Thursday, April 12, 2012

Complete DHS Daily Report for April 12, 2012

Daily Report

Top Stories

• Cybercrooks forged a Zeus-based trojan that enables them to siphon funds from businesses using cloud-based payroll service providers. – The Register. See item 9 below in the Banking and Finance Sector

• A federal court suspended operations of two debt-collecting businesses a man reportedly used to swindle $5 million from hundreds of thousands of U.S. consumers. – U.S. Federal Trade Commission. See item 11 below in the Banking and Finance Sector

• An audit revealed the Department of Veterans Affairs failure to fully comply with federal information security laws resulted in more than 15,000 outstanding risks. – Federal Computer Week

33. April 6, Federal Computer Week – (National) IG report finds flaws in VA’s information security program. An inspector general audit revealed that the Department of Veterans Affairs (VA) failure to fully comply with the Federal Information Security Management Act (FISMA) resulted in more than 15,000 outstanding security risks, Federal Computer Week reported April 6. The fiscal year 2011 performance audit examined the extent to which VA’s information security program complied with FISMA requirements and National Institute for Standards and Technology guidelines. Substantial inadequacies were discovered in areas related to access controls, configuration management controls, continuous monitoring, and services continuity practices. Also, VA has not effectively implemented procedures to identify and correct system security flaws on network devices, database and server platforms, and Web applications. Deficiencies were also found in reporting, managing, and closing plans of action and milestones. The report accentuated a larger compliance issue government-wide. A March 7 review by the Office of Management and Budget showed that only 7 out of 24 agencies are more than 90 percent compliant with FISMA directives. Source:

• Microsoft released security bulletins April 10 that addressed many bugs that could be exploited by attackers to remotely inject and execute malicious code. – H Security. See item 38 below in the Information Technology Sector

• Firefighters battled wildfires that consumed thousands of acres in 9 states on the East Coast April 10. – CBS News (See item 50)

50. April 10, CBS News – (National) Dry, windy conditions fuel wildfires in East. Along the Eastern Seaboard, firefighters are battling a string of wildfires after weeks of unusually warm and dry weather, CBS News reported April 10. Fires burned in nine states, from New Hampshire to Florida. Wildfires broke out up and down the East Coast, April 9, fueled by whipping winds and dry conditions. On New York’s Long Island, hundreds of firefighters raced to keep flames from closing in on Brookhaven National Lab, a nuclear physics facility. The fire swallowed up 1,000 acres, destroyed at least two homes, and sent three firefighters to the hospital. Officials said the fire was 50 percent contained, but they warned homes were still in jeopardy. Firefighters said they had no idea when they would have the fire under control. In New Jersey, another fire — which officials were calling suspicious — was on track to burn through 1,000 acres. The dry, windy weather also helped feed flames in Pennsylvania and Connecticut where a brush fire lined a railroad track. Nearby homes and businesses were evacuated. In Virginia, helicopters dumped water to try to douse flames. The wildfire outbreak stretched all the way down to Miami where a fast-moving fire caught residents by surprise. Source:


Banking and Finance Sector

9. April 11, The Register – (International) New Zeus-based trojan leeches cash from cloud-based payrolls. Cybercrooks have forged a Zeus-based trojan that targets cloud-based payroll service providers. A new attack, detected by transaction security firm Trusteer, shows crooks are going up the food chain. Researchers captured a Zeus configuration that targets Ceridian, a Canadian human resources and payroll services provider. The trojan works by capturing a screenshot of the payroll services Web page when a malware-infected PC visits the site. This data is uploaded, allowing crooks to obtain user ID, password, company number, and the icon selected by the user for the image-based authentication system – enough information to siphon funds from compromised accounts into those controlled by money mules. Trusteer thinks crooks are targeting the small cloud service provider to get around the tougher problem of how to bypass industrial strength security controls typically maintained by larger businesses. Cloud services can be accessed using unmanaged devices that are typically less secure and more vulnerable to infection by Zeus-style financial malware. Source:

