Thursday, April 14, 2011

Complete DHS Daily Report for April 14, 2011

Daily Report

Top Stories

• The Wall Street Journal reports U.S. mine safety officials placed coal mines in Kentucky and West Virginia on notice they could be shut down for any future violation, using for the first time an enforcement tool on the books for more than 30 years. (See item 4)

4. April 12, Wall Street Journal – (Kentucky; West Virginia) Two mines get official safety warnings for explosive dangers. U.S. mine safety officials placed two coal mines in Kentucky and West Virginia on notice April 12 that they could be shut down for any future safety violations, using for the first time an enforcement tool that has been on the books for more than 30 years. The Mine Safety and Health Administration (MSHA) said Bledsoe Coal’s Abner Branch Rider Mine in Leslie County, Kentucky, and New West Virginia Mining’s Apache Mine in McDowell County, West Virginia, failed to correct safety problems after being targeted for stricter oversight late in 2010. Instead of lowering the rate of violations over the past few months, a spokesman said the two mines actually had a higher rate of violations for problems like accumulations of explosive coal dust. The mines were technically placed on “pattern of violation” status, meaning they had a history of persistent safety violations that the companies did not fix over the past several months. MSHA has not used the enforcement option since the Mine Act was enacted in 1977. Source:

• According to Talking Points Memo, a Chinese national was arrested April 12 in California on charges he created a fake army special forces unit complete with fake uniforms and ID cards, and convinced more than 100 other Chinese nationals to join up. (See item 29)

29. April 13, Talking Points Memo – (California; International) Chinese national charged with running scam U.S. Army unit. A Chinese national was arrested April 12 in California on charges he created a fake Army special forces unit and convinced more than 100 other Chinese nationals to join and pay him fees to participate, the Los Angeles County District Attorney’s (DA) office said. The 51-year-old suspect of El Monte, California, allegedly called himself the “Supreme Commander” of a phony military unit called the “U.S. Army/Military Special Forces Reserve.” According to the DA, he formed the unit in October 2008, and recruited other Chinese nationals by telling them joining was a path to U.S. citizenship. Members allegedly paid the man initiation fees ranging from $300 to $450, along with yearly $120 renewal fees. In return, the man provided recruits with fake U.S. Army uniforms, fake documents, and fake military ID cards. He also allegedly decorated his Temple City, California office to look like a U.S. military recruiting center, and ordered his recruits to report for military training and indoctrination. The DA’s office press release said the fake unit even marched in a parade in Monterey Park, and went in uniform for a tour of the USS Midway museum in San Diego. According to the Los Angeles Times, the suspect’s recruits were “typically” low-wage workers at Chinese restaurants, and while most were from the Los Angeles area, some lived as far away as Georgia. An FBI spokeswoman said investigations began 3 years ago, when police began to notice some people pulling out fake military identification during traffic stops. Source:


Banking and Finance Sector

10. April 13, Beaver County Times – (Pennsylvania) Cory man indicted in bank fraud. A Coraopolis, Pennsylvania man was indicted April 12 by a federal grand jury on charges of defrauding a former Pittsburgh, Pennsylvania savings and loan of $1 million, bringing the number of people charged in the multimillion-dollar scheme to four. The 24-year-old man faces 10 counts of bank fraud and one count of money laundering for supposedly making fraudulent electronic payments from his account with Dwelling House Savings and Loan in the city’s Hill District to a PayPal account in 2008, according to the office of the U.S. Attorney in charge of the case. The indictment could yield a maximum sentence of 310 years in prison and a $10.25 million fine, or both. Also indicted April 12 was a 55-year-old Pittsburgh resident, who faces bank fraud and conspiracy to commit money laundering charges. Prosecutors claim she stole at least $213,000. In January, a 42-year-old Coraopolis woman was charged with 21 counts for bilking Dwelling House out of $907,000. She faces up to 500 years in prison, a fine of $14.75 million or both. On April 6, another woman pleaded guilty to bank fraud and money laundering after she was charged in the scheme. Prosecutors allege the defendants made electronic transactions that exceeded their Dwelling House account balances to PayPal. In charging documents for the 24-year-old man indicted April 12, prosecutors said Dwelling House did not properly report electronic withdrawals and payments. The suspect made 53 transactions between January 9 and December 16, 2008, prosecutors allege. They also claimed he had unnamed “other persons” make similar transactions. The thefts led the Federal Deposit Insurance Corp. to close Dwelling House in August 2009. Source:

11. April 13, Associated Press – (New Jersey) Sparta man admits he ran $135M Ponzi scheme with his medical equipment company. A New Jersey man pleaded guilty April 13 to running a $135 million Ponzi scheme with his medical equipment company. The man faces a minimum of 16 years in prison when he is sentenced in July. The man was arrested last fall, and appeared in U.S. district court in Newark. In the 1970s, he founded and ran Allied Health Care Services, based in Orange, to provide medical equipment, such as ventilators, to patients. The company provided legitimate services but gradually turned toward fraud, a U.S. attorney said April 13. In court, the man admitted obtaining about $135 million in loans from about 50 banks between 2002 and 2010 that was to be used to buy medical equipment that would be leased to patients. Instead, he set up a separate corporation with a co-conspirator, who would write fake invoices to make it look as though medical equipment was being purchased and then leased, prosecutors said. When some of the banks wanted to check on the transactions, the man and the co-conspirator would block them by citing medical confidentiality laws, according to the U.S. attorney and the special agent in charge of the FBI’s Newark office. The co-conspirator has not yet been charged. Source:

12. April 12, Federal Bureau of Investigation – (Maryland) Pawn shop owner sentenced to prison in scheme to launder $20 million in proceeds of stolen merchandise. A U.S. district judge sentenced a 62-year-old Baltimore, Maryland man April 12 to 33 months in prison followed by 3 years of supervised release for conspiring to commit money laundering and attempting to evade taxes. According to his plea agreement, from 2007 to 2010, the man conspired with others to launder the proceeds of the sale of mass quantities of stolen over-the-counter medications, health and beauty aid products, gift cards, DVDs, tools, and other merchandise. Shoplifters, also known as “boosters,” stole products from Target, Safeway, Wal-Mart, Kohl’s and other retailers in Maryland and other states. Pawn shops bought large amounts of the stolen items.The man and others were owners of E-Z Money Pawn Shop and 2Brothers Liquidators, Inc., where they received stolen products. The stolen items were “cleaned,” meaning the security labels and retail tags were removed. Sometimes a heat gun and lighter fluid would be used to peel away the plastic security labels. In addition, the convict worked with co-defendants to purchase and transport stolen material. Some of the defendants also used on-line auctions sites, such as eBay and, to sell the stolen products far below normal retail value. The swiped items were then delivered to unsuspecting customers via U.S. mail. The defendants received payment by interstate wire transfers using PayPal accounts and through various financial institutions in Maryland. Although the entire conspiracy involved about $20 million in stolen merchandise, $2.5 million in stolen goods was reasonably foreseeable to the man, authorities said. Thirteen defendants have pleaded guilty to the money laundering conspiracy to date. Source:

13. April 12, New Jersey Attorney General Office – (National) Six men indicted in multi-million dollar mortgage fraud scheme. The New Jersey Attorney General and criminal justice director announced six men were indicted April 12 on charges they stole more than $2.6 million from lenders by filing fraudulent mortgage loan applications. All of the defendants are charged with conspiracy (2nd degree). Three of the men and the two companies listed in the indictment are each charged with seven counts of theft by deception (2nd degree) in connection with seven mortgage loans totaling $2,671,400 that were allegedly obtained by fraud. Another of the defendants is charged with two counts of theft by deception (2nd degree) related to two of the loans, and two others are each charged with one count of theft by deception (2nd degree). “We charge that these defendants stole more than $2.6 million from mortgage lenders by falsifying loan applications for unqualified home buyers,” the attorney general said. “The defendants collected exorbitant fees from the loan proceeds, while the home buyers were left to face foreclosure and ruined credit.” It is alleged the defendants falsified information about employment, earnings and bank account balances on loan applications so home buyers could obtain loans for which they were not qualified. They also allegedly falsified U.S. Department of Housing and Urban Development (HUD) settlement forms. Source:

Information Technology

38. April 13, Softpedia – (International) Microsoft employee accused of stealing funds. A former Microsoft director of business development was charged with wire fraud after allegedly abusing his position to steal over $515,000 from the software giant. The man was arrested April 12 and had criminal charges filed against him in Seattle, Washington. Microsoft sued its former employee for damages back in January. According to the lawsuit, the man worked as a director of business development for Microsoft’s Strategic Partnerships Team in the Online Audience Business Group. His job description involved negotiating contracts and approving payments to distribution partners, responsibilities which he exploited to defraud his employer. Source:

39. April 13, Softpedia – (International) Yahoo! allows users to monitor account login activity. Yahoo! has introduced a new feature that allows users to review their account’s log-in history for strange activity and signs of possible compromise. E-mail accounts are valuable for cyber criminals and can be compromised in a variety of ways, including via keyloggers or phishing. Since storage space is no longer a major issue, a lot of people fail to delete old e-mails. This is a security risk because those messages can contain passwords and sensitive information about other accounts. Besides the more traditional illegal activities such as spamming, compromised accounts can be used to send scam e-mails to the user’s own contacts, increasing the chances of finding someone willing to pay. The new feature is not limited to e-mail and covers all services provided under the same Yahoo! ID. The “Recent Login Activity” page lists logins by date, location, access client (browser, Y! Messenger), and the place of origin (Front Page, Mail, etc.). This information is used to establish a pattern, and if one login does not fit into it the entry is marked with an alert icon. The feature helps users take corrective action, such as changing their passwords, as quickly as possible in case of compromise. Source:

40. April 12, Computerworld – (International) Microsoft delivers monster security update for Windows, IE. Microsoft April 12 patched a record 64 vulnerabilities in Windows, Office, Internet Explorer (IE), and other software, including 30 bugs in the Windows kernel device driver and 1 in IE that was exploited at the Pwn2Own hacking contest in March. The company also delivered a long-discussed “backport” to Office 2003 and Office 2007 that brings one of the newer security features in Office 2010 to the older editions. The 17 updates tied a record set late in 2011, but beat the October 2010 mark for the total number of flaws they fixed. Altogether, updates released April 12 patched 64 vulnerabilities, 15 more than in October and 24 more than in the former second-place collection of December 2010. Nine of the 17 bulletins were pegged “critical,” Microsoft’s highest threat ranking, while the remainder were marked “important,” the next-most-serious label. Microsoft and virtually every security expert pegged several updates that users should download and install immediately. “There are three we think are top priorities,” said the group manager with the Microsoft Security Response Center. He selected MS11-018, MS11-019, and MS11-020 as the most important updates. Source:

41. April 12, CNET News – (International) Avast update blocks legitimate Web sites. An update released April 11 to Avast’s antivirus product contained a bug that flags legitimate Web sites as malware infected. In a blog post late April 11, Avast acknowledged the false positive glitch in an update known as 110411-1, which was automatically released to Avast AV users earlier that day. The error has specifically affected versions 4.x, 5.x, and 6.x of Avast’s antivirus software. In an e-mail to CNET, an Avast spokesman said April 12 the update was downloaded by around 5 million users, mostly in the Western Hemisphere due to the time it was launched. Avast sensors discovered the problem just a few minutes after the buggy update was released, and Avast workers managed to create and release a fix (110411-2) within 45 minutes, according to the company. The Avast spokesman said the problem was caused by a bug in the company’s URL normalizer library, which is used to modify a Web site’s address into a standard format. He said that for most users, the faulty update solely blocked access to certain sites. But if someone ran the software’s on-demand scan of the hard drive, then any HTML files stored locally could have been quarantined. Source:

42. April 11, Softpedia – (International) Security vulnerability allegedly discovered in Dropbox client. A security researcher claims Dropbox is vulnerable to a design flaw that makes it easy for attackers to copy data from people’s accounts if they obtain access to a particular file. According to the security expert, after adding a computer to the sync chain, the Windows Dropbox client generates an unique host_id token and stores it in the %APPDATA%\Dropbox\config.db file. This host_id is used to authenticate the computer with the service and, apparently, it can be easily transferred to another system and used to download a copy of the data on it. The problem is Dropbox does not perform any additional checks to determine if the host_id is actually located on the computer it was generated on. The security expert explained a Trojan can be configured to extract the host_id from config.db and send it to hackers for accessing the victim’s data. The only way to revoke a host_id is to unlink the corresponding computer from the account. Source:

43. April 11, CNET News – (International) Facebook fixes bug affecting Hotmail users. Facebook has fixed a bug in the site’s password reset feature that could have been exploited to expose passwords of a small number of users who also use Hotmail. “We can access password of any facebook user who uses hotmail email address as their facebook account,” a Turkish security researcher wrote in an e-mail to CNET the weekend of April 9 and 10. “If you have any hotmail account and if it is used as facebook account, we can change and send you your new password:).” A Facebook spokesman released a statement April 11 confirming the bug and saying it had been fixed. “We were notified of this vulnerability by a Turkish security researcher via our white hat queue, and we worked to quickly resolve the problem,” the statement said. Source:

Communications Sector

44. April 13, Visalia Times-Delta – (California) Radio station KZPO returns to airwaves after storms knock out signal. A Tulare County, California radio station returned to the airwaves the week of April 11 after mountain snowstorms 3 weeks ago knocked out the signal. KZPO, known as Kings Radio at 103.3 FM, was knocked off the air when snowstorms damaged equipment at the station’s Blue Ridge mountain transmitter site above Springville, a sales representative said. The site is at a 6,000-foot elevation. “Our engineers have repaired enough of the ice-damaged antenna and the studio-to-transmitter link to provide three-fourths of the usual operating volume,” the representative said. Full volume will be restored in the days ahead, he said. The signal was lost March 20 and was restored April 10. Source: