Wednesday, October 19, 2011

Complete DHS Daily Report for October 19, 2011

Daily Report

Top Stories

• Texas law enforcement officials said several Mexican drug cartels have lured children as young as 11 to work in their smuggling operations, which operate in all major Texas cities. – Reuters (See item 31)

31. October 18, Reuters – (Texas; International) Mexican drug cartels recruiting Texas children. Texas law enforcement officials said several Mexican drug cartels have lured youngsters as young as 11 to work in their smuggling operations. The director of the Texas Department of Public Safety, told Reuters the drug gangs have a chilling name for the young Texans lured into their operations. "They call them 'the expendables,'" he said. The director said his investigators have evidence six Mexican drug gangs — including the violent Zetas — have "command and control centers" in Texas actively recruiting children for their operations, attracting them with what appears to be "easy money" for doing simple tasks. "Cartels would pay kids $50 just for them to move a vehicle from one position to another position, which allows the cartel to keep it under surveillance to see if law enforcement has it under surveillance," he said. He said 25 minors have been arrested in one Texas border county alone in the past year for running drugs, acting as lookouts, or doing other work for organized Mexican drug gangs. The cartels are now fanning out, he said, and have operations in all major Texas cities. Source:

• Security researchers said that as of October 18, more than 1 million users had been infected with malware after attacks on outdated Web sites running Microsoft ASP.Net. – SC Magazine See item 35 below in the Information Technology Sector


Banking and Finance Sector

11. October 17, Lincoln Journal Star – (Ohio) Heated phone call with bank results in alleged bomb threat. Sometime between noon and 1:18 p.m. October 14, a phone call between a U.S. Bank representative and a Lincoln, Nebraska, customer went off the rails. According to a probable cause warrant for her arrest on suspicion of threatening the use of explosives, the customer was upset after she said she discovered she was paying a fee on her checking account. The bank representative, based in Ohio, told police the customer said she was on her way with a bomb to blow up a Lincoln bank branch. Police arrested her, and she was being held in the county jail. The customer did not take a bomb to the bank, and said it was a misunderstanding. "[She] was contacted

and said her bank was ripping her off," the affidavit states. "[She] said she called the bank, and during the conversation with them, she told them she was only thinking about blowing up the bank but she never told them she was going to actually do it." Threatening the use of explosives is a felony punishable by as many as 5 years in prison. Source:

12. October 17, Hartford Courant – (New England; International) Thieves make withdrawals in Istanbul after grabbing debit card information in New England. About 150 customers of Waterbury, Connecticut-based Webster Bank were victims of a "skimming" scheme in New England perpetrated by an international fraud ring, according to the Hartford Courant October 17. The thieves used an electronic device to read data off magnetic strips of debit cards inserted in some ATMs operated by Webster Bank, and at least two other banks. A small camera recorded customers punching in PINs. The thieves were then able to fashion counterfeit debit cards and withdraw tens of thousands of dollars from Webster accounts at ATMs in Istanbul, Turkey. A Webster spokesman said the majority of the illegal withdrawals were made in the spring of 2011, but at least one was made the week of October 10. Last week's withdrawal appears to be related to an earlier one, and is likely an isolated instance, the spokesman said. "A number of banks were affected by this fraud ring," he said. A report published last month said the thieves that targeted Webster also hit ATMs operated by Bank of America, and Eastern Bank. One arrest has been made in the case, according to the Boston Business Journal. Source:

13. October 17, U.S. Department of Justice – (California) Manteca man pleads guilty to mail fraud, bank fraud, credit card fraud, and aggravated identity theft. A U.S. attorney announced October 17 that a man from Manteca, California, pleaded guilty to mail fraud, bank fraud, credit card fraud, and aggravated identity theft. This case is the product of an investigation by the U.S. Postal Inspection Service, the Lathrop Police Department, and the San Joaquin County Sheriff's Department. According to the plea agreement, between January 31 and June 21, the man executed a scheme to steal money from banks and merchants in the central valley of California, and elsewhere. He first used a victim's identity to open a UPS Store mailbox in Modesto and then had fraudulently issued credit cards and other financial and identity information mailed to himself. He used victims' identification information to make counterfeit driver's licenses bearing his likeness but the victim's name. He used falsely issued credit cards (and credit cards that he made) with corresponding phony driver's licenses. The scheme involved more than 50 victims and hundreds of credit cards and financial institution account numbers. On June 21, the suspect was arrested on Interstate 5 in Lathrop as he was driving a stolen BMW rental car he had rented using one of his false identities. At the time of his arrest, he possessed sophisticated document-making items, a proprietary financial institution scanner and magnetic card programer, high quality printers, and high quality paper (identification card) materials. He faces a maximum sentence of 30 years in prison for bank fraud, 20 years in prison for mail fraud, and 10 years in prison for credit card fraud. He is additionally facing up to a minimum mandatory 2 years consecutive in prison for his aggravated identity theft offense. Source:

Information Technology Sector

34. October 18, – (International) Team Swastika group hacks 10,000 global Facebook accounts. Security experts are warning Facebook users to ensure they use strong passwords and vary their credentials from site to site after a new hacking group published log-in details for more than 10,000 users of the social network, reported October 18. Trend Micro's director of security research explained in a blog post the "Team Swastika" group published the details to Pastebin. Although the post has been removed by the data-sharing service, he managed to take a screen grab of the stolen credentials. He said the accounts come from all over the world, with the majority using simple or easy-to-guess passwords. Team Swastika has only just arrived on the hacking scene, but the group has already published database tables and user credentials stolen from the Indian Embassy in Nepal and the Bhutan government, probably by SQL injection attack. Source:

35. October 18, SC Magazine – (International) ASP.NET attacks infect more than a million. As of October 18, more than 1 million people have been infected in less than a week after a malware campaign targeted visitors to outdated Web sites, SC Magazine reported October 18. The attacks exploited vulnerabilities in older versions of Java and Adobe Flash to hijack visitors' computers; as of October 12, the campaign had infected about 200,000 Web sites, according to security researchers quoting Google search results. A similar search for evidence of the Javascript attack yielded more than 1.1 million results October 18. The attacks involve an SQL injection where malicious code is woven into Web sites –- mostly those running Microsoft ASP.NET, with patching or configuration vulnerabilities. Vulnerable sites are typically those owned by universities, schools, associations, and small businesses. The code redirects visitors to Web sites where they are infected with varying malicious payloads, sites registered to the same fake identity as those involved in the LizaMoon attacks in April. Source:

36. October 17, SC Magazine – (International) Warnings over ability to 'Trojanise' Android apps. Android applications can be ‘Trojanised' to turn legitimate apps into mobile malware, SC Magazine reported October 17. According to Symantec, all an attacker needs to do is find an application to infect and embed freely available code by using an Android application package file (APK) tool that contains the necessary resources to re-write the application. A security response engineer at Symantec said that as an Android application is self-signed, anyone can build an APK for Android and upload the malicious application to the marketplace. Using the Geinimi software to connect with the command and control center, data can be pulled down from the device to give the attacker information on the mobile device, what operating system it is running, and the user's details. The engineer said any application can be affected and re-uploaded. He said Web site redirections can be added to the browser to make a user go to a certain site; or, for "monetization" purposes, the phone will call or send SMS messages.


37. October 17, The H Security – (International) Critical security hole in current versionof Opera. A security expert released details of a critical security hole in the Opera browser that can be exploited to inject malicious code. He said he found the hole and notified the developers with a proof of concept a year ago. However, the expert said Opera decided not to close the hole. The researcher thinks the developers might have tested his version 10.6 exploit with the current version 11.x, which may have caused the exploit to malfunction. Instead of contacting Opera again, the expert adapted the exploit for the current version 11.51 of Opera, and has released it as a Metasploit module. This means that, in principle, anyone can exploit the vulnerability. The hole is caused by a memory flaw when processing SVG content within framesets. Simply visiting a compromised Web page is enough for a system to become infected with malicious code. The researcher claims the exploit is successful in 3 out of 10 cases. With the pre-alpha version of Opera 12, the exploit managed to inject malicious code i6 out of 10 cases. Source:

For more stories, see items 38 and 39 below in the Communications Sector

Communications Sector

38. October 17, – (National) Verizon partially restores LTE network after nationwide outage. U.S. carrier Verizon Wireless the weekend of October 14 suffered an outage that affected its LTE network across the country. According to reports, the service went down early the evening of October 16, and had only been partially restored across the country the morning of October 17. Some users reported 3G services were affected as well, leaving customers replying on 1xRTT for data access. Verizon has yet to comment officially on the outage. The outage is the third to affect the service since its launch in December 2010. Source:

39. October 17, Olney Daily Mail – (Illinois; Indiana) Cut fiber causes Internet outage. An Internet network outage October 14 affected about 11,000 Frontier Communications customers in the Olney, Illinois, area, according to a company representative. A Frontier spokesman said the data interruption was caused by a cut in fiber owned by Intercarrier Networks, over which Frontier carries some traffic. She said the cut was in Indiana. She said other customers besides those of Frontier would have been affected as well. She said Frontier was dependent upon Intercarrier Networks fixing the cut so that service could be restored. A representative at Wabash Independent Networks said the company was not affected by the October 14 outage. The Frontier outage ended the evening of October 14, was interrupted again around midnight, and service was restored by the morning of October 15. Source:

For more stories, see items 34 and 36 above in the Information Technology Sector