Friday, December 2, 2011

Complete DHS Daily Report for December 2, 2011

Daily Report

Top Stories

• High winds flipped over trees and trucks, knocked down power lines, sparked fires, and caused power outages for more than 300,000 California customers, including a major airport in Los Angeles. – Associated Press and NBC News (See item 2)

2. December 1, Associated Press and NBC News – (California; Utah) Worst Santa Ana winds in years to move cross-country. High winds flipped over trees and trucks and knocked out power to more than 300,000 California customers before moving inland early December 1, where schools in a Utah town closed because of 100 mph wind gusts. Some of the worst Santa Ana winds in years blasted through California November 30 and December 1, sweeping down through canyons and creating gusts of up to 80 mph through the night, with a 97-mph gust recorded Wednesday night at Whitaker Peak in Los Angeles County. Twenty-three flights were diverted and several delayed beginning November 30 at Los Angeles International Airport because of severe crosswinds and debris on runways, officials said. An hour-long power outage affected all passenger terminals. Pasadena closed schools and libraries December 1, and declared a local emergency, the first time since 2004. A fire spokeswoman said 40 people were evacuated from an apartment building after a tree collapsed, smashing part of the roof. Two house fires, possibly caused by downed power lines, injured several people. There have been hundreds of reports of wires down, she said. Trees also fell, and some roads are impassable. Source: http://usnews.msnbc.msn.com/_news/2011/12/01/9142355-worst-santa-ana-winds-in-years-to-move-cross-country

• Computer scientists discovered a weakness in smartphones running Google’s Android operating system that allows attackers to secretly record phone conversations, monitor location data, and access other sensitive resources. – The Register See item 41 below in the Information Technology Sector

Details

Banking and Finance Sector

15. November 30, Denver Post – (Colorado) ‘Wig Out Bandit’ robs seventh Denver bank, says FBI. Northeast Denver’s “Wig Out Bandit” has struck again, the FBI announced November 30. The bank robber who once wore a wig during his first Denver robbery held up the U.S. Bank branch at 200 University Boulevard November 30. The FBI suspects the same man in seven Denver bank robberies since August 1. He is described as black, 40 to 50 years old, about 5 feet, 11 inches to 6 feet, 2 inches tall with a slender build. There is a $2,000 reward for information that leads to his arrest. Source: http://www.denverpost.com/breakingnews/ci_19443552

16. November 30, WRC 4 District of Columbia – (Virginia; Maryland) ‘Blonde Bandit’ suspect captured after attempted bank robbery. After 2 weeks of pursuit, police caught up with the woman dubbed the “Blonde Bandit” in Maryland November 30. Police took the woman into custody after a three-car crash on the Beltway. Fairfax County, Virginia, police had been tailing her vehicle after they received a report of an attempted robbery at the BB&T bank on Old Dominion Drive in McLean. A woman passed a note to a teller and demanded money, but fled in a blue Ford Escape without getting any. An officer spotted the car on Interstate 495 and followed it into Montgomery County, Maryland, where she was involved in a crash with two cars at Old Georgetown Road, police said. She fled on foot but was caught by the officer from Fairfax County, police said. She is suspected in at least two prior bank robberies, a carjacking at Tysons Galleria, and an attempted carjacking in Baltimore County. She is also the suspect in a November 18 bank robbery in Prince William County, Virginia, and a November 22 bank robbery in Springfield. Fairfax County police are investigating with the FBI. Source: http://www.nbcwashington.com/news/local/134767613.html

17. November 30, Washington Post – (National) Probe of hedge fund chief derailed by SEC official’s alleged action, report says. A federal probe of possible market manipulation and insider trading by a hedge fund manager was derailed when Securities and Exchange Commission (SEC) officials found an agency supervisor had improper contact with the fund manager, according to a report released November 30 by the SEC Inspector General (IG). The report noted the employee worked at SEC headquarters, but it did not name him or the hedge fund manager, and it described the case in elliptical terms. The supervisory attorney allegedly talked to the manager about whether it was legal for the manager to purchase securities before attempting a company takeover, the IG wrote in the semiannual report to Congress. Other SEC officials concluded those contacts made it impossible for the agency to pursue a case against the hedge fund manager because he could raise them as a defense, the report said. In a separate case, the IG investigated an anonymous tip that staff members in an SEC regional office uncovered a massive fraud by a hedge fund manager, but that the agency failed to pursue the matter. The unnamed hedge fund manager was considered one of the contributors to the financial crisis of 2008, according to the tip. The IG found that, in 2004, examiners in the regional office scrutinized the manager and his brokerage firm, and recommended regional enforcement staff investigate the manager for possible fraud. However, a senior official in that regional office had recently left the SEC for a job with the brokerage firm, saddling the SEC with a potential conflict of interest, according to the report. To avoid that problem, the office that was working on the case transferred it to another SEC regional office, the report said. The IG said the second regional office narrowed the scope of the probe “solely to simplify the matter”, and it “did not fully understand” other issues in the case. Without taking testimony from the hedge fund manager or any other witnesses, the second office closed the matter entirely, the report said. Source: http://www.washingtonpost.com/business/economy/probe-of-hedge-fund-chief-dropped-over-sec-officials-alleged-action-report-says/2011/11/29/gIQAbuacDO_story.html

18. November 30, U.S. Commodity Futures Trading Commission – (Mississippi) CFTC charges Mississippi residents Gary and Bradley Futch and their Company, Tradewind Investments, LLC, with commodity options fraud. The U.S. Commodity Futures Trading Commission (CFTC) November 30 announced the filing of an enforcement action charging a man and his son, both of Meridian, Mississippi, and their firm Tradewind Investments, LLC (Tradewind), with commodity options fraud. According to the CFTC’s complaint, filed in federal court in Mississippi, from early 2007 through October 2008, Tradewind took in about $5.6 million from roughly 25 clients, mostly family, friends, or acquaintances. It offered a trading program focused on selling option spreads. During client solicitations, the pair allegedly made a series of fraudulent misrepresentations. They allegedly knew that these misrepresentations were false when they made them, and these misrepresentations were intended to, and did, mislead Tradewind’s clients about the risks inherent in selling options. In fact, according to the complaint, Tradewind’s strategy failed on a particularly volatile market day October 10, 2008, resulting in complete losses for all of Tradewind’s clients, plus additional margin calls. Losses allegedly totaled over $5.6 million. Tradewind ceased operations shortly thereafter, and the father and son each filed for bankruptcy, according to the complaint. In its continuing litigation against the defendants, the CFTC seeks disgorgement of ill-gotten gains, restitution to defrauded customers, civil monetary penalties, permanent trading and registration bans, and permanent injunctions against further violations of federal commodities law. Source: http://www.cftc.gov/PressRoom/PressReleases/pr6149-11

Information Technology

39. December 1, threatpost – (International) Adobe fixes flaw in Flex SDK framework. Adobe patched a security flaw in its Flex SDK product that could lead to cross-site scripting attacks against some applications that were built using the SDK, threatpost reported December 1. The vulnerability affects versions 3.6 and below, and 4.5.1 and below. The Flex SDK is a free, open source application framework that Adobe produces to enable developers to write apps across a variety of devices and platforms. Flex can be used with other tools to build apps for iOS, Android, BlackBerry, and the Web. The newly patched vulnerability affects the Flex SDK for Windows, Macintosh, and Linux. Source: http://threatpost.com/en_us/blogs/adobe-fixes-flaw-flex-sdk-framework-120111

