Thursday, May 26, 2011

Complete DHS Daily Report for May 26, 2011

Daily Report

Top Stories

• The Arizona Republic reports three Maricopa County Sheriff’s Office employees were arrested May 24 by authorities who said they were involved in a drug- and human-trafficking ring and used sheriff’s office intelligence to guide smugglers. (See item 41)

41. May 25, Arizona Republic – (Arizona; International) 3 in MCSO accused of cartel ties. Three Maricopa County, Arizona, Sheriff’s Office employees, including a deputy in the human-smuggling unit, were arrested May 24 by authorities who said they were involved in a drug- and human-trafficking ring and used sheriff’s office intelligence to guide smugglers through the Valley. The sheriff’s employees were among 12 suspects arrested May 24 during a series of early-morning raids at 16 locations where investigators targeted members of the organization. The group mostly moved heroin, according to investigators, and officials suspect each of the arrested sheriff’s employees played a crucial role in moving the drugs and hiding the illicit profits. Authorities said the ring moved about $56,000 worth of heroin a week through the Valley. The sheriff’s employees helped set up a shell corporation called West Utilities Group Inc., which was used to launder nearly $50,000 in drug proceeds, according to court documents. The investigation went public when search warrants were served and a series of arrests were made May 24. But officials said the probe could last for months and target other suspects. Source: http://www.azcentral.com/arizonarepublic/news/articles/2011/05/25/20110525mcsoarrests0525.html

• According to the New York Times, 14 people were killed by tornadoes that struck Arkansas, Kansas, and Oklahoma, downing power lines and destroying livestock, and wiping out homes, businesses and churches. (See item 51)

51. May 25, New York Times – (National) Storms kill at least 14 people in 3 states. Residents of the South and Midwest braced for another round of severe weather May 25, only hours after at least 14 people were killed in a series of storms that struck portions of Arkansas, Kansas and Oklahoma, including a tornado that killed five people near Oklahoma City. The Oklahoma tornado struck around midday May 24 devastating El Reno, a town of 15,000 people about 25 miles west of downtown Oklahoma City, officials said. At least five people were killed and officials said the number could rise May 25 as rescue teams searched through the rubble of houses, businesses and churches in the area. Five people died in Canadian County, two in Logan County and one in the Grady County, where a woman died when a tornado hit a mobile-home park, said a spokeswoman for the Oklahoma medical examiner. At least 60 people were injured across central Oklahoma, many along the Interstate 40 corridor. The tornado left a trail of shredded and overturned cars along I-40, destroyed livestock, set off a gas line explosion, and spurred people across El Reno to evacuate their homes. On May 25, about 70,000 people remained without electricity in Oklahoma. In Kansas, two people died when winds blew a tree into their van near St. John, the authorities said.. And in Arkansas, at least four people died in storms, including one killed by a tornado in Franklin County, said a spokesman for the state department of emergency management. Other tornadoes were reported in Texas near Springtown and Azle, just northwest of Fort Worth and near Muenster. The Texas tornadoes caused no injuries. Source: http://www.nytimes.com/2011/05/26/us/26storm.html?_r=1

Details

Banking and Finance Sector

14. May 25, Show Low White Mountain Independent – (Arizona) Five plead guilty in $5.4 million bank fraud. Five defendants pleaded guilty in federal court May 23 to defrauding banks out of $5.4 million in a conspiracy involving Surfside Boat Center, a high-end boat dealership in Mesa, Arizona, that is now defunct. The charges stem from the defendants’ use of the boat dealership to fraudulently obtain millions of dollars in purchase loans from various banks. More than 50 loans from 11 lenders were represented to be for legitimate boat sales but were instead for straw sales, and the funds were put to personal use by the defendants. The defendants ultimately defaulted on the loans. The defendants pled guilty to conspiracy, bank fraud, and money laundering. Under the terms of the plea agreements, all defendants face prison terms and must repay the loan balances to the banks. A conviction for bank fraud carries a maximum penalty of 30 years in prison and/or a $1 million fine; a conviction money laundering carries a maximum penalty of 10 years in prison, and/or a $250,000 fine; and a conviction for conspiracy carries a maximum penalty of 5 years, and/or a $250,000 fine. Source: http://www.wmicentral.com/police/five-plead-guilty-in-million-bank-fraud/article_d9f250d6-865d-11e0-bef4-001cc4c03286.html

15. May 24, Federal Bureau of Investigation – (Minnesota) Federal jury convicts Burnsville man of bilking mortgage lenders out of more than $43 Million. A jury convicted a 44-year-old Burnsville, Minnesota man in federal court May 24 on seven counts of wire fraud, three counts of mail fraud, and one count of conspiracy to commit wire fraud and mail fraud in a scheme that bilked mortgage lenders out of more than $43 million. The evidence presented at trial indicated that between 2005 and 2008, the man conspired with others to obtain money fraudulently through over 100 residential property transactions. To further this scheme, the conspirators negotiated with builders of new properties as well as owners of existing properties to buy property and property groupings at greatly reduced prices. They then solicited real estate purchasers by promising they would receive large cash pay-outs, or “kickbacks,” from lenders’ funds. They failed to tell potential buyers about the reduced prices they negotiated for the properties, choosing instead to quote them the grossly inflated prices. By charging buyers the higher prices, they acquired enough cash from loan proceeds to pay buyers their kickbacks and still have money left for themselves and their co-conspirators. Once a potential buyer was recruited through this scheme, the conspirators, or someone working on their behalf, drafted a purchase agreement that reflected the inflated sale price only and failed to disclose to lenders the kickback amount to the buyer. The convict faces a potential maximum penalty of 20 years in federal prison on each count. Source: http://minneapolis.fbi.gov/dojpressrel/pressrel11/mp052411a.htm

16. May 24, Hartford Courant – (Connecticut) President of bankrupt fuel oil company pleads guilty to bank fraud. The former president of Waterbury, Connecticut-based F&S Oil, a home heating oil business whose bankruptcy cost customers millions of dollars in prepaid contracts, pleaded guilty in federal court May 24 to taking millions more in fraudulent loans from the company’s banker. He pleaded guilty to a single count of bank fraud for overstating company receivables to collect what federal prosecutors said was from $2.5 million to $7 million on three lines of credit. In legal papers filed in court, federal prosecutors said the man falsified the oil company’s cash flow to tap loans F&S had with Citizens Bank. F&S was forced to file for bankruptcy protection in early 2008, creating thousands of claims among those of its 12,000 customers who had signed prepaid heating oil contracts. If sentenced under the advisory guidelines used in federal court, the former president could get from 41 to 51 months in prison. Source: http://articles.courant.com/2011-05-24/news/hc-oil-dealer-guilty-0525-20110524_1_f-s-oil-heating-oil-federal-court

17. May 23, Washington Times – (National) IRS staff committed tax credit fraud. According to federal investigators, more than 100 employees of the Internal Revenue Service (IRS) cheated the government by fraudulently claiming a first-time homebuyer tax credit included in the 2008 and 2009 economic stimulus packages, the Washington Times reported May 23. The Treasury Department’s inspector general for tax administration, in several reports over the past few years, identified a total of 128 IRS employees who claimed the credit but who also made other claims that showed they either were not first-time buyers or bought their homes outside the eligibility period for the credit, which was worth up to $8,000. The IRS employees represented a small part of the total fraud in the program, which the inspector general said may have totaled more than $500 million overall. At least one IRS employee is facing charges of making a false claim while acting as an officer of the government — a felony punishable by up to 5 years in prison — stemming from the tax credit. In another case, a part-time IRS employee in Georgia has been charged with altering information on IRS computers to help four friends and family members appear eligible for the credit. She pleaded guilty March 24 to one count of accessing a computer without authorization and is awaiting sentencing. Source: http://www.washingtontimes.com/news/2011/may/23/irs-staff-committed-tax-credit-fraud/?page=all#pagebreak

18. May 23, Baltimore Sun – (International) Baltimore feds target Internet gambling sites. Federal investigators in Baltimore, Maryland, set up a phony business — and handled $33 million in transactions from Internet gamblers — in a lengthy sting operation that led to the indictment of two online betting companies and their international owners, the U.S. attorney’s office announced May 23. Details were released after 11 associated bank accounts were seized in 5 countries and 10 Web domain names were shut down. The indictments are the result of an undercover operation by Homeland Security Investigations in Baltimore, a division of U.S. Customs and Immigration Enforcement. The agency created a phony payment-processing business. A half-dozen Internet gambling companies ultimately relied on it. Agents said the phony business processed more than 300,000 transactions in 2 years for the defendants using banks in Portugal, Malta, Panama, the Netherlands, and the United States. If convicted of running an illegal gambling business, the defendants face a maximum of 5 years in prison. Money laundering carries a maximum sentence of 20 years. Source: http://www.baltimoresun.com/news/maryland/bs-md-internet-gambling-20110523,0,5157985,full.story

Information Technology

43. May 25, H Security – (International) Chrome 11 update patches critical holes. Google has released version 11.0.696.71 of its Chrome Web browser, a maintenance and security update that addresses a total of four security vulnerabilities, two of which are rated as critical: the new version fixes a critical memory corruption bug in the GPU command buffer and an out-of-bounds write problem in blob handling discovered by a member of the Chromium development community. A high-risk exploit –- a stale pointer in floats rendering –- along with a low-risk bug that bypassed the pop-up blocker have also been closed. Source: http://www.h-online.com/security/news/item/Chrome-11-update-patches-critical-holes-1250075.html

44. May 25, Softpedia – (International) Sensitive data extracted from Comodo Brazil Website. Hackers managed to compromise the Web site of Comodo Brazil and extracted sensitive data about the company’s SSL certificate customers. It appears the attack vector used was SQL injection. A partial database dump was posted on pastebin(dot)com May 21, together with information about the vulnerability. The compromised data includes certificate authority name, e-mail, fax, phone number, order number, certficate request, private key file name, and other details. Customer details such as organization names, addresses, telephones, domain names, type of Web servers, serial numbers, and more, are also included. There is also a list of what appears to be employee accounts, with @comdobr(dot)com e-mail addresses and hashed passwords. The password for an account called validacao@comodobr(dot)com (validation@) is listed in plain text. Source: http://news.softpedia.com/news/SSL-Customer-Data-Extracted-from-Comodo-Brazil-Website-202130.shtml

45. May 25, The Register – (International) Timing attack threatens private keys on SSL servers. Security researchers have discovered a “timing attack” that creates a possible mechanism for a hacker to extract the secret key of a TLS/SSL server that uses elliptic curve cryptography (ECC). Elliptic curve cryptography is a type of public-key algorithm that uses the maths of elliptic curves rather than integer factorization, which is used by RSA as a one-way function. By using ECC, it is possible to provide equivalent levels of difficulty for a brute-force attack as can be provided by the more familiar integer-factorization approaches, but using smaller key lengths. The approach has benefits for mobile and low-power systems. Two researchers discovered some implementations of ECC are vulnerable to a form of side-channel attack based on measuring the length of time it takes to digitally sign a message. The attack can be carried out locally or, with greater difficulty, remotely. The researchers validated their research through tests on an OpenSSL Server running ECC they had established, as explained in the abstract of a research paper by the computer scientists. Source: http://www.theregister.co.uk/2011/05/25/elliptic_curve_crypto_security_attack/

46. May 24, Computerworld – (International) Apple admits Mac scareware infections, promises cleaning tool. Apple May 24 promised an update for Mac OS X that will find and delete the MacDefender fake security software, and warn still-unaffected users when they download the bogus program. The announcement — part of a new support document that the company posted late May 24 — was the company’s first public recognition of the threat posed by what security experts call “scareware” or “rogueware.” “In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants,” Apple said. “The update will also help protect users by providing an explicit warning if they download this malware.” Apple also outlined steps that users with infected Macs can take to remove the scareware. Source: http://www.computerworld.com/s/article/9217034/Apple_admits_Mac_scareware_infections_promises_cleaning_tool

47. May 24, Help Net Security – (International) Spammers establish their own fake URL-shortening services. For the first time ever, spammers have established their own their own fake URL-shortening services to perform URL redirection, Symantec said. This new spamming activity has contributed to May’s increase in spam by 2.9 percent. Under this scheme, shortened links created on fake URL-shortening sites are not included directly in spam messages. Instead, the spam e-mails contain shortened URLs created on legitimate URL-shortening sites. These shortened URLs lead to a shortened-URL on the spammer’s fake shortening site, which redirects to the spammer’s own Web site. These new domains were registered several months before they were used, potentially as a means to evade detection by legitimate URL-shortening services since the age of the domain may be used as an indicator of legitimacy making it more difficult for the genuine shortening services to identify potential abuse. Source: http://www.net-security.org/secworld.php?id=11071

48. May 24, Computerworld – (International) Researcher blasts Siemens for downplaying SCADA threat. The security researcher who voluntarily canceled a talk on critical vulnerabilities in Siemens’ industrial control systems the week of May 16 took the German company to task May 23 for downplaying the problem. The researcher, with NSS Labs, took exception to Siemens’ claim the vulnerabilities he and a colleague uncovered had been discovered “while working under special laboratory conditions with unlimited access to protocols and controllers.” “There were no ‘special laboratory conditions’ with ‘unlimited access to the protocols.’ My personal apartment on the wrong side of town where I can hear gunshots at night hardly defines a special laboratory,” he said in a message posted on a public security mailing list. “[And] I purchased the controllers with money my company so graciously provided me with.” While Siemens promised the week of May 16 that it would patch the bugs, it downplayed the threat to its industrial control systems, and the thousands of companies that rely on Siemens’ programmable logic control systems, the researcher argued. Source: http://www.computerworld.com/s/article/9216994/Researcher_blasts_Siemens_for_downplaying_SCADA_threat

For another story, see item 50 below in the Communications Sector

Communications Sector

49. May 24, Network World – (International) Lack of IPv6 traffic stats makes judging progress difficult. The Internet is poised to undergo the biggest upgrade in its 40-year history, from the current version of the Internet Protocol known as IPv4 to a new version dubbed IPv6, which offers an expanded addressing scheme for supporting new users and devices. However, it will be difficult for Internet policymakers, engineers, and the user community at large to tell how the upgrade to IPv6 is progressing because no one has accurate or comprehensive statistics about how much Internet traffic is IPv6 versus IPv4. The issue of IPv6 traffic measurement is timely given that the Internet engineering community is preparing for its biggest trial of IPv6: World IPv6 Day June 8. So far, 225 Web site operators — including Google, Yahoo and Facebook — have agreed to participate in the event by serving up their content via IPv6 for 24 hours. Without accurate IPv6 traffic statistics, neither the sponsors nor the participants of World IPv6 Day will be able to tell for sure how much IPv6 traffic is sent over the Internet June 8, or how much difference the event has on IPv6 traffic volumes afterward. Source: http://www.computerworld.com/s/article/9217043/Lack_of_IPv6_traffic_stats_makes_judging_progress_difficult

50. May 24, IDG News Service – (International) Sony says hacker stole 2,000 records from Canadian site. Sony confirmed May 24 someone had hacked into its Web site and stole about 2,000 customer names and e-mail addresses. Close to 1,000 of the records have already been posted online by a hacker calling himself Idahc, who said he is a “Lebanese grey-hat hacker.” Idahc found a common Web programming error, called an SQL injection flaw, that allowed him to dig up the records on the Canadian version of the Official Sony Ericsson eShop, an online store for mobile phones and accessories. The hacker got access to records for about 2,000 customers, including their names and e-mail addresses and a hashed version of users’ passwords, according to a Sony Ericsson Mobile Communications spokeswoman. “Sony Ericsson has disabled this e-commerce Web site,” she said. “We can confirm that this is a standalone Web site and it is not connected to Sony Ericsson servers.” Other than the names and e-mail addresses, no personal or banking information was compromised, she said. Sony Ericsson is a mobile-phone company run jointly by Sony and Ericsson. Source: http://www.computerworld.com/s/article/9217028/Sony_says_hacker_stole_2_000_records_from_Canadian_site

No comments: