Tuesday, December 6, 2011

Complete DHS Daily Report for December 6, 2011

Daily Report

Top Stories

• For the third time in 5 months, Flying Food Group of Chicago is recalling ready-to-eat food items produced in its Lawrenceville, Georgia plant because they may be contaminated with Listeria monocytogenes. – Food Safety News (See item 25)

25. December 5, Food Safety News – (Georgia) Sandwiches recalled due to Listeria concerns. Flying Food Group of Chicago is again recalling ready-to-eat food items produced in its Lawrenceville, Georgia plant because they may be contaminated with Listeria monocytogenes, Food Safety News reported December 5. This time the recall is of sandwiches distributed to RaceTrac gas stations in Georgia. Flying Food Group announced December 3 that production at its Lawrenceville facility has been suspended pending an investigation into the problem. In July, Flying Food Group recalled about 240 pounds of ready-to-eat chicken used in some Starbucks bistro boxes for possible Listeria contamination, and then expanded the recall by an additional 6,901 pounds of chicken, turkey, beef, and pork products used in various wraps and salads. A few days later, it recalled all of its federally regulated products — sandwiches, parfaits, wraps, plates, and salads — because of the Listeria concerns. The latest recall involves Chicken Quarter Pounder, Chicken Quarter Pounder with Tomatoes, Ham Quarter Pounder, Ham Quarter Pounder with Tomatoes, and American Sub sandwiches. Source: http://www.foodsafetynews.com/2011/12/flying-food-group-of-chicago-based/

• A five-building fire in Pulaski, Wisconsin displaced dozens of residents, damaged many businesses, and injured two firefighters. – Green Bay Press-Gazette (See item 53)

53. December 4, Green Bay Press-Gazette – (Wisconsin) Fire spreads through 5 downtown Pulaski buildings; 40 people displaced, 2 firefighters hurt. A sea of firefighters and fire equipment filled Pulaski, Wisconsin, December 3 as crews brought a five-building fire under control. Crews from around Brown County and surrounding areas were called to the fire around 11 p.m. December 2 and fought the fire though the night and into the morning. The fire was out by late afternoon. The fire was apparently centered on Wood Lanes and spread to adjacent buildings, fire officials and witnesses said. An official described the buildings as businesses mixed with apartments. About 40 residents were evacuated, and 2 firefighters were injured battling the fire. Fire crews used up the municipal water supply in about 2 hours and used tanker trucks to get water to the scene. “We had more than 40 water tenders hauling water,” an official said. ”We were probably pushing 7,000 gallons a minute for hours, so we ran our tower down right away.” Twenty-three departments had equipment and people at the fire. Source: http://www.greenbaypressgazette.com/article/20111204/GPG0101/312040035/Photos-video-Fire-spreads-through-5-downtown-Pulaski-buildings-40-people-displaced?odyssey=tab|topnews|text|GPG-News

Details

Banking and Finance Sector

14. December 5, Associated Press – (Kentucky; Tennessee) Couple accused in 'Bad Hair Bandit' bank robberies. A husband and wife were being held December 5 in a southern Kentucky jail in the "Bad Hair Bandit" bank robberies. The couple were held on robbery charges at the Whitley County Jail. Police said the husband confessed to seven bank robberies in Kentucky and Tennessee, according to WKYT 27 Lexington. The wife told the station she threw a bag containing a BB pistol off a bridge into a river, but did not say where. The couple married in June at about the time of the first robbery. Their arrests came December 2. The "Bad Hair Bandit" nickname came from the fact that the bank robber wore a number of ill-fitting wigs as disguises. Source: http://www.wlky.com/r/29922648/detail.html

15. December 5, Help Net Security – (International) U.S. financial fraud increasing rapidly. Cyber criminals are launching more and more sophisticated attacks on U.S. wireless consumers, Help Net Security reported December 5. Research showed financial fraud and spam via SMS texts is growing at a rate of over 300 percent year over year. Cloudmark is tracking over 20 unique, financial related SMS attacks in the United States with thousands of variants on each attack. The attack techniques are becoming increasingly sophisticated and can include any combination of rapidly changing content, phone numbers, and MSISDN (a number uniquely identifying a mobile subscription). There are a number of recent SMS attacks. Two prominent examples include loan and gift card scams, and the more malicious credit card and bank fraud attacks. For the loan and gift card attacks, the scammers’ business model is based on referrals for loans, via either Web redirects that send traffic immediately to an affiliate program, or by accepting applications forwarded to affiliate programs. For the banking and credit card fraud attacks, the text in each fraudulent SMS appears as if it is coming from a major bank or credit card company such as Wells Fargo or Visa. The attackers are sending texts with messages such as "Your Visa card has been deactivated. Please call [number] to reactivate it." When a recipient calls the number, they are asked for their name, bank card number, account number, expiration date, security/pin code and/or address –- all the data the criminals need to gain access to the credit card or bank account. In some cases, criminals created a replica of a victim’s bank card from the data provided. Cyber criminals are increasingly moving from targeted phishing via e-mail to mobile messaging. Source: http://www.net-security.org/secworld.php?id=12049

16. December 4, Santa Maria Times – (California) 'Geezer Bandit' strikes again. California’s so-called "Geezer Bandit" apparently has struck again, this time at a Bank of America in San Luis Obispo. The gray-haired robber approached a teller about 5:40 p.m. December 2, pointed a handgun, and demanded money. The teller complied and the robber left with an undisclosed amount of cash, which included a "dye pack." Once in the parking lot, the dye pack exploded and apparently caused the suspect to drop some of the money and the note he used inside the bank. He walked toward Marsh Street where he dropped some more money. A witness saw a vehicle — described as a white BMW Five Series car — leave a parking stall on Marsh near Toro Street at a high rate of speed around the same time as the robbery. Police are unsure if the two incidents are related. San Luis Obispo police described the suspect as an elderly white male about 6 feet 4 inches tall and weighing 175 pounds. He was wearing black slacks, a white shirt, a black tie, a blue baseball hat, and glasses. A witness in the bank during the robbery said the suspect’s face looked like plastic as if it was a mask or makeup, police said. The witness thought the suspect was purposely trying to look elderly. The FBI says most of the Geezer Bandit’s 16 robberies, which began in 2009, have occurred in San Diego County. Source: http://santamariatimes.com/news/local/crime-and-courts/geezer-bandit-strikes-again/article_70eaee86-1e3d-11e1-aece-0019bb2963f4.html

17. December 3, V3.co.uk – (International) Cyber criminals launch bogus money transfer malware attacks. A new malware attack is luring victims by using Web-based exploits to perform a "drive-by" malware download under the guise of an electronic money transfer, V3.co.uk reported December 3. Researchers at Solera Networks reported the attackers make use of Google's goo.gl link-shortening service to hide the location of the attack site. The attacks claim to originate from the "Electronic Payments Association" and notify potential victims of a failed direct deposit attempt. Clicking on the link included with the message redirects to a site that attempts to perform a number of exploits using vulnerabilities in Flash and Java. The director of threat research at Solera told V3 the attacks are part of a much larger trend in which cyber criminals target browser plug-ins and third-party components. The attacks also highlight the use of third-party link-shortening services. Other malware and spam operations have made similar use of such tools to insulate targets from the actual attack site. Source: http://www.v3.co.uk/v3-uk/news/2129904/malware-writers-launch-electronic-payment-malware-attack

18. December 2, Minneapolis Star Tribune – (National) Upbeat end to bank loan fiasco. There was no shortage of risky bank loans that turned bad in the wake of the recession, but the failed $28.5 million loan from a group of banks to a boy band creator will surely go down as one of Minnesota's more unusual. Late December 1, a federal jury in Minneapolis concluded a South Carolina bank helped the music mogul defraud lenders, awarding $16 million to 26 banks, many in Minnesota. The manager is serving a 25-year sentence in Texas after pleading guilty to running a Ponzi scheme and bilking banks and investors out of $300 million or more. The group of mostly smaller, community banks agreed to lend $28.5 million to the man, presumably to finance an American version of a British TV show called "Top of the Pops." American Bank sank $5 million into the loan and was the lead bank in the loan package. For many of the banks, including a dozen in Minnesota and others in Montana, Maine, and Illinois, the loan losses were a significant financial blow. The man defaulted on the loan fairly quickly, as his business operation unraveled. He was arrested in Indonesia in 2007 after fleeing authorities. Mercantile Bank was the final participant in the American Bank loan, but was quickly paid off — the only bank to get its money back, an attorney said. Mercantile had extensive knowledge about the man's fraud, American Bank argued, including the fact the two accountants who prepared his financial records were fictitious. The most prominent and damning evidence, the attorney said, was an e-mail from a Mercantile employee to another saying a loan analyst had figured out that the accountants did not exist and that they had asked the manager to exit the bank. Source: http://www.startribune.com/business/134945353.html

19. December 2, KDRV 12 Medford – (Oregon; Arizona) 'Fake Beard Bandit' pleads guilty. A bank robber was caught and said he is guilty of robbing almost a dozen banks including one in Medford, Oregon, KDRV 12 Medford reported December 2. He admitted to committing 10 robberies, including one at Premiere West Bank in September 2010. He wore a disguise, prompting police to call him the "Fake Bearded Bandit." He was arrested in Phoenix after another robbery. When investigators searched his home, they found more evidence. He reached a guilty plea on 7 of the 10 robberies and faces a minimum of 8 years behind bars. Source: http://kdrv.com/news/local/232394