40. November 30, Computerworld – (International) Duqu hackers scrub evidence from command servers, shut down spying op. The hackers behind the Duqu botnet shut down their spying operation, a security researcher said November 30. The 12 known command-and-control servers for Duqu were scrubbed of all files October 20, according to Kaspersky Lab, just 2 days after Symantec went public with its analysis of the malware. Earlier November 30, another Kaspersky expert posted an update on the company’s investigation into Duqu that noted the hackers’ cleaning operation October 20. According to Kaspersky, each Duqu variant — of a known 12 — used a different compromised server to manage the PCs infected with that specific version of the malware. Those servers were located in Belgium, India, the Netherlands, and Vietnam, among other countries. The hackers not only deleted all their files from those systems, but double-checked afterward that the cleaning had been effective, Kaspersky noted. Kaspersky also uncovered clues about Duqu’s operation it has yet to decipher. The attackers quickly updated each compromised server’s version of OpenSSH — for Open BSD Secure Shell, an open-source toolkit for encrypting Internet traffic — to a newer edition, replacing the stock 4.3 version with the newer 5.8. Although there have been reports that OpenSSH contains an unpatched vulnerability — perhaps exploited by the Duqu hackers to hijack legitimate servers for their own use — Kaspersky eventually rejected that theory. By updating OpenSSH from the possibly-vulnerable OpenSSH 4.3, the Duqu developers may have intended to ensure other criminals could not steal their stolen servers. Source: http://www.computerworld.com/s/article/9222293/Duqu_hackers_scrub_evidence_from_command_servers_shut_down_spying_op

41. November 30, The Register – (International) Android glitch allows hackers to bug phone calls. Computer scientists discovered a weakness in smartphones running Google’s Android operating system that allows attackers to secretly record phone conversations, monitor geographic location data, and access other sensitive resources without permission. Handsets sold by HTC, Samsung, Motorola, and Google contain code that exposes powerful capabilities to untrusted apps, scientists from North Carolina State University said. These “explicit capability leaks” bypass key security defenses built into Android that require users to clearly grant permission before an app gets access to personal information and functions such as text messaging. The code making the circumvention possible is contained in interfaces and services the device manufactures add to enhance the stock firmware supplied by Google. “We believe these results demonstrate that capability leaks constitute a tangible security weakness for many Android smartphones in the market today,” the researchers wrote in a paper scheduled to be presented at 2012’s Network and Distributed System Security Symposium. “Particularly, smartphones with more pre-loaded apps tend to be more likely to have explicit capability leaks.” Source: http://www.theregister.co.uk/2011/11/30/google_android_security_bug/

For another story, see item 42 below in the Communications Sector

Communications Sector

42. December 1, Long Island Business News – (New York) Cablevision experiences DDoS attack. Cablevision’s Optimum Online network was the target of a Distributed Denial of Service (DDoS) attack the night of November 29, causing some customers to experience disruptions with Internet services. Representatives for Cablevision said the attack on its network began at about 6 p.m. November 29 and was resolved shortly after midnight, at which time all service returned to normal. The attack caused a disruptive increase in automated requests on a portion of the network. Cablevision representatives said DDoS attacks have been directed at several leading technology companies in recent months. An investigation has been launched into the cause of the attack. Source: http://libn.com/2011/12/01/cablevision-experiences-ddos-attack/

43. November 30, Amarillo Globe-News – (Texas) Downed line disrupts Verizon Wireless phone services. A line was down November 30 between Amarillo and Lubbock, Texas, causing Verizon Wireless texting and phone services in the region to be temporarily unavailable, a sales agent at the Verizon Wireless store at Coulter Street and 45th Avenue said. “They have located it, which is the hardest part, and they are out there repairing it,” he said. He said Internet services were working, but texting and phone services were down. He said services should be back in full swing within hours. Verizon did not know the number of customers affected, but reports of the outage that began around 9 a.m. extended as far south as the Midland/Odessa area. Source: http://amarillo.com/news/local-news/2011-11-30/downed-line-disrupts-verizon-wireless-phone-services#.TtaJ-nqOfm0

For another story, see item 41 above in the Information Technology Sector