Tuesday, April 19, 2011

Complete DHS Daily Report for April 19, 2011

Daily Report

Top Stories

· Reuters reports that three days of violent storms and tornadoes across the southern United States killed at least 45 people, wrecked hundreds of buildings, and downed power lines leaving thousands without electricity, officials said April 17. (See item 5)

5. April 17, Reuters; ABC News; Associated Press – (National) Tornadoes pummel southern U.S. Three days of violent storms and tornadoes across the southern United States killed at least 45 people, wrecked hundreds of buildings, and downed power lines, officials said April 17. North Carolina accounted for the bulk of casualties and property losses, with 22 people killed and more than 80 others injured in a string of tornadoes that ripped through the state April 16. Houses were flattened, cars and trucks tossed like matchsticks, and planes blown off the tarmac at a local airport. Uprooted trees, poles, and debris snapped power lines, cutting electricity to more than 200,000 people in North Carolina. ―We have 23 counties that are have lots of tremendous property damage, schools lost, and infrastructure damage,‖ said a spokeswoman. In Raleigh, apartment buildings had entire roofs torn off while three family members died in a mobile home park, according to a Wake County spokeswoman. Forty miles south of Raleigh in the town of Sanford, half of a Lowe‘s home improvement store was pulverized by the storm. The governor said the U.S. President had pledged ―whatever it takes to rebuild North Carolina.‖ Tornadoes moved through 13 other states, including Virginia, where officials reported four deaths and unconfirmed reports of three more. Virginia emergency officials said that 177 structures were damaged by the severe weather. The storm snapped hundreds of power poles and 30 transmission structures were damaged in North Carolina, a Dominion Virginia Power company spokesman said. Source: http://www.publicbroadcasting.net/kera/news.newsmain/article/0/0/1790417/US/Tornadoes.pummel.Southern.U.S...43.dead

· CNN Money reports the founders of PokerStars, Full Tilt Poker, and Absolute Poker, the three largest Internet poker companies, were indicted for bank fraud and money laundering, federal law enforcement officials said April 15. (See item 17 below in the Banking and Finance Sector


Banking and Finance Sector

15. April 16, KUSA 9 Denver – (California) Former IRS agent arrested for stealing from tax customers. IRS agents in southern California on April 15 arrested a former IRS agent who now makes a living preparing people‘s taxes. Authorities accuse him of skimming millions of dollars from his customers. According to a federal indictment, the man stole more than $11 million that his clients owed to the IRS. Prosecutors say he did it by persuading customers to write a check to him for what they owed the government. Then, they said he would file a false return claiming little or nothing owed and pocket the money. In addition to the multi-million-dollar home, the indictment lists an airplane, boat, motorhome, trips to the Super Bowl, and other expenditures. If convicted, the man could face several years in prison and millions of dollars in fines. Source: http://www.9news.com/news/world/193846/347/Former-IRS-agent-arrested-for-stealing-from-tax-customers-?odyssey=mod|newswell|text|FRONTPAGE|p

16. April 16, Federal Bureau of Investigation – (Florida; Maryland; Georgia) Florida man and Maryland banker indicted for fraud scheme. A United States attorney announced the unsealing of a six-count indictment charging a 37-year-old Tampa, Florida man and a 35-year-old Maryland man with wire fraud and conspiracy to commit mail and wire fraud April 16. Each count carries a maximum penalty of 20 years in federal prison. According to the indictment, the 37-year-old former chief executive officer of Xchangeagent Inc. recruited the 35-year-old loan officer at Wachovia Bank in Langley Park, Maryland, to aid in a scheme to defraud a Georgia bank by obtaining a short-term business loan. The loan was fraudulently secured by non-existent collateral. The men produced fraudulent bank statements and supporting documents to convince bank officials that the former CEO had $21,361,676.82 on deposit at Wachovia Bank, when in fact no such funds existed. The scheme resulted in a $2,999,995.00 loss to Park Avenue Bank in Valdosta, Georgia. The case was investigated by the United States Postal Inspection Service and the Federal Bureau of Investigation. Source: http://7thspace.com/headlines/379362/florida_man_and_maryland_banker_indicted_for_fraud_scheme_.html

17. April 15, CNN Money – (International) Online poker companies indicted for fraud. The founders of the three largest Internet poker companies have been indicted for bank fraud and money laundering, federal law enforcement officials said April 15. The United States Attorney in New York unsealed the indictment against eleven people, including the founders of PokerStars, Full Tilt Poker, and Absolute Poker. In addition to charges of bank fraud and money laundering, the companies are accused of illegal gambling offenses. The 52-page indictment alleges that the companies, based offshore, used ―fraudulent methods‖ to get around U.S. anti-gambling laws and ―to receive billions of dollars from U.S. residents who gambled through the Poker Companies.‖ The authorities also issued restraining orders against more than 75 bank accounts, and seized five Internet domain names used by the companies to host their illegal poker games. The companies allegedly arranged for the money from U.S. gamblers to be disguised as payments to hundreds of non-existent online merchants for the purchase of items, such as jewelry and golf balls, according to the indictment. Prosecutors also filed civil charges against the poker companies and several individual ―payment processors,‖ seeking at least $3 billion in penalties. Prosecutors also alleged that a part owner of SunFirst Bank in Utah agreed to process Internet gambling transactions in exchange for a $10 million investment in his bank by one of the other defendants. Prosecutors said they are working with Interpol and foreign agencies to secure the arrest of the remaining defendants, who are not presently in the United States. Source: http://money.cnn.com/2011/04/15/news/economy/online_poker_indictments/?section=money_latest

18. April 15, Reuters – (National) U.S. home credit saw about $500 million in tax fraud: IG. U.S. tax authorities failed to detect half a billion dollars in likely tax fraud by individuals applying for first-time homebuyer credits, a government auditor said April 15. Taxpayers got potentially erroneous refunds worth some $513 million from the credits, the Treasury Inspector General for Tax Administration said in a report. The politically popular program gave qualified buyers in 2008 through 2010 a tax credit of up to $8,000. Lawmakers passed four versions of the credits, in part to jump-start the stalling economy during the 2007-2009 financial meltdown. Nearly 3.9 million taxpayers have received $27 billion dollars from the credit through the end of 2010, according to the IRS. The inspector general wants the IRS to demand more documentation from those applying for such credits in the future and legislation to give the IRS more authority to require the proper paperwork, among other fixes. The IRS, in its response, noted that refundable credits in particular are subject to cheating, and said the credit was the biggest refundable credit program at the time. Source: http://www.reuters.com/article/2011/04/15/us-usa-taxes-homebuyer-idUSTRE73E7WF20110415

19. April 15, Associated Press – (Minnesota; California) Minnesota man charged in $20 million investment scams. A Minnesota man with a prior fraud conviction was indicted for running four investment scams that bilked investors out of more than $20 million. The indictment unsealed April 14 alleged that the 62-year-old man lured investors into ventures that were never finished, including Internet terminals at airports, golf courses, a golf club resort in Desert Hot Springs, California, and a NASCAR-type race track in Elko, Minnesota. Prosecutors said he convinced his victims to invest by lying — telling them their money would go to a specific project, saying each project was moving toward completion, and that he had celebrity endorsements. He also declined to tell investors that he had been convicted of fraud in 1993. He allegedly spent more than $6 million of investors‘ money to support his lavish lifestyle. He was charged with 30 counts including mail fraud, wire fraud, and money laundering. Source: http://www.grandforksherald.com/event/article/id/200348/group/homepage/

20. April 15, Wall Street Journal – (International) FinCEN warns financial institutions on transactions from separatist Moldovan region. The U.S. Department of Treasury‘s agency tasked with policing money laundering issued an advisory April 15 warning banks and other financial institutions about transactions coming from the region of Transnistria in Moldova. Transnistria operates as a separatist, unrecognized area of the Eastern European country, and the Financial Crimes Enforcement Network, or FinCEN, said the area ―may still present a vulnerability‖ to U.S. financial institutions offering services or maintaining correspondent banking relationships there. The Federal Deposit Insurance Corp. issued a warning in August 2009 concerning entities doing banking activity unauthorized by the National Bank of Moldova. ―Currently, the anti-money laundering laws of Moldova are not being enforced against banks operating within Transnistria because financial institutions within this specific region are not under the supervision of the Moldovan government,‖ FinCEN said in the advisory. Despite previous warnings by the Moldovan central bank, ―large wire transfers are still being routed out of the Transnistria region and into financial institutions in other jurisdictions,‖ FinCEN said. The National Bank of Moldova provided a list of entities it said were operating as unauthorized financial institutions in Transnistria. Source: http://blogs.wsj.com/corruption-currents/2011/04/15/fincen-warns-financial-institutions-on-transactions-from-separatist-moldovan-region/?mod=google_news_blog

Information Technology

46. April 18, Help Net Security – (International) Security fears still an obstacle to cloud adoption. Sixty-two percent of IT managers state concerns about security as an obstacle to cloud adoption, according to Kaspersky Lab. The research found that among the IT managers and directors surveyed, 41 percent of the businesses are planning to move or have moved their IT operations to the cloud. In addition to security fears, data protection (60 percent) and a perceived lack of regulation (26 percent) were stated as an obstacle to cloud adoption. As a result, almost one in five (18 percent) IT managers said their businesses had considered but rejected the idea of moving any aspect of their IT to the cloud, and almost a quarter (24 percent) had not even considered the cloud as an option. Source: http://www.net-security.org/secworld.php?id=10909

47. April 18, Softpedia – (International) European Space Agency Web site hacked. The Web site of the European Space Agency (ESA) has been hacked into and a list of FTP accounts, as well as email addresses and passwords for administrators and editors have been leaked. The www(dot)esa(dot)int Web server was compromised by a well-known Romanian grey hat hacker who uses the online moniker of TinKode. The hacker posted details of the compromise on his blog in full disclosure style. However, the method he used was not revealed. The published data includes FTP accounts for a range of ESA subsites with passwords in clear text. A list of database users with hashed passwords was also disclosed, together with the SHA1-hashed server root password. The site administrator and editor credentials were exposed in plain text, as well as email addresses and passwords corresponding to Web site user accounts. The passwords are in readable form, but TinKode took the measure of partially hiding them before publishing. There is also a list of associated proxy user names and passwords. At the time of writing this article the www(dot)esa(dot)int Web site remains on line so it is not clear if the agency was alerted of the compromise in advance or not. TinKode is known for exposing vulnerabilities in high profile Web sites, the latest of which was an SQL injection in MySQL.com. Softpedia has learned April 18 that the hack was intended to mark the anniversary of the Apollo 13 crew‘s safe return to Earth on April 17, 1970, after failing to land on the Moon. The hacker leaked 13 FTP accounts, matching the mission‘s number. Source: http://news.softpedia.com/news/European-Space-Agency-Website-Hacked-195487.shtml

48. April 16, eWeek.com – (International) Adobe swiftly patches critical zero-day Flash bug. Adobe moved swiftly to patch the critical zero-day vulnerability in Flash Player with an emergency update 5 days after it warned users of malicious Word docs exploiting the flaw. The new version with the fixed bug, Flash Player, was released for Windows, Mac OS X, Linux, and Solaris April 15. Adobe acknowledged the latest security flaw in Flash Player April 11 (security advisory CVE-2011-0611). Until the flaw was fixed, users were encouraged to disable Flash entirely. Google rolled out the patch a day earlier for its Google Chrome browser through the Web browser‘s auto-update mechanism. Adobe and Google have a code-sharing partnership, where the Chrome team receives updated builds of Flash Player for integration and testing as soon as they are available. Adobe also issued a patch for Adobe AIR for Windows, Mac OS X, and Linux. Android users will have to wait until the week of April 25, Adobe said. The patches for Adobe Reader X for Macs and all Adobe Reader 9 versions and Acrobat X are expected the same week. The Flash vulnerability exists in Reader and Acrobat because both programs can execute Flash content embedded in PDF files. Although the initial advisory warned that attackers were using malicious Word documents, malformed Excel files were later detected exploiting the latest flaw, according to the independent security researcher who reported the bug. Source: http://www.eweek.com/c/a/Security/Adobe-Swiftly-Patches-Critical-ZeroDay-Flash-Bug-870297/

49. April 14, Softpedia – (International) Malware installs rogue apps on compromised Facebook accounts. A new piece of malware being distributed by Sality uses stolen Facebook credentials to surreptitiously install rogue apps under the corresponding profiles. Sality is the world‘s top file infecting malware and dates back to 2003. The threat has evolved over the years and was fitted with P2P, self-propagation, and malware distribution functionality. According to security researchers from Symantec, at the beginning of 2011, Sality operators pushed a malicious component through its P2P network that acted as a keylogger and recorded Facebook, Blogger, and MySpace login credentials. The trojan sent the stolen credentials to a command and control (C&C) server, but also stored them locally in an encrypted file to the surprise of security researchers. That was until a new piece of malware recently distributed by Sality began making use of the login details in those encrypted files. It donwloads Internet Explorer automation scripts from a C&C server and uses the stolen credentials to login on the corresponding websites and perform predefined actions. As far as Facebook is concerned, the trojan received instructions to install a rogue application under hijacked accounts. The app, called ―VIP Slots,‖ only asked for access to basic account information. Since it does not have permission to post on the victim‘s wall, the app cannot be used for spamming purposes, but that could change in the future. Other instructions executed by this component involved opening google.com and searching for a predefined set of keywords. The purpose for this is not immediately clear. Source: http://news.softpedia.com/news/New-Malware-Forces-Users-to-Install-Rogue-Facebook-Apps-194988.shtml

50. April 13, Darkreading – (International) Malware writers making code tougher to decode, harder to find. Decoding the methods in malicious code is becoming more difficult, according to reverse-engineering experts. Attacks no longer scramble simple function names, but encrypt entire blocks of code. Attackers use obfuscation to make it harder to analyze malicious software and stymie security tools, such as intrusion-detection systems, from recognizing the attack. Initially, obfuscation merely scrambled the names of the functions being called by a program, complicating analysis of the binary code. As automated reverse engineering makes progress, however, malware authors are increasingly scrambling entire blocks of code and using better obfuscation techniques to make analysis and detection that much harder, the director of cybersecurity operations for SRA International said. Part of the problem is attackers are using so many different ways of getting onto systems, experts said. Attacks that use social engineering will use obfuscated Web addresses and code. Drive-by downloads, which infect people when they visit a Web site, will encrypt their payloads. And more direct measures aimed at servers will scramble the code to evade intrusion-detection systems, the director of product management at network security firm Stonesoft said. Source: http://www.darkreading.com/advanced-threats/167901091/security/application-security/229401546/malware-writers-making-code-tougher-to-decode-harder-to-find.html

Communications Sector

Nothing to report.