Monday, April 25, 2011

Complete DHS Daily Report for April 25, 2011

Daily Report

Top Stories

• The Kalamazoo Gazette reports vandals filled a manhole with logs April 20, blocking a sewer line and spilling an estimated 600,000 gallons of raw sewage into a wetlands area of Kalamazoo, Michigan. (See item 29)

29. April 22, Kalamazoo Gazette – (Michigan) Spill of estimated 600,000 gallons of raw sewage not expected to do lasting damage. Vandalism is being blamed for spilling an estimated 600,000 gallons of raw sewage into a wetlands area in northeastern Kalamazoo, Michigan. A health official said the spill, while significant, is not likely to cause long-term environmental damage. The Kalamazoo County Health and Community Services Department late April 21 issued a public health advisory for people to avoid all contact with wetlands, Averill Lake, Spring Valley Lake, and connecting streams in the area north of Gull Road and west of Nazareth Road. A 21-inch sewer line was blocked, causing a manhole to overflow and release the untreated sewage, a news release from the county said. City workers removed the blockage, which stopped the spill. The environmental health director for the county said she was told they estimate the sewage likely was spilling for a period of about 20 to 24 hours. Restoration work has been taking place on the 60-acre Bow in the Clouds Preserve, including clearing trees. Apparently, a manhole cover was removed and logs the size that would be burned in a fireplace were dropped into the manhole, she said. The sewage leaked near a creek the goes under Brook Drive and feeds into Averill Lake then southwest to Spring Valley Lake, home to the city’s 185-acre Spring Valley Park. She noted it is a rainy time of year, which will help dilute the sewage. Most residences in that area get drinking water from the city water system and she said, “There should be no concern for municipal water” or for any wells that may be in the surrounding area. Source:

• According to KJRH 2 Tulsa April 21, local police and U.S. Postal Inspectors arrested one and are looking for two more suspects allegedly responsible for hundreds of fraudulent transactions involving financial items stolen from the mail boxes of nearly 300 people. (See item 22)

22. April 21, KJRH 2 Tulsa – (Oklahoma) Mail theft investigation uncovers hundreds of victims. Tulsa, Oklahoma police and U.S. Postal Inspectors have uncovered nearly 300 thefts of mail from victims in Tulsa and Pittsburg Counties. In a press release issued April 21, police said the investigation began as a burglary case involving a senior citizen and the passing of checks drawn on his account. Two detectives began sharing information on similar cases and developed a suspect. While questioning the suspect, police said, she produced a number of bags containing mail stolen from addresses in Tulsa and Pittsburg Counties. Detectives arrested the suspect and alerted U.S. Postal Inspectors, who joined the investigation. Together, the investigators uncovered hundreds of fraudulent transactions involving financial items stolen from the mail boxes. According to the press release, they identified more than 280 victims of mail theft and identity theft. Police said they have developed two more potential suspects in the case, and there could be further arrests. Source:


Banking and Finance Sector

10. April 22, San Jose Mercury News – (California) South Bay ‘Black Binder Bandit’ suspect nabbed. The sale of a getaway car to a junkyard led to the arrest of a San Jose, Califronia man suspected in at least a half-dozen South Bay bank robberies, authorities said April 21. The alleged” Black Binder Bandit,” pleaded not guilty this week in Santa Clara County Superior Court after being arrested April 15. The robberies occurred at four San Jose banks, one in Santa Cruz and two in Los Gatos from November 2010 to February 2011. In each, authorities said, a man in his 40s reached into a black binder and handed the teller a note that demanded money. The breakthrough came in the last robbery, February 25 at the Comerica Bank on North Santa Cruz Avenue in Los Gatos, police said. It was then that an alert witness got the license number of the getaway car, a blue Volvo with Colorado plates, Los Gatos-Monte Sereno police said. Then early last week, California Department of Motor Vehicles officials told detectives the car had been sold to a wrecking yard in San Jose. The suspect was identified as the previous owner. Police said that in searching the suspect’s home, on Highland Court, they found evidence implicating him in the robberies. Witnesses from the San Jose and Los Gatos robberies also confirmed his identity from photo lineups. Source:

11. April 22, Fayetteville Observer – (North Carolina) 2 Russian immigrants indicted on federal bank fraud charges. A pair of Russian immigrants have been charged with using a device to surreptitiously steal credit and debit card data from 60 people at three ATMs in Fayetteville, North Carolina. The 23 and 25-year-old men were each federally indicted April 19 on charges of conspiracy to commit bank fraud and aggravated identity theft. The duo is accused of installing “skimmers” - electronic devices that can record information stored on the magnetic strip of a credit or debit card - at three automated teller machines, according to the indictment. They also installed small cameras that captured victims’ PIN numbers. The men allegedly used the stolen information to create counterfeit credit and debit cards, which were then used to make withdrawals in the greater Fayetteville area, Dunn and Carolina Beach, according to court documents. It is not specified how much money the pair are accused of stealing. Seven banks are listed as being victims of the pair’s alleged fraud. They are Fort Bragg Federal Credit Union, Pentagon Federal Credit Union, State Employees Credit Union, Bank of America, JP Morgan Chase, Wachovia and FAA Credit Union. The crimes were committed between May 1, 2009, and July 31, 2009, according to court documents. A federal case against the pair was first filed in March 2010 but was sealed until the indictment was filed. Both of the men have pending state charges in Cumberland County and court dates scheduled for May 2. The local charges were filed in 2009. They are each charged with six counts each of card theft with a scanning device, financial card forgery and identity theft. They also are charged with three counts each of financial card fraud and two counts of misdemeanor financial card fraud. Source:

12. April 21, Bloomberg News – (New York) New York lawyer pleads guilty in probe of ex-Galleon trader. A Brooklyn, New York, lawyer admitted to taking part in what the U.S. says is one of three Galleon Group LLC insider-trading rings April 21. The 32-year-old pleaded guilty April 21 to conspiracy and securities fraud before a U.S. District Judge in Manhattan. The man was one of 20 people who have pleaded guilty in the overlapping insider-trading schemes related to the Galleon hedge fund being investigated by the U.S. Recommended federal sentencing guidelines call for the man to serve 37 to 46 months in prison and pay $7,500 to $5 million in fines, according to the plea agreement. He is scheduled to be sentenced Aug. 19. He was accused of conspiring with an ex-Galleon trader to pay tens of thousands of dollars to two other men, lawyers at Boston-based Ropes & Gray LLP, for information about transactions their firm was working on. Source:

13. April 21, WLS-TV 7 Chicago – (National) Customs: Fake coins from China seized. Chicago, Illinois Customs and Border Protection (CBP) intercepted a shipment of counterfeit coins from China last week. After noticing an irregularity in the X-ray of a heavy package being sent to an Illinois residence, customs officials say they discovered 361 coins that appeared to be U.S. Trade Dollar coins with dates between 1873 and 1878. Analysis of the coins revealed that they were made of brass with a thin silver-plated coating. According to a news release from U.S. Customs and Border Protection, the original U.S. Trade Dollar coin was minted from 1873 to 1878. Customs officials say some of these coins can be sold for as much as $2,000. According to officials, the recipient of the shipment was intending to sell the fake coins online. “Legitimate traders are being duped into buying these coins believing they are genuine,” said the CBP Director of Field Operations in Chicago. “We strongly recommend buyers or any consumers to be aware and use caution when making these types of purchases on the Internet.” Source:

14. April 21, WCMH 4 Columbus – (Ohio) Gahanna Couple Pleads Guilty To $20 Million Loan Scheme. A Gahanna, Ohio, couple pleaded guilty April 21 to running a fraudulent loan scheme that defrauded customers of nearly $20 million. The couple each pleaded guilty to one count of conspiracy to commit securities fraud, mail fraud and wire fraud. The husband also pleaded guilty to one count of securities fraud, one count of wire fraud, and one count of mail fraud. The plea agreement includes a 140-month sentence followed by five years of supervised release for the husband and a 36-month sentence followed by three years of supervised release for the wife. The plea agreement also calls for them to make full restitution to their 38 victims. According to a statement of facts read during their hearing, the couple owned several companies including One Equity Corporation, Triangle Equities Group, Inc., Victory Management Group, Inc., and Dafcan Finance, Inc. The couple made low-interest loans to their victims who transferred shares of stock to the couple as collateral. The couple promised to return the stock to the borrowers once the loans were repaid. The couple sold the stock without the borrowers’ knowledge instead of holding the shares and used the proceeds to fund other loans or for their own personal gain. Source:

