Monday, October 24, 2011

Complete DHS Daily Report for October 24, 2011

Daily Report

Top Stories

• China's largest rare-earth producer is stopping shipments of the minerals — used in a variety of high-tech components and products — to the United States, Japan, and Europe, for a month starting October 19 to try and drive up prices. – The Register (See item 11)

11. October 21, The Register – (International) Chinese giant halts rare earth shipments to hike prices. China's largest rare-earth producer, the state-owned Baotou Iron and Steel Group, is stopping rare earth shipments to the United States, Japan, and Europe, for a month starting October 19 in an attempt to drive up prices. DailyTech reported the Baotou Group also plans to buy rare earth metals to raise demand and further increase prices. Rare earths are used in many high-tech components, such as disk drive magnets, lenses, and lasers. Lower prices for Chinese-mined rare earths caused China to gradually become the world's largest rare earth provider, controlling 95 to 97 percent of world production. The assumption behind the stoppage is China wants to increase production of goods that use rare earth metals, such as magnets. More money is made using rare earths in finished goods than in mining the minerals. Source:

• Researchers at a German university said they have cracked parts of XML encryption used to protect data transmitted between online servers such as those used by e-commerce and financial institutions. – H Security See item 48 below in the Information Technology Sector


Banking and Finance Sector

14. October 21, Missoula Missoulian – (Montana) Alleged 'motorcycle bandit' pleads not guilty to Lakeside bank robbery. The "motorcycle bandit" who allegedly robbed a Lakeside, Montana bank in September, and whose modus operandi implicates him in five other robberies since last fall, pleaded not guilty October 20 to charges in Flathead County District Court. He entered the not guilty plea to a single felony count of robbery, which relates to the September 28 heist at Glacier Bank in Lakeside. Witnesses said September 28, a man wearing a motorcycle helmet walked into the bank, brandished a gun and demanded money. He zoomed away on a small red-and-silver motorcycle with $14,000. A witness followed him before losing sight of him, but moments later he spotted a Dodge pickup truck. The witness recorded the license plate number and later picked the suspect out of a photo lineup as the driver of the pickup. The arrest provides investigators with insight into how the motorcycle-helmeted man evaded them for more than a year, during which time he is suspected of committing five other robberies in Bigfork, Seeley Lake, St. Regis, Lakeside, and at Muralt's Travel Plaza in Missoula. Source:

15. October 21, San Francisco Chronicle – (California) Cupertino bank robber wore fake glued-on beard. A man who wore a fake glued-on beard while robbing a Cupertino, California bank is believed to the same robber who held up banks in South San Francisco and Fremont, authorities said October 20 as they asked the public for help in identifying him. The latest heist happened at the U.S. Bank at 19630 Stevens Creek Boulevard. in Cupertino at about 10:40 a.m. October 19. The robber handed a teller a demand note stating he was armed, although no weapon was seen, a Santa Clara County sheriff’s sergeant said. The man asked for money from the top and bottom drawers and placed an undisclosed amount of cash in a blue plastic bag before fleeing. Source:

16. October 20, Minnesota Independent – (Minnesota) Seven Occupy protesters arrested in Minneapolis U.S. Bank protest. In an action that resulted in seven arrests, Occupy Wall Street protesters in Minneapolis October 20 took their almost 2-week long protest to U.S. Bank, a frequent target of protesters’ criticism that corporations and banks dominate the political system. The arrests occurred after about 100 protesters took control of 2nd Avenue South and 6th Street South, after rallying at the U.S. Bank building for more than an hour. The protest was partly a bid to set up tents at the occupation at Hennepin County Government Center Plaza, a request the Hennepin Count Sheriff’s Department, which controls the occupied plaza, denied. Protesters carried three wooden-framed structures dressed in transparent plastic from the plaza to the sidewalk of the U.S. Bank building across the street, then to the intersection on the other side of the building. Outside the building, U.S. Bank set up a security cordon to control who entered, initially denying media access. All private areas of the plaza were also fenced off. Despite the security, protesters willing to be arrested said they were able to sneak inside and almost set up a tent on the 12th floor before being escorted out, but not arrested, by security. When protesters initially took the intersection, police destroyed a see-through tent, smashing it into pieces. Protesters occupied the intersection peacefully, with police blocking off traffic on all four sides. After almost one and a half hours, police announced protesters who didn’t leave would be arrested, the seven who chose to go to jail sat in tents in the middle of the street until they were led away by police. Source:

17. October 20, Reuters – (National) IRS and watchdog clash on tax credit errors. Millions of U.S. taxpayers may have erroneously received $3.2 billion in tax credits for college expenses, an Internal Revenue Service (IRS) watchdog said October 20, drawing immediate fire from the U.S. tax collection agency. The IRS mishandled claims for the education tax expense credit that was a key part of the U.S. President's 2009 economic stimulus bill, said the Treasury Inspector General for Tax Administration. "The IRS does not have effective processes to identify taxpayers who claim erroneous education credits," said the head of the government's IRS watchdog unit. "If not addressed, this could result in up to $12.8 billion in potentially erroneous refunds over four years," he added. The IRS said that it "strongly disputes the findings" of the report, which it called "flawed and superficial." Still, the IRS acknowledged it can do more to determine a tax credit recipient's eligibility. The agency said it will revise reporting forms to ask for more information, and that it is looking at ways to use Department of Education data to verify claims. The IRS watchdog said most of the erroneous beneficiaries had no documents to prove they were in college; others may not have been in the classroom long enough to qualify or were graduate students; while still others lacked valid Social Security numbers. Source:

18. October 17, U.S. Federal Trade Commission – (National) Bogus government grant promoters agree to permanent ban to resolve FTC charges. The Federal Trade Commission October 17 announced it has stopped an operation that allegedly deceived consumers with misleading and unsubstantiated claims about bogus products and services, including one that supposedly would help them get free government grants. To resolve FTC charges, several defendants behind the “Grant Connect” program agreed to a permanent bar from marketing products and services like those they pitched to unwary consumers. According to the complaint, two individuals and other defendants behind Grant Connect used pictures of the U.S. President, the U.S. Vice President, and the American flag to bolster claims their bogus grant service was affiliated with the U.S. government. The FTC’s complaint charges the defendants failed to adequately disclose that consumers who bought their products or services would be enrolled in continuity plans with significant monthly fees, mainly for other unrelated products. It also alleges the defendants used fake testimonials to promote their products, and debited consumers’ bank accounts on a recurring basis without consumers’ permission. The settlements affects two individuals and four companies. They also impose a $29.9 million judgment, which will be suspended upon payment of specified lesser amounts and forfeiture of some assets. Source:

For another story, see item 48 below in the Information Technology Sector

Information Technology Sector

43. October 21, Softpedia – (International) Adobe fixes webcam and microphone spying issue. Adobe released October 21 the much expected update that would fix the problem pointed out by a Stanford University student, which revealed to the world that any Web site administrator can easily spy on his customers using a bug in the Flash Settings Manager. According to V3, Adobe blamed the communication error between them and the student who discovered the issue on the fact that the student sent his findings to an employee that was off duty at the time. They said that the information was supposed to be sent to their incident response team instead. Because the actual update process was required on their servers, users do not have to apply any patches or updates manually. Source:

44. October 21, Softpedia – (International) Colonel Gaddafi's death used to spread malware. As expected by many, the Libyan dictator's death is the subject of a malware spreading campaign that promises pictures of the dictator, Softpedia reported October 21. The message pretends to be coming from the Agence France-Presse news agency, and includes an attachment. The archive entitled “Bloody Photos_Gadhafi_Death(dot)rar” in fact contains a script file that's actually Mal/Behav-103, a malicious worm that replicates itself across the networks it encounters. The malware family is known to place itself into the PC's registries to make sure it is executed each time the device is powered on. Source:

45. October 21, Help Net Security – (International) Skype can be used to tie users to illegal download activity. Help Net Security reported October 21 a team of researchers proved it is possible to determine the IP address of a user and tie it with his Internet use, and even correlate this information to his file-sharing activity with high accuracy, by taking advantage of a privacy hole in Skype. The user is completely unaware of this happening and the entire scheme is easily scaled to incorporate the simultaneous monitoring of Internet usage patterns of some 10,000 users. The team was able to distinguish which packets are sent from a particular user and extract his IP address from their headers, to call the user but prevent the establishment of TCP connections so that he is not notified of the call, and have discovered a Skype privacy hole that allowed them to do this even if the user did not have them in the contact list or has explicitly blocked them. According to the researchers, other IM applications such as MSN Live and Google Talk can also be used instead of Skype to harvest the user's IP address, but they chose Skype because of the aforementioned privacy flaw. Source:

46. October 21, H Security – (International) iPad 2: magnet bypasses passcode lock. Apple's Smart Cover or another magnetic object can be used to bypass the passcode lock on an iPad 2 running iOS 5, H Security reported October 21. When the password prompt appears, a user can press and hold the standby key until the red "slide to power off" option appears, close the Smart Cover, open it again, and hit "cancel" –- users are then taken either to the home screen or the previously used application without any further prompts. While apps cannot be launched in this mode, they can be moved around or deleted from an iPad. Recently used applications can also be viewed by double clicking the Home button. The Notification Center, however, remains inaccessible, but the iOS Spotlight search function can be used to access an overview of notes, contacts, schedules, tasks, and possibly even e-mails that have been previously opened using Spotlight –- but users cannot open any of the displayed results. However, if an app was open when the screen was locked, there can be more of a problem. If the built-in Mail app was open, anyone who bypasses the passcode lock can view all of the e-mails in the open folder; Heise Security researchers even managed to send new e-mails during testing. It is also possible to change or delete a number of settings and accounts if the iOS settings were open when the screen was locked.


47. October 21, IDG News Service – (International) World's most sophisticated rootkit is being overhauled. Experts from security vendor ESET warned that TDL4, one of the most sophisticated pieces of malware in the world, is being rewritten and improved for increased resilience to antivirus detection, IDG News Service reported October 21. "Based on the analysis of its components we can say that some of those components have been rewritten from scratch (kernel-mode driver, user-mode payload) while some (specifically, some bootkit components) remain the same as in the previous versions," ESET's director of malware intelligence said. He and his colleagues believe this suggests a major change within the TDL development team or the transition of its business model toward a crimeware toolkit that can be licensed to other cybercriminals. Source:

48. October 20, H Security – (International) Researchers: XML encryption standard is insecure. Researchers at the Ruhr University of Bochum in Germany said they have succeeded in cracking parts of the XML encryption used in Web services, thus making it possible to decrypt encrypted data, H Security reported October 20. The official W3C XML encryption specification is designed to be used to protect data transmitted between online servers such as those used by e-commerce and financial institutions. According to researchers, IBM, Microsoft, and Red Hat Linux use the standard solution in Web service applications for many large customers. They said that, based on their findings, the standard should now be considered insecure. They plan to publish details about the problem at the upcoming ACM Conference on Computer and Communications Security in Chicago. Source:

For more stories, see items 11 above in Top Stories and 51 below in the Communications Sector

Communications Sector

49. October 21, TVSpy – (Unknown Geographic Scope) Power outage knocks WHAS off the air, and viewers take to Facebook to voice complaints. Viewers tuning in to Louisville, Kentucky's WHAS October 20 for ABC programs “Grey’s Anatomy” and ”Private Practice” were instead greeted with an error message. “WHAS11 experienced a power outage [October 20}, which caused a disruption in our broadcast,” the station posted on its Web site. ”A transformer blew outside of the WHAS11 News on Chestnut Street. It happened around 9 p.m. WHAS11 does have an LG&E backup, but it failed.” Programming was restored at 11:20 p.m.., which is normally a newscast on the ABC-affiliate. Source:

50. October 20, Foster's Daily Democrat – (New Hampshire) Telephone outage in North Hampton. There was an interruption in phone service for North Hampton, New Hampshire residences and businesses along Atlantic Avenue east of Route 1 and some outlying areas October 20. The municipal complex, including the police and fire departments as well as the North Hampton School were impacted. All emergency calls were forwarded to the 911 call center or Hampton Fire Emergency Communications Center, and North Hampton Fire and Rescue is receiving calls. Fairpoint Communication was working on repairs. Source:

51. October 20, Sand Hills Express – (Nebraska) Great Plains Communications restores services. Great Plains Communications sent out a press release at 3 p.m. October 20 stating Internet services has been restored to their customers across the state who were affected by a damaged fiber line in eastern Nebraska. Nearly 8,000 customers were affected by the outage, which also disabled the company's toll-free customer service line. Crews responded immediately and were dispatched within minutes of the outage to fix the cut fiber line. The damage occurred when a city construction crew hit the fiber line while digging. The cable was buried about 6 feet underground. Source:

52. October 20, Teaneck Patch – (New Jersey) Cut fiber line causes AT&T cell service outage in parts of north Jersey. AT&T wireless service in northern New Jersey was restored October 20, a company spokeswoman has confirmed. Service to some area customers had been knocked out for hours. AT&T said wireless customers in some areas of northern New Jersey were temporarily without cell service after a utility company cut a fiber line. The outage was not limited to any specific cell phone or device. In Teaneck, reports of widespread cell phone outages were coming in on Facebook and Twitter. AT&T could not immediately say how many customers were impacted. Source:

For more stories, see items 45 and 46 above in the Information Technology Sector