Thursday, January 26, 2012

Complete DHS Daily Report for January 26, 2012

Daily Report

Top Stories


• Viruses are accidentally infecting worms on victims’ computers, creating super-powered strains of hybrids that experts say pose a greater risk than standard malware. – The Register. See item 35 below in the Information Technology Sector.

• Police arrested a teenager and charged him with attempted murder and aggravated arson in connection with firebombing attacks on two New Jersey temples. – WPIX 11 New York City (See item 40)

40. January 25, WPIX 11 New York City – (New Jersey) Teen arrested in firebombing attacks on NJ temples. Police arrested a teenager in connection with firebombing attacks on New Jersey temples, WPIX 11 New York City reported January 24. According to officials, the Lodi, New Jersey teen has been arrested and charged with the January 11 attempted murder of a rabbi and his family, and the associated firebombing of the Rutherford synagogue. He was also charged in the arson and firebombing of the Temple K’Hal Adath Jeshrun in Paramus January 3, officials said. Investigators are crediting the arrest with the release of surveillance video and photographs the week of January 16 that captured the suspect purchasing many components of the incendiary device used in the Rutherford temple attack. Evidence connecting the suspect to the crime was reportedly discovered at his home, after authorities executed a search warrant. He was charged with nine counts of first degree attempted murder, one count of first degree bias intimidation, and one count of first degree aggravated arson for the Rutherford incident. He was charged with first degree aggravated arson, first degree bias intimidation, and third degree arson for the Paramus incident. Source:,0,3171515.story


Banking and Finance Sector

9. January 25, Daytona Beach News-Journal – (Florida) Workers at 3 Daytona convenience stores accused of food card scams. A multi-agency investigation in Florida nabbed three convenience store workers accused of defrauding the state and federal government out of more than $2 million through Electronic Benefit Transfer (EBT) purchases, authorities said January 24. Investigators with the Daytona Beach Police Department as well as agents with the U.S. Secret Service and other agencies served search warrants at three convenience stores, the Daytona Beach police chief said. He said one of the suspects would purchase EBT cards from customers for cash at about a third of the value of their cards, which generally can only be used to buy groceries through the federal Supplemental Nutrition Assistance Program (SNAP). The suspect would then purchase goods at area stores for her own benefit. Authorities said she also made fictitious purchases at her store and got reimbursed the following month. In total, she made about $1.1 million in fraudulent purchases, the chief said. She was charged with five counts each of racketeering, social welfare fraud, and fraudulent use of a credit card, and one count of carrying a concealed weapon. At the other two locations, two suspects would allow EBT customers to make ineligible beer and cigarette purchases with their cards, but grossly inflate the prices, police said. Each would then pocket the difference. The two men were charged with five counts each of racketeering, social welfare fraud, and fraudulent use of a credit card. The police chief said the three businesses would typically only report $4,000 of SNAP purchases in 1 month, but during the 6 months the fraud occurred, they were redeeming about 10 times that amount. Source:

10. January 24, Bloomberg – (District of Columbia; Virginia) Army Corps official to plead guilty to bribery, U.S. says. A U.S. Army Corps of Engineers contracting official will plead guilty to bribery and conspiracy charges brought in connection with an alleged $20 million false billing scheme, prosecutors said. The U.S. attorney’s office in Washington D.C., in a federal court filing January 24, said the official will admit to taking bribes and conspiring to launder money. The official was accused along with a colleague of funneling more than $45 million through a contract he was in charge of to a company that kicked back $20 million generated by overbilling. Also charged were the colleague’s son, the director of contracts for Eyak Technology LLC in Dulles, Virginia. Prosecutors call the case one of the “most brazen” frauds in federal contracting history. Source:

11. January 24, Associated Press – (Puerto Rico) FDIC files lawsuit against former Westerbank officials; cites $176M in damages. U.S. regulators are seeking $176 million in damages from officials at what used to be Puerto Rico’s second-largest bank, the Associated Press reported January 24. The Federal Deposit Insurance Corp. (FDIC) accused six former Westernbank officials and directors of gross negligence, violating loan policy, and ignoring auditor warnings in a suit filed last week. Regulators shut down the bank and its 45 branches in April 2010, citing a $4.25 billion loss. The FDIC, which took over the bank, said the damages it seeks represent the total loss of 10 construction loans, seven asset-based loans, and four commercial real estate loans that the bank approved from January 2004 to July 2009. The FDIC accused Westernbank officials of approving loans to make a quick profit through an “aggressive and reckless growth strategy.” The agency also accused the bank’s former director of not disclosing a personal financial interest in a $12 million loan before it was approved. Source:

12. January 24, Associated Press – (Arizona; International) Feds find $500K hidden in BMW at Nogales entry. Federal officers in Nogales, Arizona, recovered more than $500,000 in undeclared money hidden in a BMW that an Arizona man was allegedly trying to drive into Mexico January 20. The Nogales International reported that U.S. Customs and Border Protection officers conducting outbound inspections at the Dennis DeConcini Port of Entry selected the man for additional inspection. Agents placed the man’s car on a vehicle lift and discovered a non-factory compartment containing 21 packages of undeclared U.S. currency. The funds were confiscated and the man was arrested and turned over to U.S. Immigration and Customs Enforcement’s Homeland Security Investigations. Source:

13. January 23, Houston Chronicle – (Texas; Louisiana) League City man admits using fake ID, stolen credit cards to buy electronics. A League City, Texas man on supervised release in a $1 million credit card fraud case pleaded guilty January 23 to new charges accusing him of using stolen credit cards and fake IDs to buy electronics worth $10,000. He was using stolen credit card numbers when he tried to buy iPads, iPhones and other products at the Apple store in Memorial City Mall in August, authorities said. When asked for identification, the man presented a fake Florida driver’s license with his photo but a different name. The name on the cards was linked to more than $200,000 worth of fraudulent Apple product purchases in Louisiana and Texas, officials said. The suspect was arrested at the store. When arrested, the suspect had 38 fraudulent credit cards, officials said, as well as four iPads and four iPhones bought the same day from Apple stores in the Galleria and Sugar Land area. All items, valued at $6,000, were bought using the same fraudulent credit cards, officials said. The suspect admitted in court he was serving a term of supervised release from a 2007 credit card fraud case when he was arrested. In the prior case, the suspect and his wife were charged for using more than 2,000 stolen credit card numbers to buy merchandise totaling more than $1 million, according to court records. Source:

14. January 22, Salem Today’s Sunbeam – (New Jersey) Computer hackers tap into Salem County bank account holding $13 million, steal $19,000. Computer hackers have broken in and stolen about $19,000 by way of an illegal wire transfer from a Salem County, New Jersey bank account that held over $13 million, Salem Today’s Sumbeam reported January 22. The illegal transaction happened in mid-December and as of late the week of January 16, the Salem County chief finance officer (CFO) said the county has yet to recoup the money. He said the county is working with law enforcement officials, who believe the county system was attacked by a computer virus called a “Zeus,” a trojan horse computer virus that steals banking information by keystroke logging and form grabbing. The CFO said the hacker was able to access the county’s online banking system through the Microsoft Exchange server. “They were able to jump in our account and essentially blocked us from logging on,” the CFO said. “When they were logged in, they wired out $19,000 to an account with JP Morgan Chase out in California.” In all, the account that was entered held more than $13 million in county funds. The CFO said the Information Technology Department at the county was unable to trace the virus back to its origins. As a precautionary measure, the county is no longer using its online banking system, CashLink, which is run by Fulton Bank of New Jersey. The CFO said the computer that was attacked with the virus has also been removed and sent to a crime lab for analysis. The county will also be setting up a new secure computer solely for bank transactions. This computer will have no e-mail, public Internet access, and no disk drive or USB ports. Source:

Information Technology

34. January 25, H Security – (International) Opera 11.61 fixes XSS vulnerability. Version 11.61 of Opera has been released. According to its developers, the maintenance update fixes bugs found in the existing builds and closes two security holes in the Web browser. Opera 11.61 addresses a “high” severity cross-site scripting vulnerability that could be exploited by an attacker to bypass the same origin policy. A second issue, rated as “low” severity, in which remote pages could detect what local files a user has on their local machine, was also fixed. Changes not related to security include an update to the default Speed Dials as well as fixes for the built-in e-mail client, and a number of bugs that caused the application to crash. Source:

35. January 25, The Register – (International) Super-powered ‘frankenmalware’ strains detected in the wild. Viruses are accidentally infecting worms on victims’ computers, creating super-powered strains of hybrid software nasties. The monster malware spreads quicker than before, screws up systems worse than ever, and exposes private data in a way not even envisioned by the original virus writers. A study by antivirus outfit BitDefender found 40,000 such “Frankenmalware samples” in a study of 10 million infected files in early January, or 0.4 percent of malware strains sampled. These cybercrime chimeras pose a greater risk to infected users than standard malware, the antivirus firm warns. “If you get one of these hybrids on your system, you could be facing financial troubles, computer problems, identity theft, and a wave of spam thrown in as a random bonus,” said the BitDefender analyst who carried out the study. “The advent of malware sandwiches throws a new twist into the world of malware. They spread more efficiently, and will become increasingly difficult to predict.” BitDefender does not have historical data to go on. Even so, it posits that frankenmalware is likely to grow at the same rate as regular computer viruses, or about 17 percent per year. All of the malware hybrids analyzed by BitDefender so far have been created accidentally. However, the risk posed by these combinations could increase dramatically as criminals latch onto the idea. Source:

