Tuesday, March 27, 2012

Complete DHS Daily Report for March 27, 2012

Daily Report

Top Stories

• An independent panel appointed by a federal agency faulted Mine Safety and Health Administration enforcement for the massive gas explosion in 2010 that killed 29 miners in West Virginia. – United Press International (See item 4)

4. March 23, United Press International – (West Virginia) Panel says MHSA lax in Upper Big Branch. March 23, an independent panel faulted Mine Safety and Health Administration (MSHA) enforcement for the massive gas explosion that killed 29 miners in West Virginia. The panel, appointed by the National Institute for Occupational Safety and Health, examined the causes of the April 5, 2010 blast that wracked the Upper Big Branch Mine South in Montcoal, about 30 miles south of Charleston. The panel concluded though mine operators ultimately were responsible for the blast, mine safety inspectors failed to take “appropriate actions during the inspections in the months prior to the explosion” that might have prevented the disaster or led to the mine being idled. “If [mine safety inspectors] had engaged in timely enforcement of the Mine Act, and applicable standards and regulation, it would have lessened the chances of — and possibly prevented — the explosion,” the panel said. It concluded an earlier investigation by the MSHA was too narrow and failed to identify the problems. Source: http://www.upi.com/Top_News/US/2012/03/23/Panel-says-MHSA-lax-in-Upper-Big-Branch/UPI-19191332541591/

• Microsoft and several partners seized servers in Pennsylvania and Illinois, and filed charges against 39 defendants they said were part of several cybercrime rings. They charged the rings for using Zeus financial malware to steal $100 million over the last 5 years. – IDG News Service See item 11)below in the Banking and Finance Sector.

• A man was arrested after he tried to bring four loaded guns through a security checkpoint at Sacramento International Airport in California. Authorities later found eight more firearms, several of them loaded, in the man’s car in an off-site parking lot. – Reuters (See item 21)

21. March 24, Reuters – (California) Man arrested at Sacramento airport security with 4 guns. A Montana man was arrested after he tried to bring four loaded guns through a security checkpoint at Sacramento International Airport in Sacramento, California, and is being held without bail, the sheriff’s office said March 24. The suspect was arrested March 22 after Transportation Security Administration officers at a checkpoint found a firearm inside a carry-on bag, the Sacramento County Sheriff’s Department said in a statement. Further checks showed he was carrying a loaded handgun and had three loaded firearms in his carry-on bags, it said. Sheriff’s deputies searched his car at an off-site parking lot and turned up eight more firearms, several of them loaded. The man faces charges including unlawful possession of a loaded firearm, unlawful possession of a concealed firearm, possession of an unauthorized weapon in a public building, and possession of a firearm within a sterile area of an airport, the sheriff’s department statement said. Source: http://www.chicagotribune.com/news/sns-rt-us-airport-gunsbre82n0b3-20120324,0,7550388.story

• Agriculture officials recently said crop and livestock losses from Texas’ historic drought are $7.62 billion for 2011, or more than $2 billion more than previously thought. – USA Today (See item 30)

30. March 22, USA Today – (Texas) Drought cost Texas nearly $8 billion in agriculture losses. Agriculture officials said losses from Texas’ historic drought are more than $2 billion more than previously thought, USA Today reported March 22. The Texas AgriLife Extension Service now estimates crop and livestock losses at $7.62 billion for 2011. The extension service’s preliminary estimate of $5.2 billion in August 2011 already topped the previous record of $4.1 billion in 2006. Texas has a long history of drought. Since 1998, it has cost the state’s agriculture industry more than $14 billion. 2011 was the driest year in state history. Source: http://www.usatoday.com/weather/drought/story/2012-03-22/texas-drought-losses/53703926/1


Banking and Finance Sector

11. March 26, IDG News Service – (Pennsylvania; Illinois, International) Microsoft leads seizure of Zeus-related cybercrime servers. March 26, Microsoft said it and several partners disrupted several cybercrime rings that used a piece of malicious software called Zeus to steal $100 million over the last 5 years. The company said a consolidated legal case was filed against those allegedly responsible that for the first time applies the Racketeer Influenced and Corrupt Organizations Act. Zeus is difficult for financial institutions to address because of its stealthy nature and advanced spying capabilities that center around stealing online banking and e-commerce credentials. According to a complaint filed under seal March 19 in New York, Microsoft accused the defendants of infecting more than 13 million computers and stealing more than $100 million. The civil complaint lists 39 “John Doe” defendants, many of whom are identified only by online nicknames. The senior manager of investigations for Microsoft’s Digital Crimes Unit said the creators of Zeus sold “builder kits” to other would-be cybercriminals. Simple versions sold for as little as $700, while more advanced versions could cost $15,000 or more, the affidavit said. Microsoft also said this is the first time other parties joined it as a plaintiff in a botnet case. The other plaintiffs are the Financial Services Information Sharing and Analysis Center, and the National Automated Clearing House Association. The court granted Microsoft and its partners permission to seize servers located in Scranton, Pennsylvania, and Lombard, Illinois, March 23. Microsoft took control of 800 domains that are part of Zeus’ infrastructure in an attempt to completely wrest control of the networks from their operators. Source: http://www.computerworld.com/s/article/9225529/Microsoft_leads_seizure_of_Zeus_related_cybercrime_servers

12. March 25, KCPQ 13 Tacoma – (Washington) Cops seek to identify ‘Beanie Bandit’. A man has been dubbed the “Beanie Bandit” for the hats he has worn during bank robberies in Washington state, KCPQ 13 Tacoma reported March 25. First, he hit the Opus Bank in Shoreline January 10, wearing a knit hat with tassels. Then, February 13, he robbed a Key Bank in Factoria wearing a two-tone beanie hat. Finally, March 20, he wore a bright blue beanie when he robbed a bank in Bothell. Detectives said the suspect does not show a weapon, but does use threats and intimidation. Source: http://www.q13fox.com/community/wamostwanted/featuredcases/kcpq-wmw-cops-seek-to-identify-beanie-bandit-20120325,0,3860830.story

13. March 24, Asheville Citizen-Times – (North Carolina; National) Spruce Pine man indicted in land fraud scheme. A Spruce Pine, North Carolina man faces up to 38 years in prison in connection with a Mitchell County real estate fraud scheme authorities say is one of the largest in state history, according to an indictment handed up March 23. The defendant is accused of defrauding banks and investors out of more than $82 million in improper loans tied to a development called the Village of Penland. A grand jury in Charlotte indicted the man on seven felony counts including bank fraud, filing false tax returns, and conspiracy to commit mail, wire, and bank fraud. Five other people have already pleaded guilty in the case and been sentenced to prison terms ranging from 3 to 10 years. According to court records, the defendants sold overpriced lots in what was supposed to become an upscale housing development between 2002 and 2007. Prosecutors said the scheme bilked more than 200 investors in several states. The North Carolina attorney general shut the project down in 2007, citing fraudulent business practices. The indictment alleges the defendant closed more than 300 residential real estate loans to individuals secured by Penland lots valued at about $108 million. He also is accused of defrauding investors and banks by failing to provide legal services, and making false statements to obtain the loans. He was paid about $2 million in fees related to the Penland transactions, the U.S. attorney’s office said. Source: http://www.citizen-times.com/article/20120325/NEWS/303250059/Real-estate-scheme-alleged?odyssey=tab|topnews|text|Frontpage

14. March 24, Associated Press – (Oregon) Oakridge bank damaged by fire. Fire has badly damaged a Siuslaw Bank branch in Oakridge, Oregon. Employees evacuated the burning bank the afternoon of March 23. Fire crews told KEZI 9 Eugene they thought a power surge started the fire at the back of the bank. They arrived to find smoke billowing from three sides of the building and flames in the back. The bank’s assistant vice president said client deposits and safe deposit boxes were safe. There was no immediate damage estimate. Source: http://www.heraldandnews.com/news/article_799c835a-757c-11e1-9f6e-001871e3ce6c.html

15. March 23, Softpedia – (International) Traders drop price of silver by exploiting NASDAQ vulnerability. Experts have long argued the flaws present in trading systems can be leveraged to manipulate prices and basically perform fraudulent operations, but a recent incident demonstrated these vulnerabilities. “On March 20, 2012 at 13:22:33, the quote rate in the ETF symbol SLV sustained a rate exceeding 75,000/sec (75/ms) for 25 milliseconds. Nasdaq quotes lagged other exchanges by about 50 milliseconds. Nasdaq quotes even lagged their own trades — a condition we have jokingly referred to as fantaseconds,” Nanex reported. This means that some traders flooded the system which, due to the security holes that exist, caused silver prices to drop considerably. High frequency traders took advantage of the flaws and exploited the NASDAQ silver ETF, a researcher explained. The fantaseconds Nanex refers to is a term that defines a unit of time measurement unveiled back in September 2011 when a “time warp” was recorded in the trading of Yahoo! stock. At the time, exchange timestamps revealed the Yahoo! trades were executed on quotes that came into existence only 190 milliseconds later. By taking advantage of this flaw, traders can execute quotes before they even exist in the system. Zero Hedge believes someone wanted the price of silver to drop at precisely 13:22:33, March 20, so they “bent the laws of relativity” and executed quotes in the future. Source: http://news.softpedia.com/news/Traders-Drop-Price-of-Silver-by-Exploiting-NASDAQ-Vulnerability-260499.shtml

16. March 23, NJ.com – (New Jersey; New York) Man who robbed Hoboken bank with bomb threat believed to have robbed Palisades Park, New York banks. The FBI has released surveillance photos of a man they believe is connected to a string of bank robberies in New Jersey and New York, including one in Palisades Park, New Jersey, March 22. The images were taken from cameras in three Chase Bank branches in Manhattan and New Jersey which have fallen victim to robberies in one week. The suspect is also believed to have attempted to rob a Capitol One Bank in New York. The Jersey Journal reported a man robbed a Chase bank branch in Hoboken, New Jersey, March 19 with a note that read, “I have a bomb. No silent alarm. Just all cash. 60 seconds. NOW. I’m desperate so I will not hesitate. Act normal.” The two New York robberies occurred 2 days later, police said. In each case, the suspect handed the teller a note demanding undisclosed sums. He successfully robbed all of the banks except for the Capitol One branch in Manhattan. Source: http://www.nj.com/bergen/index.ssf/2012/03/fbi_police_search_for_palisades_park_bank_robber_see_links_to_robberies_in_new_york_and_hoboken.html

17. March 23, KRXI 11 Reno – (Nevada; California) Financial forgery gang and lab taken down. A gang allegedly dedicated to identity theft and other financial fraud crimes was arrested in Sparks, Nevada, March 22 after an investigation lead authorities to their financial forgery lab. Detectives from a Sparks police unit, and detectives from a northern Nevada regional identify theft task force received information about the possibility of the lab operating inside the Nugget Hotel and Casino. They set up a lengthy surveillance and learned the two main suspects had obtained five rooms between them and had several associates using the rooms since about March 11. After obtaining several search warrants, detectives located the two primary suspects along with eight other suspects in a room at the hotel. All of the suspects were detained and subsequently arrested. Numerous stolen and manufactured various state ID’s were located, as well as personal identifying information of several victims in Nevada and California. Numerous computers and printers, as well as other digital equipment for making checks, ID’s, stolen identities, etc., were located inside several of the rooms. Source: http://www.foxreno.com/news/news/crime-law/financial-forgery-gang-and-lab-taken-down/nLbY6/

Information Technology

44. March 26, IDG News Service – (International) Facebook scammers host Trojan horse extensions on Chrome Web Store. Cybercriminals are uploading malicious Chrome browser extensions to the official Chrome Web Store and using them to hijack Facebook accounts, according to security researchers from Kaspersky Lab. The rogue extensions are advertised on Facebook by scammers and claim to allow changing the color of profile pages, tracking profile visitors, or even removing social media viruses, a Kaspersky Lab expert said March 23. He recently observed an increase in Facebook scams that use malicious Chrome extensions and originate in Brazil. Once installed in the browser, these extensions give attackers complete control over the victim’s Facebook account and can be used to spam their friends or to Like pages without authorization. In one case, a rogue extension masqueraded as Adobe Flash Player and was hosted on the official Chrome Web Store, the expert said. By the time it was identified, it was already installed by 923 users. Uploading multiple rogue extensions on the Chrome store and running many Facebook spam campaigns to advertise them allows attackers to quickly compromise thousands of accounts. The accounts are then used to earn scammers money by Liking particular pages. The people behind these campaigns sell packages of 1, 10, 50, or 100 thousand Likes to companies who wish to gain visibility on Facebook. Source: http://www.computerworld.com/s/article/9225536/Facebook_scammers_host_Trojan_horse_extensions_on_Chrome_Web_Store?source=rss_security&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+computerworld/s/feed/topic/17+(Computerworld+Security+News)&utm_