10. April 11, Santa Fe New Mexican – (New Mexico) FBI: Bank robbery suspect arrested. The FBI April 10 arrested a Santa Fe, New Mexico man they say is connected to the April 2 robbery of U.S. Bank. The FBI said the suspect in the April 2 robbery is believed to be the man responsible for three other robberies in Santa Fe in the past year. Santa Fe olice and FBI investigators worked together on the case and arrest, according to an FBI spokesman. Video surveillance of the bank robbery showed a man displaying a hand gun and robbing the bank of an undisclosed amount. The same description matched video of a man who robbed other banks in Santa Fe in recent months. Source:

11. April 11, U.S. Federal Trade Commission – (California; International) Court halts alleged fake debt collector calls from India, grants FTC request to stop defendants who posed as law enforcers. In response to charges from the U.S. Federal Trade Commission (FTC), a federal court halted an operation the agency alleges collected phantom payday loan debts that consumers either did not owe to the defendants or did not owe at all, the FTC announced April 11. The scheme involved more than 2.7 million calls to at least 600,000 different phone numbers nationwide, the FTC said. In less than 2 years, they fraudulently collected more than $5.2 million from consumers, many of whom were strapped for cash and thought the money they were paying would be applied to loans they owed, according to FTC documents filed with the court. The agency charged an individual, a California-based man, and two companies he controls with violating the FTC Act and the Fair Debt Collection Practices Act. Often pretending to be American law enforcement agents or representatives of fake government agencies, callers from India who were working with the defendants would harass consumers with back-to-back calls, the FTC said. The defendants typically demanded hundreds of dollars and, in violation of federal law, routinely used obscene language and threatened to sue or have consumers arrested, the FTC’s complaint alleged. They also threatened to tell the victims’ employers, relatives, and neighbors about the bogus debt, and sometimes followed through on these threats. Once victims were pressured into paying, the callers instructed them to use a pre-paid debit card such as a WalMart MoneyCard, another debit card, a credit card, or Western Union so the money could be deposited into one of the defendants’ merchant processing accounts, the FTC charged. Source:

12. April 11, Reuters – (National; International) U.S. SEC sues AutoChina for securities fraud. U.S. securities regulators sued AutoChina International Ltd, its executives, and others for securities fraud April 11. The U.S. Securities and Exchange Commission (SEC) said the company’s employees, board members, and other Chinese citizens unlawfully bought and sold AutoChina stock to boost its trading volume as the company sought loans. AutoChina, which is based in China and owns and operates a commercial vehicle leasing business there, traded its shares on the NASDAQ stock market until October 2011. Its listing was suspended for failing to file required documents with the SEC. The defendants opened brokerage accounts beginning in October 2010, deposited some $60 million in the accounts, and bought and sold millions of shares of AutoChina stock, the SEC said. The lawsuit comes as the SEC steps up its inquiries into Chinese companies whose shares trade in the United States for accounting violations and other misconduct. The SEC lawsuit, filed in federal court in Massachusetts, is seeking civil penalties and other sanctions. Source:

13. April 10, St. Louis Post-Dispatch – (Missouri) US Fidelis co-founder admits federal tax evasion, fraud. Four days after pleading guilty to state fraud charges, the co-founder of US Fidelis appeared April 9 in a U.S. district court in St. Louis, Missour to admit he also broke federal laws in cheating customers and failing to declare or pay taxes on $13 million received from the company in just 1 year. He pleaded guilty of conspiracy to commit mail and wire fraud and filing a false tax return. In his plea, he admitted he failed to declare $13 million in “distributions” from Fidelis on his 2006 federal tax return. That year, in fact, he reported a negative income, an assistant U.S. attorney said. He also acknowledged tricking consumers into believing auto service contracts Fidelis peddled by phone and mail were actually extended warranties from the vehicles’ manufacturers. When customers canceled and asked for a refund, as up to 60 percent did, he admitted telling Fidelis staffers to withhold up to 40 percent of the amount due. He also admitted he and his brother used the latter’s credit card to make payments for customers who they thought were likely to cancel or refuse to pay. The payments triggered full payment for Fidelis’ share of the contract from a financing company, his plea says. Some of the admissions were similar to what was contained in his guilty plea April 5 to state charges of insurance fraud, stealing and unlawful merchandising practices. Prosecutors allege that the man and his brother funneled millions of dollars of profits into lavish homes, luxury goods, and payments on behalf of relatives. Fidelis, once one of the nation’s largest sellers of auto service contracts, collapsed in 2009. Source:

Information Technology

36. April 11, Computerworld – (International) Apple promises Flashback malware killer. April 10, Apple for the first time publicly acknowledged a malware campaign that has infected an estimated 600,000 Macs, and said it would release a free tool to disinfect users’ machines. Although Flashback has circulated since September 2011, it was only in March that the newest variant began infecting Macs using an exploit of a Java bug Oracle patched in mid-February. Apple maintains its own version of Java for Mac OS X, and is responsible for producing security updates. It issued a Java update April 3 that quashed the bug Flashback has been using to infect Macs. In the 7 weeks between Oracle’s and Apple’s updates, hackers responsible for Flashback managed to insert their software — designed for, among other things, password theft — onto an estimated 2 percent of all Macs. Apple said it was working with Internet service providers to “disable [the Flashback] command and control network,” referring to the practice of asking hosting firms to pull hacker-operated command-and-control servers off the Internet so infected computers cannot receive further orders. The company promised to issue a special tool to “detect and remove the Flashback malware.” Apple did not set a timetable for its release. Source:

37. April 11, The H – (International) Samba fixes critical remote code execution vulnerability. The Samba developers patched a critical security vulnerability that effects all versions of the open source, cross-platform file sharing solution from Samba 3.0.x up to version 3.6.3 that was released in January, The H reported April 11. The hole allows an attacker to gain complete access to a Samba server from an unauthenticated connection. The GPLv3 licensed Samba is used by many Unix and Linux systems with the ability to share files with Windows systems by implementing the SMB, SMB2, and CIFS protocols. The vulnerability was discovered by two security researchers working for the Zero Day Initiative. The flaw, which is located in the code generator for Samba’s remote procedure call interface, makes it possible for clients on the network to force the server to execute arbitrary code. This attack can be performed over an unauthenticated connection, granting the attacker root user privileges and thus complete access to the Samba server. The fact the problem was located in the Perl-based DCE/RPC compiler Samba uses to generate code for handling remote requests has, presumably, made it very hard to detect with automated code auditing methods and caused it to stay hidden for such a long time. Source:

38. April 11, H Security – (International) Patch Tuesday closes critical Windows, Office and IE holes. April 10, Microsoft released 6 security bulletins that addressed 11 vulnerabilities in its products, 8 of which are considered to be critical. Four of the bulletins address critical holes in all supported versions of Windows, Internet Explorer (IE), the .NET Framework, Office and SQL Server, as well as Microsoft Server and Developer tools. All of these bugs could be exploited by attackers to remotely inject and execute malicious code on a victim’s system via a specially crafted file. One critical bulletin, MS12-024 notes a privately reported vulnerability that could allow attackers to modify existing signed executable files. Another, MS12-027, is an issue in Microsoft’s common controls, used in numerous Microsoft applications, which can be exploited when a user visits a malicious site or opens an e-mail attachment to allow remote code execution. An Internet Explorer bulletin, MS12-023, affects all supported versions of IE, closes five holes, one when printing a specially crafted HTML page and four when IE accesses deleted objects in various situations. The rating for these holes is either critical or moderate depending on the combination of operating system and IE version. Finally, MS12-025 closes a vulnerability in the .NET framework that allows attackers to “take complete control of an affected system.” Source:

39. April 11, H Security – (International) Adobe fixes critical vulnerabilities in Reader and Acrobat. Adobe released versions 10.1.3 and 9.5.1 of its Acrobat and Reader products to address high priority security vulnerabilities that could be used by an attacker to cause the application to crash and potentially take control of an affected system. These include memory corruption in the JavaScript API and JavaScript handling, an integer overflow in the True Type Font handling, and a security bypass via the Adobe Reader installer, all of which could lead to arbitrary code execution. Adobe Acrobat and Reader 10.1.2 and earlier 10.x versions, as well as 9.5 and earlier 9.x versions for Windows and Mac OS X are affected — on Linux, Reader 9.4.6 and earlier 9.x versions are vulnerable. Source:

40. April 11, The Register – (International) Malware-infected flash cards shipped out with HP switches. HP sent out a warning to customers after the vendor found it inadvertently shipped virus-laden compact flash cards with its networking kit. The unnamed malware appeared on flash cards that came bundled with HP ProCurve 5400zl switches. The flash card would not have any effect on the switch itself but “reuse of an infected compact flash card in a personal computer could result in a compromise of that system’s integrity,” HP warned in a bulletin issued April 10. It is unclear how the unknown malware got onto the Flash cards that come bundled with the 10 Gbps-capable line of LAN switches, but an infected computer somewhere in the manufacturing process — possible in a factory run by a third-party supplier — is the most obvious suspect. Source:

41. April 10, Threatpost – (International) No permissions Android application can harvest, export device data. April 9, a researcher was able to demonstrate Android applications without permissions can still access files used by other applications, including which applications are installed and a list of any readable files used by those applications. That capability could be used to identify applications that have weak permissions vulnerabilities and exploit those, he warned. He unveiled a proof of concept Android application, dubbed “NoPermissions” that works with Android phones running version 4.0.3 and 2.3.5 of the operating system. Among the data he found on his own Android phone were certificates from his mobile Open VPN application. Not only could an attacker take advantage of the lack of strict permissions to collect data, he wrote, they could also export it from the phone without permissions. The URI ACTION-VIEW Intent network access call is supported without permissions, which will open a browser on the Android device. An attacker could then pass data to the browser in the form of a URI with GET parameters to pass it to an Internet accessible server or device using successive browser calls. Source:

For more stories, see items 9 above in the Banking and Finance Sector and 33 above in Top Stories

Communications Sector

42. April 11, Dayton Beach News-Journal – (Florida) Bright House phone outage irks customers. Bright House Networks phone service disconnected for nearly 4 hours April 9, leaving as many as 49,000 central Florida customers without service. Cable and Internet service was not affected, a spokesman said. The phone customers who were impacted were on one switch that failed, and not all of the 49,000 customers on that switch were affected, he said. Most of those on the switch were residential customers and because of the timing of the disruption — 12:37 p.m. to 4:20 p.m. — most would not have been impacted, he said. Customers had lost and delayed dial tones, he said. Source:

43. April 10, Boston Globe – (Massachusetts) Downed Boston TV stations back on the air. Three Boston television (TV) stations that were knocked off the air April 8 by a technical glitch returned to service April 10. Over-the-air broadcasts from CBS Corp. stations WBZ-TV 4 and WSBK-TV 38, ABC network affiliate WCVB-TV 5, and PBS station WGBX-TV 44 shut down at about 8 p.m. All four stations share the same antenna, located atop a 1,200-foot tower in Needham, Massachusetts. WCVB-TV quickly resumed broadcasting through a backup antenna but the other three stations stayed off the air. The outage had no effect on most viewers, because the stations continue to feed their signals to cable and satellite TV providers, who serve about 98 percent of viewers in the Boston area. At 1 p.m. April 10, engineers at the affected stations briefly shut down WGBH, then moved its signal to the backup antenna being used by WCVB. Then WCVB, WSBK, WBZ, and WGBX all began broadcasting from the WGBH antenna. The director of broadcast operations and engineering for WBZ and WSBK, said the outage was due to a breakdown in a “five-way power divider,” an electronic component that separates the signals from multiple stations before feeding them to the antenna. Fixing the problem will require a complete shutdown of the antenna. To accomplish this, each station will install a temporary antenna on the tower. After that, the WGBH antenna will be completely shut down. The power divider can then be repaired. Source:

For more stories, see item 41 above in the Information Technology Sector

Wednesday, April 11, 2012

Complete DHS Daily Report for April 11, 2012

Daily Report

Top Stories

• More than 60 percent of energy security experts said current smart meters are not secure enough against false data injection attacks, according to a new survey. – Homeland Security Newswire

2. April 10, Homeland Security Newswire – (International) Industry insiders: Insufficient security controls for smart meters. False data injection attacks exploit the configuration of power grids by introducing arbitrary errors into state variables while bypassing existing techniques for bad measurement detection; experts say the current generation of smart meters are not secure enough against false data injection attacks, Homeland Security Newswire reported April 10. nCircle recently announced results of a survey of 104 energy security professionals. The survey was sponsored by nCircle and EnergySec, a Department of Energy-funded public-private partnership that works to enhance cyber security of electric infrastructure. The online survey was conducted March 12 to 31. When asked, “Do smart meter installations have sufficient security controls to protect against false data injection?” 61 percent of respondents said “no.” Source:

• Updated data shows about 780,000 people had personal information stolen by hackers who breached Utah health department computers. Approximately 280,000 people had their Social Security numbers taken. – Utah Department of Health

30. April 9, Utah Department of Health – (Utah) Data breach expands to include more victims. The Utah Department of Technology Services (DTS), along with the Utah Department of Health (UDOH) announced April 9 that up to 255,000 additional people had their Social Security numbers listed in data stolen by thieves from a computer server the week of April 2. These latest victims are people whose information was sent to the state by their health care provider through a Medicaid Eligibility Inquiry to determine status as possible Medicaid recipients. The DTS has started identifying additional victims, and the state will send letters directly to them. Some of the 255,000 Social Security numbers were not accompanied by any other identifying information (such as names and addresses), so DTS will likely need to coordinate with other agencies to identify and notify these individuals. As many as 350,000 additional people may have had other, less-sensitive information, such as their names, birth dates, and addresses accessed through eligibility inquiries. These people will also receive a letter alerting them to the situation. However, priority will be placed on alerting those who had their Social Security numbers stolen first. It is now believed that about 280,000 victims had their Social Security numbers stolen, and about 500,000 other victims had less-sensitive personal information stolen. Source:

• Twelve people were evacuated from a Boston apartment building, and four police officers and an ambulance crew were hospitalized after a woman committed suicide by ingesting a toxic chemical. – Boston Globe

44. April 10, Boston Globe – (Massachusetts) Police officers, ambulance crew taken to hospital after toxic suicide in South End. Twelve people were evacuated from an apartment building in the South End area of Boston, and four police officers and an ambulance crew were taken to a hospital after a woman committed suicide April 9 inside an apartment by ingesting a toxic chemical, fire officials said. The Boston deputy fire chief said at the HAZMAT scene that the woman ingested the chemical on the first floor and was later pronounced dead at the hospital. He said four police officers and the ambulance team of two EMS workers were quarantined at the hospital to determine whether they were affected by the substance. He said the woman is believed to have ingested sodium azide, a chemical used to make airbags. “But it can metabolize into some kind of cyanide,” he said. He said April 10 crews were preparing to reenter the apartment building to see if it presented a safety risk, a process expected to take a few hours. He also said the officers and EMS workers who were quarantined did not appear to be showing signs of being adversely affected by the chemical. Source:

• Wildfires burned thousands of acres of national forest land in five Virginia counties April 9. – Waynesboro News Virginian

50. April 10, Waynesboro News Virginian – (Virginia) Wildfires a concern in Virginia, and in the valley. Waynesboro, Virginia, spent much of April 9 under a Red Flag Alert for forest fires because of conditions that included extreme dryness, high winds, and low humidity. A deputy Waynesboro fire chief said it was important for residents to be careful of any kind of outside fire because of the weather conditions. Meanwhile, April 9, wildfires were burning hundreds of acres of national forest land in five Virginia counties. Media outlets reported fires burned more than 1,100 acres in the George Washington-Jefferson National Forest in Botetourt, Craig, and Alleghany counties. Fire officials said at least 50 acres burned in Shenandoah County. A wildfire in Page County burned 621 acres. Authorities said the fires do not threaten any structures, and no injuries were reported. Several roads and trails were closed in the forest in Shenandoah County. The Potts Mountain Jeep Trail in Botetourt County also was closed. Source:


Banking and Finance Sector

13. April 10, Reuters – (New York) President of First Class Equities pleads guilty to $66 million mortgage fraud. The president of a New York brokerage firm pleaded guilty April 9 to conspiracy in a $66 million mortgage fraud scheme. The president of First Class Equities pleaded guilty to one count of conspiracy to commit wire fraud and bank fraud in a New York federal court, the U.S. attorney’s office said. It said the former president and his firm recruited “straw buyers” — people who posed as home buyers to purchase distressed properties, but who had no intention of paying the mortgages. Instead, the bank loans to buy the properties were transferred to the president and his co-conspirators. Court papers said the Long Island-based firm ran the fraud from 2004 to 2009. The president was charged in August 2011, along with 13 others. Source:

14. April 10, FBI – (Minnesota) Federal jury convicts bank officer and customer in connection with multi-million-dollar check-kiting scheme. A federal jury found a former Minnesota bank officer and a bank customer guilty of fraud April 10. Their crimes were related to the customer’s multi-million-dollar check-kiting scheme and a loan scheme orchestrated in an effort to conceal the check-kiting from the bank’s board. The jury convicted the former president of Pinehurst Bank in St. Paul with five counts of misapplication of bank funds. The bank customer was convicted on two counts of bank fraud and one count of theft from an employee benefit plan. The bank’s former chief credit officer and senior vice president was acquitted on all counts. Evidence presented at trial showed that from March 6, 2009 through January 29, 2010, the former president concealed the customer’s check-kiting scheme by putting in place a series of fraudulent loans. The five loans, totaling $1.9 million, were issued to straw borrowers for the purpose of covering $1.85 million in overdrafts resulting from bad checks written by the customer as part of his check-kiting scheme. The customer kited increasingly larger-dollar bad checks between Pinehurst and another bank, not named in the charging documents, until late February 2009, when the second bank discovered the scheme and returned over $1.8 million in bad checks to Pinehurst. Source:

15. April 9, U.S. Securities and Exchange Commission – (California) SEC settles fraud charges against Silicon Valley man. The U.S. Securities and Exchange Commission (SEC) April 9 charged a San Jose, California man who raised millions for two Internet start-ups by falsely promising investors his companies were on the verge of undergoing successful initial public offerings (IPO). The SEC says he lured investors into Web-based start-ups hereUare, Inc. and eCity, Inc. by falsely telling them the firms would go public within a matter of months and generate millions in quick returns. In truth, he had no plans to take the companies public and relied solely on investor funds to stay in business. Ultimately, when investor funds ran out by the end of 2008, he was forced to shut down operations. According to the SEC’s complaint, he raised more than $6.2 million from investors for hereUare in 2007 and 2008, and raised $880,000 in investor funds for eCity in 2008. In presentations to prospective investors, he held himself out as a wealthy venture capitalist with prior IPO experience. He told prospective investors the companies had lucrative deals and patents, and that he had retained Goldman Sachs and an international law firm to help take the companies public within 6 months. According to the SEC, all of these representations were false. Source:

16. April 9, Darien Times – (Connecticut; Massachusetts; Rhode Island) ATM skimmer pleads guilty; Darien Police commended for work in case. The Connecticut U.S. Attorney’s Office specifically recognized the efforts of the Darien Police and other local departments for their assistance in the investigation and prosecution of a Turkish citizen who pleaded guilty April 9 to bank charges that involved automated teller machine skimming across three states. According to court documents and statements made in court, between February and July 2011, the defendant and others conspired to install skimming devices on automated teller machines at 11 banks and 1 credit union in Connecticut, Massachusetts, and Rhode Island. As a result of this scheme, more than 250 bank accounts were victimized, and financial institutions have suffered losses of about $336,057.64, according to the courts. Source:

17. April 9, Asheville Citizen-Times – (North Carolina) Seven Falls developer, others indicted in Asheville on bank fraud charges. The developer of the stalled Seven Falls luxury community in Henderson County, North Carolina, and four other people were indicted on criminal charges they broke banking laws while trying to keep the project afloat, the Ashville Citizen-Times reported April 9. Bank of Asheville and Pisgah Community Bank made $4.6 million in loans to fake borrowers who then gave the money to participants to provide funds for Seven Falls or to benefit the participants directly, the indictment says. The scheme occurred from August 2006 to April 2010. In addition, the indictment says the developer stole more than $4 million from a fund set up by an Ohio investor to pay for roads and utilities in a Rutherford County development, Queens Gap, that he had an ownership interest in. He spent very little of the funds on Queens Gap and used the money instead to make payments on loans taken out as part of the scheme and for personal uses. According to the indictment, after obtaining a $25 million development loan, the Seven Falls Golf and River Club LLC sold about 70 lots at prices between $250,000 and $650,000. Sales stalled in 2008 and the developer and two accomplices generated money for the development by recruiting “straw” borrowers to borrow money to buy lots at Seven Falls. Straw buyers got kickbacks for their participation and loan settlement statements were falsified. The indictment says participants used loan proceeds in part to repay other loans that were coming due, for personal use, and to temporarily get troubled loans off bank books to evade detection by bank regulators. The indictment lists 21 counts of wire fraud, misapplication of bank funds, conspiracy to commit money laundering, and money laundering. Source:|topnews|text|Frontpage

Information Technology

38. April 10, Bloomberg – (International) Anonymous blamed for attacks on technology group websites. Two technology trade associations said they were targeted by the hacker-activist group Anonymous as it singled out supporters of proposed legislation to improve U.S. cybersecurity. Anonymous claimed credit for denial-of-service assaults on the TechAmerica and USTelecom Web sites, according to the associations representing companies including IBM, Apple, and AT&T. Such offensives typically involve flooding a Web site with traffic, causing it to crash. The organizations said the attacks amount to reprisal for supporting the legislation, among cybersecurity bills under consideration by Congress, designed to encourage companies and government agencies to voluntarily share information about cyber threats. Users could not connect to the Web site for USTelecom, which represents telephone companies led by AT&T, Verizon, and CenturyLink, starting April 8 and the site was “up and down” April 9 as technicians worked to restore service, said a spokeswoman. The Web site of TechAmerica, whose members include IBM, Microsoft, and Apple, was not loading April 9. The attack began April 8 and the association was working April 9 to get the site back up, a TechAmerica spokeswoman said. The trade groups support cybersecurity legislation introduced by the chairman and ranking member of the House Intelligence Committee. Source:

39. April 10, U.S. Immigration and Customs Enforcement – (California; International) California man charged with trafficking counterfeit computer software. A Lakewood, California, man made his initial appearance in federal court April 9 following his arrest by U.S. Immigration and Customs Enforcement’s Homeland Security Investigations special agents for importing more than 1,000 counterfeit Microsoft Office CD-ROMs and selling them to unsuspecting customers over the Internet. The man is charged in a four-count federal indictment following the seizure of two shipments of Microsoft Office Professional Edition 2007 software CD-ROMs. Specifically, the indictment charges the man with two counts of trafficking counterfeit goods and two counts of smuggling. If convicted of all charges, he faces a maximum sentence of 60 years in federal prison. Source:

40. April 9, Ars Technica – (International) Rise of ‘forever day’ bugs in industrial systems threatens critical infrastructure. The number of security holes that remain unpatched in software used to control refineries, factories, and other critical infrastructure is growing. These holes are becoming so common that security researchers have coined the term “forever days” to refer to the unfixed vulnerabilities, Ars Technica reported April 9. The latest forever day vulnerability was disclosed in robotics software marketed by ABB, a maker of industrial control systems for utilities and factories. According to an advisory issued the week of April 2 by the U.S. Cyber Emergency Response Team, the flaw in ABB WebWare Server will not be fixed even though it provides the means to remotely execute malicious code on computers that run the application. “Because these are legacy products nearing the end of their life cycle, ABB does not intend to patch these vulnerable components,” the advisory stated. The notice said the development of a working exploit would require only a medium skill level on the part of the attacker. Forever day is a play on “zero day,” a phrase used to classify vulnerabilities that come under attack before the responsible manufacturer has issued a patch. Also called iDays, or “infinite days” by some researchers, forever days refer to bugs that never get fixed — even when they are acknowledged by the company that developed the software. In some cases, rather than issuing a patch that plugs the hole, the software maker simply adds advice to user manuals showing how to work around the threat. Source:

Communications Sector

41. April 9, WEAU 13 Eau Claire – (Wisconsin; Michigan) Verizon explains outage. Verizon Wireless customers were out of luck in parts of Wisconsin and Michigan April 9, waiting for service. A Verizon statement explained the outage: “Due to a network issue impacting our switch operations in the Appleton/Green Bay area, customers in northern Wisconsin and Upper Michigan experienced a disruption in voice and text messaging service from approximately 12:45 – 3 p.m. central time [April 9]. Data services were also temporarily impacted as operations were restored. Verizon is working diligently to identify the root cause of the issue.” Source:

For more stories, see item 38 above in the Information Technology Sector