Tuesday, November 22, 2011

Complete DHS Daily Report for November 22, 2011

Daily Report

Top Stories

• DHS officials met November 18 with New Jersey officials to discuss a series of sabotage attacks since July against a water and sewer plant. – Associated Press (See item 18)

18. November 18, Associated Press – (New Jersey) West Milford water and sewer plant has been a victim of sabotage several times since July. DHS officials met November 18 with state officials to discuss sabotage at a New Jersey water and sewer plant, the Associated Press reported. West Milford's Municipal Utility Authority has been plagued by a series of attacks since July in which power was shut off, valves were opened, and a wood plank was thrown into a sewage filtration system. The Jersey Environmental Solutions owner, who maintains the system, told the Record of Woodland Park the sabotage has caused residents in at least 60 homes to lose water pressure 3 times, and resulted in numerous sewage spills. The latest incident occurred November 15 when sewage poured into the street near the MUA's Bald Eagle facility after someone interfered with the switches for the pumps. The owner told the newspaper the incidents "border on, or actually are, terrorism." Source: http://www.nj.com/news/index.ssf/2011/11/west_milford_water_and_sewer_p.html

• An “al-Qa’ida” sympathizer accused of plotting to bomb police and post offices in New York City as well as U.S. troops returning home was arrested November 19 as he was putting a bomb together in his Manhattan apartment. – Associated Press (See item 31)

31. November 20, Associated Press – (New York) Manhattan man accused of NYC bomb plots. An "al-Qa'ida sympathizer" accused of plotting to bomb police and post offices in New York City as well as U.S. troops returning home remained in police custody after an arraignment November 20 on numerous terrorism-related charges. The New York mayor announced at a news conference the arrest of "a 27-year-old al-Q'aida sympathizer" who was motivated by terrorist propaganda and resentment of U.S. troops in Afghanistan and Iraq. The police commissioner said police had to move quickly to arrest him November 19 because he was ready to carry out his plan. "He was in fact putting this bomb together," the police commissioner said. "He was drilling holes and it would have been not appropriate for us to let him walk out the door with that bomb." A U.S. citizen originally from the Dominican Republic, the suspect was "plotting to bomb police patrol cars and also postal facilities as well as targeted members of our armed services returning from abroad," the mayor said. New York police had him under surveillance for at least a year and were working with a confidential informant; no injury to anyone or damage to property is alleged, the police commissioner said. In addition, authorities have no evidence that the suspect was working with anyone else, the mayor said. The suspect was denied bail and remained in custody. He is accused of having an explosive device November 19 when he was arrested, one he planned to use against others and property to terrorize the public. The charges accuse him of conspiracy going back at least to October 2010, and include first-degree criminal possession of a weapon as a crime of terrorism, and soliciting support for a terrorist act. The New York City Police Department's Intelligence Division was involved in the arrest. The police commissioner said the suspect spent most of his years in Manhattan, and lived about 5 years in Schenectady. He said police in the Albany area tipped New York City police off to the suspect's activities. Asked why federal authorities were not involved in the case, the Manhattan district attorney said there was communication with them but his office felt that given the timeline "it was appropriate to proceed under state charges." Source: http://www.time.com/time/nation/article/0,8599,2099909,00.html


Banking and Finance Sector

5. November 18, BankInfoSecurity.com – (International) Fake bank site spreads malware. On November 18, the Office of the Comptroller of the Currency (OCC) issued a warning about HelpWithMyBank.com, an illegitimate Web site feigning to offer consumer information about bank accounts and loans. Once visited, the HelpWithMyBank.com URL directs users to a legitimate consumer information site, HelpWithMyBank.gov, attempting to convince users they are connecting to a legitimate site, according to the OCC. But connecting to the fake site before the redirect is believed to expose consumers to malware. Source: http://www.bankinfosecurity.com/articles.php?art_id=4257