36. January 25, H Security – (International) Critical flaw discovered in Symantec’s pcAnywhere. Symantec issued a warning about a critical vulnerability in pcAnywhere, the remote control application for PCs. The vulnerability could allow an attacker to remotely inject code into a system running pcAnywhere and then run it with system privileges. This attack works because a service on TCP port 5631 allows user input during the authentication process that is not adequately checked. According to Symantec, this port should, under normal conditions, only be reachable by authorized network users, so an attacker would have to first gain access to the network or another computer on the network to compromise other systems. In practice though, overly lax firewall configurations mean such ports are always available on the Internet. Symantec is also correcting a vulnerability that meant that files installed during pcAnywhere’s installation process were marked as writable by everyone. This would allow an unprivileged user with local access to overwrite these files, possibly with code that could grant elevated privileges. Further details of the two holes are still being kept secret by Symantec, and exploits are reportedly not in circulation. As the flaws were reported by security researchers of NGS Secure, it is probable the discovery of the flaws is not related to the recent theft of source code for an older version of pcAnywhere. pcAnywhere 12.5.x is vulnerable to the flaws, as are versions 7.0 and 7.1 of the company’s IT Management Suite Solution. Symantec released a hotfix that can be installed either manually or automatically with Symantec’s LiveUpdate system. Source:

37. January 24, H Security – (International) Joomla! 2.5 adds new features, closes holes. The Joomla! Project announced the arrival of version 2.5.0 of its open source PHP-based content management system. The successor to the 1.7 release from July 2011 is a long term support version that will be supported for “at least 18 months” and adds several new features. The update addresses two medium-priority, cross-site scripting vulnerabilities and two low-priority, information disclosure holes. Source:

For more stories, see items 14 above in the Banking and Finance Sector and 39 below in the Communications Sector.

Communications Sector

38. January 24, Radio World – (Florida) FCC fines Florida pirate $10,000. The Federal Communications Commission (FCC) has fined a man $10,000 for operating an unlicensed radio transmitter on 98.7 MHz in Miami, Radio World reported January 24. Following up on a complaint in July, Miami Enforcement Bureau agents traced the unauthorized signal to an FM transmitting antenna mounted in a tree. The station was also transmitting an RDS display of “98.7 FM Energy,” according to the commission. The agents also found an Internet Web site for the station, The man told agents he would turn off the station, but did not admit he was the operator or unauthorized station owner. The agents left and the transmissions resumed. The agents again traced the illegal transmissions to the same home. Agents from the Miami office identified the man by comparing his Florida driver’s license photograph to pictures posted on the Internet. In assessing the penalty, the FCC stated in its decision the man can be said to have “operated” the unlicensed radio station on 98.7 MHz because he demonstrated control over the general conduct or management of the station, according to the agency’s rules. The station continues to be streamed online. Source:

39. January 24, Dark Reading – (International) IP D-Day: Major providers, vendors to go IPv6 June 6. It has been in the works for more than a decade, but the next-generation IPv6 protocol will officially go live in some major corners of the Internet in 2012, Dark Reading reported January 24. The Internet Society has deemed June 6 as World IPv6 Day, when Google, AT&T, Facebook, Comcast, Cisco, and others plan to flip the switch to the new IP protocol. IPv6 has been available in most products for some time, and various organizations and government agencies have test-run the protocol. Other nations, such as Japan and France, have already broadly rolled out IPv6. Meanwhile, IPv4 has outlasted some predictions it would have run out of address space by now, and IPv6 has exponentially more address space that can better accommodate the explosion of IP devices. Like any new technology rollout, security experts say the transition to IPv6 could introduce new bugs into the ecosystem. Among the companies participating in the IPv6 cutover June 6 are Google, Facebook, Microsoft Bing, Yahoo!, AT&T, Comcast, Free Telecom, Internode, KDDI, Time Warner Cable, XS4All, Cisco, and D-Link. The ISPs going to IPv6 — AT&T, Comcast, Free Telecom, Internode, KDDI, Time Warner Cable, and XS4ALL — will roll out the new protocol in their networks so that at least 1 percent of their wireline residential subscribers who visit other IPv6-enabled Web sites will get there via IPv6. They plan to make IPv6 a big part of their services, while new home routers from Cisco and D-Link will enable IPv6 by default. Source: