Tuesday, November 29, 2011

Complete DHS Daily Report for November 29, 2011

Daily Report

Top Stories

• Police broke up a fight in a Washington, D.C. restaurant November 27, only to have the melee erupt into gunfire and knife-play that left one dead and five wounded. – United Press International (See item 18)

18. November 27, United Press International – (District of Columbia) 1 dead, 5 wounded in melee shooting. Police broke up a fight in a Washington, D.C. restaurant November 27, only to have the melee erupt into gunfire and knife-play that left one dead and five wounded. The victim who died was identified as a 34-year-old, the Washington Post reported. One of the wounded, who was at the Heritage India restaurant in Dupont Circle celebrating a friend’s birthday when the violence broke out about 2:45 a.m., told the newspaper he and a lifelong friend crossed the street with another person to escape the violence. One other person was shot, and three people were stabbed. All of the victims live in Maryland, police said. No arrests were made and investigators were trying to determine what led to the initial fight, the Post said. Source: http://www.upi.com/Top_News/US/2011/11/27/1-dead-5-wounded-in-melee-shooting/UPI-32201322454882/?spt=hs&or=tn

• Federal officials entered discussions with W.R. Grace & Co. over how to clean up asbestos washing into the Kootenai River from a vermiculite mine that the company owns in Libby, Montana. The mine has created dust that killed about 400 people and sickened thousands. – Associated Press (See item 21)

21. November 26, Associated Press – (Montana) As asbestos washes into Montana river, EPA and W.R. Grace negotiate Libby mine site cleanup. Federal officials have entered discussions with W.R. Grace & Co. over how to clean up asbestos washing into the Kootenai River from a deadly vermiculite mine the company owns in Libby, Montana. More than 20 years after the Maryland-based Grace closed the above-ground mine, tests results provided by regulators show high amounts of asbestos pouring from creeks inside the mine site during the annual spring snowmelt. The creeks drain into the Kootenai upstream of Libby, where an estimated 400 people have been killed and 1,750 sickened by asbestos dust released when vermiculite ore was mined to make residential insulation. The consequences of inhaling Libby’s potent asbestos fibers are well documented, but much less is known about the dangers of ingesting the fibers and their potential harm to wildlife. U.S. Environmental Protection Agency (EPA) regulators said they are trying to gauge the risk from the water-borne asbestos and have yet to determine how far downriver the contamination might extend. Some Libby residents worried the contaminated water could prolong a cleanup that has cost more than $370 million over the past decade. At the mine site, one water sample taken from Rainy Creek in May showed 276 million asbestos fibers per liter of water. Several miles downstream, water pumped from the Kootenai is used in the cleanup to suppress dust and for equipment decontamination. EPA officials said 10 samples taken in recent months did not detect asbestos in the pumped water. The Kootenai River is not the drinking water source for Libby, nor are any of the creeks that come from the mine, however, the test results from Rainy Creek are “huge” and could pose risks to populations that live anywhere along the Kootenai between Rainy Creek and the Pacific Ocean, said a member of the Libby Area Technical Advisory Group, an EPA-funded cleanup oversight panel. State officials said berms along the creeks, more vegetation, and other measures could be used to stop asbestos-tainted sediment from entering the water. Source: http://www.therepublic.com/view/story/9a322b2b8ebb442ca4dea5fceb4e5379/MT--Libby-Mine/

Details

Banking and Finance Sector

9. November 28, Sofia News Agency – (International) Bulgaria: Sofia airport customs officers seize flash drives containing credit card data. Customs officers at Sofia Airport in Bulgaria have seized USB memory sticks containing credit card data, Bulgaria’s Customs Agency reported November 28. The portable devices were found to belong to two Bulgarian citizens arriving from a Madrid flight. The passengers were coming from Lima, Peru, and were selected under a risk analysis method in the sphere of cocaine trafficking. In the course of the inspection and the subsequent questionings, the two passengers were nervous and offered contradicting and mixed-up explanations about their trip, which caused the customs officers to dig deeper. Although the data stored on the flash drives was encrypted, the customs authorities were able to identify data from numerous credit cards of American and European tourists residing in Peru, as well as instructions regarding the ownership of the cards and the methods for withdrawing the money. The customs officers also seized the two men’s laptops. Source: http://www.novinite.com/view_news.php?id=134328

10. November 22, KOMO 4 Seattle – (Washington) Bellevue stockbroker pleads guilty in $7 million fraud scheme. A Bellevue, Washington stockbroker pleaded guilty November 21 to wire fraud in federal court, admitting he defrauded at least 10 clients of as much as $7 million. According to U.S. district court records, he sent phony statements to his clients that hid significant losses and commissions. He also charged huge commissions, transferring hundreds of thousands of dollars to his personal checking account to pay for his own credit card bills, food, and entertainment, as well as business expenses such as payroll, fees, and taxes, court records show. The man now faces more than 6 years in federal prison under the plea deal with prosecutors. The amount of restitution will be determined at his sentencing February 17. A spokesperson for the U.S. attorney’s office said the man owned and operated Black Diamond Capital Management, LLC, and Black Diamond Securities, LLC. In the plea agreement, the man admitted some of the victims invested with him when he was working for a Seattle brokerage firm. Source: http://www.komonews.com/news/local/Bellevue-stockbroker-pleads-guilty-to-7-million-fraud-scheme-134351898.html

11. November 22, Nanuet Patch – (New York) Five charged with involvement in countywide ATM skimming operation. Police warned holiday shoppers to be careful while using Westchester, New York ATMs after uncovering an elaborate ATM skimming scheme they said netted a group of thieves about $1 million over the last few months, the Nanuet Patch reported November 22. A joint task force involving the Westchester County Police, U.S. Secret Service, and nine local police departments worked together to make five arrests. The scheme involved the placement of “dip readers,” which read ATM cards when they are placed in a machine, paired with a small pin-hole camera used to obtain card-holders’ PIN numbers, police said. The obtained personal information was then copied onto blank cards and used to make withdrawals at another bank. Police believe those arrested are low-level criminals working for a larger organized crime group. ATM skimmers have been found in ATMs throughout the New York Metro area. The Bronxville police chief said 330 accounts were compromised at a Chase branch on Parkway Road in Bronxville in October. “On two consecutive Sundays we lost $330,000 as a result of the skimmers,” he said. Police said none of those arrested are from Westchester County, and that some are not U.S. citizens. All of the suspects are of Eastern European descent. All have been charged with possession of forgery devices, a felony. Source: http://nanuet.patch.com/articles/5-arrested-in-county-wide-atm-skimming-operation#video-8519476

12. November 22, Bloomberg – (National) Bank of America settles Countrywide fraud claims by Calpers. Bank of America Corp. settled securities fraud claims by a group of Countrywide Financial investors including the California Public Employees’ Retirement System (Calpers) that opted out of a $624 million class-action settlement in 2010, Bloomberg reported November 22. A confidential settlement has been reached with all defendants except KPMG LLP, Countrywide’s former auditor, lawyers for the plaintiffs said in a filing November 21 in federal court in Los Angeles. Countrywide, acquired by Bank of America in 2008, was accused of misleading shareholders about its finances and lending practices. The plaintiffs, which also include funds managed by BlackRock Inc., T. Rowe Price Group Inc., and TIAA- CREF are the largest group of those who rejected the 2010 settlement, saying the terms were inadequate. The settlement leaves two other lawsuits by investors that opted out of the 2010 settlement still pending in Los Angeles federal court, one by a group of Michigan public pension funds, and one by the Fresno County Employees Retirement Association. A group of Oregon funds that opted out filed a lawsuit in January in Oregon state court. Calpers, the largest U.S. public pension fund with $227.5 billion in assets, and the other investors did not specify their alleged damages in the complaint filed July 28. Source: http://news.businessweek.com/article.asp?documentKey=1376-LV2UVS6JTSEC01-7TUFFRCEG9OTQCC2147KJ873QM

Information Technology

28. November 28, CNN – (International) 150 domain names shut down in probe of counterfeit goods. U.S. officials used Cyber Monday (November 28) to announce court orders shutting down 150 domain names of commercial Web sites they say were selling “many millions” of dollars worth of counterfeit goods. Sports jerseys and uniforms, DVDs, shoes and handbags, golf sets, and exercise equipment were among the more popular purchases of “knock off” versions of name brand products, officials said. Investigations show the majority of those engaged in defrauding rights-holding companies and consumers are from China, but the phony goods are also produced in other countries, according to top law enforcement officials. The officials said they conduct undercover purchases with the help of legitimate rights holders to confirm the goods are bogus. They acknowledge the operators of the Web sites are beyond the reach of U.S. agents, and when the sites selling counterfeit goods are shut down, the same criminal enterprises sometimes change domain names and continue to prey on customers. The Immigration and Customs Enforcement agency, the FBI, and U.S. attorney offices cooperated in the investigation, dubbed Operation In Our Sites. The operation they announced November 28 is designed in part to educate consumers to be wary of Web sites that appear to be offering name-brand products at substantially reduced prices. Authorities said they are unable to provide estimates of losses, but are concerned some of the millions of dollars in proceeds may end up in the hands of organized crime rings. Source: http://www.cnn.com/2011/11/28/tech/websites-counterfiet-goods/index.html?hpt=hp_t3

29. November 28, Softpedia – (International) BlackHole kit enhanced with new Java exploit. A security researcher discovered a new exploit kit that relies on a recently patched security flaw present in Java, being packaged with BlackHole. It appears all the versions of Oracle’s Java are susceptible to the attack, except for the latest variants, but considering many do not rush to update these components, the exploit could be used successfully against many devices. Also, these means of attack can be easily turned into automated tools, which once placed on a Web site, can infect the machines of unsuspecting Internet users without much effort. The Java exploit works on most browsers, except for Google Chrome, which for some reason often mitigates attacks launched with the new package. The security journalist also believes that, theoretically, such an attack can also work against Mac OS X operating systems, but so far it has only been tested on Windows platforms. The hacker that advertised the newest Java exploit is giving it away for free to customers that already purchased the BlackHole kit, but for newcomers, the price is around $4,000, plus the cost of the Blackhole license. Source: http://news.softpedia.com/news/BlackHole-Kit-Enhanced-With-New-Java-Exploit-236928.shtml

30. November 27, TheDomains.com – (International) 101Domain.com suffers security breach. 101Domain.com appeared to suffer a security breach that “may have resulted in unauthorized access to your personal information and possibly payment information.” According to Webhosting.info, 101domain.com has about 10,000 domain names under management. A message by 101Domain.com to its customers explains: “We need to make you aware of a security breach that may potentially have affected your account. We were recently informed by one of our vendors that some of its systems, and those of a few of its customers, including 101domain.com, were compromised to varying degrees by a phishing attack. Although there is no direct evidence that your information was stolen and we have received no customer complaints, this attack may have resulted in unauthorized access to your personal information and possibly your payment information.” Source: http://www.thedomains.com/2011/11/27/101domains-com-suffers-securty-breach/

31. November 25, Infosecurity – (International) BEAST-driven SSL attack not as bad as it seems claims Context. Researchers at Context Information Security are playing down the level of risk to enterprises caused by the BEAST — Browser Exploit Against SSL/TLS — that was identified by researchers in late September. As previously reported, the researchers said they found a way of breaking the SSL/TLS encryption that is widely used to guarantee the reliability and privacy of data exchanged between Web browsers and servers. After analyzing the researcher’s findings, Context said hackers are very unlikely to use the complex attack methodology. The company also provided advice on how to further reduce risk. According to Context’s research and development manager, developers can increase complexity and mitigate the risk of malicious content being injected within the same origin by setting the HTTPOnly property that prevents applets or JavaScript to gain access to the cookie and prevent session hijacking. Against this backdrop, Context’s research team argues that — in terms of risk — the BEAST attack is similar to not setting the HTTPOnly property on cookies, which is something that is not unusual among Web sites. Source: http://www.infosecurity-magazine.com/view/22287/beastdriven-ssl-attack-not-as-bad-as-it-seems-claims-context/

For more stories, see items 9 above in the Banking and Finance Sector and 32 below in the Communications Sector

Communications Sector

32. November 27, San Jose Mercury News – (International) Spotify music service resumes after login problems for users in U.S. and Europe. Users of the Spotify streaming music service were again able to log in the afternoon of November 27 after an outage that lasted several hours and affected users in the United States and Europe. The company did not explain what went wrong, but said in a tweet about 3 p.m. Pacific time that it had identified the problem. Beginning at some point before 1 p.m. Pacific time November 27 some Spotify users trying to log in to the popular music streaming service were greeted with error messages, sparking a flurry of tweets complaining the company was not keeping users informed. Spotify’s service status page reported “All systems are up and feeling jolly good’’ as of 1 p.m. Pacific time. But users trying to log in via the desktop or mobile client were receiving 404 errors. An attempt to log into an account on the Spotify.com Web site generated the error message: “Service Temporarily Unavailable. The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.” Spotify users from Spain, France, the United Kingdom, and the United States took to Twitter to complain. Source: http://www.mercurynews.com/business/ci_19421484?source=rss