Thursday, August 11, 2011

Complete DHS Daily Report for August 11, 2011

Daily Report

Top Stories

• Speedy repairs after a pump failure at Toledo, Ohio's water treatment plant prevented a catastrophe that would have seen a 1-year boil-water advisory for 500,000 customers, the city's mayor said. – WUPW 46 Toledo (See item 27)

27. August 9, WUPW 46 Toledo – (Ohio) Near catastrophe at Toledo water treatment plant. According to information released after Toledo, Ohio's city council meeting August 9, there was a near catastrophe at Toledo's water treatment plant the night of August 5 after four pumps had to be shut down. "This would have created a boil advisory for over 500,000 customers," the mayor told council members. "That could have taken up to a year of a boil advisory throughout the entire Northwest Ohio region. One year to get the system back and wholly up to speed." Just before 7 p.m. August 5, a seal break caused four pumps bringing water from Lake Erie to be totally shut down. The pumping station had been delivering 85 million gallons of treated water at the time of the shutdown. "Friday night we lost service to our low service pump station which basically supplies all the water to our system," said the director of public utilities. "At that point we had no water. We go right into the reserves." Water treatment facility operators manually shut down the plant and switched to a below ground storage reserve that kept delivering potable water to customers. From that point, operators had a 7-hour window to fix the problem. According to a letter from the city's utility department to the city council and the mayor, crews were able to examine, repair, and restart the pumps in about 3 hours. Had they not, city residents and every customer that Toledo provides water for would have had had to boil their water for up to a year. Source: http://www.foxtoledo.com/dpp/news/local/Near-catastrophe-at-Toledo-water-treatment-plant

• A cryptographer has devised a way to monitor cell phone conversations by exploiting security weaknesses in the technology that is used by most mobile operators. – The Register. See item 39 below in the Communications Sector

Details

Banking and Finance Sector

11. August 10, Reuters – (International) Hong Kong exchange trading disrupted as hackers target website. The Hong Kong stock exchange was forced to suspend trading in stocks after hackers broke into its Web site August 10, preventing investors from accessing company announcements made during the midday break. "Our current assessment is this is a result of a malicious attack by outside hacking," the chief executive of Hong Kong Exchanges & Clearing (HKEx) told reporters after the company announced interim results. In a statement released earlier, HKEx said it adopted a half-day (one trading session) suspension policy for issuers that announce price-sensitive information during the lunch hour. Other systems at the exchange were not affected, and trading in its securities and derivatives markets operated normally, the exchange said. If the Web site remains unstable August 11, the exchange's bulletin board will be used for dissemination of information, but the stocks will be not suspended, said the head of listing at HKEx. He added the move to suspend trading was part of a contingency plan approved by the territory's stock regulator. "It was the first time for a suspension due to such a kind of technical problem and one involving so many companies," said the chief dealer at Cheer Pearl Investment in Hong Kong. Source: http://www.reuters.com/article/2011/08/10/us-hkex-suspensions-idUSTRE7792FT20110810

12. August 10, Associated Press – (Florida; Massachusetts) 4 Fla. men charged in $3m loan scam. Four Florida men were indicted in a $3 million scam in which they allegedly charged struggling homeowners for free home loan modification applications, U.S. prosecutors in Boston disclosed August 9. The indictment alleged their firm, Home Owners Protection Economics Inc., virtually guaranteed clients a federally funded home loan modification and charged thousands of customers a $400 to $900 upfront fee. The firm then allegedly sent clients an application package nearly identical to a free federal application. The indictment said most clients’ applications were denied. The men face several charges, including 9 counts each of wire and mail fraud. Source: http://www.boston.com/business/articles/2011/08/10/4_fla_men_charged_in_3m_loan_scam/

13. August 10, KUAM 8 Hagatna – (Guam) Former chamber staffer indicted for bank fraud. The Guam Chamber of Commerce responded August 9 to the indictment of one of its former employees who was charged with embezzling more than $200,000 from the organization. The chamber's former bookkeeper was indicted by a federal grand jury charged with 90 counts of bank fraud. She is accused of altering chamber checks and embezzling more than $200,000 from November 2006 through October 2010. According to a memorandum issued to the chamber membership from its chairman, the organization became aware of the suspect's "sophisticated system of fraud" and reported the matter to the FBI, which recently concluded its investigation. The indictment alleges the suspect would have a check properly signed for the amount she was entitled to as wages, and then allegedly altered the check for a much larger amount and deposited the check into her personal bank account. Ten checks were altered on the Chamber's Armed Forces Committee Account totaling more than $22,000, and 80 checks were altered from the Chamber's Operating Account totaling $174,000. Source: http://www.kuam.com/story/15240096/2011/08/10/former-chamber-member-indicted-for-bank-fraud

14. August 9, Financial Industry Regulatory Authority – (National) FINRA fines Citigroup $500,000 for failing to supervise sales assistant who misappropriated customer funds. The Financial Industry Regulatory Authority (FINRA) announced August 9 it fined Citigroup Global Markets, Inc. $500,000 for failing to supervise a former registered sales assistant at the firm's branch office in Palo Alto, California. Over an 8-year period, she misappropriated $749,978 from 22 customers, falsified account records, and engaged in unauthorized trades in customer accounts. She took advantage of Citigroup's supervisory lapses at the branch and targeted elderly, ill, or otherwise vulnerable customers whom she believed were unable to monitor their accounts. FINRA previously barred the associate for her actions, and is continuing to investigate other individuals involved in her supervision. FINRA found Citigroup failed to detect or investigate a series of "red flags" that upon further inquiry should have alerted the firm to the suspect's improper use of customer funds. The red flags included exception reports highlighting conflicting information in new account applications, and customer account records reflecting suspicious transfers of funds between unrelated accounts. Citigroup also failed to implement reasonable systems and controls regarding the supervisory review of customer accounts, thus enabling the associate to falsify new account applications and other records. Citigroup also failed to detect suspicious activity involving transfers and disbursements in the accounts she used to misappropriate customer funds. In concluding these settlements, the firm neither admitted nor denied the charges, but consented to the entry of FINRA's findings. Source: http://www.finra.org/Newsroom/NewsReleases/2011/P124015

15. August 9, Greenwich Time – (Connecticut; New York) 3rd woman pleads guilty in Greenwich ATM-skimming scheme. Another member of a group from Queens, New York, who participated in an ATM-skimming scheme that targeted Fairfield County, Connecticut banks, pleaded guilty August 9 in U.S. district court in Bridgeport to one count of conspiracy to commit bank fraud. The 32-year-old Romanian citizen living in New York, entered the plea before a U.S. magistrate judge, and faces up to 30 years in prison, and a fine of up to $1 million. Federal officials said the woman and others conspired to install "skimming" devices on automated teller machines and on card swipe-access devices used by banks to control access to ATM lobby doors. They also placed hidden cameras on the machines to record bank customers keying in personal identification numbers, and used the stolen data to create counterfeit bank cards that allowed them to withdraw funds from the customers' accounts. The group specifically targeted People's United Bank locations in Greenwich, Stamford, and Darien. The woman and her conspirators were arrested by the Connecticut Financial Crimes Task Force April 22, 2010, outside a Darien shopping center, where they allegedly were attempting to make withdrawals using bank account information they obtained from skimming operations set up throughout the region. At the time of their arrests, the women were carrying $2,000 in cash, handwritten notes with addresses of People's bank locations, ATM-skimming tools, and other items used in the scheme. The man believed to be at the center of the plot was indicted in March for his part in the scheme. He was charged with one count of conspiracy to commit bank fraud, four counts of bank fraud, and four counts of aggravated identity theft. Source: http://www.greenwichtime.com/policereports/article/3rd-woman-pleads-guilty-in-Greenwich-ATM-skimming-1797880.php

16. August 9, Inside Tucson Business – (Arizona) Real estate agent pleads guilty in mortgage fraud case. A Phoenix real estate agent pleaded guilty August 8 to charges he participated in a mortgage fraud scheme. The 36-year-old was accused of representing buyers who purchased multiple homes with loan applications containing false information, and concealing from the lenders “kick backs” to the buyers. He pleaded guilty to conspiracy to commit wire fraud. He has been connected to at least 44 home foreclosures that resulted in $2.5 million in losses to lending agencies. The case was based on an investigation by the Internal Revenue Service, Criminal Investigation Division, which found that from September 2005 to August 2006, the agent found sellers of distressed properties and offered more than the asking price. He obtained inflated appraisals to support the loan amounts, and recruited buyers he knew would not be qualified to purchase multiple homes. He facilitated the submission of loan applications containing false data. When the sales closed, the realtor instructed escrow officers to disburse monies back to the borrower. In many of the sales, he received both commissions and cash bonuses for the sales. Source: http://insidetucsonbusiness.com/news/real-estate-agent-pleads-guilty-in-mortgage-fraud-case/article_cf21bdee-c2d1-11e0-ad62-001cc4c002e0.html

For another story, see item 39 in the Communications Sector

Information Technology Sector

37. August 9, Help Net Security – (International) Microsoft releases 13 security bulletins, fixes 22 vulnerabilities. Microsoft released 13 security bulletins August 9, two rated Critical, nine Important, and two Moderate. These bulletins address 22 unique vulnerabilities in Internet Explorer, Microsoft .NET Framework, Microsoft Developer Tools, Microsoft Office, Microsoft Windows. The two critical updates: MS11-057 (Internet Explorer). This security update resolves five privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Microsoft is not aware of any attacks leveraging the vulnerabilities addressed in this bulletin. MS11-058 (DNS Server). This security update resolves two privately reported vulnerabilities in Windows DNS server. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a specially crafted Naming Authority Pointer (NAPTR) query to a DNS server. Servers that do not have the DNS role enabled are not at risk. Qualys CTO comments: "Top priority should be given to a 'critical' bulletin that affects Internet Explorer 6 through 9 on Windows 7, XP, Vista, 2003 and 2008. If left unpatched, attackers could use this vulnerability to remotely take control of victims' systems." Source: http://www.net-security.org/secworld.php?id=11418

For another story see item 39 below in the Communications Sector

Communications Sector

38. August 10, Fayetteville Observer – (North Carolina) Phone, Internet outage affects downtown Fayetteville. A severed cable knocked out CenturyLink services across Fayetteville, North Carolina, and beyond on August 8, and into August 9. Someone working on a railroad inadvertently hit a conduit and chopped off the service, according to a CenturyLink spokeswoman. It was not clear how many customers were affected, but not all places within that area were without services. Those affected started noticing problems shortly after 3 p.m. August 8. The outage closed the Wachovia bank on Green Street August 9. Phones were also out at the post office. All Cumberland County offices except the health department, social services, child support, and animal control were affected, according to a county spokeswoman. Nonemergency phones at the sheriff's office were down until about 7:30 p.m. August 8, but 911 lines remained in use, the county spokeswoman said. Source: http://fayobserver.com/articles/2011/08/09/1114311?sac=Bus

39. August 10, The Register – (International) Hackers crack crypto for GPRS mobile networks. A cryptographer devised a way to monitor cellphone conversations by exploiting security weaknesses in the technology that forms the backbone used by most mobile operators. The chief scientist of Berlin-based Security Research Labs said the attack works because virtually all of the world's cellular networks deploy insecure implementations of general packet radio service (GPRS). Some, such as those operated by Italy's Wind or Telecom Italia, use no encryption at all, while Germany's T-Mobile, O2 Germany, Vodafone, and E-Plus use crypto so weak it can easily be read by unauthorized parties. He plans to release software August 10 at the Chaos Communication Camp 2011 that allows hobbyist hackers to snoop on GPRS calls that use no encryption. He will also demonstrate ways to use cryptanalysis to decrypt GPRS traffic that's protected by weaker ciphers. He characterized most of the cryptographic protection offered by GPRS as “hopelessly out-dated.” What is more, virtually all of the world's networks that use GPRS use no encryption at all, or use weak encryption. That makes it possible to passively monitor calls with a modified phone or to crack the encrypted traffic they capture using a method they recently refined. The attacks to be demonstrated August 10 generally work by passively intercepting unencrypted traffic, by using a fake base station to force encrypted traffic to be downgraded into an unencrypted state, or to be cracked using rainbow tables. Mobile operators vulnerable to the GPRS attacks told The New York Times they planned to monitor the August 10 presentation. Source: http://www.theregister.co.uk/2011/08/10/gprs_cellphone_call_snooping/

