The 1993 World Trade Center bombers: Where are they now?

The 1993 World Trade Center bombers: Where are they now?

CBS News
by Joshua Norman
February 26, 2013


A police photographer adjusts a light at the edge of the crater in an underground parking garage at the World Trade Center February 28, 1993.

A police photographer adjusts a light at the edge of the crater in an underground parking garage at the World Trade Center February 28, 1993. 
/ Getty Images


On Feb. 26, 1993, an ugly new phase of terrorism was ushered in when Jordanian Eyad Ismoil drove Kuwaiti Ramzi Yousef and a 1,300-pound nitrate-hydrogen gas enhanced bomb also stuffed with cyanide into the parking garage below the World Trade Center in Manhattan.

Yousef lit a 20-foot fuse, and the two fled quickly enough to evade immediate capture by authorities. The bomb killed six people and injured more than 1,000 that day.

When the bomb went off, their goal of bringing down the Twin Towers failed, but the event was the first in a continuing string of indiscriminate attacks on civilians by terrorists designed solely to kill as many as possible.

1993 World Trade Center, bombers, ramzi yousef
The seven men convicted for the 1993 World Trade Center bombing in New York City


By 1997, seven men had been convicted for the attack: Yousef, Ismoil, Egyptian Mahmud Abouhalima, Palestinian Mohammad Salameh, Kuwaiti Nidal A. Ayyad, Iraqi Abdul Rahman Yasin and Palestinian Ahmad Ajaj. Only six of them, however, had been caught.

The one thing that bound them all was a radical Egyptian cleric, Omar Abdel Rahman, a blind sheik who had once set up shop in Jersey City, New Jersey. Rahman was ultimately convicted of masterminding several attacks — some carried out, some not — on American interests.

Khalid Sheikh Mohammed holds up a piece of paper during a court recess at a military tribunal pretrial hearing at the Guantanamo Bay Naval Base in Cuba, Oct. 15, 2012, in this picture of a sketch by courtroom artist Janet Hamlin and reviewed by the U.S. Department of Defense.
Khalid Sheikh Mohammed holds up a piece of paper during a court recess at a military tribunal pretrial hearing at the Guantanamo Bay Naval Base in Cuba, Oct. 15, 2012, in this picture of a sketch by courtroom artist Janet Hamlin and reviewed by the U.S. Department of Defense.
/ AP Photo/Janet Hamlin

Rounding out the circle of plotters is the infamous Khalid Sheikh Mohammed, who is not only Yousef’s uncle, but also later claimed to be the mastermind of the 9/11 attacks which ultimately brought the Twin Towers down. Mohammed gave Yousef advice, tips, and cash in the run up to the 1993 bombing.

Five of the seven main bombers are serving life sentences in the federal Supermax prison in Florence, Colo.

Yousef is currently suing for more human contact after 15 years in prison. According to the Los Angeles Times, he wrote to the warden: “I request an immediate end to my solitary confinement and ask to be in a unit in an open prison environment where inmates are allowed outside their cells for no less than 14 hours a day.”

Nidal Ayyad, an alleged Rutgers University graduate, is apparently serving his life sentence in a federal penitentiary in Terre Haute, Indiana

Abdul Yasin was tracked down by “60 Minutes” in May of 2002 in an Iraqi facility outside of Baghdad. He had successfully fled the U.S. after the 1993 bombing and remained high on the most-wanted list the entire time.

Yasin, 40 at the time, expressed regret to Leslie Stahl about the bombing and claimed he was talked into it by his fellow bombers, whom he met for the first time while living in Jersey City.

“[Yousef and Salameh] used to tell me how Arabs suffered a great deal and that we have to send a message that this is not right … to revenge for my Palestinian brothers and my brothers in Saudi Arabia,” Yasin told Stahl. He added that they also prodded him about being an Iraqi who should avenge the defeat of Iraq in the Gulf War.

The “60 Minutes” interview is likely the last time any Westerner officially spoke to Yasin, who by all accounts remains on the lam to this day.

Khaled Sheikh Mohammed is currently on trial in Guantanamo Bay for his role in the 9/11 attacks. Mohammed is kept under such heavy security that his lawyers can’t even reveal routine conversations with their client. Prosecutors are seeking the death penalty.

Blind sheik Omar Abdel-Rahman sits and prays inside an iron cage at the opening of court session in Cairo Aug. 6, 1989.
Blind sheik Omar Abdel Rahman sits and prays inside an iron cage at the opening of court session in Cairo Aug. 6, 1989.
/ AFP/Getty Images

The true “celebrity” of the attacks, for lack of a better term, is the so-called “Blind Sheik,” Omar Abdel Rahman. His name and his teachings are repeatedly invoked by jihadists and conservative Muslims the world over as inspiration.

In September 2003, he was transferred from the federal Supermax prison in Colorado to a medical prison in Springfield, Mo., after officials said Rahman might lose his limbs to diabetes.

Militants who attacked the Ain Amenas gas field in the Sahara in January of this year had offered to release two of the three Americans eventually killed in the attack in exchange for the freedom of Rahman and Aafia Siddiqui, a Pakistani scientist convicted of shooting at two U.S. soldiers in Afghanistan. The Obama administration rejected the offer outright.

Al Qaeda’s current leader, Ayman Al-Zawahri, has repeatedly invoked Rahman as a reason for kidnapping and killing Westerners. In an undated two-hour videotape posted last October on militant forums, he said that abducting nationals of “countries waging wars on Muslims” is the only way to free “our captives, and Sheik Omar Abdel Rahman.”

Even more moderate Muslims appear to revere the Blind Sheik. In his first public speech last June addressing tens of thousands of mostly Islamist supporters, Egypt’s then-president-elect Mohammed Morsi vowed to free Rahman.

The U.S. has not budged in its refusal to consider freeing Rahman in any negotiations so far, so it is highly unlikely Morsi will succeed.


Related Links:

Direct Link:

Don’t Call or Click… BEWARE: Hackers, Scammers, Trolls & Low Lifes are on Overdrive!!


Yes Virginia… It is getting worse out there!

I know, I know…. Washington D.C. keeps saying that “Everything Is Getting Better!” But, I wish Washington and our so called Leaders would tell that to the “Scumbag Trolls” on the internet that it is okay to stop ripping people off because the gravy train is back! Until then, you should BE AWARE that there are new phishing scams in the works that will not only put you, your family, your friends, co-workers financially at risk… But also cost you more money on your cellular bill in the way of unwanted text messages.

Very soon, if not already, you will begin getting text messages from somebody you don’t know telling you something like…

“Hey its Jennifer, and I just took some new pictures and wanted to know what you think”

Well, if you decide to look, YOU’RE AN IDIOT!

This is another popular one that goes like this….

“OMG, I can’t believe you let them get a picture of you like that. Check it out (with a link)”

Well, I you decide to look, YOU’RE AN EVEN BIGGER IDIOT!

Or how about these two texts…

Message: Call 8 0 0 8 5 1 7 2 6 8 Attention Required California C U


Message: Attention Required 802 851 7268 California CU

The point in a nutshell is that you should not click or call anything remotely like this nor should you trust the message because it came from what you believe to be a loved / trusted one because it could be they clicked or the information was “SPOOFED” to look legitimate.

We have been posting article on this time of “PHISHING” Schemes, Malware, Trojans, Viruses, etc for awhile now to keep you in the know and as safe as you can be, based on your own caution and habits online.

Surf Safe… Be Safe!

From Your Friends at:

G.E. Investigations, LLC

Toll Free: 866.347.7948


Follow Us / Like Us for more updates and Postings to keep you aware!

** Twitter:

** Facebook:

Banking malware returns to basics, researchers say

Banking malware returns to basics, researchers say

Malware authors add phishing-like credential theft capabilities to banking Trojan programs, researchers from Trusteer say

Computer World

by Lucian Constantin
February 8, 2013


Banking HACKED
Banking HACKED

IDG News Service –

Financial malware authors are trying to evade new online banking security systems by returning to more traditional phishing-like credential stealing techniques, according to researchers from security firm Trusteer.

Most financial Trojan programs used by cybercriminals today are capable of tampering in real time with online banking sessions initiated by victims on their computers. This includes the ability to execute fraudulent transactions in the background and hide them from the user by modifying the account balance and transaction history display in their browser.

As a result, banks have started deploying systems to monitor how customers interact with their websites and detect anomalies that might indicate malware activity. However, it seems that some malware creators are returning to more traditional techniques that involve stealing credentials and using them from a different computer in order to avoid being detected.

Trusteer researchers have recently detected changes in the Tinba and Tilon financial Trojan programs designed to prevent victims from accessing the real online banking websites and replace their log-in pages with rogue versions.

“When the customer accesses the bank’s website, the malware presents a completely fake web page that looks like the bank login page,” Trusteer’s chief technology officer Amit Klein said Thursday in a blog post. “Once the customer enters their login credentials into the fake page the malware presents an error message claiming that the online banking service is currently unavailable. In the meantime, the malware sends the stolen login credentials to the fraudster who then uses a completely different machine to log into the bank as the customer and executes fraudulent transactions.”

If the bank uses multi-factor authentication that requires one-time passwords (OTPs), the malware asks for this information on the fake page as well.

This type of credential theft is similar to traditional phishing attacks, but it is harder to detect because the URL in the browser’s address bar is that of the real website and not a fake one.

“It’s not as sophisticated as injecting transactions into web banking sessions in real time, but it accomplishes its goal of evading detection,” Klein said.

This “full page replacement” feature is present in Tinba version 2, which Trusteer researchers have recently discovered and analyzed. The malware comes with support for Google Chrome and attempts to limit its network traffic by storing images loaded on the fake page locally.

According to the Trusteer researchers, Tinba v2 is already used in attacks targeting major financial institutions and consumer Web services.

“Banks have always faced two attack vectors in the online channel,” Klein said. “The first is credentials theft. There are various ways to execute this type of attack including malware, pharming and phishing. The second attack vector is session hijacking which is achieved through malware. These two vectors require two different solutions.”

Banks should make sure that they have protection in place against both attack types, otherwise cybercriminals will quickly adapt their techniques, Klein said. “You can’t put a lock on your door and leave the window open.”
Direct Link:

Federal Reserve confirms its system was breached

Federal Reserve confirms its system was breached

A group claiming affiliation to the Anonymous hacktivist collective posted contact info for more than 4,000 banking executives

Computer World
by Joab Jackson
February 6, 2013


Federal Reserve
Federal Reserve

IDG News Service –

Malicious attackers gained entry to internal Federal Reserve System computers, illegally copying a database of banking executive contact information, the banking system has confirmed.

“The Federal Reserve System is aware that information was obtained by exploiting a temporary vulnerability in a website vendor product. The vulnerability was fixed shortly after discovery and is no longer an issue,” a Federal Reserve spokesman wrote in an email. “This incident did not affect critical operations of the Federal Reserve System.”

The Federal Reserve did not identify the attackers, however, on Sunday, a group claiming to be affiliated with Anonymous, the loose collective of malicious hackers, posted the personal information of more than 4,000 bank executives, stating the information came from the Federal Reserve.

The Emergency Communications System (ECS), run by the Federal Reserve Bank of St. Louis, was the system attacked, according to a memo that the banking system sent out to the system’s users. ECS provides financial institutions with status updates of the Federal Reserve during times of natural disaster. Attackers gained access to a database with bank executive contact information, including mailing addresses, business and phone numbers, email and fax numbers.

The Federal Reserve stated that no passwords were compromised, despite press reports to the contrary. The organization reset the contact’s passwords to the system anyway as a precaution.

The group, Operation Last Resort, posted the contact information it had on the website for the Alabama Criminal Justice Information Center, after breaking into that site. Operation Last Resort is protesting what it considers to be overly severe U.S. Department of Justice prosecution of Internet activist and innovator Aaron Swartz, who recently committed suicide. Swartz faced a 35-year jail sentence and a $1 million fine for allegedly illegally downloading millions of scholarly articles from a Massachusetts Institute of Technology network.

Direct Link:

Critical cURL library flaw could expose many apps to hackers

Critical cURL library flaw could expose many apps to hackers

Libcurl 7.29.0 addresses a critical remote code execution vulnerability

Computer World

by Lucian Constantin
February 8, 2013

Critical cURL library flaw could expose many apps to hackers
Critical cURL library flaw could expose many apps to hackers

IDG News Service –

A critical buffer overflow vulnerability patched this week in the widely used open-source cURL library (libcurl) has the potential to expose a large number of applications and systems to remote code execution attacks.

CURL is a cross-platform command line tool and library for transferring data using URL (uniform resource locator) syntax. It supports a wide range of protocols including HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, DICT, FILE, FTP, FTPS, Gopher, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, Telnet and TFTP.

The vulnerability can be exploited when a program that uses libcurl or the cURL command line tool communicates with a malicious server over the POP3, SMTP or IMAP protocols, the cURL developers said Wednesday in a security advisory. The flaw is located in the libcurl function that handles SASL DIGEST-MD5 authentication and affects versions 7.26.0 to 7.28.1 of the library, they said.

Libcurl 7.29.0 was released Wednesday to address the flaw. However, the issue can also be mitigated by using the CURLOPT_PROTOCOLS option to disable support for the vulnerable protocols at run-time.

Vulnerability research and management firm Secunia rated the flaw as highly critical. “Successful exploitation may allow execution of arbitrary code but requires tricking a user into connecting to a malicious server,” the company said Thursday in a security advisory.

Even though a potential exploit involves POP3, IMAP or SMTP authentication, HTTP URLs can also be used as an initial attack vector because cURL supports redirection, said Volema, the vulnerability research outfit that discovered the vulnerability, in a blog post Wednesday.

If a program that uses libcurl is instructed to open an HTTP URL to a malicious server, the server can respond with status “302 Found” and redirect the library to another location, which can be pop3://, Volema said. The library will then attempt authentication and the server can deliver the exploit.

There’s a run-time option called CURLOPT_FOLLOWLOCATION that can be used to prevent libcurl from following “Location” headers sent in HTTP responses. If this feature is needed, another option called CURLOPT_REDIR_PROTOCOLS can be used to limit what protocols are supported for redirect attempts.

“I don’t expect that many applications use these options to limit exposure – at least not before this discovery,” Carsten Eiram, chief research officer at security firm Risk Based Security, said Friday via email.

CURL is highly portable and works on Windows, Mac OS X, Linux, Solaris, BSD variants, other UNIX-derived OSes including those for embedded systems, as well as mobile OSes like iOS, Android, BlackBerry Tablet OS and BlackBerry 10 OS. This makes it very popular among application developers who would rather use an already robust library for data transfer than code their own solution from scratch.

The library is used by a wide range of desktop, Web and mobile applications. According to the cURL developers it’s even used in Internet-connected TV sets and Bluray players, in embedded systems and in games. An incomplete list of applications that use libcurl is available on the project’s website.

Some applications bundle a copy of the library with their installers while others use the version of the library installed on the operating system. Some Linux distributions come with libcurl installed by default, while others provide it as an optional package.

Because of the many ways and places where libcurl is used, a lot of systems and applications are likely to remain vulnerable to this vulnerability for some time to come, despite a patch being available.

This will especially be the case for those applications that use it statically, meaning that the applications include a copy of the library, Eiram said.

“This is one of the problems in general with software that often includes a lot of third-party components and libraries,” Eiram said. “How do these software vendors get informed about vulnerabilities in any components that they bundle, and how quick are they at evaluating if their software is vulnerable and update it?”

“We regularly see products affected by vulnerabilities in their bundled components, which were fixed upstream a long time ago,” he said. “An example is the latest“>UPnP research by Rapid7. Some of the described vulnerabilities were fixed many years ago, yet device vendors are still using old, vulnerable versions of the components.”

Eiram believes that if a reliable exploit is released, there will definitely be attacks that will target this vulnerability. “We will at least see random websites trying to exploit this if targets happen — or are tricked — to visit it with a vulnerable application,” he said.

Direct Link: