Tuesday, April 5, 2011

Complete DHS Daily Report for April 5, 2011

Daily Report

Top Stories

Associated Press reports April 4 inspectors found small, subsurface cracks in three Southwest Airlines planes that are similar to those suspected of causing a jetliner to lose pressure and make an emergency landing in Arizona. (See item 20)

20. April 4, Associated Press – (National) NTSB: Cracks similar to those found in damaged Southwest Airlines jet found in 3 other planes. Inspectors have found small, subsurface cracks in three more Southwest Airlines planes that are similar to those suspected of causing a jetliner to lose pressure and make a harrowing emergency landing in Arizona, a federal investigator said April 3. Southwest said in statement that two of its Boeing 737-300s had cracks and will be evaluated and repaired before they are returned to service. A National Transportation Safety Board (NTSB) member said April 3 that a third plane had been found with cracks developing. Checks on nearly 60 other jets are expected to be completed by April 5, the airline said. That means flight cancellations will likely continue until the planes are back in the air. About 600 flights in all were canceled over the weekend after Southwest grounded 79 of its planes. Nineteen other Boeing 737-300 planes inspected using a special test developed by the manufacturer showed no problems and will be returned to service. April 1’s flight carrying 118 people rapidly lost cabin pressure after the plane’s fuselage ruptured causing a 5-foot-long tear — just after takeoff from Phoenix. Oxygen masks were deployed and the pilots made a controlled descent from 34,400 feet into a southwestern Arizona military base. No one was seriously injured. The tear along a riveted ―lap joint‖ near the roof of the Boeing 737 above the midsection shows evidence of extensive cracking that had not been discovered during routine maintenance before the flight and probably would not have been unless mechanics specifically looked for it — officials said. An examination showed extensive pre-existing damage along the entire tear. The NTSB has not determined that the cracks caused the rupture, but it is focused on that area. Further inspection found more cracks in areas that had not torn open. Source: http://www.washingtonpost.com/business/ntsb-cracks-similar-to-those-found-in-damaged-southwest-airlines-jet-found-in-3-other-planes/2011/04/03/AFTBMRTC_story.html?hpid=z3

KPHO 5 Phoenix reports a city of Mesa Water Resources employee was charged with terrorism and making terrorist threats after he turned off numerous waste water treatment operating systems April 1 at a facility in Gilbert, Arizona. (See item 30)

30. April 4, KPHO 5 Phoenix – (Arizona) Waste water worker charged with terrorism. A city of Mesa Water Resources employee was charged with terrorism and making terrorist threats after he turned off numerous waste water treatment operating systems at a facility in Gilbert, Arizona, in the early hours of April 1, police said. The Greenfield Water Reclamation Plant near Greenfield and Queen Creek Roads is a massive facility. Fourteen buildings on the campus transform sewage from Gilbert, Mesa, and Queen Creek into water suitable for irrigation. Authorities said the 43-year-old employee was the sole treatment plant operator working the midnight shift. Armed with a handgun, he walked through the facility alone, methodically turning off major operating systems at the plant. He is certified through the Arizona Department of Environmental Quality as a waste water treatment operator. Left untreated, the sewage in the system would cause a buildup of methane gas, which could cause a huge explosion. City workers were emphatic that the public not be alarmed. They said nobody was harmed, and the safety mechanisms in the plant worked as expected. For an unknown reason, the suspect called 911 about 2:40 a.m. almost 3 hours after they say he had begun to sabotage the utility. SWAT officers negotiated with him for 2 hours before arrested him. Police said he had a gun on him when they took him into custody. During the 2-hour standoff, SWAT officers escorted waste water employees through the campus, restarting the major systems. The suspect had worked for Mesa’s water resources department since 2007. Police have not released a possible motive. Source: http://www.kpho.com/valleynews/27403898/detail.html


Banking and Finance Sector

13. April 2, Associated Press – (National) Montana man convicted in investment fraud scheme by Nevada jury. A Montana man accused of duping over 1,700 people to give him millions of dollars to invest and trade in the high-risk foreign currency exchange market but instead pocketing the money himself has been convicted by a federal jury in Reno, Nevada. The man was convicted March 30 of one count of conspiracy to commit mail and wire fraud, two counts of wire fraud, three counts of money laundering and one count of securities fraud. In a separate trial March 31, the jury found the 51-year-old man must forfeit a bank account containing about $500,000, a towing company, and four houses in Lewistown. His co-defendant pleaded guilty to conspiracy to commit wire fraud in February, and is scheduled to be sentenced June 6 in Reno. Source: http://www.greenfieldreporter.com/view/story/f5a3434b710942d8887203dff860a0ab/NV--Investment-Fraud-Conviction/

