Thursday, April 23, 2009

Complete DHS Daily Report for April 23, 2009

Daily Report

Top Stories

 According to Mount Vernon News, a tanker truck which overturned while carrying 41,100 pounds of liquid anhydrous ammonia created a potential hazmat incident south of Fredericktown, Ohio on Monday. Emergency personnel closed several roads, and almost 200 homes were evacuated. (See item 7)


7. April 21, Mount Vernon News – (Ohio) Overturned tanker closes highway. A tanker truck which overturned while carrying anhydrous ammonia April 20 created a potential hazmat incident south of Fredericktown, causing emergency personnel to close several roads, including Ohio 13. Almost 200 homes near the scene of the accident were evacuated. A hot zone, which is a potential imminent threat to life and safety, was declared in the area surrounding the overturned McIlvaine Trucking semitrailer. The truck carried 41,100 pounds of liquid anhydrous ammonia, a commonly used fertilizer which becomes a toxic vapor at temperatures above minus 28 degrees Fahrenheit. Fredericktown fire and EMS personnel responded to the scene immediately after the accident was reported around 3 p.m. They found the truck overturned on its right side, on the west side of the roadway and off an embankment. Because of the damage to the truck and the precarious nature of the hazardous substance inside the disabled vehicle, which weighs 70,000 pounds loaded, the Fire Chief ordered the road closed, and requested Knox County Emergency Management to respond to the scene. Fire crews initially blocked off Ohio 13 at Beckley Road to the south and the Ohio 95 bypass to the north. Those barricades were eventually extended once the scene was assessed by firefighters and emergency management. Source: http://www.mountvernonnews.com/local/09/04/21/overturned-tanker-closes-highway


 CBS News reports that the FBI and British law enforcement authorities are trying to hunt down hackers responsible for a botnet that security firm Finjan says compromised 1.9 million computers worldwide in just two months. Nearly half of the infected computers were in the United States. (See item 40)


See below in Information Technology


Details

Banking and Finance Sector

16. April 22, Appleton Post-Crescent – (Wisconsin) New Holstein woman faces fraud charges. A 54-year-old New Holstein securities agent was bound over for trial on April 21 on accusations of taking $2.4 million for an investment product that did not exist. The woman waived her right to a preliminary hearing on six felony charges during an initial appearance in Calumet County Court. She was charged last week with four counts of theft and two counts of securities fraud. She recommended and collected investments in a firm she called Denuer from 1998 through January, the criminal complaint says. The state Department of Financial Institutions found no evidence that such a firm exists. It was later found that the money was deposited in her personal accounts. Investigators also found that more than $1.2 million from her accounts went to casino-related expenses during the last four years. Source: http://www.postcrescent.com/article/20090422/APC0101/904220484/1003/APC01


17. April 21, United Press International – (International) Wise Millennium Bank probe ongoing. U.S. investigators said they are still investigating the Wise Millennium Bank and its founder, who allegedly ran an $80 million Ponzi scam. Civil suits have been filed in Texas, Tennessee and North Carolina and investigators in Kentucky have forwarded results of an investigation to a Federal Bureau of Investigation team in Raleigh, North Carolina, the Raleigh News & Observer reported April 21. The Sheriff’s investigator in Kentucky said they are up to four reported victims, with losses of a million dollars each. No criminal charges have been filed yet, but the Securities and Exchange Commission said more than 350 investors bought worthless certificates of deposit from the bank that operates in the island nation of St. Vincent and the Grenadines. Source: http://www.redorbit.com/news/business/1674813/wise_millennium_bank_probe_ongoing/


18. April 21, Deseret News – (Utah) Lindon man indicted in Ponzi scheme. A federal indictment was unsealed Tuesday involving a man who prosecutors say defrauded investors of more than $18 million in a Ponzi scheme and then used much of that money to acquire an extensive collection of vintage and high-end cars. The suspect was indicted by a grand jury in February on three counts of wire fraud, the U.S. Attorney for Utah announced Tuesday. The Federal Bureau of Investigation (FBI) believes the suspect is currently on the run, possibly hiding somewhere outside the United States. He speaks Spanish and was last known to be in Panama, said the special agent in charge of the Salt Lake office of the FBI. The suspect promised investors they could make money either through a foreign-currency trading program or a real estate leveraging program. Instead, he bought more than 200 classic cars, trucks, motorcycles and three-wheelers. Source: http://www.deseretnews.com/article/705298766/Lindon-man-indicted-in-Ponzi-scheme.html


19. April 21, WGBA 26 Appleton – (Wisconsin) Credit union call scam. There is a new phone scam involving Fox Communities Credit Union. The recorded calls are going out to customers and random numbers including the offices at NBC 26. “About 10:30 [this morning] they started coming in and it’s been one right after another,” says the NBC 26 receptionist. The message says, “Hello, this is a message from your bank, Fox Communities Credit Union. Your card has been suspended because we believe it has been accessed by a third party. Please press ‘one’ now to be transferred to the security department.” Once a person hits “one,” it asks for the person’s card number. A spokesperson at Fox Communities said, “Fox Communities Credit Union would never call or email requesting information like this. We have that information. We don’t need to ask you for it.” Source: http://www.nbc26.com/Global/story.asp?S=10224045


20. April 21, Associated Press – (Hawaii) Honolulu couple pleads guilty in mortgage scam. A couple who owned a Honolulu mortgage brokerage firm is facing many years in prison after pleading guilty to federal charges based on fraudulent loans and foreclosures. The couple faces penalties of five years in prison and $250,000 fines for conspiring to commit mail and wire fraud, as well as 10 years in prison for transferring money from unlawful activities. Source: http://www.forbes.com/feeds/ap/2009/04/21/ap6318415.html


Information Technology


40. April 22, CBS News – (International) Cops hunting monster-botnet builders. The FBI and British law enforcement authorities are trying to hunt down hackers responsible for the largest botnet ever known to the IT world, according to a California-based Internet security company. Finjan’s Chief Technology Officer has told the Financial Times that six people based in Ukraine are suspected of compromising 1.9 million computers worldwide in just two months — many of them in the United States. London’s Metropolitan Police department confirmed to CBS News on Wednesday that their e-crime unit was investigating a botnet created by Ukrainian hackers. The Met would not say what other agencies they are working with, but they do often work with other agencies on cases involving international cyber-crime, including the FBI. According to Finjan, nearly half of the infected computers were in the United States and almost 80 percent of the infected computers were running Internet Explorer, while 15 percent were using the Firefox Web browser, CNET reported. Some critics have said Finjin has not provided evidence that this is the biggest botnet ever. Source: http://www.cbsnews.com/blogs/2009/04/22/world/worldwatch/entry4960984.shtml


41. April 21, IDG News Service – (International) Nokia: We don’t know why criminals want our old phones. The mystery why cybercriminals want a discontinued Nokia phone is not getting any clearer. Hackers have been offering up to US$32,413 in undergrounds forums for Nokia 1100 phones made in the company’s former factory in Bochum, Germany. The phone can allegedly be hacked so as to facilitate illegal online banking transfers, according to the Dutch company Ultrascan Advanced Global Investigations. Nokia maintains the phone’s software is not flawed. “We have not identified any phone software problem that would allow alleged use cases,” the company said in an e-mailed statement. The 1100 can apparently be reprogrammed to use someone else’s phone number, which would also let the device receive text messages. That capability opens up an opportunity for online banking fraud. Source: http://www.pcworld.com/businesscenter/article/163515/nokia_we_dont_know_why_criminals_want_our_old_phones.html


42. April 21, Computerworld – (International) Mozilla patches 12 Firefox bugs, a third of them critical. Mozilla Corp. on Tuesday patched 12 security vulnerabilities in Firefox 3, just days before it hopes to roll out the newest beta of its next open-source browser, Firefox 3.5. Of the dozen flaws fixed in Firefox 3.0.9, four were rated “critical,” two “high,” two “moderate” and four “low” in Mozilla’s four-step ranking system. It was the most vulnerabilities Mozilla has patched since December 2008, when it quashed 13 bugs. Tuesday’s update, the third this year, follows by four weeks an emergency patch that Mozilla hustled out to fix a bug that had earned a German college student $5,000 in the Pwn2Own hacking contest. Firefox 3.0.9 may not be the only update Mozilla unveils this week; the company is still planning on releasing Firefox 3.5 Beta 4 by the end of the week, according to posted meeting notes. That schedule may slip, however, as Mozilla developers have yet to declare a “code freeze,” a milestone that means all the bugs that will be fixed have been. There are currently seven bugs that must be resolved before the beta can move into internal testing prior to actual release. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9131951&taxonomyId=17&intsrc=kc_top


43. April 21, Computerworld – (National) We don’t want to run U.S. cybersecurity efforts, NSA chief says. The director of the National Security Agency (NSA) Tuesday downplayed widespread concerns about his agency’s growing role in national cybersecurity affairs. Speaking at the security-oriented RSA Conference 2009 being held in San Francisco this week, he stressed that the NSA has no desire to run cybersecurity for the Federal Government. Instead, the NSA wants to team up with the U.S. Department of Homeland Security in developing and enforcing cyberdefenses for government and military networks. “I think we need to dispel the rumor” about the NSA wanting to take control of the national cybersecurity agenda, he said. “It’s not NSA or the DHS. It is one team for the good of the nation. The DHS has a really tough job. We want to provide them with the technical support” needed to combat threats in cyberspace. He pointed to the vast technical skills and experience within his agency, especially in areas such as cryptography and intelligence-gathering, which he said are crucial to understanding — and defeating — cyberthreats, but also said another panelist was right when he told the audience during a panel discussion that “nobody” should be in charge of overall cybersecurity efforts. “A top-down, somebody’s-in-charge model is not the right model,” said the expert, who is chief security technology officer at managed security services provider BT Counterpane. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9131933&taxonomyId=17&intsrc=kc_top


44. April 21, Associated Press – (National) Lawmakers to re-examine Internet-sharing software. A House committee is reopening its investigation of Internet services that let computer users distribute music and movies online amid reports the same software was exploited to gain unauthorized access to government and private data. The House Oversight and Government Reform Committee sent letters Monday to the Justice Department, Federal Trade Commission and The Lime Group, which runs LimeWire, a popular file-sharing service. The letters sought information about any such breaches and what the current administration and company are doing to protect against them. Asked about the renewed investigation, a LimeWire spokeswoman responded, “We at LimeWire understand that Internet safety is paramount, and we strive to offer peer-to-peer’s most secure technology.” She said the company had worked with other P2P providers and regulators to develop and implement protections, including changes in default settings; file-sharing controls; shared folder configurations; and sensitive-file-type restrictions. “Our newest version, LimeWire 5.0, by default, does not share sensitive file types such as spreadsheets or documents,” she said. “In fact, the software does not share any file or directory without explicit permission from the user.” Source: http://www.google.com/hostednews/ap/article/ALeqM5j1CHQiB2PPmjdaj1QZDUZ3j3u5MwD97N469G5


Communications Sector

Nothing to report.