Monday, September 26, 2011

Complete DHS Daily Report for September 26, 2011

Daily Report

Top Stories

• The former manager of the Milford, Massachusetts, Water Co. was indicted by a grand jury for tampering with water samples so the state would lift a boil order on the contaminated public water supply. – Milford Daily News (See item 32)

32. September 22, Milford Daily News – (Massachusetts) AG: Former Milford Water Co. manager tampered with samples. The former manager of the Milford, Massachusetts-based Milford Water Co. was indicted by a Worcester County grand jury on six counts of tampering with an environmental-monitoring device or method, and two counts of making false statements, the attorney general's office said September 21. Investigators allege the manager added chlorine to samples in August 2009 so the state would lift an order for the public to boil the contaminated public water supply. The boil order was in place for almost 2 weeks because the water tested positive for E. coli, with the town distributing 167,000 gallons of bottled water — an average of 18,000 gallons a day — during the ban. Authorities traced the problem to the corroded roof of a water tank. According to the attorney general's office, the manager submitted tampered samples to a lab for testing. During tests, the samples immediately turned black. Lab technicians found the chlorine level was so high it exceeded the limits of the test. The Massachusetts Department of Environmental Protection (DEP) and the inter-agency Massachusetts Environmental Strike Force later tested the suspicious samples and found levels of chlorine in some samples that were 700 times greater than the acceptable level for drinking water. The privately owned Milford Water Co. has made improvements since the boil-water order, including changing its manager and, as required by a DEP consent order issued after the boil water incident, making plans to build a new treatment plant by 2013, an official said. The former manager retired from the company in December 2009. Source:

• Police in Toledo, Ohio, are investigating after bullets were fired at two fire stations, and a suspicious package was planted at another fire station over the course of two days. – WTOL 11 Toledo (See item 40)

40. September 22, WTOL 11 Toledo – (Ohio) Three threats in two days against Toledo fire stations. Police are investigating two shootings and a bomb threat at three fire stations in Toledo, Ohio. Around noon September 22, firefighters at Fire Station 18, located at 5221 Lewis, discovered a suspicious package outside the station. The Toledo Police called in their bomb squad, which dismantled the package. Inside was found a propane tank and a bag of charcoal. On September 21, sometime between 4 and 4:30 p.m., firefighters at Fire Station 6, located at 642 Starr Avenue, heard five shots fired. Two of the bullets made it inside the fire department. One of the bullets ricocheted off of one of the fire trucks, and one bullet lodged itself in a back wall. The shots were fired at an area frequently used by firefighters. No spent shells were found outside the station. Also on September 21, bullets were fired at Fire Station 9 at 900 South Street. Source:


Banking and Finance Sector

15. September 23, Spokane Spokesman-Review – (International) SEC accuses woman of huge Ponzi scheme. The U.S. Securities and Exchange Commission (SEC) September 22 accused the owner of a bankrupt Spokane, Washington-based payday loan business with conducting a massive Ponzi scheme. The SEC alleges she defrauded investors in her company, Little Loan Shoppe, by misrepresenting the profitability and safety of investments, and giving them the false impression their money was being used to grow her business. Millions of dollars also were misappropriated for personal use, the agency alleged. According to the complaint filed in federal court, she raised about $135 million between 1999 and 2008 from at least 650 investors in the United States, Canada, and Mexico. She misled investors by telling them Little Loan was financially sound, the SEC said. The complaint alleges she sold promissory notes assuring investors of annual returns of 40 to 60 percent she claimed would be paid through Little Loan's profits. She also told investors their money was safe because she had insurance or a separate account to pay back investors. As the scheme neared collapse in mid-2008, the complaint alleges she made a last-ditch effort to attract new investments by announcing a “window to invest” and falsely telling investors Little Loan had ”defied financial gravity” in the deteriorating economy. Investors responded by pouring millions more into Little Loan. The business soon buckled, payments were cut and missed, and investors dragged the company into bankruptcy in 2009. The SEC charged her with violating the antifraud and registration provisions of the federal securities laws. In seeking bankruptcy protection, the company claimed it owed more than $100 million to more than 1,300 creditors. Source:

16. September 23, Softpedia – (International) Millions stolen through Internet retail scam. Approximately $450 million was illegally obtained by a man who allegedly sold products and services on the Internet and took advantage of hidden charge clauses to con people. The U.S. Federal Trade Commission (FTC) heard of his operation and immediately shut it down. By hiding behind 10 company names, the head of the scheme commercialized all sorts of products from personal care items to acai berry weight-loss pills, and even health supplements. He offered users in the United States and other countries free product trials that were actually charged with up to $80 even if the customer did not at any time agree to pay the amount. After freezing the man's assets, the court stated “Not only has [the FTC] shown a likelihood that Defendants have engaged in misleading marketing practices, but it has also shown that Defendants have moved substantial funds to offshore companies and bank accounts. . .” To better hide his income, the man opened bank accounts in Cyprus, where he also established several holding companies to facilitate international merchant banking. A woman and her company, Mobile Web Media LLC, were also charged for aiding the man by offering credit and debit card processing services. During the trial, the accused parties are banned from selling or offering any products as free trial or as bonus, and they're also forbidden from making any sort of Internet transactions that might be misinterpreted or misleading. Source:

17. September 22, Twin Cities Business – (Minnesota) Former MN bank executives face new fraud charges. Two former officers of a St. Paul, Minnesota bank and a customer are facing additional charges in an alleged $1.9 million “check-kiting” scheme that led to the closure of Pinehurst Bank, Minnesota’s U.S. attorney’s office said September 22. The 57-year-old former president of Pinehurst and the bank’s 43-year-old former chief credit officer and senior vice president were each charged with five counts of misapplication of bank funds in June. A 71-year-old customer, was charged with the same counts. The 57-year-old now also faces one count of bank fraud, and one count of making a false statement. The 43-year-old has now been charged with one count of bank fraud, and two counts of making false statements, and the customer has been charged with two counts of bank fraud, and one count of theft from an employee benefit plan. The customer is accused of kiting increasingly large sums between Pinehurst and a second bank from March 2006 until February 2009, when the second bank discovered his insufficient funds and returned more than $1.8 million in bad checks to Pinehurst. The Pinehurst employees then allegedly recruited five straw borrowers to get $1.9 million in loans from Pinehurst for the customer, and the three defendants concealed the scheme from the bank’s board and regulators. Each defendant faces up to 30 years in prison for each bank fraud and misapplication count. The bank employees also face a maximum of 5 years on each false statements count, while the customer faces up to 5 years for his count of theft from an employee benefit plan. Source:

18. September 22, Bloomberg – (National) Investment club manager pleads guilty to $40 million fraud. A Michigan man who ran an “investment club” pleaded guilty September 22 in federal court in Virginia to defrauding more than 750 members out of almost $40 million. The 46-year-old entered his guilty plea in U.S. district court in Alexandria to one count of wire fraud. He faces a maximum penalty of 20 years in prison, according to court documents. ”[He] took huge risks with others’ money and lost big,” a U.S. attorney in Alexandria said. “He covered up his massive losses through lies and deceit to members of his investment club.” From 2006 through July 2009, the man solicited about $40 million from investors who were members of a club he created that the Commodity Futures Trading Commission (CFTC) in a lawsuit described as a ”commodity pool.” He told them their money was being invested through an equities-trading system developed by an expert consultant, Trade LLC, with a promised return on investment of 10 percent per month, according to court papers filed in Alexandria and in a related lawsuit in Michigan. Trade LLC, which is no longer in business, was sued separately by the commission over activities related to the club, according to the CFTC. Only $6 million was invested with Trade LLC, prosecutors said. The rest was “secretly invested” in more than 25 other ”high-risk” ventures, losing almost $34 million, the government said. In 2009, the man stopped investing in Trade LLC and “re-deposited” that money in other losing ventures, according to court documents. He also created false monthly statements for his investors showing they were making money, prosecutors said. Source:

19. September 22, Charleston State Journal – (West Virginia; Michigan) Man arrested after 126 fraudulent credit cards found in vehicle. One man was behind bars September 22 after 126 fraudulent credit cards were found in his vehicle in West Virginia. According to a U.S. attorney, the 25-year-old Michigan man was arrested after a nearly hour-long search September 21 on the bridge over I-70 near Cabela Drive. The stop was made by the Mountaineer Highway Interdiction Team, and the FBI and Secret Service are assisting with the case. An officer with the West Virginia State Police said suspicion was gained during the traffic stop, that led officers to search the vehicle. "We're dealing with multiple jurisdictions, tying a criminal organization from the Detroit, Michigan area to their destination travels of Morgantown, West Virginia, to try and uncover just what it was they were doing, coming to West Virginia and why they had 126 fraudulent cards that represent 126 potential bank accounts ... on them," the officer said. Source:

20. September 22, WTAM 1100 AM Cleveland – (Ohio) Indictments handed-up in mortgage scam. Investigators September 22 announced the indictment of 32 defendants for fraudulently obtaining $5.1 million in loans to purchase 44 houses in Cuyahoga County, Ohio. According to the Cuyahoga County Mortgage Fraud Task Force, a 40-year-old Cleveland man, a 50-year-old Cleveland man, and a 49-year-old Parma man, were the key members of the enterprise. They and 29 other defendants were indicted by a Cuyahoga County grand jury for engaging in a scheme that involved buyers, sellers, mortgage brokers, loan officers, title agents and processors, private investors, and appraisers. According to an assistant prosecutor, the scam involved houses purchased at sheriff’s sales or other sources for meager amounts, with mortgages taken out on those properties simultaneously, with an open-end loan allowing their values to be artificially inflated. Authorities contend most of the properties were purchased without any of the buyers’ personal money. They also claim

many of the title company files contained invoices for rehabilitation work done by one company in particular, when in fact no work had been done to the property. Officials site fraudulent invoices they believe show most of the buyers were paid for lending their names and credit to the transactions. Investigators maintain some buyers were duped into participating in the scheme on the pretense they would become investors and reap the benefits when they sold the houses after owning them for a few years, while others knowingly participated by buying the properties, never intending to occupy, lease, or maintain them. They said most of those buyers received payments of several thousand dollars after the properties sold. Source:

21. September 22, Crain's Detroit Business – (Michigan) Injunction sought against couple, attorney accused of preparing fraudulent tax returns. The U.S. Department of Justice (DOJ) September 22 was seeking an injunction against a Sterling Heights couple and their Oakland County attorney to stop them from preparing allegedly fraudulent income tax returns for Southeast Michigan residents. The DOJ brought civil action against a minister at Perfecting Church in Detroit and his wife along with their company, Diamond & Associates Enterprises LLC, and an attorney and owner of Southfield-based T. Daniels & Associates PLLC. The civil complaint alleges the minister, his wife, and their company prepared more than 180 income tax returns for taxpayers on income in 2009 and 2010, and sought more than $29 million in fraudulent refunds. In 2010, Diamond Tax Services allegedly began filing false returns as a paid preparer of returns for taxpayers under the federal Filing Information Returns Electronically system of the Internal Revenue Service (IRS). Under the scheme, the couple allegedly told taxpayers they had a secret account within the U.S. Department of Treasury that could hold up to millions of dollars and which they could access to pay debts, as a credit against tax liabilities or to draw upon for refunds. The preparers then filed an IRS form, usually a 1099-OID or Original Issue Discount form, claiming the taxpayer was an issuer or purchaser of a debt instrument for which income was previously withheld for taxes. This increased the taxpayer’s tax liability, but also used the phony withholding as a credit or deduction. The DOJ estimates the IRS has paid out nearly $1.7 million in “erroneous refunds because of [their] fabricated withholding claims." Returns prepared through Diamond Tax Services allegedly have sought fraudulent refunds for tax years going back to 2006, and the couple allegedly sought $2.5 million in bogus refunds on their own returns. Source:

22. September 22, IDG News Service – (National) FTC targets mortgage and debt relief Web sites. The U.S. Federal Trade Commission (FTC) September 22 asked a court to shut down Web sites that falsely suggested they were federal consumer assistance agencies or affiliated with government agencies focused on mortgage or debt relief. Web sites operated by a man from San Antonio allegedly misled consumers about their connection to the U.S. government, the FTC said in a press release. The man conducted business as the Department of Consumer Services Protection Commission, U.S. Debt Care, and World Law Debt. The Web sites had no government connection, but instead referred customers with financial problems to companies selling mortgage, tax and debt relief services, with promises that consumers' debts would be substantially reduced or eliminated, according to the complaint. The FTC asked the court to permanently shut down the man's operation. The FTC charged the man with multiple violations of the FTC Act for allegedly misrepresenting his affiliations with federal agencies, misrepresenting that the services advertised on his Web sites were government-approved, and making deceptive debt relief claims. His businesses also violated rules governing telemarketing and mortgage relief, the agency said. The man, a lead generator for other businesses, impersonated the FTC and other agencies, the FTC said. His Department of Consumer Services Protection Commission appears to combine two real government agencies, the FTC and the Consumer Financial Protection Bureau, the agency said. His Web sites used the FTC's official seal and copied language about the fictitious agency's consumer protection mission almost verbatim from the FTC site. Source:

For another story, see item 48 below in the Information Technology Sector

Information Technology Sector

44. September 23, Softpedia – (International) Browser vendors prepare for SSL attacks. Soon, SSL BEAST research will be revealed and Web browser vendors will have to devise new ways of protecting their products from attack. The easiest way to fix the problem would be to upgrade to the newer versions of the security protocols implemented so far. For example, TLS 1.1 and 1.2 are insusceptible to the attack, but the problem is most Web sites do not support these types of encryption protocols. Opera has already successfully incorporated the improved protocols and they are activated by default. Internet Explorer 9 has the ability to protect users against SSL attacks, but only if they activate the later versions manually. Google officials are patching up Chrome, their only fear being they might have to make a forced release of the product because of hacking activities. Mozilla's Firefox only support SSL 3.0 and TLS 1.0, which are highly vulnerable to the BEAST's attack. Source:

45. September 23, threatpost – (International) New Mac OS X trojan Imuler hides inside malicious PDF. Malware that targets Mac OS X is not anywhere near catching up to Windows-based malware in terms of volume and variety, but it appears OS X malware may be adopting some of the more successful tactics Windows viruses have been using to trick users. Researchers have come across a sample of an OS X-based trojan that disguises itself as a PDF file, a technique in favor among Windows malware authors for several years now. The new piece of malware hides inside a PDF file and delivers a backdoor that hides on the user's machine once the malicious file is opened. Once the user executes the malware, it puts the malicious PDF on the machine and then opens it as a way to hide the malicious activity going on in the background, according to an analysis by researchers at F-Secure. The trojan then installs the backdoor, which is named Imuler.A, which attempts to communicate with a command-and-control server. That server is not capable of communicating with the malware, however, the researchers found, so the malware is on its own once it is installed on a victim's machine. Source:

46. September 23, IDG News Service – (International) 'Lurid' malware hits Russia, CIS countries. Researchers from Trend Micro said September 22 they discovered a series of hacking attacks targeting space-related government agencies, diplomatic missions, research institutions, and companies located mostly in Russia but also Vietnam and Commonwealth of Independent States countries. In total, the attacks targeted 1,465 computers in 61 countries. The attacks, which Trend Micro dubbed "Lurid," are not particularly unusual compared to other stealthy, long-range hacking campaigns publicized recently, according to Trend Micro's director of security research and communication for Europe. Targeted e-mails were sent to employees that were engineered to attack unpatched software and sought to steal spreadsheets, Word documents, and other data. The pilfered documents were then uploaded to Web sites hosted on command-and-control servers in the United States and the United Kingdom, the director said. The location of the servers in these attacks shows hackers can choose servers anywhere in the world to collect stolen data, which is not an indication of where the hackers may be located, he said. Source:

47. September 22, CNET News – (Arizona; California; International) Alleged LulzSec, Anonymous hackers arrested in Ariz., Calif. An 23-year-old man from Phoenix, Arizona, was arrested September 22 for allegedly stealing data from Sony Pictures Entertainment earlier in 2011, and two others were indicted on charges of participating in a denial-of-service (DoS) attack that temporarily shut down Santa Cruz County, California servers in late 2010. The 23-year-old was indicted September 2 by a federal grand jury on charges of conspiracy and unauthorized impairment of a protected computer, the FBI said in a statement. Separately, a 47-year-old man from Mountain View, California, was arrested and appeared before a magistrate judge in U.S. District Court for the Northern District of California in San Jose, said a U.S. Department of Justice statement released September 22. The judge ordered a bail study be done, and set a court appearance for September 29. The 47-year-old, who allegedly uses the alias "Commander X," and a 26-year-old from Ohio, were indicted on charges of conspiracy to cause intentional damage to a protected computer, causing intentional damage to a protected computer, and aiding and abetting by participating in a distributed DoS attack on Santa Cruz County servers December 16, 2010, shutting down the Web site. A criminal summons was issued to the 26-year-old, aka "Absolem" or "Toxic," to appear before a magistrate in San Jose November 1. Source:

48. September 21, Computer Weekly – (International) Hackers turn to online games to target victims. Scammers and hackers are increasingly using online games to trick victims into installing malicious software onto computers, warns security firm BitDefender. Children are the most obvious target with simple games being laced with botnet infections and malware targeting financial data. The problem is only set to grow, said BitDefender, with a recent online survey revealing that about 47 percent of children in the United Kingdom and the United States have their own social network accounts, and a quarter of parents do not monitor their children's online activity. In the past week, BitDefender researchers have discovered more than half a dozen samples of games rigged with trojans that could steer children to Web pages that install malicious software potentially capable of stealing financial data or injecting spyware. Cyber criminals are also targeting children through educational and entertainment sites. In all cases, researchers found the malicious code was planted on legitimate, high-traffic Web sites. Source:

49. September 20, threatpost – (International) Nation-state attackers are Adobe's biggest worry. Attackers have made Adobe's products key targets for the last several years, routinely going after bugs in Reader, Flash, and Acrobat in targeted attacks and widespread campaigns alike. However, it is not just the rank-and-file miscreants who are making Adobe a priority; it is more often nation-states, the company's top security official said. Adobe, like many other large software companies, has contacts in the big defense contractors, government agencies, and other organizations that are most often the targets of state-sponsored attacks. So when a new attack begins, the company typically hears about it within hours as customers begin to call and report a new threat involving an Adobe product. Since the company began its software security program several years ago, the sophistication level of the people finding and exploiting new bugs in Flash or Reader has gone up significantly. Now, according to the senior director of product security and privacy at Adobe, it is at a point where the company's main adversaries are state-sponsored actors. Source:

Communications Sector

Nothing to report

Friday, September 23, 2011

Complete DHS Daily Report for September 23, 2011

Daily Report

Top Stories

• “Incorrect manufacturing” of the fuselage led to the in-flight rupture of an American Airlines Boeing 757 in 2010, and similar damage was found on two other 757s, the National Transportation Safety Board reported. – (See item 9)

9. September 21, – (National) ‘Incorrect manufacturing’ led to hole in Boeing 757. ”Incorrect manufacturing” of a panel led to the rupture of an American Airlines Boeing 757 in flight last year and similar cracking in the fuselage of two other 757s, the National Transportation Safety Board (NTSB) reported September 19. But investigators could not find a cause of the defect because Boeing had not kept manufacturing records and was not required to, the NTSB said. An approximately 18-inch-by-7-inch hole opened in the 757-200 about 16 minutes after takeoff from Miami International Airport October 26, 2010, decompressing the cabin at about 32,000 feet. The airplane returned to Miami with no injuries among the 160 people aboard. Investigators found fatigue cracking of the upper fuselage skin above the forward left passenger door led to the rupture. They found skin thickness of 0.034 to 0.035 inches, less than Boeing’s specified minimum of 0.037 inches. A second American 757 and a United Airlines 757 were found to have similar cracking, the NTSB reported, adding the planes had skin thinner than manufacturing specs. The 757 that developed the hole entered service in 1990 and had flown 63,010 hours on 22,450 flights. Starting April 16, the government required companies to keep manufacturing records for 5 years in general, up from 2, and 10 years for critical components. This rule would not have affected the availability of records on the 757 that developed the hole, given its age. Source:

• The Securities and Exchange Commission fined the co-founder of institutional money manager AXA Rosenberg $2.5 million for securities fraud for concealing a computer code error that caused clients to lose $217 million. – U.S. Securities and Exchange Commission See item 12 below in the Information Technology Sector


Banking and Finance Sector

11. September 22, Associated Press – (New York) NY woman convicted in Va. bank fraud case. A New York woman was convicted September 22 in Virginia for participating in a scheme to fraudulently tap into home equity lines of credit and credit card accounts. A federal jury in Richmond convicted the 41-year-old on a dozen conspiracy, bank fraud, and money laundering counts. A U.S. attorney said she faces up to 30 years on seven counts and up to 20 years on five counts when she is sentenced December 19. According to the government, the woman and others transferred large amounts of money from home equity and credit card accounts to bank accounts controlled by so-called “money mules,” who would withdraw the proceeds to be shared by the conspirators. The woman’s role was to recruit the money mules and distribute the money. Source:

12. September 22, U.S. Securities and Exchange Commission – (National) SEC charges Quant manager with fraud. The U.S. Securities and Exchange Commission (SEC) September 22 charged the co-founder of institutional money manager AXA Rosenberg with securities fraud for concealing a significant error in the computer code of the quantitative investment model he developed and provided to the firm’s entities for use in managing client assets. According to the SEC’s order instituting administrative proceedings, the money manager learned of the error in June 2009, but directed others to keep quiet about it and not fix it immediately. He denied the existence of any significant errors during an October 2009 board meeting discussion about performance. AXA disclosed the error to SEC examination staff in March 2010 after being informed of an impending SEC examination. The error was not disclosed to clients until April 2010, causing them $217 million in losses. The money manager has agreed to settle the SEC’s charges by paying a $2.5 million penalty, and consenting to a lifetime securities industry bar. The SEC previously charged AXA and its affiliated investment advisers, and they agreed to pay $217 million to harmed clients plus a $25 million penalty. According to the SEC’s order, the manager created the model, oversaw research projects to improve and enhance it, and exercised significant authority. The material error in the computer code disabled a key component for managing risk, and affected the model’s ability to perform. The SEC’s order found that due to the man’s misconduct, AXA and its affiliated investment advisers misrepresented to clients that the model’s underperformance was attributable to factors other than the error, and inaccurately stated the model was controlling risk correctly. His instructions to delay fixing the error caused additional client losses. In its order, the SEC found the man willfully violated anti-fraud provisions of the Investment Advisers Act of 1940, Sections 206(1) and 206(2). Source:

13. September 21, Modesto Bee – (National) Mortgage fraud indictment has Stanislaus ties. A Utah man was indicted September 21 by federal authorities in connection with a multimillion-dollar mortgage fraud scheme in West Virginia, and alleged mail fraud linked to a similar scam involving 20 properties in Stanislaus County, California. A man from Sandy, Utah, was charged with one count of mail fraud linked to the Stanislaus County properties, according to the U.S. attorney’s office in Sacramento. Federal prosecutors said he used “The Gift Program” to fraudulently obtain more than $14 million in loans that caused California lenders to lose $7.2 million. A second suspect in the California scheme was indicted in late July and is awaiting trial. He also is facing a 30-count federal indictment in connection with wire fraud and criminal forfeiture in which he is accused of targeting victims in at least 8 states who were seeking multimillion-dollar loans for large construction projects that were in danger of being foreclosed on. Federal prosecutors said the California “Gift Program” scam was operated similarly to the mortgage fraud scheme in West Virginia. The scheme involved illegal property “flipping” to out-of-state borrowers at inflated prices using the man’s company “The Gift Program” or “Advanced Capital Services,” according to prosecutors. He was charged with one count of conspiracy to commit wire fraud and bank fraud in the U.S. Southern District of West Virginia. A 51-year-old man from South Weber, Utah, was arrested September 19. He was named in an 18-count indictment that included wire fraud, bank fraud, and conspiracy charges. The pair are believed to be co-conspirators, prosecutors said. Source:

Information Technology Sector

32. September 22, H Security – (International) Adobe publishes emergency patch to fix critical Flash vulnerabilities. Adobe published an unscheduled emergency patch for Flash Player to address many critical security issues. The Flash Player updates, version for desktop operating systems and for Android, are the company’s response to a recently discovered universal cross-site scripting (XSS) hole. According to Adobe, the vulnerability is already being actively exploited by attackers to bypass the same origin policy, allowing them to, for example, take actions on a user’s behalf on any Web site, or steal a victim’s cookies. For an attack to be successful, a victim must click on a malicious link. The company said the Authplay.dll component included in Reader and Acrobat is not affected. The updates also close five other holes. Four of the vulnerabilities are said to allow an attacker to remotely execute arbitrary code on a victim’s system. A security control bypass flaw that could lead to information disclosure has also been fixed. Flash Player versions up to and including for Windows, Mac OS X, Linux, and Solaris, as well as and earlier for Android, are affected. Source:

33. September 22, Help Net Security – (International) Fake stores dominant threat due to blackhat SEO. ”Searches for buying software online remains 90 percent malicious, redirecting users to fake stores,” a Zscaler, researcher said after he analyzed the first 10 pages of Google search results for popular terms. “There has been no significant improvement on that front, with 60 different fake store domains observed in July 2011.” He pointed out this is a problem shared by all search engines. Among the trust-increasing techniques used by the developers of these fake stores is the copying of the look of a well known online store/service. Source:

34. September 22, Softpedia – (International) 50,000 Web sites infected with spam from ‘Wplinksforwork’. A large WordPress poisoning was discovered after the infection-spreading Web site was shut down and error messages began appearing on the compromised pages. A Google search returned 53,000 links that belong to locations that contain the error message. The error message revealed itself in place of some malicious links that were supposed to show up in the exploited HTML documents at the bottom of the page. After the location was taken out of service, error alerts appeared instead of the illegal ads. Besides the “wplinksforwork” domain, there is another malevolent address called “hemoviestube,” which appears to be not functional at the moment. Source:

35. September 21, Help Net Security – (International) Bluetooth vulnerabilities becoming easier to exploit. Codenomicon warns consumers about the poor quality and security of Bluetooth equipment. Based on Codenomicon’s robustness test results using smart model based fuzzing tools, 80 percent of tests against various Bluetooth devices find critical issues. Every device failed with at least one test suite against a critical communication profile. Bluetooth is particularly vulnerable against malformed input. Such input may cause Bluetooth device operation to slow down or to show unusual behavior or crash. In a worst case scenario, malformed input can be used by an outside attacker to gain unauthorized access to the Bluetooth. When vulnerabilities are in low-level communication profiles such as L2CAP, they are not protected by the pairing process. These flaws can be exploited without the user accepting or even noticing the connection. So far, Bluetooth quality and security has not been perceived as a problem. The pairing process and conformance testing is thought to provide enough protection. Bluetooth applications have not offered access to confidential data so there has been little motivation to attack the Bluetooth interface. However, Bluetooth is becoming more and more critical. Modern car kits and healthcare equipment, for example, use Bluetooth technology. Source:

36. September 21, The Register – (International) Google preps Chrome fix to slay SSL-attacking BEAST. Google has prepared an update for its Chrome browser that protects users against an attack that decrypts data sent between browsers and many Web sites protected by the secure sockets layer (SSL) protocol. The fix, which has already been added to the latest developer version of Chrome, is designed to thwart attacks from BEAST, a proof-of-concept code its creators said exploits a serious weakness in the SSL protocol millions of Web sites use to encrypt sensitive data. The creators said they have been working with browser makers on a fix since May, and public discussions on the Web site show Chrome developers proposing changes as early as late June. It is unknown how effective BEAST will be at quickly and secretly cracking the encryption protecting online bank passwords, Social Security numbers, and other sensitive data, but Google appears to be taking no chances. The code creators released limited details of their attack ahead of a presentation scheduled for September 23. Source:

37. September 21, Infosecurity – (International) Facebook attacks get automated, says Imperva. Cybercriminals have started using complex scripting techniques to automate their attacks on the Facebook social networking platform. According to Imperva researchers, with the advent of social networking, hackers have turned to sites such as Facebook to create another attack channel. However, the attacks seen to date have been typically manual, such as uploading malware or creating fake pictures. But now, according to Imperva, social engineering may be entering the next phase: automation. Recently, a new tool emerged that automates social engineering on Facebook. Unlike hacking software, this tool does not demonstrate any new theoretical security vulnerability, but its existence proves the case that automated attacks on Web 2.0 services are a real threat. Source:

For more stories, see items 38, 39, and 42 below in the Communications Sector

Communications Sector

38. September 22, – (North Carolina) CenturyLink customers without Internet Wednesday morning. CenturyLink customers throughout Kinston and Eastern North Carolina were without Internet service part of September 22. A company spokeswoman described it as a “widespread outage.” It was centered in Greenville and occurred around 9 a.m. As many as 3,700 customers were affected. A CenturyLink spokeswoman said the outage was limited to DSL and Ethernet services. “A micro-bend was found in the fiber that resulted in disruption of service,” she reported. “We are currently conducting an in-depth review to determine the root cause.” The outage was the second time in a month CenturyLink customers have been without service. Following Hurricane Irene, phone, and Internet services were out after an 18-wheeler tore through downed lines near Skinner’s Bypass. The spokeswoman said the September 22 problem, which originated in Washington, North Carolina, was not related to storm damage. Most customers had Internet restored by 1 p.m., but the morning outage did briefly hinder communication with Lenoir County Schools. Phone lines continued to work through the outage, but several schools — which are transitioning to VoIP phone systems — use the Internet to make calls. Parents calling those schools were greeted with a busy signal while the service was down. The Lenoir County Public Schools chief technology officer said the central office was able to maintain contact with all of the schools through the outage. The Kinston interim city manager said city offices did not experienced any outages. Source:

39. September 21, – (Virginia) Verizon outage hits Clarendon/Courthouse area. Hundreds of Verizon landline phone and DSL internet customers in the Courthouse/Clarendon area of Arlington, Virginia, were without service September 21 after two underground cables were accidentally cut. According to a Verizon spokesman, a contractor taking a soil sample in the area of Fairfax Drive and N. Barton Street cut through a pair of large underground cables containing 4,500 copper lines. Of those, about 1,600 active lines that carry phone and Internet service were affected, he said. The spokesman confirmed that crews were working in two 12-hour shifts to repair the lines. They have reached the cables — 20 feet below ground — but were just beginning the “very labor intensive” process of splicing all 1,600 lines together. Service will gradually be restored to customers “over the next several days,” the Verizon spokesman said. Source:

40. September 21, – (Florida; Puerto Rico) The FCC hands down one $15,000 pirate fine, and reduces another one to $300. The Federal Communications Commission (FCC) meted out a $15,000 fine, $5,000 above the baseline amount, to a man in Guayama, Puerto Rico. He was operating an unlicensed FM station at 88.5, and the FCC said it adjusted the amount of the forfeiture up from $10,000 due to “the fact that [he] continued to operate after being put on notice.” The agency said that showed “a deliberate disregard” for the rules. Meanwhile, the FCC revisited an earlier $15,000 fine involving a pirate radio operator on 94.7 in Orange Park, Florida. The operator explained that he didn’t know it was illegal, which the FCC doesn’t find persuasive. But he also pleaded financial hardship, and the FCC agreed to reduce the forfeiture from $15,000 to $300. Source:

41. September 20, Corpus Christi Caller-Times – (Texas) Phone service restored in Aransas County. Phone service was on the fritz September 20 in Aransas County, Texas, affecting land lines and cell phones. A fiber optic line was cut about 10:30 a.m. in the Corpus Christi area, according to the State of Texas Operations Center. AT&T technicians repaired the cut line and had everything restored by 4:50 p.m., a South Texas AT&T manager said. He said technicians are investigating where and how the line was cut. During the outage, land lines and cell phone service was unavailable, but 911 service was maintained, Rockport city officials said. Affected areas included Corpus Christi, Beeville, Refugio, Rockport, and Sinton. The problems did not affect radio communications or Internet service. Source:

42. September 20, Contra Costa Times – (California) Phone service in areas of Moraga interrupted. Phone service in the Carroll Ranch and Campolindo areas of California was interrupted September 20 when PG&E work crews drilled into an AT&T phone line. PG&E was replacing a telephone pole on Moraga Road and Buckingham Place when the line was disconnected, according to an e-mail from a spokeswoman with the town of Moraga. She said the lines were disconnected around 9 a.m., noting repair work expected to take at least 3 hours began around 4:45 p.m. An AT&T spokesman said about 250-300 customers were without land-line service, and that some Internet service may have been interrupted, too. Source:

For more stories, see items 35, and 37 above in the Information Technology Sector