14. April 1, Marketwire – (National) Identity theft criminals may target U.S. children more than adults, new report suggests. AllClear ID announced April 1 the release of the first large child identity theft report ever published; based on identity protection scans of more than 42,000 U.S. children, it suggests a previously unrecognized demographic for what the FBI has named the fastest growing crime in the United States. Authored by a distinguished fellow at Carnegie Mellon CyLab, the report revealed that 10.2 percent of the child identities scanned (4,311 victims) had someone else using their Social Security number — 51 times more frequently than the 0.2 percent rate for adults in the same population. The report shows stolen Social Security numbers for children as young as 5 months old are being used to secure employment, open credit card and bank accounts, purchase homes and automobiles, and obtain driver’s licenses. As a result of this new cyber epidemic, children are discovering their credit and credibility are destroyed just as they enter adulthood. As a consequence, they are being denied internships, student loans, and apartments due to attacks on their identity that occurred years earlier. Experts predict the damage to children will get even worse with health-care identity theft on the rise. The report offers an analysis of over 42,000 identity protection scans performed on U.S. children (age 18 and under) during 2009-2010. The research was conducted using a patented technology called AllClear ID. Source: http://uspolitics.einnews.com/pr-news/368686-identity-theft-criminals-may-target-u-s-children-more-than-adults-new-report-suggests-

15. April 1, Sacramento Business Journal – (California) Elk Grove man convicted in $8M mortgage fraud scam. A federal jury convicted an Elk Grove, California man of bank fraud in an $8 million mortgage fraud scheme, which also involved three other local men who all pleaded guilty, Sacramento Business Journal reported April 1. The man engaged in a mortgage fraud scheme that involved at least 19 homes, according to a U.S. attorney. Three co-defendants from Sacramento already had pleaded guilty to related charges in the investigation. The case was investigated by the Internal Revenue Service Criminal Investigation unit, agents of the Federal Bureau of Investigation, and the California Department of Real Estate. Source: http://www.bizjournals.com/sacramento/news/2011/04/01/elk-grove-man-convicted-mortgage-scam.html

16. April 1, U.S. Department of Justice – (Texas) Federal grand jury indicts five defendants in mortgage fraud scheme. A 29-count indictment, returned the week of March 20 by a federal grand jury in Dallas, Texas, and unsealed the week of March 27, charged five individuals with various felony offenses related to a mortgage fraud scheme they ran for nearly 3 years in the Dallas-Fort Worth area, a U.S. attorney of the Northern District of Texas said. The indictment alleges that the defendants operated a mortgage fraud conspiracy from December 2004 until at least October 2007 to defraud and obtain money from lending institutions by, among other things, using straw buyers to purchase homes by submitting false and fraudulent documents and statements to lenders. In total, the indictment alleges that the defendants obtained nearly $22 million in fraudulently obtained loan proceeds. In addition, all of the defendants are charged with multiple substantive counts of wire fraud. The indictment alleges that the defendants profited from loans to purchase residences in the Dallas area; fraudulently obtained mortgages in others’ names; fraudulently obtained mortgages for more than the sales price; fraudulently found individuals with sufficient credit to qualify for the loans; fraudulently made each borrower appear to be a qualified, bona fide purchaser who intended to reside in the property, when the borrower had no intention of doing so; fraudulently created surplus loan proceeds by creating bogus invoices for repairs/upgrades which were never done; fraudulently allowed the residences to go into foreclosure after no, or just a few, payments were made on the loan; and fraudulently shared in the surplus loan proceeds. Source: http://www.ntxe-news.com/artman/publish/article_68741.shtml

17. April 1, Tampa Tribune – (Florida) Ex-partner in Pasco investment firm faces fraud charges. Federal authorities have charged a second man associated with Botfly, a Bayonet Point, Florida-based company that investigators have called a high-dollar Ponzi scheme. The man was arrested March 31 on three counts of bankruptcy fraud. Each count carries up to 20 years in federal prison. The man is accused of lying under oath during his 2009 Chapter 7 bankruptcy proceeding. Authorities said he failed to disclose his involvement in Botfly and the income he received from the company. Authorities said the man lied when he said his work with his self-named shell company ended in 2006. In fact, he and his corporation received $1.5 million from Botfly between 2008 and 2010, with the money coming from foreign exchange investments Hammill made and from clerical work he did for Botfly, investigators said. Investigators said Botfly took in more than $30 million in investments between 2006 and 2010 but invested only a small portion in foreign currency trading. Most of the money went to pay existing investors. Source: http://www2.tbo.com/content/2011/mar/31/011052/ex-partner-in-pasco-investment-firm-faces-fraud-ch/news-breaking/

18. April 1, WCVB 5 Boston – (Massachusetts) Police: bank robber arrested breaking into house. A man suspected in an April 1 bank heist in Watertown, Massachusetts, was arrested trying to break into a house in Boston, police said. The bank robbery happened at the Belmont Savings Bank at 53 Mount Auburn St. A man entered the bank, demanded cash and told employees he had a bomb inside a box, which he left at the bank, police said. The Massachusetts State Police Bomb Squad later determined that the box was empty and harmless, police said. Six to 10 nearby businesses were evacuated after the robbery, and trolley service along Mount Auburn Street was suspended for a time. The man fled on foot with an undetermined amount of money, police said. A short time later, police arrested a man trying to break into a home on Parker Street. After his arrest, police said they found a large amount of cash and a deposit slip from Belmont Savings Bank in Watertown. No injuries were reported in either incident. Source: http://www.thebostonchannel.com/r/27397870/detail.html

For another story see item 41 below

Information Technology

41. April 4, Reuters – (International) More customers exposed as big data breach grows. The names and e-mails of customers of Citigroup Inc and other large U.S. companies, as well as College Board students, were exposed in a massive and growing data breach after a computer hacker penetrated online marketer Epsilon. In what could be one of the biggest such breaches in U.S. history, a diverse number of of companies that did business with Epsilon stepped forward over the weekend of April 3 to warn customers some of their electronic information could have been exposed. Drugstore Walgreen, Video recorder TiVo Inc, credit card lender Capital One Financial Corp, and teleshopping company HSN Inc all added their names to a list of targets that also includes some of the nation’s largest banks. The names and electronic contacts of some students affiliated with the U.S.-based College Board — which represents some 5,900 colleges, universities and schools — were also potentially compromised. No personal financial information such as credit cards or social security numbers appeared to be exposed, according to the company statements and e-mails to customers. Epsilon, an online marketing unit of Alliance Data Systems Corp, said April 1 that a person outside the company hacked into some of its clients’ customer files. The vendor sends more than 40 billion e-mail ads and offers annually, usually to people who register for a company’s Web site or who give their e-mail addresses while shopping. Law enforcement authorities are investigating the breach, though it was unclear April 3 how many customers or students had been exposed. Epsilon is also looking into what went wrong. Source: http://www.foxbusiness.com/technology/2011/04/04/customers-exposed-big-data-breach-grows/?test=latestnews

42. April 4, The Register – (International) Photoshopped image scam used in rogue Facebook app trap. Facebook users were put under fire April 4 by a brace of new threats, one of which spreads through a link disseminated through the Facebook Chat application. An estimated 600,000 people have already clicked onto the link, which falsely promises to show them a funny Photoshopped image of themselves. In reality, users install a rogue application which sends messages to their contacts via the social network’s instant messaging feature, thus continuing the infection cycle. Users are taken to a fixed gallery of 45 photoshopped images, none of which feature the person who followed the link. M86 Security reports that the scam, whose purpose is unknown, is spreading quickly, attracting new victims at the rate of around 90,000 clicks per hour. Presently, no malware is being spread through the ruse. Source: http://www.theregister.co.uk/2011/04/04/photoshop_image_facebook_scam/

43. April 3, Computerworld – (International) RSA hackers exploited Flash zero-day bug. March’s hack of RSA Security began with an exploit of a then-unpatched vulnerability in Adobe Flash Player, the company confirmed April 1. Attackers gained access to the RSA network by sending two small groups of RSA employees e-mails with attached Excel spreadsheets, according to RSA, which is the security division of EMC. One of those employees opened the attachment, which was titled ―2011 Recruitment plan.xls.‖ The spreadsheet contained an embedded Flash file that exploited a zero-day vulnerability — a bug then unknown to Adobe, and thus unpatched — that allowed hackers to commandeer the employee’s PC. From there, the attackers installed a customized variant of the Poison Ivy remote administration tool (RAT) on the compromised computer. Using the RAT, hackers harvested users’ credentials to access other machines within the RSA network, searched for and copied sensitive information, and then transferred the data to external servers they controlled. Although RSA has not detailed what was stolen, it has admitted that information related to the company’s SecurID two-factor authentication products was part of the hacker’s haul. The description of the Flash attack vector helps explain the reaction of Adobe and others to the flaw, and it shows that RSA was hacked at least several days before the company reported the incident publicly. RSA first reported the attack and the data theft March 17. Three days before that, however, Adobe issued a security advisory acknowledging that attackers were exploiting an unpatched bug in Flash Player using tricked-out Excel documents. Source: http://www.computerworld.com/s/article/9215444/RSA_hackers_exploited_Flash_zero_day_bug

44. April 2, Softpedia – (International) ZeuS source code availability worries researchers. Security researchers worry that ZeuS source code, which is already available for sale on the underground market, could become widely available for anyone to use. In 2010, Slavik, the author of ZeuS left the trojan’s code base to the creator of the competing SpyEye crimeware, Gribodemon. His intention was for his rival to offer support to existent ZeuS customers and combine the two threats into one super trojan that had the best features of both. However, sometime afterwards someone put the ZeuS source code up for sale, making it clear that there is more than one copy of it. According to researchers from antivirus vendor Trend Micro, Gribodemon posted a message claiming that Slavik also sold the source code to someone else for $15,000. It is possible the person is now trying to resell it to others for a profit. ―We are predicting that soon the source code will be in the hands of anyone that wants it,‖ the Trend experts say. ―This could be potentially dangerous, but only if it gets into the hands of people who really know how to use it,‖ they add. Apparently the ZeuS code is filled with macros that link different parts together. Pulling out individual components for reuse in another malware is not something that just any programmer can accomplish. Source: http://news.softpedia.com/news/ZeuS-Source-Code-Availability-Worries-Researchers-192775.shtml

45. April 1, Softpedia – (International) Localized Facebook scams on the rise. Security researchers warned that localized Facebook scams are becoming increasingly common as spammers attempt to reach as many users as possible. A researcher from Kaspersky Labs described a recent German scam that lured users with a video of a roller coaster accident at one of Germany’s largest amusement parks. The link takes users to a page claiming to have more than 425,000 fans. The page has a button to access the video, which when clicked, prompts users to give a rogue app access to their profile. Users who do so will begin relaying spam messages from their profiles without their knowledge. They will then be asked to take a survey. These surveys earn scammers money through affiliate marketing programs. Many companies who pay commission for this traffic are scammed too, because they do not know it is being generated artificially. There are several reasons why spammers are moving towards localized scams. One of them is an unexploited market segment. Another reason might be that since they have not been targeted so much, non-English spreakers are unaware of these scams and are easy prey. Finally, it might also be that scam detection algorithms used by Facebook’s automated systems do not work as well for foreign languages as they do for English. Source: http://news.softpedia.com/news/Localized-Facebook-Scams-on-the-Rise-192533.shtml

46. April 1, Softpedia – (International) DNSSEC deployed on .com TLD. The security of the overall Internet infrastructure has passed a major milestone March 31, when the root zone for the .com top-level domain (TLD) was signed for Domain Name Systems Security Extensions (DNSSEC), a more secure version of the Domain Name System (DNS). The race to implement DNSSEC began in 2008 after a security researcher disclosed a wide-impact attack method known as DNS cache poisoning. The DNS is a critical part of the Internet and is responsible for converting host names into IP addresses and vice versa. The researcher’s attack was able to trick DNS servers into believing that particular hosts corresponded to IP addresses under the attacker’s control, therefore potentially directing large numbers of users to rogue Web sites. DNS vendors responded to the attack with various patches, but DNSSEC is seen as a long term solution to the problem, because it uses public-key cryptography to sign records and validate responses. DNSSEC deployment is not easy and must be done in stages. First, the Internet’s DNS root zone, which is kept in sync over 13 servers around the world needed to be signed. Then the root zone for each TLD had to be signed individually. As of now, more than 50 TLDs are ready for DNSSEC, including .gov, .org, .net and .edu. However, the signing of the most popular general-purpose TLD, the .com, by VeriSign is probably the most important milestone in DNSSEC deployment. Source: http://news.softpedia.com/news/DNSSEC-Deployed-on-com-TLD-192773.shtml

Communications Sector

47. April 4, Nextgov – (National) Rep. Giffords inspires mobile communications legislation. ABC News reports that a U.S. Representative from Texas introduced legislation March 31 to improve cellular service near the U.S.-Mexico border at the request of an Arizona Representative. The Arizona Representative was preparing to introduce the legislation at the start of the 112th Congress before she was shot January 8 in Tucson, Arizona. The legislation, called the ―Southern Borderlands Public Safety Communications Act,‖ would authorize grant funding through the Department of Homeland Security for public-private partnerships to better develop mobile communications near the border. The Texas Representative told ABC News that the senator was inspired to introduce the legislation after one of her constituents was murdered by Mexican drug smugglers who came onto his property after he was unable to get cell phone service and call 911. The President has also sought to improve mobile communications by calling for a National Wireless Initiative that aims to provide 98 percent of Americans with access to high-speed internet. Source: http://www.nextgov.com/nextgov/ng_20110401_2411.php?oref=topnews