Tuesday, January 17, 2012

Complete DHS Daily Report for January 17, 2012

Daily Report

Top Stories

• Animal rights activists took credit for and described in great detail how they set fire to and destroyed 14 cattle trucks at California’s largest beef producing, feeding, and marketing ranch. – Fox News (See item 28)

28. January 11, Fox News – (California) Animal rights activists take credit for arson at beef ranch. Animal rights activists took credit for setting fire to and destroying 14 cattle trucks at California’s largest beef producing, feeding, and marketing ranch, FoxNews.com reported January 11. The North American Animal Liberation press office posted an anonymous letter on its Web site from activists claiming full responsibility for the arson. The vice president of risk management and human resources for Harris Farms is confident authorities will find the culprits. The statement on the Web site described in detail how they were able to carry out the arson. “[C]ontainers of accelerant were placed beneath a row of 14 trucks with [four] digital timers used to light [four] of the containers and kerosene-soaked rope carrying the fire to the other [10].” The vice president arrived at the scene 45 minutes after the fire had started January 8. By the time he arrived, the fire department had doused the flames and the equipment was destroyed. While the Animal Liberation Front is not claiming direct responsibility for the fire, the organization provides a platform on its Web site for animal rights activists. The vice president said some of the trucks that were destroyed from the fire had sleeper units where truck drivers can sleep during off time, but none was occupied at the time of the fire. The vice president said there will likely be a news conference the week of January 16 with further details. Source: http://www.foxnews.com/us/2012/01/11/animal-rights-activists-take-credit-for-arson-at-beef-ranch/?test=latestnews

• A security researcher found a variant of the Sykipot trojan that allows it to hijack U.S. Department of Defense smart cards to access restricted resources. – IDG News Service (See item 37)

37. January 13, IDG News Service – (International) Sykipot trojan hijacks Department of Defense authentication smart cards. A variant of the Sykipot trojan horse hijacks U.S. Department of Defense (DOD) smart cards to access restricted resources, IDG News Service reported January 13. “We recently discovered a variant of Sykipot with some new, interesting features that allow it to effectively hijack DoD and Windows smart cards,” said a security researcher at AlienVault. “This variant, which appears to have been compiled in March 2011, has been seen in dozens of attack samples from the past year.” Smart cards interface with computers through a special reader. They use digital certificates and PIN codes for authentication. Sykipot is commonly used in advanced persistent threat attacks. According to the security researcher, the variant recently analyzed by AlienVault contains several commands to capture smart card data and use it to access secure resources. One of the variant’s routines is designed to work with ActivIdentity ActivClient, an authentication-software product compliant with DOD’s Common Access Card (CAC) specification. The CAC enables access to DOD computers, networks, and certain facilities. It allows users to encrypt and digitally sign e-mails, and it facilitates the use of public key infrastructure for authentication purposes. Source: http://www.computerworld.com/s/article/9223423/Sykipot_Trojan_hijacks_DoD_smart_cards?taxonomyId=17

Details

Banking and Finance Sector

12. January 13, Associated Press – (Arkansas) Police arrest suspect in Arkansas bank bomb scare. The gunman who allegedly strapped a bomb to a woman’s ankle and then followed her as she drove to an Arkansas bank to withdraw money has been arrested. Authorities said January 12 a key detail the woman remembered helped investigators find the man suspected of breaking into her home, duct-taping her husband to a chair, and demanding money from the couple. The man was being held at a local jail on charges of aggravated burglary, theft of property, aggravated robbery, and kidnapping, the Washington County sheriff said. Investigators said the suspect showed up at the couple’s home January 9 and faked an injury to get inside. He held the woman captive as he duct-taped her husband, then strapped what he claimed was a bomb to her ankle, authorities said. The bomb turned out to be fake. She said the suspect pushed her out the door and told her to drive to the bank. He took a gun from the couple’s home, hopped in their pickup truck, and followed her, authorities said. When she got inside the bank, the woman told employees about the device on her ankle. Authorities evacuated the building and found the woman’s husband taped to a bar stool but unharmed at the couple’s home. Source: http://abcnews.go.com/US/wireStory/police-arrest-suspect-arkansas-bank-bomb-scare-15349326#.TxBBNIH-5YQ

13. January 13, H Security – (International) American Express fixes critical security vulnerability. American Express has fixed a security vulnerability on its Web site that allowed SQL injection and, therefore, direct access to its server’s database, H Security reported January 13. The company acted after a tip-off. A student discovered the pages of the American Express Web site did not adequately filter data passed to a search function, thereby allowing direct access to the server. He sent a message about this SQL injection problem to the Heise Security team, who were able to reproduce it; the information was then passed on to American Express. The company reacted quickly and fixed the vulnerability within a few days. It stated the vulnerability had not been used and no customer data had been compromised. Some experts doubt this statement, however, since SQL injection frequently allows access to all of an affected system’s data, and tables with names such as “Accounts” often show up in SQL statements. Of particular concern is the vulnerability was found not in some hidden corner but in the search function –- the first place someone would test for such problems. Source: http://www.h-online.com/security/news/item/American-Express-fixes-critical-security-vulnerability-1410252.html

