Friday, February 3, 2012

Complete DHS Daily Report for February 3, 2012

Daily Report

Top Stories

• VeriSign Inc., the company in charge of delivering people safely to more than half the world’s Web sites, was hacked repeatedly by outsiders who accessed undisclosed information from the leading Internet infrastructure company. – Reuters. See item 43 below in the Information Technology Sector.

• Fire investigators in Norfolk, Virginia, asked for help February 2 from the FBI and the Bureau of Alcohol, Tobacco and Firearms in looking into four recent cases of arson at a prominent condo building. – Newport News Daily Press (See item 49)

49. February 2, Newport News Daily Press – (Virginia) FBI, ATF to join investigation info Norfolk condo arsons. Fire investigators in Norfolk, Virginia, asked for help from the FBI and the Bureau of Alcohol, Tobacco and Firearms in looking into four recent cases of arson at a prominent condo building. The Rotunda was evacuated February 1 after the fourth fire in the past 8 days. The Battalion chief said all four fires — three on the fifth floor, and the most recent on the fourth floor — were declared cases of arson by fire marshals. The battalion chief said the residents were not allowed back into the building because of water from both the sprinkler system and the firefighting equipment. Source:,0,6833449.story


Banking and Finance Sector

11. February 2, Orange County Register – (California) Police: ‘Snowboarder Bandit’ robbed bank in Irvine. A serial robber known as the “Snowboarder Bandit” is believed to have struck at an Irvine, California bank February 1, authorities said. The robbery was reported at a Wells Fargo branch, an Irvine Police sergeant said. A note may have been used in the robbery, but no weapons were seen, and no injuries were reported, he added. The robber escaped with an undisclosed amount of money. The robber is believed to be the man authorities linked to holdups in Laguna Hills, Anaheim Hills, Ladera Ranch, and Corona del Mar, an FBI spokeswoman said. Source:

12. February 2, White Plains Journal News – (New York) Cashier accused of skimmer scam as Mamaroneck Staples customers lose $180,000. According to police, 50 customers at a Staples in Mamaroneck, New York, were bilked out of more than $180,000 after a cashier stole their credit card information, the White Plains Journal News reported February 1. The suspect, arrested January 31, is accused of using a skimming device to capture the data from unsuspecting customers at the store between May and December 2011, a Westchester County Police spokesman said. She then sold the information — for a total of $6,000 — to a Bronx man who used it to create fraudulent credit cards. He and possibly others then made $181,800 in purchases, mostly from Georgia. Many of the cards were Mastercards issued by Citibank, which initiated a fraud investigation. The cashier was charged with criminal possession of a forgery device and first-degree scheme to defraud, 50 counts of unlawful possession of personal identification, and 50 counts of petit larceny. Source:

13. February 2, KTIV 4 Sioux City – (National) Former Gateway executives settle fraud case with SEC. A former chief executive officer (CEO) of Gateway, Inc. agreed February 1 to settle a fraud case with the U.S. Securities and Exchange Commission (SEC). The CEO and Gateway’s former controller will pay penalties, without admitting or denying any guilt. The SEC accused the two men of engaging in fraud and other violations of the federal securities laws by falsely representing Gateway’s financial condition in the third quarter of 2000. The SEC claims the two men caused Gateway to record $47.2 million in revenue from a one-time sale of fixed assets to Gateway’s third-party information technology services provider, which violated Generally Accepted Accounting Principles. The complaint also accused the CEO and Gateway’s then chief financial officer (CFO) of causing Gateway to recognize an additional $21 million in revenue from an incomplete sale of computers to a second entity. The CEO agreed to - pay a $110,000 civil penalty. The controller will pay about $270,000 and will be barred from acting as an officer or director of a public company for 5 years. Back in 2001, Gateway restated its earnings for 2000, showing the company made nearly $75 million less than estimated. Source:

14. February 1, U.S. Department of Justice – (Iowa) Federal court orders Iowa man and eight companies to pay employment taxes. A federal court in Iowa ordered a man and eight corporations to begin paying employment taxes to the United States on a timely basis, the Justice Department announced February 1. According to the complaint in the case, the man is the president of Watts Trucking Service Inc., of which the other seven corporations are subsidiaries. The complaint alleges the companies fail to pay over to the Internal Revenue Service all of their employment and unemployment taxes, including the income and Social Security taxes withheld from their employees’ wages. A district court judge entered the preliminary injunction order, requiring the entities to comply with federal employment tax filing, deposit, and payment requirements. According to the complaint, the man formed and controlled at least 23 different business entities over the past two decades, most of which have accrued delinquent tax liabilities. The complaint states that the defendant corporations, along with 15 inactive entities, owe the government more than $30 million in federal employment and unemployment taxes. Source:

15. February 1, Birmingham News – (Alabama) Florida woman, Illinois man indicted for identity theft, attempted bank fraud in metro Birmingham. A woman and a man were indicted by a federal grand jury in Birmingham, Alabama, February 1 for conspiracy, attempted bank fraud, and identity theft after trying to attach a secret device on a Regions Bank ATM, authorities said. Authorities also confiscated $50,000 in cash and more than 300 counterfeit credit cards from their Birmingham hotel rooms in 2011, according to a court document. The pair face two counts alleging conspiracy and attempt to defraud Regions Bank, two counts related to debit-card fraud, and a count of aggravated identity theft, a U.S. attorney and the U.S. Secret Service special agent in charge announced in a joint statement. The indictment charges that the pair traveled to the Birmingham area, where they tried to attach a secret device on a Regions Bank ATM in an effort to secretly obtain debit card numbers of people using the teller machine. The indictment also charges that the pair possessed more than 15 counterfeit debit cards and the equipment needed to make such counterfeit cards. According to an affidavit, the pair were arrested by Hoover police May 20, 2011 for attempting to place a “skimmer”on a Regions Bank ATM. Agents searched their rooms and agents seized over $50,000. Agents, according to the affidavit, also found a magnetic-stripe encoder, a camouflaged “skimmer,” four laptop computers, other electronics and computer accessories, and about 340 re-encoded debit and credit cards. Source:

16. February 1, Associated Press – (California) Bank robberies drop in Southern California. Bank robberies in southern California dropped significantly over the past 20 years thanks to better security measures, closer interaction between law enforcement agencies, and more media exposure, authorities said February 1. In addition, bank robberies across the United States steadily declined since 2002, when there were more than 7,700, compared to 4,699 in 2011. In southern California, long considered the nation’s bank robbery capital, there were more than 2,600 bank robberies in 1992 compared with just 287 in 2011, according to FBI statistics. California led all states in bank robberies in 2011 with 677, followed by New York with 339, and Texas with 274. There has been a spike in bank heists in 2012 — about 40 — primarily in Los Angeles and Orange counties. A gun is shown in a quarter of all bank robberies in southern California, authorities said. Source:

17. February 1, Reuters – (National) Ex-Credit Suisse traders admit cooking subprime books. In a rare criminal prosecution to emerge from the financial crisis, two former Credit Suisse traders admitted February 1 to conspiring to manipulate the value of about $3 billion in subprime mortgage-backed securities in order to hide losses as the U.S. real estate market began to collapse in 2007. The men pleaded guilty in U.S. district court in New York to a criminal charge of conspiracy to falsify books and records and commit wire fraud. Their one-time boss, a U.S. citizen who lives in Britain, faces the same conspiracy charge and additional charges of falsifying books and records and wire fraud. Beginning in the fall of 2007, the three men and others began to manipulate the bond markets to alter Profit and Loss numbers, according to phone calls recorded under Credit Suisse policy, the indictment said. The investigation stems from $2.85 billion in writedowns that Credit Suisse took on collateralized debt obligations (CDO) in 2008. Credit Suisse revealed those CDO losses in early 2008 and blamed them on a group of rogue traders who deliberately mispriced securities and on a failure of internal controls. Credit Suisse was not charged in the case. Separately, the U.S. Securities and Exchange Commission (SEC) filed civil charges against the three men and a fourth trader. The head of the SEC’s enforcement division said in a statement that “the senior bankers falsely and selfishly inflated the value of more than $3 billion in asset-backed securities in order to protect their bonuses and, in one case, protect a highly coveted promotion.” Source:

Information Technology

40. February 2, – (International) Apple issues security update for OS X. Apple released a security update for its OS X Lion, Snow Leopard, and Server platforms. The company said the OS X 10.7.3 release would patch Lion systems, while the 2012-001 security update would be made available to Snow Leopard and OS X server machines. The update, Apple’s first major OS X security fix of 2012, includes some 38 patches for security vulnerabilities in the operating system. Among the applications and components patched in the update are Apple’s QuickTime multimedia tool. The software received fixes for six vulnerabilities which could allow for remote code execution by way of specially crafted image and video files. Apple also issued updates for the OS X Apache and PHP components, along with fixes for a vulnerability in Time Machine and an update which blocks poorly-secured root certificates from Diginotar Malaysia. Source:

41. February 2, Softpedia – (International) Official EA forum hacked and defaced, data is secure. Unnamed hackers managed to breach the security measure implemented by Electronic Arts (EA) on its official forum ( after successfully exploiting a vulnerability they identified in the software that runs the site (possibly a Java app). Voice Of Grey Hat said the company’s marketing manager came forward with a statement to reassure users the security hole was patched up and their personal information was not exposed at any time. “As some of you noticed, the homepage of the forums was defaced by a hacker yesterday using a very new exploit for the software which runs the forums. This was noticed quickly and we took the action to take the forums offline while we investigated the details. This work is now complete, and the vulnerability we believe was used has now been fixed,” he said. “There is no evidence that any personal data was compromised, and as passwords aren’t stored in a recoverable manor, we are confident they remain secure.” Source:

42. February 2, H Security – (International) HTC Android phones expose Wi-Fi passwords to apps. HTC has confirmed the way some of its Android smartphones handle requests for passwords allows applications to obtain the passwords for Wi-Fi networks the phones are connected to. If that application also has permission to connect to the Internet it could take that information and transfer it to an unknown server. Researchers discovered applications with the android.permission.ACCESS_WIFI_STATE permission could obtain the password, user name, and other settings by executing the .toString() method of the WiFiConfiguration class. On most Android devices, the .toString() leaves the password field blank or marked with a “*” to show a password is set, but on the affected HTC devices, the password is shown in clear text. The flaw was found in September 2011 and the researchers have been working with Google and HTC to resolve the issue. Google changed the Android code to better protect the credentials store and performed a code scan of applications in the Android Market and found no applications that exploit the vulnerability there, though this may not apply to other sources of Android applications. HTC has released updates for the affected smartphones. HTC said most devices will have already received the fix with over the air updates but some devices will need a manual update and asks users to check the help page for more information in the coming week. Source:

43. February 2, Reuters – (International) Key Internet operator VeriSign hit by hackers. VeriSign Inc., the company in charge of delivering people safely to more than half the world’s Web sites, was hacked repeatedly by outsiders who accessed undisclosed information from the leading Internet infrastructure company. The previously unreported breaches occurred in 2010 at the company, which is ultimately responsible for the integrity of Web addresses ending in .com, .net, and .gov. VeriSign said its executives “do not believe these attacks breached the servers that support our Domain Name System network,” which ensures people land at the right numeric Internet Protocol address, but it did not rule anything out. VeriSign’s domain-name system processes as many as 50 billion queries daily. Pilfered information from it could let hackers direct people to faked sites and intercept e-mail from federal employees or corporate executives, though classified government data moves through more secure channels. The VeriSign attacks were revealed in a quarterly U.S. Securities and Exchange Commission (SEC) filing in October 2011 that followed new guidelines on reporting security breaches to investors. Even if the name system is safe, VeriSign offers a number of other services where security is paramount. The company defends customers’ Web sites from attacks and manages their traffic, and it researches international cybercrime groups. VeriSign would possess sensitive information on customers, and its registry services that dispense Web site addresses would also be a natural target. The SEC filing said security staff responded to the attack soon after it happened, but failed to alert top management until September 2011. Source:

44. February 1, Softpedia – (International) Counterclank stays on Android Market, Symantec gives more explanations. After mobile security firm Lookout argued Android.Counterclank is not a piece of malware as Symantec labeled it, the latter came forward with new arguments to back their initial decision to tell users of potential dangers. Symantec’s update reveals even Google decided the apps met their terms and service conditions and that removal from the Android Market was unnecessary. Even the developers accused of serving malicious apps came forward to deny their products represent malware. “WE ARE NOT MALWARE!! Symantec, the company that wrongly labeled this app as malware the other day, have contacted us and are in the process of un-doing the mistake they did and whitelabling our product,” the developers wrote on Android Market. On the other hand, Symantec argued they need to keep users informed on behaviors of some applications that may pose a threat to regular users. “The situation we find ourselves in is similar to when Adware, Spyware, and Potentially Unwanted Applications first made appearances on Windows. Many security vendors did not initially detect these applications, but eventually, and with the universal approval of computer users, security companies chose to notify users of these types of applications,” they said. Now, Symantec brings further details to support their initial arguments around the dangers presented by the applications in question. They revealed that Tonclank and Counterclank apps come from the same vendor, a company that distributes a software development kit (SDK) to third parties with the purpose of helping them monetize their applications, mainly through search. Source:

45. February 1, CNET News – (International) FileVault 2 easily decrypted, warns Passware. One of the welcome features in OS X Lion was the replacement of Apple’s first-generation FileVault file encryption technology, which only encrypted the home folder, with a new whole-disk encryption approach. FileVault 2 requires the hard drive to be partitioned with a recovery partition that in part acts to store the password and encryption keys used to decrypt the drive. In a statement issued February 1, password recovery company Passware claimed it can fully decrypt a FileVault-encrypted Mac disk within an hour. Passware said its utilities can sample system memory and extract the encryption key for FileVault disks. The process apparently takes no more than 40 minutes, regardless of the length or complexity of the password used. Source:

For another story, see item 13 above in the Banking and Finance Sector

Communications Sector

46. February 2, Roanoke Times – (Virginia) Lumos phone services down in Botetourt, Alleghany and Augusta counties. A Lumos Networks Corp. spokesman confirmed both wireless and landline customers’ phones in Virginia were affected by an outage detected February 2. “Just before 6 a.m. something compromised our network, impacting customers in Augusta, Botetourt and Alleghany counties and potentially areas beyond that,” the spokesman said. Later, about 4 hours later he said engineers were making “significant progress” in restoring service but had not yet determined the cause of the outage. Source:

47. February 1, Somerville Courier News; East Brunswick Home News Tribune – (New Jersey) Copper thieves caught red-handed in Old Bridge. A police officer thwarted two men intent on stealing copper grounding plates from cell towers near a Garden State Parkway commuter parking lot in New Jersey February 1. A patrolman arrested the men, one of whom is an employee of Metro RF, on charges of burglary by entering a locked structure, theft of movable property, and possession of burglary tools, an Old Bridge Police captain said. “There has been a problem with copper grounding plates being stolen from cell tower areas,” he said. “Not having the copper grounding bars can be extremely dangerous. Should lightning hit the cell towers, the entire communications system for the area, for all of the state, really, could be out.” While on his usual rounds, the patrolman noticed an unoccupied vehicle parked in the commuter lot. A short time later, the same vehicle appeared to have its lights on, and as the officer approached the car he observed a man asleep in the passenger seat. As he was questioning the the man, the second suspect, approached them from the direction of the cell tower area, police said. Police said during his questioning of the men, the patrolman noticed a black bag filled with copper grounding plates in the vehicle. Upon closer inspection of the cell towers, numerous nuts and bolts were found discarded on the ground while wires were seen hanging loose from the cell towers where the copper grounding plates should have been attached, police said. Source:|newswell|text||p