6. November 18, Associated Press – (Pennsylvania) Pittsburgh woman sentenced to 6 years for underreporting bad loans ahead of small bank failure. The former vice president of a tiny Pittsburgh bank that failed in 2007 was sentenced to 6 years in federal prison for underreporting more than $7 million in delinquent loans that caused the bank to collapse and the Federal Deposit Insurance Corp. (FDIC) to pay out $10.2 million to cover customers' lost funds. The Associated Press reported November 18 that Metropolitan Savings Bank's former vice president filed five false quarterly reports with the FDIC in 2005 and 2006 that hid more than $7 million in delinquent loans before it was shut down in February 2007 with just $15.8 million in assets. An assistant U.S. attorney said the woman filed the fake reports to hide $2.7 million in unbooked loans to friends and associates, and used some of the money to buy cocaine and alcohol. Source: http://www.therepublic.com/view/story/13d1c5ed757d48a191760449d3bb09af/PA--Bad-Loans-Underreported/

7. November 17, WJHG 7 Panama City – (Florida) Former bank director convicted of conspiracy to commit bank fraud. A man from Bristol, Florida, was convicted November 17 of conspiracy to commit bank fraud and nine counts of making false entries in bank records with the intent to deceive bank examiners. The man served as the president of C&L Bank of Bristol in the 1990s. After C&L was purchased by The Bank in 1999, he continued to serve as president of the Bristol branch. In 2001, he was appointed to The Bank’s board of directors and promoted to the position of Florida regional president. The man was convicted in federal court in Tallahassee of making millions of dollars in loans and extensions of credit to borrowers he knew were unable to repay. He hid the bad loans from bank management and federal examiners by falsifying customer financial information, using overdraft accounts to make payments on the borrowers’ existing loans, and using the proceeds from loans to third parties to make payments on the debts of insolvent bank customers. Prosecutors also presented evidence the man had concealed the true financial picture of the bank from examiners and bank management. Source: http://www.wjhg.com/home/headlines/134069538.html

Information Technology

32. November 19, Softpedia – (International) ConBot inflates bills by sending premium rate SMSs. After researchers discovered OpFake, a mobile trojan that shares code with Spitmo, a newcomer identified as SymbOS/ConBot was found having the same characteristics, Softpedia reported November 19. F-Secure specialists came across the premium SMS sender and determined it has a sophisticated way of functioning, but unlike OpFake, it does not rely on fake Opera updates. Found on a Russian domain, the first and only known instance of ConBot relies on Spitmo's source code, but unlike OpFake, it does not add an icon to the application menu, which makes it harder to detect. Since it does not alert the user of its presence, researchers believe it may be promoted as a “security certificate update.” ConBot.A contains a package called SystemService that includes another package called AppBot. The latter's executable file is run automatically each time the phone starts because of an .rsc file. Once executed, it decrypts a file named SystemService.boot that points to c:\sys\bin\SystemService(dot)exe, the file that contains the payload. After collecting all phone numbers it can find on the device, ConBot sends them, along with the phone's IMEI number, to a remote server on the same Russian domain. In return, the server sends the infected machine an XML file with instructions on where to send SMS messages. It also monitors closely all incoming messages, deleting some if certain conditions are met. Even though this function is similar to Spitmo.A and OpFake.A, the certificate it signs itself with is not the same as the one used by OpFake. Also, ConBot can update the C&C server with a text message, which means that if the C&C server falls, it does not necessarily mean the botnet will, too. Source: http://news.softpedia.com/news/ConBot-Inflates-Bills-by-Sending-Premium-Rate-SMSs-235603.shtml

For more stories, see items 5 above in the Banking and Finance Sector and 33 below in the Communications Sector

Communications Sector

33. November 21, Bloomberg – (National) AT&T restores Northeast wireless data service after disruption. AT&T, the second-largest U.S. mobile carrier, said it restored data service to wireless customers in New York and elsewhere in the Northeast after a disruption earlier November 21. “Some mobility customers were unable to connect to data services briefly early this morning,” an AT&T spokesman in Atlanta said. ”The issue was resolved.” The disruption, which affected mobile e-mail and Internet access, began at 6:14 a.m. in New York, according to AT&T’s customer-service department November 21. The Dallas-based company began an investigation into the issue, which customer-service representatives described as a “service degradation.” Some customers using Apple iPhones and Research In Motion BlackBerrys said they noticed a loss of e-mail service shortly after 6 a.m., and by 7:45 a.m. some of those AT&T customers reported e-mail began to work again. Source: http://www.businessweek.com/news/2011-11-21/at-t-restores-northeast-wireless-data-service-after-disruption.html

For another story, see item 32 above in the Information Technology Sector