45. March 26, Threatpost – (International) New TGLoader Android malware found in alternative markets. The TGLoader malware appeared in some alternative Android app markets recently, and researchers at North Carolina State University discovered and analyzed it, finding it has a wide range of capabilities. The malware uses the “exploid” root exploit to get root privileges on compromised phones, and from there it starts installing a variety of apps and Android code that are designed to perform myriad malicious actions. “After that, it further installed several payloads (including both native binary programs and Android apps) unbeknownst to users. The malware also listens to remote C&C servers for further instructions. Specifically, one particular “phone-home” function supported in TGLoader is to retrieve a destination number and related message body from the C&C servers. Once received, it composes the message and sends it out in the background. This is a typical strategy that has been widely used in recent Android malware to send out SMS messages to premium-rate numbers,” an assistant professor at North Carolina State wrote in an analysis of the new malware. Source: http://threatpost.com/en_us/blogs/new-tgloader-android-malware-found-alternative-markets-032612

46. March 26, H Security – (International) Apache Traffic Server update closes important security hole. Version 3.0.4 of Apache Traffic Server (ATS), the high-performance caching HTTP/1.1 proxy server, has been released, closing a security hole that could be exploited by an attacker to remotely compromise a vulnerable system. An error when parsing a large “Host:” HTTP header can be used to cause a heap-based buffer overflow, which could lead to a denial-of-service condition or the execution of arbitrary code. The vulnerability (CVE-2012-0256) was reported to Apache by Codenomicon via CERT-FI and is rated as “Important.” All 2.0.x versions as well as 3.0.x and 3.1.x up to and including 3.0.3 and 3.1.2 are affected. Upgrading to 3.0.4 fixes the problem. The developers also released an update, version 3.1.3, to the unstable development branch of ATS to fix the security problem and urged all users to upgrade as soon as possible. Source: http://www.h-online.com/security/news/item/Apache-Traffic-Server-update-closes-important-security-hole-1479853.html

47. March 23, The Register – (International) Survey scammers fling spam at Pinterest punters. Cyber criminals have latched on the success of social networking site Pinterest by launching a variety of money-making scams. Just like Facebook before it, Pinterest has become a haven for survey scams. Would-be targets are invited to complete surveys under the pretext that they might win an iPad or obtain a discount voucher. In reality, they end up revealing personal information to unscrupulous marketing firms or signing up for mobile phone subscription services of dubious utility. In some cases, these scams are even used to distribute malware. Source: http://www.theregister.co.uk/2012/03/23/pinterest_attracts_scammers/

For more stories, see items 11 and 15 above in the Banking and Finance Sector.

Communications Sector

48. March 26, Albany Times Union – (New York) Verizon FiOS customers frustrated by weekend TV outage. Capital region customers of Verizon FiOS TV near Albany, New York, were frustrated the weekend of March 23 after many cable channels were knocked off the air. The issue was caused by a software problem at Verizon’s Buffalo, New York hub that broadcasts TV signals to customers in the Syracuse area, and in the capital region, a Verizon spokesman said. The outage started March 23, but some customers were still without their channels as of March 26, except for some local ones like CBS. The spokesman said customers can get their TV back by rebooting their set-top box, something a technical support rep. can do over the phone. He said he did not have data on the number of customers affected. Source: http://www.timesunion.com/business/article/Verizon-FiOS-customers-frustrated-by-weekend-TV-3435117.php

For more stories, see items 44, 45, and 47 above in the Information Technology Sector.