Wednesday, May 18, 2011
Complete DHS Daily Report for May 18, 2011
Daily Report
Top Stories
• Credit Union Journal reports U.S. authorities are working through legal channels for the return of hundreds of millions of loan proceeds they believe were stolen from Ohio-based St. Paul Croatian Federal Credit Union in the biggest credit union fraud ever. See item 12 below in the Banking and Finance Sector.
• According to CNN, as many as 25,000 homes and millions of acres of farmland could be flooded as federal officials seek to prevent the Mississippi River from devastating major cities in Louisiana, Mississippi, and Arkansas. (See item 59)
59. May 17, CNN – (National) Cresting Mississippi River floods Arkansas, Mississippi, Louisiana. A near-record crest is forecast in Greenville, Mississippi, May 17 as the bloated Mississippi River makes its relentless march toward the Gulf of Mexico. By the weekend of May 21, flood waters are expected to peak at record levels in Vicksburg and Natchez, Mississippi, as well as in Red River Landing and Baton Rouge, Louisiana, according to the National Weather Service. A U.S. Army Corps of Engineers spokesman told CNN’s “John King USA” 20,000 to 25,000 homes could be flooded. Officials said the spillway gates are likely to be open for weeks, and it will be weeks before the river falls below flood stage and those who have evacuated can safely return. The diversion will drain water from the Mississippi through the Atchafalaya basin to the Gulf of Mexico at Morgan City. Louisiana’s governor told residents May 16, the decision to open the spillways has lowered crest projections in parts of the state. River observations now suggest the Corps may need to divert less water from the spillway than initially thought, he said. But based on historical estimates, damages to agriculture alone in Louisiana could total $300 million, he said. The Corps of Engineers opened two gates in the Morganza Spillway May 14, the first release from the facility since 1973. As of May 16, 15 of the structure’s 125 bays had been opened, diverting about 763,000 gallons of water per second, a Corps spokeswoman said. The plan is eventually to open about a quarter of the spillway, according to the agency. At the Bonne Carre Spillway, which feeds into Lake Ponchatrain, 330 of 350 bays are open, with water coursing through it well above its rated capacity, the manager said May 16. The flood is the most significant to hit the lower Mississippi River valley since at least 1937 and has so far affected nine states: Missouri, Illinois, Kentucky, Tennessee, Ohio, Indiana, Arkansas, Louisiana, and Mississippi. As many as 22 cities and communities where river levels are monitored by the U.S. government remain flooded. Across the South and lower Midwest, flood waters have already covered about 3 million acres of farmland. Source: http://www.cnn.com/2011/US/05/17/flooding/index.html?hpt=C1
Details
Banking and Finance Sector
11. May 17, Orange County Register – (California) Suspects sought in 2 bank robberies. Authorities are searching for two men who carried out apparently unrelated bank robberies in Irvine and Lake Forest, California, May 16, an FBI official said. The first robbery was reported at an East West Bank branch in a shopping center at Walnut Avenue and Jeffrey Road about 12:45 p.m., an FBI special agent said. A man entered the bank, handed the teller a note, demanded cash and left with an undisclosed amount of money, the special agent said. No injuries were reported, and no weapon was seen. Authorities believe the Irvine robbery was carried out by the “Gone Plaid Bandit,” who earned his nickname from his wardrobe choices during bank robberies in Yorba Linda and Anaheim Hills in February 2011. The second robbery was reported at a City Bank branch in the 2300 block of El Toro Boulevard about 2:50 p.m., the FBI said. As in the first robbery, a man reportedly handed a note to a teller, demanded money and left with an undisclosed amount of cash before fleeing on foot. Witnesses did not see a weapon, and no injuries were reported. The second man is not suspected of being a serial bank robber, the FBI said, and the two incidents are not believed to be related. Source: http://www.ocregister.com/news/-300773--.html
12. May 16, Credit Union Journal – (International) Millions in looted CU funds traced to the Balkans. U.S. authorities are working through legal channels for the return of millions of dollars of loan proceeds from Eastlake, Ohio-based St. Paul Croatian Federal Credit Union (FCU) they believe was siphoned from the one-time $240 million credit union to local banks as part of the biggest credit union fraud ever. The U.S. Department of Justice (DOJ) is working with the National Credit Union Administration (NCUA) and numerous international law enforcement agencies, including Interpol, for the repatriation of the U.S. credit union funds as the scope of the international criminal case expanded with seven more individuals indicted May 13, making a total of 16 charged in the case. So far, authorities have traced almost $6 million in fraudulent loan proceeds transferred to Macedonian and Albanian bank accounts by a purported head of a Macedonia crime syndicate who is in federal prison in Cleveland, Ohio, awaiting trial in the case. The Albanian national who maintains homes in Skopje, Macedonia, and in Eastlake is among those charged with bribing the CEO of St. Paul Croatian to obtain millions of dollars in loans they had no intention of repaying. Authorities said the CEO approved more than 1,000 fraudulent loans with no collateral to 300 account holders. Many of the loans were made in the name of phony businesses, even though St. Paul Croatian was never approved to make business loans. Investigators have traced $70 million of the fraudulent loans so far, but believe the fraud is much bigger. NCUA estimates the fraud will cost the National Credit Union Share Insurance Fund as much as $170 million in losses, making it the biggest credit union fraud ever. Source: http://www.cujournal.com/dailybriefing/13_603/-1008594-1.html
13. May 16, Reuters – (National) Day trader guilty in scam tied to Lehman salesman. A Florida day trader pleaded guilty May 16 to criminal charges over an insider trading scheme based on tips obtained from a wife of a former Lehman Brothers Holdings Inc. salesman, prosecutors said. The 35-year-old Miami Beach, Florida man admitted to one count each of securities fraud and conspiracy in a hearing May 16 before a U.S. magistrate judge in Manhattan, New York. Prosecutors said the scheme ran from February 2005 to Sept. 2008, and included a purchase by the man’s day trading partner of 2,500 shares in Veritas DGC Inc for their joint account based on material nonpublic data. They said this purchase led to illegal profit when Veritas agreed in September 2006 to a $3.1 billion takeover by France’s Compagnie Generale de Geophysique, creating the world’s largest publicly-traded provider of seismic surveys. Prosecutors said the man’s partner got tips from a Lehman salesman, who received them from his wife on transactions her employer at the time, Brunswick Group LLC, had been working on. The Lehman salesman pleaded guilty to one count of securities fraud and four counts of conspiracy in December 2008. He has cooperated with prosecutors, and has not been sentenced. In a parallel civil lawsuit, the Securities and Exchange Commission said the scheme resulted in $4.8 million of illegal profits. Source: http://newsandinsight.thomsonreuters.com/Legal/News/2011/05_-_May/Day_trader_guilty_in_scam_tied_to_Lehman_salesman/
14. May 16, Associated Press – (New Jersey) Piscataway man pleads guilty in mortgage fraud scheme. A 41-year-old Piscataway, New Jersey man who owned and operated several mortgage foreclosure rescue companies pleaded guilty May 16 to conspiracy to commit wire fraud and conspiracy to commit money laundering in a scheme that defrauded mortgage lenders of more than $10 million. Prosecutors said the man and employees of his company falsely promised homeowners they would help them avoid foreclosure by putting their homes in the name of third-party buyers. The man and his accomplices used the straw buyers to obtain dozens of mortgage loans, often using false information. He faces a maximum possible penalty of up to 50 years in prison. Source: http://www.nj.com/news/index.ssf/2011/05/piscataway_man_pleads_guilty_i.html
15. May 13, Dow Jones Newswires – (New York) SEC charges NY investment adviser with securities violations. The U.S. government charged a New York investment adviser with violating securities regulations May 13, alleging he made distorted claims about a real-estate fund and then used money from unwitting investors in another venture to prop it up. The Securities and Exchange Commission (SEC) said the man told investors his real-estate fund was safe and liquid and generated at least 8 percent a year in returns, though the SEC alleged the fund’s actual performance didn’t justify those claims. The SEC said that as the real-estate investment flagged, the suspect raised money from investors in Campus Capital Corp. to shore up the fund and engage in other transactions that personally benefited him, without disclosing the practices. He raised about $20 million for the Gaffken & Barriger Fund — the real-estate investment — from January 1998 to March 2008, according to the SEC. It said Campus Capital raised $12 million from October 2001 to July 2008. Source: http://www.foxbusiness.com/industries/2011/05/13/sec-charges-ny-investment-adviser-securities-violations/
16. May 13, Bloomberg News – (District of Columbia; Texas) Security lax for new $100 bills at printing plants, audit says. The U.S. government left millions of $100 bills inadequately protected at a currency-printing plant with windows that lacked security features, the Treasury Department’s inspector general said in an audit report released May 13. About 54.4 million new $100 bills and 4 million uncut sheets of notes had “inadequate security” at a Bureau of Engraving and Printing (BEP) plant in Washington, D.C., according to the inspector’s report. The audit also criticized security at the bureau’s Fort Worth, Texas, facility. The finished bills were “wrapped in protective plastic, but were not stored in a locked security cage,” the audit said. As of January 2011, some notes had been stored in the production area for more than 9 months even though finished notes usually “are moved to a secure, limited-access vault shortly after production.” The production area had 26 windows that lacked “protective security features,” the report said. The $100 bills also were at “increased risk of theft and loss” because about 225 employees had access to the production area, compared with 21 workers who are allowed into the vault. In a response included with the audit, the BEP said it would move bills and sheets that were not yet finished into vaults. Still, the money was always safe, it said. “After careful consideration, and based on multiple compensating controls, such as cameras, access control systems, locking mechanisms, etc., the BEP stored finished notes in highly secure space,” the bureau said. Source: http://www.bloomberg.com/news/2011-05-13/security-lax-for-new-100-bills-at-printing-plants-audit-says.html
Information Technology
44. May 17, IDG News Service – (International) Researcher: Dropbox misrepresents security features. Cloud data storage and synchronization company Dropbox has been hit with a complaint by the U.S. Federal Trade Commission (FTC) alleging the company has deceived consumers about the level of encryption security it offers. In a letter sent to the FTC, a University of Indiana PhD and security researcher claimed while Dropbox encrypted every file it stored, this could be reversed by employees, undermining the company’s security credibility. Not only did this design fall short of “industry best practices”, the researcher wrote, it also represented a serious security risk the company was not being upfront about. “Dropbox has and continues to make deceptive statements to consumers regarding the extent to which it protects and encrypts their data,” he wrote. “Dropbox’s customers face an increased risk of data breach and identity theft because their data is not encrypted.” He believes Dropbox deceived its users, infringing Section 5 of the FTC Act. Source: http://www.computerworld.com/s/article/9216790/Researcher_Dropbox_misrepresents_security_features
45. May 16, Softpedia – (International) Dangerous Linux denial of service vulnerability disclosed as 0-day. Greyhat hackers from Goatse Security have published the details of a dangerous denial of service vulnerability affecting many Linux distributions. The flaw can be exploited by tricking users into opening an overly-long, specially-crafted apt:// URL in a browser that supports the protocol. Because the advanced packaging tool is a common Linux software manager application, a large number of distributions are affected. This includes the popular Debian, Ubuntu, Fedora, Red Hat Enterprise Linux, and SUSE Linux Enterprise Desktop, but also Alinex, BLAG Linux and GNU, CentOS, ClearOS, DeMuDi, Feather Linux, Foresight Linux, gnuLinEx. gNewSense, Kaella, Knoppix, Linspire, Linux Mint, Musix, GNU/Linux, Parsix, Scientific Linux, and Ututo. Successful exploitation of the vulnerability crashes the X session with an “Unexpected X error: BadAlloc (insufficient resources for operation) serial 1779 error_code 11 request_code 53 minor_code 0)” error. In addition to this denial of service vulnerability, the Goatse Security greyhats also released an exploit for a theme rendering bug in GNOME that makes buttons disappear and leaves users with relogin as the only option. Source: http://news.softpedia.com/news/Dangerous-Linux-Denial-of-Service-Vulnerability-Disclosed-as-0-Day-200668.shtml
46. May 16, Computerworld – (International) Windows scareware fakes impending drive disaster. Scammers are trying to trick Windows users into paying to fix fake hard drive errors that have apparently erased important files, a researcher said May 16. The con is a variant of “scareware,” also called “rogueware,” software that pretends to be legitimate but is a sales pitch based on spooking users into panicking. Most scareware masquerades as antivirus software. But a Symantec researcher has found a new kind of scareware that impersonates a hard drive cleanup suite that repairs disk errors and speeds up data access. Dubbed “Trojan.Fakefrag” by Symantec, the fake utility ends up on a Windows PC after its user surfs to a poisoned site — often because the scammers have manipulated search engines to get links near the top of a results list — and falls for a download pitch. “[Trojan.Fakefrag’s] aim is to increases the likelihood of you purchasing a copy of Windows Recovery by craftily convincing you your hard drive is failing,” the researcher said, referring to the name of the fake suite the trojan shills. Source: http://www.computerworld.com/s/article/9216765/Windows_scareware_fakes_impending_drive_disaster
47. May 16, The Register – (International) 99% of Android phones leak secret account credentials. The vast majority of devices running Google’s Android operating system are vulnerable to attacks that allow adversaries to steal the digital credentials used to access calendars, contacts, and other sensitive data stored on the search giant’s servers, university researchers have warned. The weakness stems from the improper implementation of an authentication protocol known as ClientLogin in Android versions 2.3.3 and earlier, the researchers from Germany’s University of Ulm said. After a user submits valid credentials for Google Calendar, Contacts, and possibly other accounts, the programming interface retrieves an authentication token that is sent in cleartext. Because the authToken can be used for up to 14 days in any subsequent requests on the service, attackers can exploit them to gain unauthorized access to accounts. Google patched the security hole earlier in May with the release of Android 2.3.4, although that version, and possibly Android 3, still cause devices synchronizing with Picasa Web albums to transmit sensitive data through unencrypted channels, the researchers said. Based on Google’s own statistics, this means more than 99 percent of Android-based handsets are vulnerable to the attacks, which are similar in difficulty and effect to so-called sidejacking exploits that steal authentication cookies. Source: http://www.theregister.co.uk/2011/05/16/android_impersonation_attacks/
48. May 16, CNET News – (International) Facebook, spammers are in ‘arms race’. Within days of Facebook implementing new security features designed to block spam, several new social-engineering attacks were spreading that managed to side-step the company’s antispam defenses, a Facebook spokesman told CNET May 16. The company began turning on a feature the week of May 9 that displays warnings when it detects users are about to be tricked by cross-site scripting (XSS) and clickjacking attacks. In such attacks, users are tricked into clicking something (clickjacking) or pasting some code into their browser Web address bar (XSS). Yet there were several XSS attacks the weekend of May 14 and 15, and warnings were not displayed. In all the attacks, the user action results in the spam messages being re-posted to the victim’s Facebook pages and those of their friends. Ultimately, surveys are proffered for the victim to fill out. The spammers receive money for each survey completed, and the farther the spam spreads, the more money that can be made. A threat analyst at M86 said he suspected some of the spam was getting past Facebook’s defenses by obfuscating the Javascript. Facebook seems to have made it harder for spammers to create campaigns that automatically execute and spam users’ friends, so that victims are sent off to external sites and required to cut and paste text into their browsers, he said. Source: http://news.cnet.com/8301-27080_3-20063434-245.html
Communications Sector
See item 47 above in the Information Technology Sector.
No comments:
Post a Comment