20. December 2, Softpedia – (International) ‘Verified by Visa’ presents major security flaw. Trend Micro researchers discovered the technology behind the Verified by Visa trademark is much more unsecure than anyone would believe, and a coding error is not to blame; instead it is a design flaw that could be taken advantage of by criminals, Softpedia reported December 2. The 3 Domain Secure (3DS) security protocol introduced by Visa in 2001 was developed to prevent credit card fraud but, in practice it is inefficient. When users make an online transaction protected by Visa, they are redirected to a verification page that requires confirmation of some details and a password. Since the merchant does not come in contact with users' details at any point, the transaction should be secure. A problem emerges due to the password reset feature. When a customer accesses the reset password function, she is presented with a form that requires some details of the cardholder to prevent fraud, but the problem is all the data can be found on the physical credit card. Signature panel code, expiration date, cardholder name, and birth date is requested from the customer to complete the reset process. All the details except for the birth date are printed on the card, but also, these are the details first obtained by any cybercriminal in operations that target credit cards. Researchers propose this verification method should be at least updated to encapsulate a secret question, a one-time password reset URL should be sent to the user’s e-mail, and the entire procedure should result in a notification. The 3DS security protocol is not only used by Visa. Web sites that display MasterCard Secure Code, J/Secure (JCB International), and SafeKey (American Express) implement the same technology. Source: http://news.softpedia.com/news/Verified-by-Visa-Presents-Major-Security-Flaw-238187.shtml

Information Technology

43. December 5, Softpedia – (International) Hillary Clinton promises millions from Nigerian bank, 419 scam. Scammers came up with new techniques of masking a classic 419 scam. The latest methods imply the actual message, the one that promises millions of dollars from diamond mines and banks from Africa, is hidden in an archived text file that comes attached to the e-mail. "This is a confidential message, please kindly view the attached message below and get in touch with him ASAP," reads a message allegedly coming from the U.S. Secretary of State. Appriver reports the zip file attached to the e-mail is not a malicious virus. Instead, it is a text document that reveals an untrue story about a few million dollars that are about to be transferred from the Central Bank of Nigeria to the recipient. Spammers will use this technique, ofhiding documents in other files, to evade spam filters that target such messages. Source: http://news.softpedia.com/news/Hillary-Clinton-Promises-Millions-From-Nigerian-Bank-419-Scam-238479.shtml

44. December 2, The Register – (International) Carrier IQ VP: App on millions of phones not a privacy risk. More than 48 hours after a software developer posted evidence Carrier IQ monitored the keystrokes on more than 141 million smartphones, company official came forward to rebut the allegations. According to disclosed technical details, the diagnostics software does not represent a privacy threat to handsetowners. Carrier IQ is a vast digital fishing net that sees geographic locations and the contents of text messages and search queries inside the phones the software monitors, the company's VP of marketing said in an interview. However, except in rare circumstances, that data is removed from a phone's internal memory almost as quickly as it goes in. Only in cases of a phone crash or a dropped call is information transferredto servers under the control of the cellular carrier so engineers can troubleshoot bottlenecks and other glitches on their networks. The interview came as Carrier IQ faced four lawsuits and a request by a U.S. lawmaker for an investigation by the Federal Trade Commission. Source: http://www.theregister.co.uk/2011/12/02/carrier_iq_interview/

For more stories, see items 15 and 20 above in the Banking and Finance Sector and 45, 46, and 47 below in the Communications Sector

Communications Sector

45. December 5, Examiner.com – (Utah) CenturyLink Internet services disrupted by power outages. Recent hurricane force winds in Northern Utah revealed more than just how shallow the root systems of pine trees are or how far shingles can fly in a 100 mph wind, Examiner.com reported December 4. CenturyLink Internet customers discovered that when the commercial power relied on by CenturyLink’s servers goes down, so do the servers because there is no auxiliary power for them. Nor apparently is CenturyLink able to reroute the Internet service through other functioning servers. Thus, although some CenturyLink Internet customers had power in their homes within 8 hours of disruptions caused by hurricane force winds, Internet service was not available for 29 hours until power was restored to servers located in areas where power outages lasted much longer. CenturyLink was not the only provider that encountered wind-related service disruptions. The Salt Lake Tribune reported AT&T’s 3G data service for mobile phones remained down over much of Salt Lake County 24 hours after high winds struck Utah. Source: http://www.examiner.com/tea-party-in-salt-lake-city/centurylink-internet-services-disrupted-by-power-outages

46. December 4, WSOC 9 Charlotte – (North Carolina) Verizon wireless restored after outage. Some Verizon Wireless customers in North Carolina experienced problems with their cell phones and Internet the night of December 3. "We experienced an outage which affected a small number of customers for a brief period of time this evening," a Verizon Wireless representative said. Verizon Wireless' technical support said people in Charlotte, Concord, Gastonia, and Huntersville were all affected. The company told WSOC 9 Charlotte the absence of service appeared to be caused by an equipment outage. The Verizon representative said full service was restored late December 3. Source: http://www.wsoctv.com/news/29916720/detail.html

47. December 3, NorthEscambia.com – (Florida) Frontier, Cox Communications both experience outages. Two communications providers in Florida experienced major outages December 2. Frontier Communications, which serves customers in Walnut Hill, Bratt, Molino, and Atmore, experienced a major Internet outage from about 11:30 a.m. until 2:30 p.m. Frontier phone services was not affected. Cox Communications, which serves customers in the Pensacola area, experienced an Internet, phone, and 911 outage for a few hours the evening of December 2. Source: http://www.northescambia.com/?p=76642

For more stories, see items 15 above in the Banking and Finance Sector and 44 above in the Information Technology Sector