14. January 12, San Gabriel Valley Tribune – (California) Suspected ‘Bubble Wrap Bandit’ jailed after La Habra bank robbery. A serial bank robber linked to five heists, including ones in La Mirada and La Habra, California, is behind bars, La Habra police announced January 12. The man is suspected of being the “Bubble Wrap Bandit,” La Habra police officials said in a written statement. The arrest was disclosed January 12, though the suspect was arrested January 7 following a robbery at a La Habra U.S. Bank branch and a police pursuit that ended in a crash, officials said. La Habra police January 7 responded to a report of a robbery at the U.S. Bank inside Vons supermarket. The robber had handed a teller a note demanding cash before fleeing with an undisclosed amount and getting into a car, police said. A La Habra detective spotted a car matching the description, beginning a pursuit that ended with a crash. With the help of Los Angeles County sheriff’s deputies, officers arrested the suspect. He was booked into jail January 8 after being treated for injuries he suffered in the crash. In addition to the La Habra bank robbery, he is suspected of a September 14, 2011 bank robbery at a Bank of the West branch in La Mirada, as well as heists in Bell Gardens and South Gate, according to FBI. The bandit earned his moniker because he carried a manila, bubble-wrap lined envelope during some of the crimes, officials said. Source: http://www.sgvtribune.com/news/ci_19729374

15. January 12, DNAinfo.com – (New York; Northeast) Fake ID sellers busted in $1 million scheme, AG says. Three brothers who allegedly sold fake IDs out of a pair of Greenwich Village smoke shops in New York City were arrested January 12 for taking part in an elaborate scheme that ripped off the identities of more than 180 New Yorkers to net more than $1 million in stolen goods, authorities charged. The three men are accused of participating in a seven-person identity theft ring that began in 2008 or earlier, the state attorney general’s office said. The brothers allegedly made counterfeit driver’s licenses based on names, Social Security numbers, and other data from more than 180 people using store credit cards at Kmart, Sears, Home Depot, and other stores, provided by a Bronx man. The fake IDs bore the names of female credit card holders and the photo of a Bronx resident, who then allegedly impersonated the cardholders at store locations in New York, Connecticut, New Jersey, and Pennsylvania. She allegedly told the businesses she forgot her credit card, then used the fake ID and Social Security number to charge merchandise, later returning the goods for store credit and gift cards, the statement said. Two other men are accused of illegally selling the store credit and gift cards to others in the ring, for about 70 percent of its face value, or using it to buy materials for their businesses. Court-authorized wiretaps of the defendants’ phones helped break up the ring, the statement said. The brothers have each been charged with conspiracy to produce fake driver’s licenses and could receive a maximum of 15 years in prison. Source: http://www.dnainfo.com/20120112/greenwich-village-soho/fake-id-sellers-busted-1-million-scheme-ag-says

16. January 11, Atlanta Journal-Constitution – (Georgia) 3 suspects in armored car robbery caught; 1 at large. Three suspects in an armored car robbery at a Walmart in Oakwood, Georgia, January 11 have been caught by Gwinnett County authorities, but one other remains at large. The suspects robbed the armored vehicle in front of the Walmart, then led police on a chase into Gwinnett County before their vehicle crashed and the suspects ran, the Oakwood police chief said. He said four suspects — three men and one woman — approached a Loomis armored truck that carried two employees and “forcibly took” money from the armed driver. The suspects, fleeing in a vehicle, were chased by multiple police agencies. When the chase entered Gwinnett County, authorities there joined in. A Hall County sheriff’s spokesman told the Gainesville Times the suspects crashed into a creek and were pursued by police dogs. Roberts Elementary School in Buford was placed on lockdown. Source: http://www.ajc.com/news/gwinnett/3-suspects-in-armored-1299525.html

Information Technology

43. January 12, Threatpost – (International) Researchers find way to sniff corporate email via BlackBerry PlayBook. A pair of researchers from Intrepidus Group recently found a series of problems and weaknesses in Blackberry’s PlayBook, including one that enables an attacker to listen in on the connection between the tablet and a BlackBerry handset. That connection, which is done via Bluetooth in the company’s Bridge application, is designed to allow users to access their corporate e-mail, calendar, and other data on the tablet. The researchers were able to locate and grab the authentication token sent between the two devices during Bridge connections and, as an unprivileged user, connect to the PlayBook and access the user’s e-mail and other sensitive information. The key to their finding is the fact the PlayBook’s OS puts the authentication token for the Bridge sessions in a spot that is readable by anyone who knows how to find it. Source: http://threatpost.com/en_us/blogs/researchers-find-way-sniff-corporate-email-blackberry-playbook-011212

44. January 12, ZDNet – (International) Oracle to patch 79 DB server vulnerabilities. Oracle’s first batch of critical patch updates for 2012 will include 79 new security vulnerability fixes across hundreds of Oracle products. The security fixes, scheduled for January 17, will cover holes in the flagship Oracle Database 11g, Oracle Fusion Middleware 11g, Oracle Application Server 10g, and numerous additional products and components. The most serious of these vulnerabilities may be remotely exploitable without authentication, that is, they may be exploited over a network without the need for a username and password. Source: http://www.zdnet.com/blog/security/oracle-to-patch-79-db-server-vulnerabilities/10063

For more stories, see items 13 above in the Banking and Finance Sector and 37 above in the Top Stories

Communications Sector

45. January 13, WMAZ 13 Macon – (Georgia) Verizon Wireless service disrupted in middle Ga. According to Verizon Wireless, several cell towers were down in Macon, Warner Robins, Milledgeville and Chester, Georgia, January 13. Service was also disrupted in the Augusta area. A Verizon technician said service would go in and out while they tried to restore the towers. A Verizon spokeswoman said the cause of the outage was related to a software upgrade implemented to local network equipment overnight. She said customers affected could still place outgoing calls, check their voicemail and use data services. However, incoming calls were going to voicemail. Source: http://www.13wmaz.com/news/article/161656/153/Verizon-Wireless-Service-Disrupted-in-Middle-Ga

For another story, see item 43 above in the Information Technology Sector