Tuesday, January 3, 2012

Complete DHS Daily Report for January 3, 2012

Daily Report

Top Stories

• A dust storm closed a 20-mile section of Interstate 15 in Idaho December 29, affecting a segment of the interstate north of Idaho Falls that serves an average of 21,500 vehicles a day. – Reuters (See item 14)

14. December 29, Reuters – (Idaho) Massive dust storm closes interstate in Idaho. A dust storm churned by winds of up to 50 miles per hour forced a 20-mile closure of an interstate in Idaho December 29, and highway officials scrambled to divert thousands of motorists near Idaho Falls. Dirt blowing off cropland drastically reduced visibility for much of the day along a portion of Interstate 15, the north-south route that runs from California to Montana and intersects Salt Lake City and Las Vegas. The early morning closure ordered by the Idaho Transportation Department was expected to extend into the evening hours and go into effect again late December 30, when a second Pacific storm front was forecast to unleash high winds. State highway officials said it was rare for a storm this time of year to sweep large clouds of dirt across the Upper Snake River Plain in the high desert of eastern Idaho. “This may be the first time we have ever closed the interstate for a dust storm in December,” a spokesman said. The closure affected a segment of the interstate north of Idaho Falls that serves an average of 21,500 vehicles a day. Motorists were detoured along lesser-trafficked federal highways east of the Snake River. Source: http://www.chicagotribune.com/news/sns-rt-us-duststorm-idahotre7bt03w-20111229,0,2858353.story

• Researchers claim to have found proof that the Stuxnet and Duqu malware have the same writers, The Register reported December 30. Based on the platform and drivers involved, at least three new families of advanced malware may be in circulation. – The Register. See item 26 below in the Information Technology Sector


Banking and Finance Sector

9. December 30, Associated Press – (Nevada; International) Feds: 6 indicted in Internet based car-selling scheme that took in over $4 million. A federal grand jury indicted six foreign nationals on charges that they defrauded hundreds of customers out of more than $4 million in bogus Internet car sales, federal prosecutors said December 29. The 24-count indictment returned December 28 alleges a scheme in which vehicles were offered for sale on legitimate Web sites that deal in auto trading, according to a statement from the U.S. attorney’s office. The six defendants — from Germany, Russia, Romania and Latvia — are accused of collecting payments from hundreds of would-be buyers nationwide, siphoning millions of dollars to Europe, and never delivering a vehicle, the indictment said. The alleged leaders of the scam are both in federal custody in Nevada on charges related to bulk cash smuggling. One of the men monitored the fraudulent bank accounts to determine if funds had been deposited, the indictment said. The money was then withdrawn — primarily in cash — and delivered to the leaders. The two then allegedly wired the money from the United States to other countries, mailed the funds in concealed packages to Berlin, or concealed the funds in personal carry-on luggage while traveling to Germany, according to the indictment. At least 110 bank accounts were opened to fraudulently receive the funds, according to the indictment. From September 4, 2007 until October 5, 2010, victims deposited at least $4 million into the accounts. The defendants face charges including conspiracy to commit bank and wire fraud and money laundering. If convicted, each could face sentences totaling hundreds of years in federal prison. Source: http://www.washingtonpost.com/national/feds-6-indicted-in-internet-based-car-selling-scheme-that-took-in-over-4-million/2011/12/30/gIQABzxmPP_story.html

10. December 30, Sarasota Herald Tribune – (GFlorida) FDIC files malpractice lawsuit against Icard Merrill Sarasota law firm over First Priority Bank loan. The Federal Deposit Insurance Corp. (FDIC) has filed a malpractice suit against one of Sarasota, Florida’s most prominent law firms and one of its senior partners in connection with a $5.3 million loan made by the now defunct First Priority Bank, the Sarasota Herald-Tribune reported December 29. The FDIC’s lawsuit claims an Icard Merrill attorney breached his fiduciary duty by failing to inform First Priority’s board of directors that he represented nearly all the parties in a deal to develop the River Meadows property, along the Upper Manatee River. The lawsuit, filed in federal court in Tampa, also claims that he failed to tell First Priority’s board that an option to buy a 25-acre parcel of land, which comprised part of the bank’s collateral for the loan, did not exist. “As a proximate result of the defendants’ wrongful conduct, the bank lost over $4.596 million,” the FDIC concluded in its December 23 lawsuit. Legal action by the FDIC follows a similar lawsuit against Icard Merrill and the attorney filed by six investors, who joined a former Longboat Key businessman in 2005 to develop River Meadows. In that case, Icard Merrill agreed to pay a $1.4 million settlement, on the condition that the payment was not an admission of guilt. As First Priority’s receiver, the FDIC is now trying to recoup some of the $72 million lost when it shut down the Bradenton bank in August 2008. Source: http://www.heraldtribune.com/article/20111229/ARTICLE/111229521/-1/news?p=all&tc=pgall

11. December 29, U.S. Department of Treasury – (International) Treasury targets key Panama-based money laundering operation linked to Mexican and Colombian drug cartels. The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) December 29 designated two Lebanese-Colombian nationals as Specially Designated Narcotics Traffickers (SDNTs) due to their significant role in international money laundering activities involving drug trafficking proceeds. OFAC also designated nine other individuals and 28 entities in Colombia, Panama, Lebanon, and Hong Kong with ties to the men. The December 29 action, taken pursuant to the Foreign Narcotics Kingpin Designation Act, prohibits U.S. persons from conducting financial or commercial transactions with these entities and individuals and freezes any assets the designees may have under U.S. jurisdiction. “By designating these individuals and companies we are exposing a significant international money laundering network, forcing them out of the international financial system, and undermining their ability to launder drug money through a global support network for the Mexican and Colombian drug cartels,” the director of OFAC said. Treasury took the actions in close coordination with investigations by the Drug Enforcement Administration, Immigration and Customs Enforcement, and the New York City Police Department. Source: http://www.treasury.gov/press-center/press-releases/Pages/tg1390.aspx

12. December 29, New York Daily News – (New York; Virginia) Dapper Bandit is unmasked: FBI says prolific Manhattan bank robber is Dana Connor, 52. The “Dapper Bandit” — a natty dresser wanted for robbing 10 New York City banks in recent months — was identified by the feds December 29 as an ex-convict with a distinctive tattoo on his chest. The FBI believes the suspect, who has been locked up previously for knocking over banks, is the crook who likes to look good while he robs. And the FBI says that the bandit — who has the words “Moe Love” tattooed on his chest — may be a commuter: investigators believe he may be living in Virginia and traveling up to New York to commit the heists, which began in September. Dressed in a spiffy suit and tie, he has hit banks from Midtown to Tribeca, and made off with cash every time, authorities said. He generally threatens tellers that he is armed with a weapon, but during one heist he whipped out a black handgun, authorities said. His most recent caper came December 27 at a Citibank branch. Source: http://www.nydailynews.com/new-york/dapper-bandit-unmasked-fbi-prolific-manhattan-bank-robber-dana-connor-52-article-1.998609?localLinksEnabled=false

For another story, see item 25 below in the Information Technology Sector

Information Technology

25. December 30, Softpedia – (International) Your smartphone from Amazon has shipped, malware-spreading spam. Softpedia reported December 30 a malware scam involving an e-mail allegedly sent by Amazon to confirm that an electronic device such as a smartphone has already been paid for with the recipient’s credit card. Users who click on the links contained in the message are taken to a Web site that serves a variant of Cridex, especially designed to steal personal and financial information from the computer it lands on, according to Hoax Slayer. Win32/Cridex is usually delivered via spammed malware such as variants of Exploit:JS/Blacole and is programmed to spread to removable drives. Besides banking credentials, it also targets local certificates and it is able to execute files. Once executed, the malicious element drops a copy of the worm as a randomly named file and modifies the registry to make sure it is executed each time the operating system boots. After the dropper is deleted, Cridex injects itself into every running process, even ones that are later created. Source: http://news.softpedia.com/news/Your-Smarthpone-from-Amazon-Has-Shipped-Malware-Spreading-Spam-243839.shtml

26. December 30, The Register – (International) Kaspersky claims ‘smoking code’ linking Stuxnet and Duqu. Researchers at Kaspersky Lab claimed to have found proof that the writers of the Stuxnet and Duqu malware are one and the same, and are warning of at least three new families of advanced malware potentially in circulation, The Register reported December 30. The chief security expert at Kaspersky Lab said that researchers had examined drivers used in both Stuxnet and Duqu and concluded that a single team was most likely behind them both, based on the timing of their creation and their methods of interacting with the rest of the malware code. The researcher’s data suggests both were built on a common platform, dubbed Tilded because it uses many files beginning with the tilde symbol “~” and the letter “d.” The platform was built around 2007 or later, and was updated in 2010. Kaspersky’s director of global research and analysis told Reuters that the platform and drivers involved would indicate five families of malware had been made using the platform already, and that others may be in development. The modularity of the systems makes it easy for the malware writers to adapt their creations to new purposes and techniques. Source: http://www.theregister.co.uk/2011/12/30/kaspersky_stuxnet_duqu_link/

27. December 29, CNET News – (International) Anonymous targets military-gear site in latest holiday hack. In what it is calling another round of “LulzXmas festivities,” an Anonymous-affiliated hacktivst group December 29 claimed to have stolen customer information from SpecialForces.com, a Web site that sells military gear. The hackers said they breached the SpecialForces.com site months ago, but only just got around to posting the customer data. Even though the site’s data was encrypted, they claim to have 14,000 passwords and details for 8,000 credit cards belonging to Special Forces Gear customers. Special Forces Gear’s founder confirmed that his company’s Web servers were compromised by Anonymous in late August, resulting in a security breach that allowed the hackers to obtain customer usernames, passwords, and possibly encrypted credit card information in some cases. He added that the compromised passwords were from a backup of a previous version of the Web site that is more than a year old, and that most of the credit card numbers are expired. No evidence of credit card misuse was found, and the site no longer stores customer passwords or credit card information. Source: http://news.cnet.com/8301-1009_3-57349976-83/anonymous-targets-military-gear-site-in-latest-holiday-hack/?part=rss&subj=latest-news&tag=title

Communications Sector

28. December 30, PC Magazine – (National) Verizon attributes 4G LTE service disruptions to ‘growing pains’. Verizon Wireless December 29 attributed recent service disruptions on its 4G LTE network to “growing pains” associated with building out an advanced network. Verizon’s network has experienced three separate disruptions this month: on December 7, 21, and 28. During those incidents, Verizon said it “proactively moved” customers from 4G LTE to 3G, though for a brief period December 28, “4GLTE customers could not connect to the 3G Network as quickly as we would have liked,” a press release from Verizon said. “Each incident has been different from a technical standpoint,” Verizon said. Verizon’s statement did not go into full detail, but in an interview with GigaOm, the vice president of network engineering for Verizon Wireless said the problems were associated with something known as the IP Multimedia Subsystem (IMS), or Verizon’s service delivery core. As GigaOm explained, IMS has been in use for years, but Verizon is the first to use it for a 4G LTE network. That has produced some problems, like the widespread outage that hit the company’s network back in April. This time around, there were three separate incidents. “The first outage on Dec[ember] 7 was caused by the failure of a back-up communications database,” GigaOm reported. “The second, last week, was the result of an IMS element not responding properly, while [the December 28] outage was caused by two IMS elements not communicating properly.” Essentially, some phones just kept trying to sign in to 4G without success until Verizon forced them to drop down to 3G. Verizon said it is taking a number of steps to prevent similar outages in the future. Source: http://www.pcmag.com/article2/0,2817,2398203,00.asp