40. August 9, FierceCable – (National) Verizon alleges network sabotage as strike turns ugly. As 45,000 Verizon employees remain on strike, the company reported that it has seen at least 12 acts of sabotage to communications facilities in four states, FierceCable reported August 9. Some of the damage to its network has resulted in outages for its FiOS TV, Internet, and phone services. Verizon said it has seen 10 incidents of fiber-optic lines being cut in the Bronx, Pomona, Farmingdale, and Guilderland in New York, in addition to incidents in Tewksbury, Massachusetts, Bel Air, Maryland, and East Dover, Oakland, and Plainfield, New Jersey. The company blamed one outage on electronic equipment that was stolen from a Cedar Grove, New Jersey facility, and it said the heating system at its central office in Manhattan was tampered with. Some violence has also been reported at the picket lines being organized by Verizon employee unions. Employees at a picket line in Amherst, New York, accused one replacement worker of driving his car through a picket line, resulting in injuries. Source: http://www.fiercecable.com/story/verizon-alleges-network-sabotage-strike-turns-ugly/2011-08-09

41. August 9, Christian Science Monitor – (National) American Muslim pleads guilty to using the Internet to solicit terrorism. A 22-year-old American Muslim from New Bethlehem, Pennsylvania, pleaded guilty August 9 to using an Internet Web site to urge Muslim radicals within the United States to engage in a wide range of terror attacks. He pleaded guilty in federal court in Pittsburgh to a single charge of solicitation to commit a crime of violence. The solicitations including urging like-minded individuals to sabotage train tracks; destroy phone lines, power lines, and cell phone towers; start forest fires; and engage in isolated attacks against Americans civilians, police, and military officials. The man was an active moderator on the English-language version of the militant Islamic Web discussion forum, Ansar al-Mujahideen Forum. The second count of his indictment charges that he posted and distributed on the Internet a 101-page explosives course written by a professor who was once al-Qa'ida’s top chemical and biological weapons expert. “[He] placed a number of postings … encouraging attacks within the United States,” the indictment said. ”He suggested the use of firearms, explosives, and propane tanks against targets such as police stations, post offices, synagogues, military facilities, train lines, bridges, cell phone towers, and water plants.” He suggested militant Muslims in the United States should attack civilian aircraft, banks, military installations, Jewish schools, and daycare centers, according to the indictment. After posting the “Explosives Course” online in late December 2010, agents with the FBI sought to question him. When two agents approached the man January 4, the encounter turned into a physical struggle. During a scuffle, he allegedly bit both agents, drawing blood, as he attempted to retrieve a loaded 9 mm handgun from his jacket pocket. He faces up to 10 years in prison, and a $125,000 fine. Source: http://www.csmonitor.com/USA/Justice/2011/0809/American-Muslim-pleads-guilty-to-using-the-Internet-to-solicit-terrorism

42. August 9, DavidsonNews.net – (North Carolina) Phone, internet restored after MI-Connection outage. Phone and internet service was disrupted for a few hours for some Davidson, North Carolina, customers of MI-Connection Communications System August 9. A spokesman said technicians were working on “two different fiber optic nodes in Davidson” that were experiencing electronic signal problems. It was not clear how many customers were affected. But one node typically serves several hundred customers. The outage began around 9:30 a.m. for customers near downtown. It was restored after midday. Source: http://davidsonnews.net/2011/08/09/phone-internet-out-for-some-mi-connection-users-in-davidson/

No comments: