquakes of such a magnitude. An AT&T spokesman also said that there was no infrastructure damage, but the network continues to see "heavy call volumes." He said customers that could not connect might try to communicate by text message, which requires far less bandwidth than phone calls. Sprint told customers via Twitter the provider is experiencing intermittent delays connecting phone calls following the earthquake, citing a "temporary mass calling event." A T-Mobile spokesman also confirmed that the network was experiencing higher call volumes in all earthquake-affected areas. Source:

51. August 22, Federal Communications Commission – (National) Genachowski announces elimination of 83 outdated media rules. The Federal Communications Commission (FCC) Chairman August 22 announced the elimination of 83 outdated and obsolete media-related rules, including Fairness Doctrine regulations. The August 22 action is part of the FCC's reform agenda, which includes retrospective review of rules, elimination of rules that are no longer needed, and revision of rules to reflect changes in technology, thereby clearing the path for greater competition, investment, and job creation. The Fairness Doctrine is not currently enforced by the FCC and has not been applied for more than 20 years. In addition, the FCC also announced the deletion of obsolete "broadcast flag," cable programming service tier rate, and broadcast applications and proceedings rules. The elimination of these rules adds to the over 50 outdated regulations that have already been deleted as part of the regulatory review process. Moreover, the FCC has reduced Commission backlogs, including an 89 percent reduction in satellite licensing applications, and a 30 percent reduction in broadcast licensing applications. The FCC is currently in the process of moving to eliminate 25 sets of data collections from industry that are no longer necessary. Source:

For more stories, see items 23 above in the Banking and Finance Sector and 49 above in the Information Technology Sector