Tuesday, December 13, 2011

Complete DHS Daily Report for December 13, 2011

Daily Report

Top Stories

• Hundreds of Occupy protesters blocked gates at some of the West Coast’s busiest ports December 12, causing the partial shutdown of several of them. – Associated Press (See item 17)

17. December 12, Associated Press – (National) Occupy protesters blocking gates at West Coast ports, halt operations at some. Hundreds of Wall Street protesters blocked gates at some of the West Coast’s busiest ports December 12, causing the partial shutdown of several in a day of demonstrations they hope will cut into the profits of the corporations that run the docks. The closures affected some of the terminals at the ports in Oakland, California, Portland, Oregon, and Longview, Washington, though it was not immediately clear how much the shutdowns would affect operations and what the economic loss would be. From California to as far away as Vancouver, British Columbia, protesters picketed gates, beating drums, carrying signs such as “Shutdown Wall St. on the Waterfront” and causing longer wait times for trucks. There were a handful of arrests by the late afternoon, but no major clashes with police. While the demonstrations were largely peaceful and isolated to a few gates at each port, local officials in the union that represents longshoremen and, in some cases, port officials, determined the conditions were unsafe for workers. In Oakland, shipping companies and the longshoremen’s union agreed to send home about 150 workers, essentially halting operations at two terminals, and leaving a long line of big rigs outside one of the entrances. In Portland, authorities shuttered two terminals after protestors blocked semitrailers from making deliveries, and arrested arresting two people who were carrying weapons. And in Longview, workers were sent home out of concerns for their “health and safety.” Port officials erected fences and told workers to stay home, a port spokesman said. Source: http://www.washingtonpost.com/business/occupy-protesters-seek-to-shut-down-west-coast-ports-despite-rejection-by-longshore-union/2011/12/12/gIQA3zP3oO_story.html

• As many as 1 million customers of Restaurant Depot and Jetro may have had their credit card information stolen by hackers based in Russia. – Softpedia (See item 23)

23. December 12, Softpedia – (International) Restaurant Depot informs customers of data breach, 1 million credit cards involved. Customers of cash and carry food wholesalers’ Restaurant Depot and Jetro were informed the company headquartered in New York City recently fell victim to a hacking operation and all of their customers’ credit cards information may have fallen into the hands of cybercriminals, Softpedia reported December 12. During the period between September 21 and November 18, unauthorized individuals managed to obtain cardholder names, credit card numbers, expiration dates, and card verification numbers of consumers who made purchases at one of the stores. The breach was discovered November 9 and the company immediately started taking action. They hired Trustwave to investigate the affected devices and set up mechanisms to prevent further such incidents from occurring. According to Finextra, Trustwave found malicious software was carefully placed on credit card processing systems used in the stores owned by Restaurant Depot. All the data obtained by the malware was sent to a server located in Russia. The estimated number of individuals that may be affected by the incident is as high as 1 million. Source: http://news.softpedia.com/news/Restaurant-Depot-Informs-Customers-of-Data-Breach-1-Million-Credit-Cards-Involved-240028.shtml

Details

Banking and Finance Sector

10. December 12, CBS News – (International) SEC probes major companies’ Syria, Iran ties. The Securities and Exchange Commission (SEC) has asked at least a dozen U.S.-listed companies to fully explain their business relations — which were apparently undisclosed in some cases — with Iran and Syria, the Financial Times (FT) reported December 11. Among the companies being asked to provide the information are global giants including Sony, Caterpillar, and American Express. The article says the companies have conducted business with the countries, listed as “state sponsors” of terrorism by the U.S. government and heavily sanctioned as a result, in many cases by going through international subsidiaries which operate outside the confines of U.S. sanctions. As global outrage rises in light of the Syrian regime’s crackdown on opposition protests, and an Iranian student siege on the British Embassy in Tehran, some U.S. lawmakers have pushed for the subsidiary loophole to be closed, according to the FT. “The notion that a foreign subsidiary of a U.S. company can conduct business that would be sanctionable in the US ... undermines our efforts to prevent Iran from achieving a nuclear-weapons capability,” the ranking Democrat on the House foreign affairs committee, told the FT. Source: http://www.cbsnews.com/8301-503543_162-57341135-503543/sec-probes-major-companies-syria-iran-ties/

11. December 12, phillyBurbs.com – (Pennsylvania) Huntingdon Valley man charged with bank fraud. A man from Huntington Valley, Pennsylvania, was charged with one count of bank fraud, according to a U.S. attorney, phillyBurbs.com reported December 12. It is alleged that from about May to July 2010, the suspect conducted a check kite scheme resulting in a loss of about $658,979 to First Niagara Bank. If convicted, the defendant faces a maximum possible sentence of 30 years imprisonment, a 5-year term of supervised release, a $1 million fine, a $100 special assessment, and restitution of $658,979 to First Niagara Bank. The case was investigated by the FBI. Source: http://www.phillyburbs.com/news/local/courier_times_news/huntingdon-valley-man-charged-with-bank-fraud/article_e0c3a288-d0bb-59cb-9abc-d25b4120c4d6.html

12. December 12, U.S. Securities and Exchange Commission – (Florida) SEC charges GlaxoSmithKline subsidiary and former CEO with defrauding employees in stock plan. The Securities and Exchange Commission (SEC) December 12 charged a Coral Gables, Florida subsidiary of pharmaceutical company GlaxoSmithKline (GSK) and the subsidiary’s former chairman and chief executive officer (CEO) with defrauding employees and other shareholders in the firm’s stock plan by buying back stock at severely undervalued prices. Stiefel Laboratories Inc. omitted key data that would have alerted employees their stock was worth much more. Instead, the information was confined to the then-CEO, members of his family, and some senior managers. “Stiefel and [its CEO] profited at the expense of their employee shareholders who lost more than $110 million by selling their stock based on the misleading valuations they were provided,” the director of the SEC’s Miami Regional Office said. According to the SEC’s complaint, Stiefel bought more than 750 shares of company stock from shareholders between November 2006 and April 2007. The CEO knew five private equity firms had submitted offers to buy preferred stock in November 2006 based on equity valuations that were about 50 to 200 percent higher. Between July 2007 and June 2008, Stiefel purchased more than 350 additional shares of company stock from shareholders and bought more than 1,050 shares from shareholders outside the plan at even lower prices. At the time, the CEO knew about the November 2006 private equity valuations and that a prominent private equity firm had bought preferred stock based on a valuation more than 300 percent higher than that used for stock buybacks. Between December 3, 2008 and April 1, 2009, Stiefel also purchased more than 800 shares of its stock from shareholders even though the CEO knew that equity valuation was low and misleading, in part because he was negotiating the sale of the company. On January 26, 2009, GSK expressed interest in a Stiefel acquisition and signed a confidentiality agreement 2 days later. As late as March 16, 2009, the CEO ordered that the ongoing negotiations not be disclosed to employees, and he misled shareholders to believe the for, would remain family-owned. On April 20, 2009, Stiefel announced GSK would acquire the company for a value that amounted to more than 300 percent higher than the per share price Stiefel had been paying to buy back shares from its shareholders. Source: http://www.sec.gov/news/press/2011/2011-261.htm

13. December 12, IDG News Service – (International) Three Bulgarians arrested in connection with phishing scheme against US banks. Bulgarian authorities arrested three men December 7 on charges of being part of an international cybercriminal gang that targeted U.S. bank customers. The men were detained last week in Sofia and Burgas following a joint investigation by the computer crime division of the Bulgarian Chief Directorate for Combating Organized Crime and the FBI. The gang sent phishing e-mails that appeared to originate from major U.S. banks and directed recipients to fake online banking Web sites with the purpose of stealing user names and passwords, the Bulgarian Interior Ministry said in a statement. The men allegedly used the stolen information to transfer money from bank accounts belonging to victims. Investigators said the three suspects used online payment services such as libertyreserve.com, paypal.com, webmoney.ru, moneybookers.com, and others. During raids at the three men’s homes police officers seized mobile phones, computer systems containing hacking programs, laptops, storage media devices, receipts of numerous money transactions, as well as stolen online banking credentials. Source: http://www.pcworld.com/businesscenter/article/246022/three_bulgarians_arrested_in_connection_with_phishing_scheme_against_us_banks.html

14. December 11, Sacramento Bee – (California) Sacramento man among 11 indicted in mortgage fraud case. A Sacramento, California man who was sentenced to 2 years in state prison for attempted extortion was among 11 people indicted in connection with one of the largest mortgage fraud cases to hit Sacramento. On December 8, a federal grand jury charged the man with wire and mail fraud as part of an investigation into mortgage fraud that has so far yielded indictments against 45 people. Many of the defendants are members of the local Russian-American community. Collectively, they are charged with defrauding more than $16 million from several lenders. A U.S. attorney said immigration officials had issued a deportation warrant against the defendant due to his previous conviction on the state extortion charge. Two other Sacramento residents were ordered detained. Public records show one of the men is part-owner of a North Highlands restaurant called Kavkaz VIP. He also is co-owner of a mortgage company called M & A Marketing. The second man detained was an M & A employee. According to the grand jury, M & A recruited “straw buyers” who took out mortgage loans using phony documents for homes that later went into foreclosure. The latest group to face indictment bought seven homes in Sacramento, West Sacramento, and Lincoln, and obtained home equity loans on the properties before walking away from them. The foreclosures resulted in losses of more than $1.5 million to lenders. According to the grand jury, the man charged on December 8 helped recruit straw buyers for homes in Sacramento and Lincoln, and got a $10,000 fee from a local tax preparer, a central figure in the ongoing federal probe. Source: http://www.sacbee.com/2011/12/10/4112882/sacramento-man-among-11-indicted.html

15. December 9, Bank Info Security – (National) Phishing targets FDIC. The Federal Deposit Insurance Corporation (FDIC) is warning banks about another strand of phishing attacks feigning to come from the FDIC, Bank Info Security reported December 9. In an e-mail alert, the FDIC warned that the e-mails appear to be coming from “insurance@fdic.gov,”, subscriptions@fdic.gov”, “alert@fdic.gov”, and “accounts@fdic.gov.” The fraudulent e-mails include the subject lines “FDIC: Your business account”, “FDIC: About your business account”, “Insurance coverage of your business account”, or other similar variations. The e-mails also include a malicious link that claims to offer critical information about financial institutions. The claim states: “We have important news regarding your bank. This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership.” The FDIC said recipients of the e-mails should be mindful of any electronic correspondence that appears to come from the FDIC, and reiterated that it does not issue unsolicited e-mails to consumers or business accountholders. Source: http://www.bankinfosecurity.com/articles.php?art_id=4318

For another story, see item 23 above in Top Stories

Information Technology

43. December 12, The Register – (International) Web scam-busting trio thwarted by mystery DDoS rocket. Several anti-scam sites were knocked offline the week of December 5 by fierce and well-organized distributed denial of service (DDoS) attacks. The sites — 419eater.com, scamwarners.com, and aa419.org (Artists Against 419) — were swamped with junk traffic for several days. During the attack, the sites’ administrators turned to blogs, Facebook, and other alternative channels to distribute news of newly detected fake payment sites and other urgent anti-fraud information. “These websites and their users provide excellent exposure for online fraud activities and have been responsible for allowing thousands of prospective victims to detect a scam in play, and get out before losses are incurred,” a reader who informed The Register about the attacks explained. “They also work actively to kill fake bank sites, fake freight forwarding sites and other criminal resources.” Both 419eater.com and scamwarners.com were back operating normally by December 12, while aa419.org remained sluggish. Source: http://www.theregister.co.uk/2011/12/12/anti_scam_sites_ddos_blitz/

44. December 10, V3.co.uk – (International) Attackers target Adobe flaw as wait for patch continues. Malware writers are continuing to exploit a high-profile zero-day flaw in Adobe Acrobat and Reader, using a spam attack to spread the remote code execution vulnerability in the wild. The attack arrives as an unsolicited financial report claiming to be from Barclay’s Capital, according to security firm Sophos. The attached PDF file launches the Reader and Acrobat attack, and specially crafted code within the file targets the vulnerability and attempts to download malware-serving trojans. “We have started seeing a small number of targeted samples in Sophos Labs of attackers trying to use this vulnerability in e-mail attachments. The e-mails are well-crafted and look very believable,” a Sophos senior security adviser said in a blog post. Adobe has been working to address the flaw with an out-of-cycle security fix scheduled to arrive sometime the week of December 12. Source: http://www.v3.co.uk/v3-uk/news/2131601/attackers-aim-adobe-flaw-wait-patch-continues

45. December 9, IDG News Service – (International) Two zero-day vulnerabilities found in Flash Player. Two newly discovered vulnerabilities in Adobe’s Flash Player can be exploited to execute arbitrary code remotely, according to advisories from the U.S. Computer Emergency Readiness Team and various security research companies. The security flaws were discovered by Russian vulnerability research firm Intevydis. The exploits developed by Intevydis for the zero-day Flash Player vulnerabilities can bypass Windows anti-exploitation features including DEP and ASLR, and can escape the Internet Explorer sandbox, Intevydis’s CEO said December 6. The company published a video showing the exploits in action on Windows, and promised to release Mac OS X implementations as well. Flash Player vulnerabilities can be exploited by embedding maliciously crafted Flash content into Web sites or PDF documents. Adobe Reader and Acrobat are generally affected by Flash Player flaws because they incorporate a Flash playback component. Source: http://www.computerworld.com/s/article/9222546/Two_zero_day_vulnerabilities_found_in_Flash_Player?taxonomyId=17

For more stories, see items 13 above in the Banking and Finance Sector and 23 above in Top Stories

Communications Sector

46. December 10, Whittier Daily News – (California) Phone carriers grapple with face wind-related service problems. The recent wind-related power outages that left thousands of residents and businesses in California without power have been well documented in recent days. But major phone carriers, including AT&T, Verizon and others, have been grappling with their own problems, the Whittier Daily News reported December 10. Many lines for land-line phone service were knocked down by the raging winds.”Basically, there have been some safety issues,” a spokeswoman for AT&T said. “We had to wait for Edison to get in there and make sure things were were safe before we could start repairs.” AT&T runs some of its lines along Southern California Edison power poles, while others are supported by AT&T’s own poles. “We’re dealing with damaged poles all across Arcadia, Pasadena, South Pasadena and Alhambra,” she said. “We’ve replaced about 20,000 feet of wires that were completely pulled down by branches and debris.” She said 10,000 AT&T customers were without service at one time or another as a result of the windstorms. But that number has been whittled down significantly. By December 9, only about 150 customers were still without service. T-Mobile issue a statement that said some customers in the Los Angeles area may have experience temporary voice and messaging service disruption. By December 2, most service was restored, and the network was 100 percent back by December 5, despite the continued lack of commercial power in some locations, the company said. Verizon said places where commercial outages occurred resulted in minimal service interruptions. Verizon sustained damage to some of its poles, but the infrastructure is now intact and fully restored, the company said. Source: http://www.whittierdailynews.com/news/ci_19516565