15. April 21, – (National) Carder pleads guilty to fraud involving $36 million in losses. A hacker and carder has pleaded guilty to trafficking in more than half a million stolen card numbers that resulted in $36 million in fraud losses. The 26-year-old man pleaded guilty April 21 in Virginia to one count of access device fraud and one count of aggravated identity theft. The hacker was arrested in 2009 for selling stolen bank card numbers in online criminal forums and IRC chatrooms. When authorities searched his home at the time, they found more than 675,000 stolen credit card numbers on his computers and in e-mail accounts. According to court records, more than $36 million in fraudulent transactions have been attributed to the stolen numbers found in Hackett’s possession. Authorities did not say how many of these transactions were committed by him or by others. The man admitted that he had been hacking computers since the late 1990s, an activity that morphed into hacking-for-profit by 2002 when he began stealing bank card data from SQL databases. In August 2007, for example, he breached the server at an unnamed online ticket seller and stole information on about 360,000 credit card accounts. He still had the data on his computer two years later when authorities searched his home. The man became a valued seller on underground carding forums, charging between $20 and $25 per stolen card account. He raked in between $200 and $800 a month and by the time he was arrested was living solely on earnings obtained through illicit activity. He snagged more than $70,000 from selling stolen card data and at least an additional $80,000 from fraudulent Western Union money orders that co-conspirators charged to stolen card numbers and sent to him. The proceeds helped him buy a 2001 BMW X5 as well as a pair of Louis Vuitton shoes costing more than $450. He was caught after selling 40 stolen card numbers to an undercover Secret Service agent for about $1,100. Source:

16. April 21, KRGV-TV Weslaco – (Texas) Substance prompts bank evacuation. Employees at a Los Fresnos, Texas bank discovered a white powdery substance in a night deposit box April 21. Firefighters determined it’s an antibiotic used to treat cyanide poisoning and ringworms. At first, city leaders said it was cyanide. - CHANNEL 5 NEWS viewers started calling asking questions, so we asked and the city then said they made a mistake. Bank employees at Wells Fargo made the discovery shortly after 12 p.m.. The bank was shut down and the hazmat team called in. They field tested the white powder substance. Firefighters describe it as an antibiotic used forcyanide poisoning and ringworms. “It’s not a hazardous chemical as far as if you come in contact with it. The Brownsville Fire Department was on scene. We called them for mutual aid for their hazardous material unit and were good in helping us and did testingon the scene,” says the Los Fresnos City Manager. Police are now trying to figure out who left the substance at the bank. It isn’t available over the counter. Somebody would have to work in a hospital to get this chemical. The bank was reopened shortly after 3 p.m. April 21. Town leaders say this is something that has never happened before in Los Fresnos. Source:

Information Technology

41. April 21, Computerworld – (International) Adobe patches Reader bug early as PDF attacks begin. Adobe April 21 patched a critical bug in Adobe Reader, its PDF viewer, ahead of schedule. Hackers have already begun exploiting the bug in malicious PDF files, Adobe confirmed. Adobe admitted to a Flash Player flaw the week of April 10 after an independent researcher found exploits in embedded Flash files within Microsoft Word and Excel files attached to e-mails. It was the second time in 4 weeks that Adobe had to acknowledge a Flash “zero-day,” or unpatched vulnerability that hackers were exploiting. The Flash bug also existed in Adobe Reader and Acrobat, both of which include code that renders Flash content inserted into PDF files. Adobe shipped a patched version of Flash Player April 15. At that time, Adobe said it would fix Reader and Acrobat sometime during the week of April 25. Source:

42. April 21, Softpedia – (International) Former Cisco engineer arrested for hacking. A former Cisco engineer was arrested in 2010 on charges of hacking into his former employer’s network. The charges against the man, a British national who worked for Cisco before leaving to start his own company, were reported in local Vancouver media the week of April 17. He was arrested in May 2010 in Vancouver, on 97 counts of accessing a protected computer without authorization based on a complaint returned by a Secret Service Special Agent. The networking giant alleged that its former engineer used another employee’s credentials to log into one of its restricted Web sites and download software. In 2008, the engineer’s new company, Multiven, based in Redwood City, California, filed an antitrust lawsuit against Cisco, claiming that it is stifling competition by forcing its customers to sign service contracts to receive software bug fixes. Multiven provides support services for networking equipment, including those manufactured by Cisco. The company alleged that by forcing its customers to sign service contracts in order to receives software updates, Cisco was depriving it of potential clients. Multiven claims that Cisco pushed for the case against the man in order to force a settlement, which it eventually obtained in July, 2010, 2 months after his arrest. Source:

43. April 21, Softpedia – (International) Zbot distributed as Easter greeting cards. Malware distributors have begun to launch Easter-themed e-mail campaigns, a recent one trying to push a variant of the ZeuS Bot (Zbot) trojan as a holiday greeting card. According to antivirus vendor McAfee which intercepted the attack, the fake e-mails bear a subject of “Easter Greeting From [name]” and contain an image of the Easter bunny. The e-mail also provides a link called “Download Animated Greeting Here” which leads users to a page serving a variant of the Zbot information stealing trojan. Zbot is a popular piece of malware generated with a crimeware toolkit sold on the underground market. The malware is highly customizable and is preffered by cyber fraudsters to steal online banking credentials and other sensitive information. In 2010, U.S., U.K., and Ukrainian authorities dismantled a large international cyber fraud operation that used Zbot to steal money out of the bank accounts of small and medium-sized companies. Following the police crackdown on Zbot gangs, the toolkit’s creator retired and handed over the source code to a rival malware developer to merge it into his own fraud tool. Despite this, older copies of the toolkit and reportedly even the source code, are still available on the black market so this piece of malware is not going to disappear anytime soon. Also, rogue e-mails are not the only Easter-themed attacks users face. Cyber criminals will most likely target and poison search results for popular terms with malicious links and keywords related to the upcoming holiday. Source:

44. April 20, Computerworld – (International) iPhone secretly tracks user location, say researchers. A pair of researchers have found that Apple iPhones and iPads track users’ locations and store the data in an unencrypted file on the devices and on owners’ computers. The data, which appears to have been collected starting with iOS 4, which Apple released in the summer of 2010, is in a SQLite file on iPhones and iPads with 3G capability. The same file, named “consolidated.db,” is also stored in the iOS backups made by iTunes on the Mac or Windows PC used to synchronize the iPhone or iPad. Stored in the file in clear text are locations’ longitude and latitude, a timestamp and other information, including Wi-Fi networks in range of the device. About 100 data points per day are logged to the file, the two researchers said. The data may be hard to extract remotely from an iPhone or iPad, but not impossible, said a Mac and iPhone vulnerability researcher. To view the location file on an iPhone remotely, an attacker would have to exploit a pair of vulnerabilities, one to hack Safari — likely by duping the user into visiting a malicious site — then another to gain access to the root directory, he said. That is possible, but unlikely for most criminals. Instead, he said the biggest threat was if a person lost his or her iPhone, or it was seized by authorities. A senior security senior technology consultant with U.K.-based security company Sophos pointed out that the backup file on a PC or Mac also poses a risk. Source:

45. April 20, IDG News Service – (International) Quake triggers big drop in Japan’s IT exports. Japanese high-tech exports dropped sharply in March as a result of disruption caused by the March 11 earthquake and tsunami, according to government trade statistics published April 20. The earthquake halted production for several days or more at major high-tech manufacturers across a large part of eastern Japan. Electricity supply shortages and problems obtaining raw materials and parts have caused knock-on effects that mean some factories are yet to resume full production. A handful of manufacturing plants were more heavily damaged and will not be able to resume production for several months. Exports of computers by value fell 19 percent on in March of 2010 and those of computer parts were down 16 percent, Japan’s Ministry of Finance said in its provisional figures for March. The consumer electronics industry also saw a big drop with video recorder exports, down 23 percent by value, and audio apparatus, down 31 percent. In the telecommunications sector, telephony and telecom equipment exports fell 17 percent. One of the most heavily damaged factories was Sony’s Sendai plant, which makes blank media including Blu-ray Discs and professional-use video tapes. It was inundated by the tsunami and remains closed. The effects of this are partly reflected in the export figures for blank recording media, which show a 31 percent drop during March compared to the same month last year. Japan’s semiconductor industry was also hit and several factories have yet to resume full production. Chip exports dropped 9 percent, according to the figures. In total, the country’s exports in March were down 2.2 percent to $71 billion. It was the first drop in exports for 16 months. Source:

Communications Sector

46. April 21, Walnut Creek Patch – (California) AT&T ups reward to find person vandalizing cable boxes in Walnut Creek, rest of Contra Costa. AT&T has increased its reward to $25,000 to help identify the vandal who has attacked sidewalk telephone boxes in Walnut Creek, California, and throughout central Contra Costa County since December 2010, leaving hundreds of customers temporarily without phone and Internet service. AT&T announced the reward had been increased from $10,000 after several cable vandalism attacks took place April 20 in Pittsburg, affecting hundreds of customers. As with other cases that have plagued central Contra Costa neighborhoods, someone intentionally cut phone lines. The vandal is snipping wires to sabotage the network rather than cutting the heavy cables to steal copper, an AT&T spokesman said. Source:

For another story, see item 44 above in the Information Technology Sector