Wednesday, June 8, 2011
Complete DHS Daily Report for June 8, 2011
Daily Report
Top Stories
• According to KPHO 5 Phoenix, several major wildfires burning across the state have closed nearly 150 miles of highways in eastern and southern Arizona. (See items 22, 58)
22. June 7, KPHO 5 Phoenix – (Arizona) 150 miles of state highway closed by wildfires. Several major wildfires burning across the state have closed nearly 150 miles of highways in eastern and southern Arizona, according to the Arizona Department of Transportation (ADOT). The Wallow Fire in eastern Arizona near Alpine has scorched more than 230,000 acres since it started May 29. ADOT said closures on state highways remain in effect June 7: State Route 373, a 4.5 mile-long highway that connects Greer with SR 260 west of Eagar; US 191 between Alpine and north of Clifton (mileposts 176-253); SR 261 and 273, the main access roads to Big Lake and Crescent Lake in the White Mountains. SR 261 starting about 7 miles south of SR 260 to Crescent Lake (mileposts 395-413) and SR 273 between Sunrise Park and Big Lake (mileposts 383-394); US 180 between the SR 260 junction near Eagar and the New Mexico state line (mileposts 403-433). Two major wildfires are active in southern Arizona, including the Murphy Fire, which has claimed nearly 40,000 acres in the Coronado National Forest near Rio Rico, and the Horseshoe Two Fire, which has engulfed over 100,000 acres in Cochise County near Portal. The following closures remained in effect June 7: SR 289 along mileposts 2-10, about 2 miles north of the Interstate 19 junction; SR 366 at milepost 118 leading up to Mount Graham near Safford. There is no estimated time to reopen the highways, according to ADOT. Source: http://www.kpho.com/news/28152288/detail.html
58. June 7, Associated Press – (Arizona; New Mexico; Colorado) Wildfire becomes 2nd largest in Ariz. history. A ferocious wildfire burning in eastern Arizona’s mountains June 7 is now the second-largest in state history, consuming 486 square miles, threatening several mountain towns and sending smoke as far away as Iowa. A fire spokeswoman said the fire has grown most on the north side, as winds whipped flames through the ponderosa pine forest. Only five structures have burned, but several mountain towns and thousands of people have been evacuated, and more than 150 miles of roads have been closed. About 2,500 firefighters, including many from several western states and as far away as New York, were working June 7 to contain the fire, a fire information officer said. Arizona’s governor signed an emergency declaration June 6 that allows the use of $200,000 in emergency funds and authorizes the mobilization of the National Guard if it becomes necessary. Haze from the fire was being carried as far as central Iowa, a National Weather Service meteorologist said. The smoke was also visible in New Mexico, Colorado, Nebraska, and Kansas. In eastern Colorado, the haze obscured the view of the mountains from downtown Denver and prompted some municipal health departments to issue air quality warnings. The 163-square-mile Horseshoe Two fire has devoured two summer cabins and four outbuildings since it started May 8, and is threatening two communities. The fire danger in Arizona prompted the full closure of the Coronado National Forest near Tucson that will begin June 9. Source: http://www.fayobserver.com/articles/2011/06/07/1099972?sac=Home
• Associated Press reports that officials expect water to overtop 11 levees near the borders of Nebraska, Missouri and Iowa, and bury Hamburg, Iowa under several feet of water for weeks. (See item 65)
65. June 6, Associated Press – (Iowa; Missouri; Nebraska) Army expects full breach of Missouri River levee. Crews scrambled June 6 to protect a southwest Iowa town from the swollen Missouri River, but Hamburg officials said it is unclear whether they will be able to prevent the river from leaving the community under several feet of water for weeks. If efforts to pile massive sandbags on a faltering levee and build a secondary barrier fail, part of Hamburg could be under as much as 8 feet of water for a month or more, a fire chief said. Flooding along the river this summer — expected to break decades-old records — will test the system of levees, dams and flood walls like never before. The earthen levee that guards an area of farmland and small towns between Omaha, Nebraska, and Kansas City, Missouri has been partially breached in at least two places south of the