Tuesday, August 14, 2012
Daily Report
Top Stories
• A man whose jet ski failed him in New York‘s
Jamaica Bay swam to John F. Kennedy International Airport in New York City,
where officials said he was easily able to penetrate the airport‘s state-of-the
art security system. – ABC News
17.
August 13, ABC News – (New York) Jet
skier breaks through JFK Airport’s $100 million security system. A man
whose jet ski failed him in New York‘s Jamaica Bay swam to John F. Kennedy
International Airport (JFK) in New York City, where he was easily able to
penetrate the airport‘s state-of-the art security system. He was able to swim
up to and enter the airport grounds August 10, past an intricate system of
motion sensors and closed-circuit cameras designed to to safeguard against
terrorists, authorities said. The man climbed an 8-foot barbed-wire perimeter
fence and walked undetected through the airport‘s Perimeter Intrusion Detection
System and across two runways into Delta‘s terminal 3. He was eventually
spotted by a Delta employee, and police charged him with criminal trespassing. Port
Authority of New York and New Jersey officials responded saying they ―took
immediate action to increase its police presence with round the clock patrols
of the facility‘s perimeter and increased patrols by boat of the surrounding
waterway.‖ In 2011 at JFK, there was a huge uproar over the same perimeter
fence, when it was knocked out by weather and remained down for days. Source: http://abcnews.go.com/US/jet-skier-breaks-jfk-airports-100-million-security/story?id=16992190#.UCkNpqDl-ra
• Three people were killed and many others
were injured after a gunman opened fire blocks away from Texas A&M
University August 13 in College Station, Texas. – Raycom News Network
35.
August 13, Raycom News Network –
(Texas) Officer, suspect among 3 killed in shooting near Texas A&M. Three
people have been killed and many others were injured after a gunman opened fire
just blocks away from Texas A&M University August 13 in College Station,
Texas. Police confirm two have died, including one civilian and a constable. TV
stations KBTX 3 Bryan/College Station and KHOU 11 Houston reported the suspect
had also been killed, citing the College Station Police Department (CSPD).
Witnesses told KBTX the constable arrived to evict the shooter from his home.
Other responding officers were met with gunfire. A CSPD spokesman said those
officers called for backup and ended up shooting the gunman. One officer was
shot in the leg and was in stable condition. A third officer suffered non-life
threatening injuries, and a second civilian was in surgery because of her
wounds. Witness reports indicated the scene was active for about half an hour.
Police said the area, which was just blocks from campus and near Kyle Field,
the football stadium, was secured. Source: http://www.wbtv.com/story/19265000/multiple-shot-near-texas-am-1-person-in-custody
• A West Frankfort, Illinois man who allegedly
threatened to take the life of police officers and blow up a police station was
arrested in possession of homemade explosive devices, firearms, and ammunition.
– Carbondale Southern Illinoisan
41.
August 11, Carbondale Southern Illinoisan –
(Illinois) Cops: Explosives, guns found after threats. A West Frankfort,
Illinois man who allegedly threatened to take the life of police officers and
blow up a police station was arrested August 9 in possession of homemade
explosive devices, firearms, and ammunition, the West Frankfort police chief
said. He was charged with weapons and explosive-related offenses after police
were tipped off August 9. The investigation by police led to his arrest in a
vehicle. Two homemade explosive devices were found inside the vehicle, the
chief said. When officers served a search warrant at his home, they found
another homemade explosive device. Several items associated with manufacturing
explosive devices were located and seized. Several firearms including handguns,
shotguns, and assault-style rifles, as well as several hundred rounds of
ammunition also were seized. While the firearms appeared to be legal,
attachments made to some of them were not legal, the chief said. The suspect
also did not have a state-required valid firearm owner ID card. He was taken to
Franklin County Jail and charged with weapons and explosive-related offenses.
Source: http://thesouthern.com/news/local/cops-explosives-guns-found-after-threats/article_8bc1f6b0-e36c-11e1-9310-0019bb2963f4.html
• Two former U.S. Border Patrol agents face 50
years in prison and millions in fines after they were found guilty August 10 of
smuggling hundreds of people into the United States in Border Patrol vehicles.
– Associated Press
42.
August 10, Associated Press –
(International) Border agents accused in smuggling ring convicted. Two
former U.S. Border Patrol agents were found guilty August 10 of smuggling
hundreds of people into the United States in Border Patrol vehicles. They were
convicted of charges that they brought illegal immigrants into the country for
money and received bribes by public officials, and counts of conspiracy to
launder money. Prosecutors said one agent started a ring that smuggled in
Mexicans and Brazilians and made his older brother and a fellow agent, one of
his first recruits. Both brothers pleaded not guilty in one of the
highest-profile corruption cases to sting the Border Patrol since it went on a
hiring spree during the last decade. The brothers were scheduled to be
sentenced November 16. They face a maximum of 50 years in prison and at least
$1.25 million in penalties. Another defendant in the case was also found guilty
August 10 of charges of smuggling illegal immigrants for money, bringing illegal
immigrants into the United States, and conspiracy to launder money. Source: http://www.ktul.com/story/19251528/guilty-verdict-in-border-patrol-smuggling-case
Details
Banking and Finance Sector
11. August
13, Help Net Security – (International) Nationwide phishing
emails hit inboxes. Customers of Nationwide Building Society, a British
mutual financial institution and the largest building society in the world, are
being targeted with phishing emails purportedly coming from the company, GFI
Labs reported August 13. The emails ask recipients to either validate their
Internet banking profile or to solve an ―unusual conflict between the customer
number and profile details associated with their account. If they follow the
offered links, the victims are redirected through many compromised sites to one
that hosts the phishing page designed to look like it belongs to Nationwide.
They are then asked to share security information that will allow the phishers
to compromise their account. Source: http://www.net-security.org/secworld.php?id=13417
12. August
11, Minneapolis Star Tribune – (Minnesota) No bomb, but
threat shook up part of downtown. The actions of a man whom police described
as ―disgruntled‖ triggered a midday disruption August 10 along Nicollet Mall in
Minneapolis, Minnesota. The man, who had a book bag with him, entered the
M&I Bank and said he had either a bomb, a gun, or both, police said. The
alleged bomb threat and apprehension prompted the evacuation of Gaviidae Common
and the closure of several surrounding streets for about an hour. The suspect
was being held in the Hennepin County jail on suspicion of kidnapping and
terroristic threats, said a Minneapolis police spokesman. He did not have a
bomb or gun, the spokesman said. The incident began earlier that day, when the
suspect went to the studios of WCCO 4 Minneapolis and was turned away after
asking to speak with a reporter. Soon afterward, the station reported, a man
believed to be the same person called WCCO and repeated his request to speak
with a reporter. He added that if his story was not heard, the station would
hear about it. Source: http://www.startribune.com/local/minneapolis/165748606.html?refer=y
13. August
10, V3.co.uk – (International) Zeus-like Dorifel malware spotted in Europe. A
malware infection believed to be linked to the Zeus crimeware family has been
reported on systems in Europe, V3.co.uk reported August 10. Kaspersky Lab said
the attack, known as ―Dorifel,‖ displays a pattern of odd behavior such as
encrypting downloaded information and establishing secured network connections.
Researchers are not sure of the exact aim of the infection or its behaviors,
but Kaspersky Lab believes the attack is financial in nature and possibly
related to Zeus. Researchers studying the infection found that servers hosting
the control components for Dorifel hosted a number of other malware attacks and
also stored stolen financial data. Kaspersky Lab said that thus far most of
Dorifel‘s attacks have occurred in the Netherlands, though infections have been
spotted throughout Europe. Source: http://www.v3.co.uk/v3-uk/news/2198222/zueslike-dorifel-malware-spotted-in-europe
14. August
10, New Castle News Journal – (Delaware) Discover employee
faces terroristic threatening, criminal trespassing charges. An employee
who was told not to return to work after being reprimanded was arrested August
9 after he showed up on Discover Card Bank property in New Castle, Delaware,
New Castle County police said in a release. He was charged with felony
terroristic threatening, terroristic threatening, criminal trespassing, and
possession of marijuana, said a police official. The incident forced the
evacuation of employees in the building after a report that an employee was on
the property and possibly was armed with an AK-47. The suspect was on the top
deck of the garage headed for the front door, the official said. Bomb dogs were
called to the scene to sweep his vehicle because he had allegedly mentioned to
a colleague about bringing an AK-47 to work and shooting the place up. Officers
learned the suspect had been placed on administrative leave August 8 because of
an unreported incident in which he allegedly threatened an employee. As a
result of that, the suspect was told not to return to work or enter the
property until he was contacted by the company. Upon seeing him on the property
the morning of August 9, security personnel placed the building on lockdown as
a precaution and notified police. Source: http://www.delawareonline.com/article/20120810/NEWS01/308100077/Discover-employee-faces-terroristic-threatening-criminal-trespassing-charges?odyssey=tab|topnews|text|Home
15. August
10, IT PRO – (International) Trusteer hails discovery of ‘Son of Silon’
financial malware. Security vendor Trusteer uncovered a type of financial
malware that it claims is capable of avoiding detection by most types of
anti-virus software, IT PRO reported August 10. The Trojan, dubbed Tilon, uses
the so-called ‗Man in the Browser‘ (MitB) technique: The malware injects itself
into the software and is then in full control of the traffic traveling between
the browser and the Web server. ―[Tilon] has an impressive list of supported
browsers — Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and
probably others,‖ said the chief technology officer at Trusteer. Tilon, which
is related to the Silon malware Trusteer detected in 2009, is specifically
targeted at online banking customers protected by two factor authentication
systems, according to the security expert. It is able to gain access to all
log-in credentials and transactions, the company said, by capturing all form
submissions and sending them to its command and control server. The firms
claims Tilon shares similarities with other financial malware, such as Zeus,
SpyEye and Shylock, but it is its evasion mechanisms that make it stand out.
Source: http://www.itpro.co.uk/642223/trusteer-hails-discovery-of-son-of-silon-financial-malware
16. August
9, Queens Times Ledger – (Pennsylvania) FBI arrests Bayside man
for alleged death threats. The FBI arrested a Bayside, New York man August
7 for allegedly threatening to kill employees of a Pennsylvania bank,
authorities said. According to a criminal complaint filed by an FBI agent, the
man faxed a threatening note to a Sovereign Bank in Pottsville, Pennsylvania.
An FBI agent said the man held a loan with the bank that may have blocked him
from selling his home while he still owed about $179,000 on the loan. Law
enforcement officials had reason to take his threats seriously as he also had a
shotgun registered in his name, the criminal complaint said. ―The 2nd Amendment
to the National Constitution authorized the use of deadly force to protect my
interests as a national citizen,‖ the suspect said in the faxed letter in which
he tried to terminate the loan he owed. ―I believe I have a basis to act in
that manner.‖ At his arraignment in Brooklyn federal court August 8, the judge
refused his requests to represent himself and ruled he was a danger to the
community and was to be held without bail. According to the FBI, the man
identifies himself as part of the sovereign citizen movement. Source: http://www.timesledger.com/stories/2012/32/chung_web_2012_08_09_q.html
Information Technology Sector
45. August
13, ZDNet – (International) Blizzard passwords could be theoretically
reverse engineered. As a researcher explained on his blog, the information
stolen from Blizzard is likely to be the server-side database used as part of
the Secure Remote Password (SRP) protocol. If Blizzard‘s implementation of SRP
is standard, its stolen SRP database contains the username and salts for each
account and their hashed password verifiers. In his post, the researcher drew
on a previous paper, written by a leading researcher of SRP, who stated if
certain data were known — such as the password verifiers that were stolen from
Blizzard — an attacker would be able to perform a dictionary attack. Although
an attacker cannot ―unhash‖ the information, in simplistic terms, they can
still attempt to combine a username with a dictionary list of common passwords,
and then attempt to use the salts in the database to generate a verifier. These
