Friday, September 30, 2011

Complete DHS Daily Report for September 30, 2011

Daily Report

Top Stories

• An Arizona man pleaded guilty to several charges after being arrested with grenade-like devices in his truck that he planned to use at the Mexican border. – Tempe East Valley Tribune (See item 12)

12. September 28, Tempe East Valley Tribune – (Arizona; International) A.J. man indicted in case of bombs meant for border. An Apache Junction, Arizona man who was a former member of a group with neo-Nazi ties is facing up to 10 years in federal prison and a $250,000 fine for bomb-related offenses. The 28-year-old pleaded guilty September 27 in U.S. district court to possession of unregistered destructive devices and the unlawful transportation of explosive material. He will be sentenced December 13. The convict was charged with the crimes in January when he was pulled over in Apache Junction and officers discovered a grenade-like device in his truck. A search of his home turned up about a dozen of the devices. The U.S. attorney's office said the convict created them using polyvinyl chloride in a container filled with gunpowder, ball bearings, and an improvised fusing system. The convict, who was a member of the neo-Nazi-linked National Alliance and formerly in the National Socialist Movement, had planned to take the bombs to the Mexico border, according to court documents. Authorities said he used ball bearings to make them more dangerous. The investigation leading up to the convict's indictment was led by the FBI and members of the Phoenix Joint Terrorism Task Force. Source: http://www.eastvalleytribune.com/local/apache_junction/article_47ed9b98-ea15-11e0-8622-001cc4c002e0.html

• U.S. authorities September 28 arrested and charged a Massachusetts man with plotting to damage or destroy the Pentagon and U.S. Capitol in Washington D.C. by using remote-controlled aircraft filled with plastic explosives. – Reuters (See item 38)

38. September 29, Reuters – (Washington, D.C.; International) U.S. man charged in Pentagon, Capitol explosive plot. U.S. authorities September 28 arrested and charged a Massachusetts man with plotting to damage or destroy the Pentagon and U.S. Capitol in Washington D.C. by using remote-controlled aircraft filled with plastic explosives. The man, 26, a U.S. citizen, was also charged with attempting to provide support and resources to al-Qa'ida to carry out attacks on U.S. soldiers overseas, the U.S. attorney's office in Boston said. He was arrested after an undercover operation. The statement said the public was never in danger from the devices, which were controlled by undercover FBI employees. If convicted, the alleged plotter faces up to 15 years in jail for providing support to foreign terrorists, up to 20 years on a charge of attempting to destroy national defense premises, and up to 20 years on a charge of attempting to damage and destroy buildings owned by the United States. Authorities said the physics graduate from Northeastern University in Boston began planning to commit a violent "jihad" against the US in early 2010, calling Americans "enemies of Allah." The man, allegedly modified mobile phones to act as electrical switches for improvised explosive devices. He is accused of supplying the phones to undercover FBI agents, whom he believed were members of, or recruiters for, al-Qa'ida. The man allegedly told a cooperating witness he planned to attack the Pentagon using "small drone airplanes" filled with explosives and guided by GPS equipment. He later expanded the plot to include an attack on the Capitol, and hoped to follow the aerial assault with a ground assault involving six people armed with automatic weapons, the affidavit said. Authorities said he traveled to Washington, D.C., to conduct surveillance and take photographs of his targets, and identified sites at East Potomac Park, near the Capitol, from which he planned to launch his explosive-filled aircraft. He then delivered two thumb drives to the agents with detailed attack plans with step-by-step instructions. An F-86 Sabre remote-controlled aircraft was delivered to the suspect's Framingham, Massachusetts, storage unit in August, according to the affidavit. His arrest came immediately after he took possession of various weaponry from the undercover agents –- including explosives, grenades, and AK-47 assault rifles –- and locked them in his storage unit, the affidavit said. Source: http://www.reuters.com/article/2011/09/29/us-usa-security-idUSTRE78R6KS20110929?feedType=RSS&feedName=domesticNews

Details

Banking and Finance Sector

17. September 29, Federal Bureau of Investigation – (Illinois; International) Former CME group software engineer indicted for theft of Globex computer trade secrets while allegedly planning business to improve electronic trading exchange in China. A former senior software engineer for Chicago-based CME Group, Inc., was indicted September 29 for allegedly downloading and removing computer source code and other proprietary information while at the same time pursuing business plans to improve an electronic trading exchange in China. The defendant, who was arrested in July, was charged with two counts of theft of trade secrets in an indictment returned by a federal grand jury. The indictment seeks forfeiture of computers and related equipment that were seized from the suspect. According to the indictment, the engineer began working for CME Group in 2000, and was a senior software engineer at the time of his arrest. His responsibilities included writing computer code and, because of his position, he had access to the software programs that supported CME Group’s Globex electronic trading platform. The source code and algorithms that made up the supporting programs were proprietary and confidential business property of CME Group, which instituted internal measures to safeguard and protect its trade secrets. Between December 8, 2010, and June 30, 2011, the engineer allegedly downloaded more than 1,000 computer files containing CME computer source code from CME’s secure internal computer system to his CME-issued work computer; he then transferred many of these files from his work computer to his personal USB flash drives; and then transferred many of these files from his USB flash drives to his personal computer at home. During the same time, he downloaded and printed CME internal manuals and guidelines describing how many of the computer files that comprise Globex operate, the indictment alleged. The engineer and two unnamed business partners allegedly developed business plans to form a business referred to as the Tongmei Futures Exchange Software Technology Company (Gateway), with the purpose of increasing trading volume at the Zhangjiagang, China, chemical electronic trading exchange. The indictment alleges the engineer was to become Gateway’s president, and that he engaged in contract negotiations on behalf of Gateway with the Zhangjiagang Free Trade Board for Gateway to provide computer source code to the exchange. Each count of theft of trade secrets carries maximum penalty of 10 years in prison, and a $250,000 fine. Source: http://7thspace.com/headlines/395472/former_cme_group_software_engineer_indicted_for_theft_of_globex_computer_trade_secrets_while_allegedly_planning_business_to_improve_electronic_trading_exchange_in_china.html

18. September 29, Financial Industry Regulatory Authority – (National) FINRA orders Raymond James & Associates, Inc. and Raymond James Financial Services, Inc. to pay $1.69 million in restitution for charging unfair commissions. The Financial Industry Regulatory Authority September 29 (FINRA) ordered Raymond James & Associates, Inc. (RJA) and Raymond James Financial Services, Inc. (RJFS) to pay restitution of $1.69 million to more than 15,500 investors who were charged unfair and unreasonable commissions on securities transactions. FINRA also fined RJA $225,000 and RJFS $200,000. FINRA found that from January 1, 2006 to October 31, 2010, RJA and RJFS used automated commission schedules for equity transactions that charged more than15,500 customers nearly $1.69 million in excessive commissions on more than 27,000 transactions involving, in most instances, low-priced securities. The firms' supervisory systems were inadequate because they created inflated schedules and rates without consideration of the factors necessary to determine the fairness of the commissions, including the type of security and the size of the transaction. FINRA required the firms to revise their automated commission schedules to conform to the requirements of the Fair Prices and Commissions Rule. The firms also must calculate and repay extra overcharges from November 1, 2010, through the date they revised their schedules. Source: http://www.finra.org/Newsroom/NewsReleases/2011/P124536?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+FINRANews+(FINRA+News)&utm_content=Google+Reader

19. September 28, San Francisco Chronicle – (California) Hells Angels accused of mortgage fraud. A Bay Area mortgage broker was charged September 27 with conspiring to arrange more than $10 million in fraudulent home loans for clients who included two leaders of the Hells Angels, federal prosecutors in California said. A newly unsealed federal grand jury indictment accuses the motorcycle club leaders, the mortgage broker, and five other defendants of taking part in a scheme to defraud banks by falsifying loan applications for real estate in San Francisco and several North Bay communities in 2006 and 2007. The applications misrepresented the borrowers' incomes, bank balances, and employment histories, and falsely stated they would live at the properties, some of which were later used for marijuana growing, the indictment said. Seven defendants have pleaded not guilty. The eighth, a 63-year-old from San Pablo, an accountant and tax preparer, has not been apprehended, prosecutors said. Among those charged was a 30-year-old man from San Francisco, who owned a company called Xanadu Global Investments and also worked at several San Francisco mortgage brokerage firms, prosecutors said. The indictment said he and his clients submitted fraudulent applications for loans, some for more than $1 million, to buy property in Santa Rosa, Petaluma, and Healdsburg. The clients included two local Hells Angels leaders prosecutors said. Source: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2011/09/28/BAL61LAD15.DTL

20. September 28, KAJ 18 Kalispell – (Montana) Bike Bandit strikes again. The robber who likes to wear a helmet during his holdups and escape on a motorcycle has struck again in Lakeside, Montana. Flathead County Sheriff's detectives said a man matching the same description as the suspect who robbed the Glacier Bank branch office in Lakeside hit the same bank around 2:30 p.m. September 28. Detectives said the suspect entered the bank wearing a helmet, demanded cash, and made his getaway on a motorcycle. They are not sure if a weapon was displayed, but no one was hurt. Deputies were searching a wide area in the mountains west of Lakeside for the suspect the afternoon of September 28. A detective commander said that includes logging roads in the Bierney Creek area, which go deep into the mountains west of Flathead Lake. The Flathead County sheriff said investigators are sure this is the same suspect that is wanted in the earlier holdups. Earlier in September, the FBI put forth a $5,000 reward for information leading to the arrest of the "Bike Bandit," who had already committed 5 holdups. Those include the robbery in Lakeside November 2010, robberies in Big Fork September 2010, at Muralt's Truck Stop at the Wye west of Missoula in September 2009, the First Valley Bank in Seeley Lake April 2010, and May 2011 in St. Regis. Source: http://www.kaj18.com/news/bike-bandit-strikes-again/

Information Technology Sector

45. September 29, IDG News Service – (International) Russian firm unveils tool to crack BlackBerry passwords. A Russian security company upgraded a phone-password cracking suite with the ability to figure out the master device password for Research in Motion's BlackBerry devices. Elcomsoft said September 29 that before it developed the product, it was believed there was no way to figure out a device password on a BlackBerry smartphone or PlayBook tablet. BlackBerry smartphones are configured to wipe all data on the phone if a password is typed incorrectly 10 times in a row, the company said. Elcomsoft said it figured a way around the problem using a BlackBerry's removable media card, but only if a user has configured their smartphone in a certain way. For the software to be successful, a user must have enabled the feature to encrypt data on the media card. The feature is disabled by default, but Elcomsoft said about 30 percent of BlackBerry users have it enabled for extra security. The company's software can then analyze the encrypted media card and use a brute-force method to figure out a password. Elcomsoft said it can recover a seven-character password in less than an hour if the password is all lower-case or all capital letters. The software does not need access to the actual BlackBerry device but just the encrypted media card. The new feature is wrapped into Elcomsoft's Phone Password Breaker. The software can also recover plain-text passwords used to access encrypted backup files for Apple's iPhone, iPad, and iPod Touch devices. To crack those passwords, a user does need to have the Apple device in hand. Source: http://www.computerworld.com/s/article/9220390/Russian_firm_unveils_tool_to_crack_BlackBerry_passwords

46. September 29, Help Net Security – (International) 25% of tested Google Chrome extensions allow data theft. Twenty-seven out of 100 tested Google Chrome extensions have been found vulnerable to data (passwords, history, etc.) extraction attacks though specially crafted malicious Web sites or by attackers on public WiFi networks. A trio of security researchers manually analyzed 50 of the most popular Chrome extensions and added to that list 50 more chosen by random. "We looked for JavaScript injection vulnerabilities in the cores of the extensions (the background, popup, and options pages); script injection into a core allows the complete takeover of an extension," explained one of the researchers. To prove their claim, they performed proof-of-concept attacks devised to take advantage of the vulnerabilities. Over 25 percent of the tested extensions were found to be vulnerable, and among them are 7 that used by more than 300,000 users. However, 49 of the 51 vulnerabilities found can be patched by simply adapting the extensions to use one of two offered content security policies. Source: http://www.net-security.org/secworld.php?id=11709

47. September 28, Computerworld – (International) Mozilla puts Firefox 7 on memory diet, patches 11 bugs. Mozilla September 27 patched 11 vulnerabilities in the desktop edition of Firefox as it upgraded the browser to version 7. Ten of the vulnerabilities were rated "critical," the company's most serious threat rating; the sole exception was labeled "moderate." Because Mozilla now bundles virtually security patches almost exclusively with each version upgrade, users stuck on Firefox 6 or earlier must update to quash the bugs. Two of the critical vulnerabilities patched were in Firefox's implementation of WebGL, a 3-D rendering standard that Firefox and Google's Chrome comply with. One of the pair was reported to Mozilla by a researcher with Context Information Security, a company that has cited serious security issues with WebGL. The other was credited to a member of Google's security team. Firefox has received several patches specific to WebGL since Context recommended users and administrators disable the standard in Mozilla's browser and in Chrome. Mozilla also released Firefox 3.6.23 September 27, a security update that patched four vulnerabilities. Source: http://www.computerworld.com/s/article/9220369/Mozilla_puts_Firefox_7_on_memory_diet_patches_11_bugs

48. September 28, H Security – (International) Skype for iOS updates address XSS vulnerability. Skype released updates to its popular VoIP app for Apple's iOS mobile operating system. While not officially documented in the list of changes, a spokesperson for the company confirmed to H Security that version 3.5.84 of Skype for iOS addresses a previously reported vulnerability that could allow an attacker to gain access to a victim's contact list using a cross-site scripting exploit. Source: http://www.h-online.com/security/news/item/Skype-for-iOS-updates-address-XSS-vulnerability-1350769.html-

For another story, see item 17 above in the Banking and Finance Sector

Communications Sector

See items 45 and 48 above in the Information Technology Sector