Tuesday, October 18, 2011

Complete DHS Daily Report for October 18, 2011

Daily Report

Top Stories

• A cache of Los Angeles Police Department submachine guns and handguns was stolen from a secured building used by the SWAT unit, police officials confirmed. – Los Angeles Times (See item 29)

29. October 17, Los Angeles Times – (California) Submachine guns, handguns stolen from LAPD SWAT-training site. A cache of Los Angeles Police Department (LAPD) submachine guns and handguns was stolen the week of October 10 from a secured building used by the department's SWAT unit, raising fears that the weapons, which police had altered to fire only blanks, could be converted back to lethal use, police officials confirmed. The weapons, which include 21 MP-5 submachine guns and 12 large caliber handguns, were moved October 12 to a multi-story building downtown and stored in a locked box on the building's first floor, said the LAPD's deputy chief. Members of the SWAT unit were scheduled to train at the facility October 13, he said. A police officer who arrived at the building around 9 a.m. October 13 discovered the weapons were missing. The officer also found electrical equipment stacked near a back door, indicating the burglars may still have been working and fled when the officer arrived. To get to the weapons, the thieves cut through bolt locks on an outside door and two internal doors, and forced their way through a metal roll gate, the deputy chief said. Source: http://www.latimes.com/news/local/la-me-lapd-guns-missing-20111017,0,3752873.story

• A man who said he blew up his apartment was taken into custody at a local hospital October 17 after a 6-alarm fire in Boston injured more than a dozen people, including rescue personnel. – WCVB 5 Boston (See item 36)

36. October 17, WCVB 5 Boston – (Massachusetts) Boy dropped out of window of burning apartment. A man who told officials he blew up his apartment was taken into custody at a local hospital October 17 after a 6-alarm fire in the Roxbury section of Boston injured more than a dozen people. Shortly after the fire sparked, police said a man who lives in the building went to Boston Medical Center with third-degree burns, saying he just blew up his home. Police said the man tampered with a gas line and used a lighter to light the fire. The man was transported to Massachusetts General Hospital, where he is in police custody. The Boston Police Department superintendent said he will face arson and numerous counts of attempted murder. He said there were over 40 residents in the building when the fire started. Residents said they heard a blast before the fire started. When firefighters arrived, several residents had to be rescued — including a young boy who was dropped from a third-floor apartment into the arms of a firefighter. Two firefighters and a police officer were among those injured in the fire. About 160 firefighters were called to the scene. Twenty-four apartments were destroyed and 20 were damaged. Source: http://www.thebostonchannel.com/r/29504573/detail.html


Banking and Finance Sector

8. October 17, New York Post – (New York) ATM ‘bleach bandit’ busts. Four men were arrested the past few days for allegedly breaking into Brooklyn bodegas, stealing cash from ATMs and then pouring bleach to cover their tracks. Two of the men were arrested October 14; the other two were taken into custody over the weekend of October 15 and 16, sources said October 16. The men have been charged with burglary and possession of stolen property for several of the incidents. They were arrested after police got a tip linking them to the heists. Source: http://www.nypost.com/p/news/local/atm_bleach_bandit_busts_Q74b1xu9fJX7Xe0hwhzjCK

9. October 15, Lower Hudson Journal News – (New York; International) Westchester County police crack credit card fraud operation, two in custody. Westchester County, New York police arrested two people October 14 following an investigation of a "large-scale" credit card fraud operation, police said. The two were charged with multiple counts of fourth-degree grand larceny, identity theft, and unlawful possession of personal identification, all felonies. The pair is accused of obtaining more than 150 credit cards, and using them to purchase more than $50,000 in gift cards at several Westchester retailers, police said. The cards, which were in the names of identity theft victims, originated in Germany, Mexico, and several U.S. states outside New York, police said. Police were assisted in the investigation by a Citibank fraud investigator, the U.S. Secret Service, and fraud investigators at the parent company of TJ Maxx and Marshall's. Police said they also "developed information about additional fraudulent purchases in Rockland County and New Jersey and will be turning over information to law enforcement there." The pair was arraigned October 14, and were being held in lieu of bail at the Westchester County jail, police said. Source: http://www.lohud.com/article/20111015/NEWS02/110150368/Westchester-County-police-crack-credit-card-fraud-operation-two-custody

10. October 15, Los Angeles Times – (California) Mr. Magoo Bandit suspected of 12 bank robberies in California. The bank robber dubbed the "Mr. Magoo bandit" by the FBI is now suspected of a dozen bank robberies from San Diego to the San Francisco Bay Area. His latest robbery was a bank in Thousand Oaks October 8, the FBI said. He also is suspected of striking a bank in Camarillo September 27. The suspect in all 12 robberies is described as a white male in his 40s, with thick glasses and short dirty blond hair, the FBI said. The similarity to the famous cartoon character gave rise to the nickname. The bandit displays a calm demeanor, uses a note to demand money, and warns against getting an explosive dye-pack, the FBI said. He sometimes thanks tellers for being cooperative. Unlike most bank robbers, he makes no attempt at a disguise. His range — six banks in San Diego, four in the San Francisco area and two in Ventura County — is also unusual, the FBI said. Source: http://latimesblogs.latimes.com/lanow/2011/10/mr-magoo-bandit-bank-robberies.html

11. October 14, Chicago Sun-Times – (Illinois) Loop bank robber 'Chronic Bandit' hits new bank for fifth robbery. Federal authorities said the man who robbed a North Michigan Avenue bank October 14 in Chicago is the same man who robbed a Loop bank four times in the past 2 months. The October 14 robbery occurred just before 10 a.m. at the U. S. Bank branch, an FBI spokeswoman said. “He implied he had a weapon, though there was none displayed,’’ she said. The teller complied and the suspect fled, reportedly on a CTA bus. The spokeswoman said the agency is very familiar with this man. ”He is believed to be the same individual who robbed the Chicago Community Bank’’ several times, she said. His physical description, attire and possibly his ”technique’’ — including the threatening note — are similar, she said. The Chicago Community Bank was robbed four times in the last 2 months, most recently the week of October 10. At about 1:30 p.m. October 12 a man handed a note to a teller implying he had a weapon, a police spokesman said. He was seen fleeing eastbound toward Michigan Avenue. The man did not show a gun. The same man is believed responsible for robberies at the same bank branch August 12, September 6, and September 30, an FBI spokeswoman said. Source: http://www.myfoxchicago.com/dpp/news/crime/loop-bank-robber-four-times-fifth-robbery-north-michigan-avenue-us-branch-20111014

12. October 14, Associated Press – (Louisiana) Feds: fraud scheme cost La. firm's clients $8M. Two former owners of a Lafayette, Louisiana, investment firm pleaded not guilty October 14 to charges they engaged in a securities fraud scheme that cost more than 100 clients in excess of $8 million, court records show. A 28-count federal indictment charged the two men with securities fraud, investment adviser fraud, and conspiracy. Prosecutors said one of the men, formerly a general contractor, recruited business associates and friends to become clients. The indictment accuses the other man of trading on clients' accounts without their knowledge or consent with the goal of generating large commissions. He was "churning" his clients' accounts, engaging in "excessive and frequent stock transactions ... for his own benefit and gain without regard for the needs and objectives of his clients," the indictment said. Prosecutors are seeking the forfeiture of more than $1.7 million in commissions he allegedly received through improper trades. During meetings with investors, the suspect falsely represented he wouldn't charge any commissions until their accounts turned a profit, and lied about generating up to $150,000 per month on his personal investments, according to the indictment. The men also allegedly provided false and misleading information to clients when they asked about the status of their investments. Source: http://www.canadianbusiness.com/article/50976--feds-fraud-scheme-cost-la-firm-s-clients-8m

13. October 14, KNXV 15 Phoenix – (Arizona) Phoenix man caught stealilng victims' ID. A 31-year-old Phoenix businessman was arrested and charged October 14 with aggravated identity theft after a debit card skimming operation was discovered. Phoenix police said the man is facing additional charges after an investigation revealed he and others were placed skimmers at various locations around the Valley. Police said the skimmer would be left in place for a weekend then retrieved. The scheme was discovered in late September after a victim purchased gas in northwest Phoenix and 2 days later used her debit card and was notified her card was being used in another part of the Valley. Investigators found the suspect was obtaining unused gift cards and re-encoding them with the stolen credit and debit card data. Officers discovered the suspect owned a smoke shop near 43rd Avenue and Bell Road, and that he used a gift card with stolen information to buy $800 in cigarettes from a Costco store, then sold them at a discounted price at his business. Search warrants were served at his home and business where $31,000 and two vehicles were confiscated. Multiple gift cards were also seized. Additional information led investigators to the suspect's bank/safety deposit box and an additional $44,000 police said. Source: http://www.abc15.com/dpp/news/region_phoenix_metro/north_phoenix/phoenix-man-caught-stealilng-victims'-id

14. October 14, Boston Globe – (National) Citizens Bank swamped by computer outage. Citizens Bank, one of the largest regional banks in the country, was hobbled for hours October 13 by a major computer outage that disrupted everything from on-line banking to teller operations to automatic teller machines in Massachusetts, and other states. Citizens Bank blamed the outage, which began early October 13, on a “technical glitch,” but offered few details. Many customers couldn’t withdraw money from their ATMS, access accounts online, or make deposits at branches. The bank said the problems were mostly resolved by 4 p.m, except for some lingering problems with the Web site. The bank said some customers were still having trouble checking accounts because of a surge of people trying to sign in at once. Source: http://www.boston.com/Boston/businessupdates/2011/10/citizens-bank-swamped-computer-outage/kut1zy9OPYHyTjqPHYoxuL/index.html

Information Technology Sector

31. October 17, Help Net Security – (International) Analysis of 250,000 hacker conversations. Imperva released a report October 17 analyzing the content and activities of an online hacker forum with nearly 220,000 registered members, although many are dormant. The forum is used by hackers for training, communications, collaboration, recruitment, commerce, and social interaction. Commercially, it serves as a marketplace for stolen data and attack software. The chat rooms are filled with technical subjects ranging from advice on attack planning to solicitations for help with specific campaigns. The forum is also a place where curious neophytes can find “how-to-hack” tutorials. The report not only provides insight into hacker psychology, but also details the technical strategies they learn, develop, and deploy. ”Studying hacker forums is important to providing insights into hacker psychology and technical strategies,” explained Imperva's chief technology officer. Source: http://www.net-security.org/secworld.php?id=11794&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader

32. October 14, The Register – (International) Mass ASP.NET attack causes websites to turn on visitors. An infection that causes poorly configured Web sites to silently bombard visitors with malware attacks had hit almost 614,000 Web pages October 14, Google searches showed. The mass infection, which redirects users to a site exploiting old versions of Oracle's Java, Adobe's Flash player, and various browsers, was first disclosed by researchers from Armorize October 12. At the time, it appeared to affect about 180,000 pages. By time of writing October 14, the initial attack and a follow-on exploit spread to 613,890 combined pages. The SQL injection attack mostly exploits Web sites running Microsoft's ASP.Net web application framework. The infection injects code into Web sites operated by restaurants, hospitals, and other small businesses, and plants an invisible link in visitors' browsers to sites, including jjghui.com and nbnjkl.com. Those sites redirect to many other Web sites that include highly obfuscated code. At the end of the line is a cocktail of attacks that exploit known vulnerabilities in Java and the other targeted programs. Computers running unpatched versions are then commandeered. Servers in the attack used IP addresses based in the United States and Russia. When Armorize researchers submitted the code used in the attack October 12, just six of the top 43 antivirus providers detected the attack, according to a VirusTotal analysis. Source: http://www.theregister.co.uk/2011/10/14/mass_website_inection_grows/

33. October 14, Infosecurity – (International) DLL loading pops back into the malware picture. Commtouch reported October 14 a new DLL hijacking technique has been spotted in the wild, even though the use of DLL loading has been falling by the wayside in recent times. According to a security researcher with the anti-spam and zero-day remediation specialist, it has been a year since he and his team have seen a DLL (dynamic link layer) hijacking technique that loads a malicious DLL that affects hundreds of programs. The method involves dropping a collection of normal files together with the malicious DLL from within a directory. The most interesting aspect of this latest Deskpan hack, he says, is only the file "deskpan.dll" was detected as malicious, although, he adds, a DLL file inside a folder immediately looks like a DLL hijacking candidate. The researcher said Deskpan.cpl is the Display Panning CPL Extension, a module related to the display settings of pictures that appear on a user’s screen. Together with associated DLLs, this extension allows users to adjust the advanced display adapter properties, and display monitor properties. Once executed, the malware creates files and registry entries. The malware then tries to connect to a remote site using port 443. Source: http://www.infosecurity-magazine.com/view/21385/dll-loading-pops-back-into-the-malware-picture/

For another story see item 14 above in the Banking and Finance Sector

Communications Sector

34. October 17, Grand Rapids Press – (Michigan) WYCE-FM off the air this morning after auto accident causes power outage. A car accident at 28th Street and Clyde Park Avenue SW in Grand Rapids, Michigan, October 17 caused WYCE-FM (88.1) to go off the air temporarily due to a power outage. The station manager released a statement apologizing for the dead air. Although the station is headquartered on Bridge Street NW, the transmitter is located in the city of Wyoming. "After having spent an inordinate amount of time off the air this year because of freak accidents, storms and the overall flukey power grid in Wyoming, we are going to make the commitment to spend the necessary $10,000 to $15,000 to install a backup generator capable of powering our transmitter," the station manager said in a statement. Source: http://www.mlive.com/entertainment/grand-rapids/index.ssf/2011/10/wyce-fm_off_the_air_this_morni.html