generated verifiers can then be matched up against stolen verifiers. The
presence of the salts in the stolen information means the additional strength
normally provided to mitigate weak passwords is hampered. Additionally,
Blizzard passwords are case-insensitive, which significantly reduces the number
of passwords that must be tested. Source: http://www.zdnet.com/blizzard-passwords-could-be-theoretically-reverse-engineered-7000002497/
46. August
13, IDG News Service – (International) Swiss scientists develop algorithm to sniff
out source of malware, spam attacks. Swiss scientists developed an
algorithm that can be used to locate spammers as well as the source of a
computer virus or malware. The algorithm finds the source by only checking a
small percentage of the connections in a network, said a postdoctoral
researcher at the Audiovisual Communications Laboratory of the Swiss Federal
Institute of Technology August 13. If a researcher would like to find the
source of a virus, malware, or spam-attack, it is impossible to track the
status of all nodes on the Internet, he said. Instead, he and his colleagues
devised an algorithm that shows it is possible to estimate the location of the
source from measurements collected by sparsely placed observers or sensors. By
using the algorithm, the specific computer in the network from which the spam
mail is being sent can be found so the network provider can shut it down, for
instance, he said. Using the same method, the first computer where a virus was
injected could be pinpointed, he added. Source: http://www.computerworld.com/s/article/9230199/Swiss_scientists_develop_algorithm_to_sniff_out_source_of_malware_spam_attacks
47. August
13, Softpedia – (International) ‘Fusking’ exposes private Photobucket
pictures. Photobucket is not as popular as it used to be, but it is still
used by a number of Internet users, and it is also utilized by Twitter for
hosting images. It was discovered that there is a serious vulnerability in the
service that allows almost anyone to gain access to private pictures. According
to BuzzFeed FWD, all an attacker needs is a fusking application — a piece of
software able to extract images from a Web page. The issue is not entirely new
— it has been used on many occasions to obtain adult pictures from the accounts
of unsuspecting female users. Many of the ―secret‖ pictures posted on 4chan are
obtained by using these methods and several tutorials on how they can be
obtained are posted, some of them dating as far back as 2009. However, many
people are unaware of the issue, and Photobucket has not done much to mitigate
the vulnerability. Source: http://news.softpedia.com/news/Fusking-Exposes-Private-Photobucket-Pictures-286317.shtml
48. August
10, Threatpost – (International) Researchers release detection tool for Gauss
malware’s Palida Narrow font. One of the many mysteries around the
discovery of the Gauss malware is why the tool installs a new font called Palida
Narrow on infected machines. Researchers have been unable to figure out yet
what the purpose of the font is, but as its presence on a PC is a good
indicator of a Gauss infection, CrySyS Lab and Kaspersky Lab released a tool to
detect it August 10. The detection tool can be found on the Securelist site and
also on the CrySyS Lab site. The two main questions surrounding Gauss are why
Palida Narrow is installed, and what is inside the encrypted payload Gauss
installs on infected machines. Researchers have many theories, with one being
that Palida Narrow is used as a kind of brand to mark infected PCs for
command-and-control servers. Source: http://threatpost.com/en_us/blogs/researchers-release-detection-tool-gauss-malwares-palida-narrow-font-081012
49. August 10, Krebs on Security – (International) ‘Booter
shells’ turn Web sites into weapons. Hacked Web sites are not just used for
hosting malware anymore. Increasingly, they are being retrofitted with tools
that let miscreants harness the compromised site‘s raw server power for attacks
aimed at knocking other sites offline. It has long been standard practice for
Web site hackers to leave behind a Web-based ―shell,‖ a tiny ―backdoor‖ program
that lets them add, delete, and run files on compromised server. However, in a
growing number of Web site break-ins, the trespassers also are leaving behind
simple tools called ―booter shells,‖ which allow the miscreants to launch
future denial-of-service attacks without the need for vast networks of infected
zombie computers. According to Prolexic, with booter shells distributed
denial-of-service attacks can be launched more readily and can cause more
damage, with far fewer machines. Source: http://krebsonsecurity.com/2012/08/booter-shells-turn-web-sites-into-weapons/
50. August 10, Quincy Patriot Ledger –
(Massachusetts) Hazmat and FBI officials investigate suspicious letter. HAZMAT
and FBI officials began a formal investigation after a letter containing a
powdery substance was received August 10 at NTT DATA, in Rockland,
Massachusetts. The powder was tested on-site and initially determined to be
benign, but was sent to the HAZMAT lab in Boston for further testing. It could
take up to 5 days to obtain results. A Rockland Police lieutenant said the
letter was addressed to a specific employee at the company. He described the
letter as ―somewhat threatening in nature.‖ The building was evacuated. The FBI
plans to conduct a forensic investigation. Source: http://www.patriotledger.com/topstories/x181548295/Hazmat-and-FBI-officials-investigate-suspicious-letter
For more stories, see items 13 and 15 above in the Banking and Finance Sector
Communications Sector
See
item 47 above in the Information Technology Sector