Iowa-Missouri border. Emergency management officials expect new breaches in the coming days as the river rises. The last time the Missouri River crested at levels predicted for this summer happened in 1952, before most of the major dams along the river were built. The flooding is expected to last into mid-August. The U.S. Army Corps of Engineers will be releasing more water than it ever has from the dams by mid-June, meaning there likely will be other levee problems like the ones near Hamburg, said an official with the Corps’ water management office. Officials also predict that the water will get high enough to flow over at least 11 levees in the area near Hamburg in the corners of southeast Nebraska, southwest Iowa, and northwest Missouri. Source: http://www.foxnews.com/us/2011/06/06/missouri-river-levee-springs-2nd-partial-breach/
Details
Banking and Finance Sector
15. June 7, New York Post – (New York; Illinois; Florida) Four charged in ATM skim scam. Four alleged high-tech thieves were charged June 6 with stealing at least $1.5 million through a scheme that involved installing illegal electronic equipment on four Manhattan, New York bank machines. Members of the gang replaced the key pads on ATMs at Chase branches in Midtown, Chelsea, and across from the United Nations in March and April 2010, court papers claim. The “skimming” devices allowed the suspects — who are from Romania and Austria — to remotely obtain customers’ PINs and loot their accounts, according to the Manhattan federal court indictment. The suspects did not confine their illegal activities to New York, prosecutors said, accusing them of also targeting Chase and Citibank branches in Miami, Florida and Chicago, Illinois. If convicted, the suspects face up to 60 years in prison. Source: http://www.nypost.com/p/news/local/manhattan/charged_in_atm_skim_scam_krSny8OciS4h8wiZmfW9GI
16. June 7, Charleston Daily Mail – (West Virginia) Former BB&T employee pleads guilty to stealing. A former teller supervisor for BB&T, pleaded guilty in U.S. district court June 6 to falsifying records and stealing at least $200,000. She was accused of stealing money from the branch from at least May 2004 to October 2007. The woman was a supervisor at the West Side branch of BB&T and its predecessors from 1977 to November 2007. She also previously held the positions of head teller and vault teller during her employment with the banking company. According to the indictment, she embezzled the money by making at least 26 false cash balance records of foreign currency, unfit, and mutilated bills in teller drawers, and the bank vault. That resulted in a charge of 26 counts of embezzlement, carrying a possible sentence of 30 years in prison, and a $1 million fine for every count. She admitted concealing the theft and the resultant cash shortage by making false entries in the books and records to make it appear as if the cash total reconciled when it did not. To further her embezzlement scheme, she recorded fictitious cash dollar amounts in her drawers. She also admitted that on other occasions, she would reduce the cash shown in her teller or vault drawer by creating fictitious cash-out tickets. Source: http://www.dailymail.com/News/201106061204
17. June 7, Federal Bureau of Investigation – (National) Eric Lipkin: Another Bernie Madoff employee pleads guilty. A former employee in the investment advisory business of Bernard L. Madoff Investment Securities LLC (BLMIS), pleaded guilty June 7 to a six-count superseding information charging him with conspiracy, falsifying books and records of a broker-dealer, falsifying books and records of an investment adviser, bank fraud, and making false statements to facilitate a theft concerning the Employee Retirement Income Security Act (ERISA). He also agreed to cooperate with the government in its ongoing investigation of BLMIS. In 1996, the suspect and his co-conspirators began falsifying the books and records at BLMIS. He was also responsible for processing the payroll and administering the 401(k) plan at the firm, as well as preparing and maintaining internal payroll records. During his tenure at BLMIS, the suspect created false BLMIS books and records reflecting individuals who did not actually work at the firm. The 37-year-old New Jersey man faces a statutory maximum sentence of 70 years in prison. He will also forfeit at least $1.4 million as well as his interest in his home and various investment accounts. Source: http://www.loansafe.org/eric-lipkin-another-bernie-madoff-employee-pleads-guilty
18. June 6, Softpedia – (International) Banking malware hosted on Amazon’s cloud. Security researchers from Kaspersky Lab have discovered a piece of Brazilian banking malware hosted on Amazon Web Services (AWS), and the cloud provider failed to respond in a timely manner. The malware installer was distributed from an account on Amazon’s Simple Storage Service (Amazon S3) as a .scr (screen saver) file. Once executed, it installs a rootkit which prevents several security products from running, including avast! Antivirus 5, AVG Antivirus, ESET NOD32, and Avira AntiVir. It also disables a browser security add-on called GBPlugin that is commonly distributed by Brazilian banks to their customers. The malware is designed to steal financial information from nine Brazilian banks and two international ones, log-in credentials for Microsoft’s Live Messenger, and digital certificates used by eTokens. In addition, it reports back with information about the infected computers, such as their name, CPU type, and hard drive volume numbers. Source: http://news.softpedia.com/news/Banking-Malware-Hosted-on-Amazon-s-Cloud-204454.shtml
19. June 6, Huffington Post – (National) Foreclosure fraud price tag: $20 billion. The nation’s largest mortgage companies are operating on the assumption that they will have to pay as much as $20 billion to resolve claims of widespread foreclosure abuse, an amount four times what they had originally proposed, the top federal official overseeing the discussions told state officials June 6, according to people who participated in the conversation. The associate U.S. Attorney General (AG) told a bipartisan group of state attorneys general during a conference call that he believes the banks have accepted the realization that a wide-ranging settlement to the months-long probes will cost them much more than the $5 billion offer they floated in May, according to officials with direct knowledge of the call. The assistant AG said he is basing his belief on his recent conversations with representatives of the five targeted firms: Bank of America, JPMorgan Chase, Wells Fargo, Citigroup, and Ally Financial. Source: http://www.huffingtonpost.com/2011/06/06/foreclosure-fraud-20-billion_n_872207.html
20. June 6, Reuters – (Ohio) ‘Mullet bandit’ robs another Ohio bank, his fourth in spree. The man federal authorities have nicknamed the “Mullet Bandit” robbed another bank in Ohio June 6, his fourth heist in the area over the past month. A man matching the description of the suspect entered the First Service Federal Credit Union on Holt Road in Columbus and handed an employee a note saying he was robbing the bank, had a gun, and wanted cash. As in previous holdups believed to be part of Mullet Bandit’s spree, the suspect was wearing large dark sunglasses and a Seattle Mariners baseball cap, and carrying a large black book bag. A man matching that description is wanted in three previous holdups in the Columbus area on May 5, May 18, and May 27. Source: http://wtaq.com/news/articles/2011/jun/06/mullet-bandit-robs-another-ohio-bank-his-fourth-in-spree/
21. June 6, Fort Myers News-Press – (National) Sanibel man operated $16 million Ponzi ring, feds say. A Sanibel, Florida resident is in federal custody, accused of bilking $16 million from more than 100 investors in a Ponzi scheme spanning the past 4 years. He was preparing to board a flight May 31 to Bermuda when he was arrested. He is charged with conspiracy to commit mail and wire fraud, committing mail and wire fraud, and money laundering. “He had everyone believing he was a legitimate business manager,” said a Boca Raton attorney representing dozens of victims — 65 in Lakeland, 1 in Lee, 1 in Charlotte, 5 in California, 2 in Colorado and 1 each in Texas, Utah, Kentucky, Arkansas, Hawaii, and Ontario, Canada. Most of the victims, the attorney said, are between ages 65 and 90, with most investments ranging from $50,000 to $250,000. Officials said of the $20 million the the man and an accomplice collected, only about $4 million got invested or distributed. The remaining $16 million was spent solely for the personal enrichment of the pair. Source: http://www.news-press.com/article/20110607/CRIME/110606044/Sanibel-man-operated-16-million-Ponzi-ring-feds-say?odyssey=tab|topnews|text|Home
Information Technology
43. June 7, Softpedia – (International) LulzSec leaks Sony Devnet source code. Lulz Security has hit Sony again, this time leaking source code corresponding to Sony’s Computer Entertainment Developer Network (SCE Devnet). In addition, the group also hacked into Sony BMG’s network. These latest attacks bring the number of Sony-related compromises credited to LulzSec to six. The hackers released a 54MB-large torrent containing a copy of the Sony Developer Network SVN repository on The Pirate Bay. At the same time, the group announced their sixth hack, which involves Sony BMG. Maps of the company’s internal network were released as proof of the compromise. The public availability of the devnet source code might create problems for Sony. In the past, devnet bugs allowed users to download paid games for free. Sony will also have to verify the integrity of the source code because it is likely the hackers also had write access to it, and might have left backdoors behind. Source: http://news.softpedia.com/news/LulzSec-Leaks-Sony-Devnet-Source-Code-204727.shtml
44. June 6, IDG News Service – (International) After hack, RSA offers to replace SecureID tokens. In an acknowledgment of the severity of its recent computer compromise, RSA Security said June 6 that it will replace SecureID tokens for any customer that asks. Customers have been left wondering whether to trust RSA’s security tokens since March, when the company acknowledged it had been hacked and issued a vague warning to its customers. Then, 2 weeks ago, government contractor Lockheed Martin was reportedly forced to pull access to its virtual private network after hackers compromised the SecureID technology. In a letter sent to customers June 6, RSA confirmed the Lockheed Martin incident was related to SecureID. Information “taken from RSA in March had been used as an element of an attempted broader attack on Lockheed Martin,” RSA’s executive chairman said in the letter. He said the company remains “highly confident in the RSA SecureID product,” but noted the recent Lockheed Martin attack and general concerns over hacking, “may reduce some customers’ overall risk tolerance.” Source: http://www.computerworld.com/s/article/9217381/After_hack_RSA_offers_to_replace_SecureID_tokens
45. June 6, Computerworld – (International) Hackers exploit Flash bug in new attacks against Gmail users. Adobe confirmed June 6 that the Flash Player bug it patched June 5 is being used to steal log-in credentials of Google’s Gmail users. The vulnerability was in an “out-of-band,” or emergency update. The fix was the second in less than 4 weeks for Flash, and the fifth in 2011. A weekend patch is very unusual for Adobe. “We have reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an e-mail message,” an Adobe spokeswoman said. “The reports we received indicate that the current attacks are targeting Gmail specifically. However, we cannot assume that other Web mail providers may not be targeted as well.” According to Adobe’s advisory, the Flash vulnerability is a cross-site scripting bug. Source: http://www.computerworld.com/s/article/9217346/Hackers_exploit_Flash_bug_in_new_attacks_against_Gmail_users
46. June 6, V3.co.uk – (International) DroidKungFu malware discovered on Android platform. Computer researchers are warning Android users of another malware campaign targeted at the platform, which appears to circumnavigate traditional anti-virus filters. North Carolina State University researchers identified at least two applications in more than eight third-party app stores and forums based in China infected with the DroidKungFu malware. The malware mainly affects Android 2.2, exploiting two vulnerabilities to install a back door on a victim’s device which allows hackers to take complete control, according to a post on the university’s official blog. “Previously identified malware, such as DroidDream, has also taken advantage of these two vulnerabilities. But [the researchers] think DroidKungFu is different because, based on the early results of their research, it does a better job of avoiding detection by security software,” the blog noted. “And, while later versions of Android have patched these vulnerabilities, they are not entirely secure. The security patches severely limit DroidKungFu, but it is still able to collect some user data — such as a mobile phone device ID number — and send them to a remote site.” Source: http://www.v3.co.uk/v3-uk/news/2076365/droidkungfu-malware-discovered-android-platform
47. June 6, H Security – (International) VLC Media Player 1.1.10 fixes vulnerabilities. The VideoLAN project has announced the release of version 1.1.10 of its VLC media player, the free open source cross-platform multimedia player which supports a variety of audio and video formats. According to the developers, the eleventh release of the 1.1.x branch of VLC is a maintenance and security update that addresses several issues found in the previous update from mid-April. VLC 1.1.10 fixes several previously reported vulnerabilities in libmodplug, also known as the ModPlug XMMS Plugin, and addresses an integer overflow in the XSPF playlist demultiplexer. Other changes include the removal of FontCache building in the Freetype module, a rewrite of PulseAudio output on Linux/BSD, and various codec and translation updates. A number of Mac OS X interface and hotkey fixes have also been implemented. Source: http://www.h-online.com/security/news/item/VLC-Media-Player-1-1-10-fixes-vulnerabilities-1255756.html
48. June 3, The Register – (International) Android app brings cookie stealing to unwashed masses. A developer has released an app for Android handsets that brings Web site credential stealing over smartphones into the script kiddie realm. FaceNiff, as the Android app is called, can be used to steal unencrypted cookies on most Wi-Fi networks, giving users a point-and-click interface for stealing sensitive authentication tokens sent over Facebook, Twitter, and other popular Web sites when users do not bother to use encrypted secure sockets layer (SSL) connections. The app works even on networks protected by WPA and WPA2 encryption schemes by using a technique known as ARP spoofing to redirect local traffic through the attacker’s device. Source: http://www.theregister.co.uk/2011/06/03/android_cookie_stealing_app/
49. June 2, inAudit – (International) Zeus variant targetting LinkedIn users. Computer security firm Trusteer has spotted a fraudulent e-mail containing a variant of Zeus trojan that targets LinkedIn users and downloads malware onto the device. Trusteer’s CEO said the malicious link is identical with the genuine link on LinkedIn “so it’s hard to notice that the first is fraudulent while the second is genuine.” “If you click the “Confirm that you know” link on the genuine e-mail, it takes you to LinkedIn’s Web site. However, if the same button is clicked on the fraudulent e-mail, it takes you to a malicious Web site that downloads malware onto your computer,” he said. The domain of the malicious site was registered a few days ago with an IP address that points to Russia, the Trusteer CEO added. The malicious server downloads malware to the victim’s computer using the BlackHole exploit kit, which has been made available for free. Source: http://inaudit.com/audit/it-audit/zeus-variant-targetting-linkedin-users-6507/
For more stories, see item 18 above in the Banking and Finance Sector
Communications Sector
50. June 7, The Register – (International) Skype hangs up on users yet again. Users around the world again experienced problems using Skype June 7. With seemingly identical problems in May, punters initially experienced frustration signing into the service before later reporting that the VoIP software had crashed on their machine. Skype played down the scope of the problem, which it blamed on a ““configuration problem,” in an update to its status page. It promised to resolve the snafu via an automatic update that would be in place within an hour or so. The symptoms of the latest glitch, at least, are identical to problems experienced across the VoIP network less than 2 weeks ago. Resolving the problem then involved deleting a file called “shared.xml” on users’ machines that had somehow been corrupted. Source: http://www.theregister.co.uk/2011/06/07/skype_outage/
51. June 6, Computerworld – (International) Hackers may try to disrupt World IPv6 Day. Hundreds of popular Web sites — including Google, Facebook, Yahoo and Bing — are participating in a 24-hour trial of a new Internet standard called IPv6 June 8, prompting worries that hackers will exploit weaknesses in this emerging technology. Dubbed World IPv6 Day, the trial runs from 8 p.m. June 7 to 7:59 p.m. June 8. Security experts were concerned that the 400-plus corporate, government and university Web sites that are participating in World IPv6 Day could be hit with distributed denial of service or other hacking attacks during the 24-hour trial. Source: http://www.computerworld.com/s/article/9217363/Hackers_may_try_to_disrupt_World_IPv6_Day
For more stories, see items 46 and 48 above in Information Technology
