Friday, May 6, 2011

Complete DHS Daily Report for May 6, 2011

Daily Report

Top Stories

• According to the Associated Press, a train derailment near Portland, Oregon ignited several tanker cars full of ethanol May 4, touching off a massive fire that prompted the evacuation of nearby residents and blocked a major highway for hours. (See item 1)

1. May 4, Associated Press – (Oregon) Oregon firefighters extinguish train derail blaze. A train derailment ignited several tanker cars full of ethanol May 4, touching off a massive fire near Portland, Oregon, that prompted the evacuation of nearby residents and blocked a major highway for hours. No injuries were reported, a Portland Fire & Rescue spokesman said. A stretch of U.S. Highway 30 northwest of Portland, Oregon was closed for hours, and fire officials said a half-mile area around the blaze was temporarily evacuated May 4. About 250 firefighters battled the two-alarm blaze, extinguishing it after 4 hours, a spokesman said. The spokesman said two freight trains were involved — one carrying mainly logs and the other a 20-car train that included 12 tanker cars of ethanol. Two tanker cars — each carrying 28,000 gallons of ethanol — caught fire, as did a freight car from the log train, he said. The Oregonian reported that a Portland & Western Railroad train, with 59 cars mainly carrying logs, was heading westbound when several cars derailed, according to a spokesman for Genesee & Wyoming, which owns Portland and Western, a short distance carrier. The derailed cars then hit part of the 20-car train. The resulting fire was visible for more than a mile. Representatives of the federal Environmental Protection Agency and the state department of environmental quality responded to assess the environmental impact due to runoff from the firefighting effort, the spokesman said. Source:

• The Washington Post reports Swiss bank UBS agreed to pay the U.S. government $160 million to settle charges it reaped millions in illegal profits by rigging at least 100 municipal bond transactions in 36 states. See item 16 below in the Banking and Finance Sector.


Banking and Finance Sector

11. May 5, Courthouse News Service – (National) Priest, attorney accused in Ponzi scam. A grand jury accused two attorneys — one of them a priest — and a British real estate speculator of running a $52 million Ponzi scheme. An FBI agent called it the biggest Ponzi scam in the history of the Eastern District of Missouri. Prosecutors said that from 2000 to 2010, U.S. investors loaned $52.5 million to one of the men through the British Lending Program. Lenders believed they were loaning money for legitimate real estate developments, but the men kept most of the money, or used it to pay interest and principal to other lenders, the indictment states. Prosecutors said one of the men involved in the scheme, a priest and bishop in the church of the American Anglican Convocation, reaped nearly $8 million from the scheme and used it to support an affluent lifestyle. In addition to conspiracy, the priest is charged with 9 counts of wire fraud, 6 counts of mail fraud, and 6 counts of money laundering. A forfeiture count would require the man to forfeit $52.5 million to the government, as well as personal property. Source:

12. May 4, WGHP 8 Sophia – (North Carolina) Thousands of Guilford mortgage documents could be fraudulent, county officials say. Thousands of mortgage documents in Guilford County, North Carolina could potentially be fraudulent, the county’s register of deeds said. The register of deeds said his office noticed signature discrepancies in more than 4,500 mortgage and foreclosure documents submitted between August 2006 and April 2010. While the same name was signed to documents, the signature characteristics were different, he said. The signatures were produced in companies the register of deeds calls “mortgage mills,” which banks use to speed up the processes of selling, extending loans and charging more fees. One of these companies, Georgia-based Doc-X, submitted more than 6,100 documents in Guilford County during the investigation period. Two North Carolina-based banks used Doc-X to process the claims, the register of deeds said. Wells Fargo processed 54 percent of those documents, while Bank of America processed 14 percent. Source:,0,379574.story

13. May 4, WFMZ 69 Allentown – (Virginia; Pennsylvania) Escaped convict accused of robbing 3 banks nabbed in Va. The manhunt for an escaped convict suspected of knocking off three banks in three days is over after the FBI said it arrested the man May 5 during an attempted bank robbery in Richmond, Virginia. The 32-year-old man escaped April 23 from the Wernersville Community Corrections Center in Berks County, Virginia. A short time after the man’s escape, police said he robbed the Citizens Bank at North 5th and Penn streets in Reading, Pennsylvania. On April 25, police said he robbed the First Trust Bank at 7th and Hamilton streets in Allentown, Pennsylvania. Then he returned to Reading and allegedly robbed the Fulton Bank in the 200 block of North 5th Street. In May 2004, the man robbed the same Citizens Bank in Reading that he robbed April 23. Source:

14. May 4, Associated Press – (Connecticut; Florida; International) Venezuelan accountant pleads guilty in Conn. fraud. A Venezuelan accountant pleaded guilty May 4 to charges he helped a Connecticut-based hedge fund adviser attempt to cover up a massive, 5-year pyramid scheme that could cost investors hundreds of millions of dollars. The man was accused of falsifying a document to throw off federal investigators targeting a Venezuelan-American financier who used unregistered hedge funds in Stamford, as cover for one of the biggest frauds in state history. U.S. prosecutors called the case against the Venezuelan-American financier Connecticut’s biggest white-collar federal prosecution. The 42-year-old New Canaan man was accused of transferring money among investment accounts without telling clients to cover up huge financial losses, and then falsifying documents to deceive investors, creditors, and investigators. A pension fund for Venezuela’s state oil workers accounted for most of the investment totaling hundreds of millions. As one of several co-conspirators, the 44-year-old accountant expected to receive $1 million for agreeing to sign a fabricated letter indicating falsely one of the funds had made $275 million in outstanding loans to Venezuelan companies, prosecutors said. A payment of $250,000 for the accountant had already been delivered when he was arrested in March by FBI agents in Florida — money he agreed to forfeit as part of the plea agreement. He pleaded guilty to conspiracy to obstruct an official proceeding of the U.S. Securities and Exchange Commission. He faces a maximum sentence of 20 years in prison and a fine of up to $2.5 million. The plea agreement does not put a lower cap on any prison sentence, although he waived a right to appeal a sentence involving less than 33 months in prison. Prosecutors also agreed not to pursue any additional charges against him. Source:

15. May 4, Reuters – (National) Five former Brooke execs settle SEC fraud charges. Five former executives at Brooke, which franchised insurance agencies and made loans to its franchisees, settled U.S. regulatory charges May 4 that they fraudulently hid worsening finances that led to the company’s bankruptcy, and the failure of several regional banks. The U.S. Securities and Exchange Commission (SEC) said May 4 the executives used “virtually any means necessary” in 2007 and 2008 to hide Brooke’s condition, including its “almost weekly” liquidity crises, and fast-deteriorating loan quality. Two affiliates, Brooke Capital and Aleritas Capital, were publicly traded, and loan losses of hundreds of millions of dollars by Aleritas caused the bank failures, the SEC said in a complaint filed in Kansas City, Kansas, federal court. One of Aleritas’ biggest lenders obtained funds from the U.S. Treasury Department’s Troubled Asset Relief Program, the SEC added. Two brothers, who were Brooke’s chairman and chief executive, agreed to pay fines and disgorge profit in sums to be determined by the court, the SEC said. Three other former executives agreed to pay sums ranging from $130,000 to $414,000. None admitted wrongdoing. A sixth person has yet to settle. Brooke had been based in Overland Park, Kansas. It filed for Chapter 11 protection on October 28, 2008, showing assets of $512.9 million and liabilities of $447.4 million. Source:

16. May 4, Washington Post and Bloomberg – (International) UBS bank admits cheating U.S. municipalities out of millions. Swiss bank UBS reaped millions of dollars of illegal profits by rigging at least 100 municipal bond transactions in 36 states, the U.S. government said May 4. In a settlement, UBS agreed to pay $160 million. The case was part of an ongoing federal probe of manipulation in the market where municipalities borrow money to finance debts and pay for projects such as schools, roads, and hospitals. Instead of helping municipalities get the best deals, the federal authorities charged, UBS was cheating them. Under an agreement with the U.S. Department of Justice (DOJ), UBS “admits, acknowledges and accepts responsibility for illegal, anticompetitive conduct” by former employees, the department said. Four former UBS executives were previously charged, and one has pleaded guilty. In December, Bank of America settled a similar case by agreeing to pay $137 million. The broader investigation includes the Securities and Exchange Commission, the FBI, the Internal Revenue Service, bank regulators and state attorneys general. UBS’s offenses occurred from 2001 through 2006, the DOJ said. After issuing tax-exempt bonds, municipalities ordinarily invest the proceeds until they are ready to spend. UBS was involved in the process by which they selected temporary investments. It was supposed to involve arms-length competition, but UBS used techniques to rig the bidding and extract large profit margins, the government alleged. In some cases, UBS gave favored bidders information on competing bids. In other cases, it arranged for certain parties to make purposefully losing bids to help other parties win. Source:

For another story, see item 46 below in the Information Technology Sector

Information Technology

44. May 5, Help Net Security – (International) RTF exploit hiding in bin Laden death-themed email. The newest instance of spammers and scammers taking advantage of the death of al-Qa’ida’s leader also seems to be the latest incarnation of a slew of politically/economically themed malicious e-mails sent to targets working for the U.S. government. The e-mail holds “FW: Courier who led U.S. to [terrorist leader’s name] hideout identified” in the subject line, and urges the recipient to download and open the attached [name] Death.doc file: The file is crafted in such a way as to attempt to take advantage of a RTF Stack Buffer Overflow Vulnerability. If it succeeds, it exploits shellcode and drops a file named server(dot)exe and executes it. According to F-Secure, the dropped file drops another file in the system, and attempts to hijack the DHCP service by modifying the registry. Then, it tries to connect to a command and control server located at ucparlnet(dot)com. The payload is a versatile piece of malware that can steal and send data to remote servers, download further malware on the system, and can act as a trojan proxy server. Source:

45. May 5, The Register – (International) IE gets tough on Flash cookies but ignores homegrown threat. Members of Microsoft’s Internet Explorer (IE) team made it easier to delete the privacy menace known as Adobe Flash Cookies, but are not addressing a similar threat embedded in Microsoft’s very own Silverlight framework. A Microsoft program manager May 3 blogged IE was now able to delete local shared objects (LSOs), the files set by Adobe Flash applications have been used for years as a stealthy means to track computer users’ Web browsing habits. They carry no expiration date, can be deleted only by visiting an online settings panel or by installing a third-party app, and can be exploited to restore tracking cookies a user has previously deleted. IE will purge LSOs using an industry-standard technology Adobe is adding to version 10.3 of Flash. The so-called NPAPI ClearSiteData API allows users to delete the files the same way they erase HTTP cookies. However, there is a separate privacy issue which Microsoft is responsible for, and so far has not taken any meaningful steps to address. Silverlight has a scheme known as isolated storage that allows Microsoft’s program to read, write, and delete files inside a virtual file system. “Isolated storage can be used in the same way as cookies, to maintain state and simple application settings, but it can also be used to save large amounts of data locally on the client,” according to a Microsoft program manager. This means Silverlight can store huge amounts of data about end users, and deleting these cookies is as difficult as clearing Flash cookies. Once the Microsoft app stores the data, there is no way to delete it without relying on on the same Microsoft app. The history erasure tools in IE or any other browser will provide no benefit at all. Source:

46. May 4, Softpedia – (International) Mother’s Day spam making the rounds. Security vendors warn that spam campaigns trying to exploit people’s interest in Mother’s Day are currently making tje rounds. One of the most common types of spam during this period will be product spam that leads users to sites selling replica items. “There is a range of product spam, including flowers, watches, gift cards, and diet products. This latest spam campaign involved both dictionary and domain attack techniques, randomizing the URLs in the message body in attempts to bypass filters — all with alluring slogans and catchy photos,” a security expert at Symantec said. People should be aware that aside from the possibility of not receiving a product, buying from such sites, carries great risks of fraudulent activity on one’s credit card. The personal information provided during the order process can also be used for more targeted spam at later a time. Security researchers from BitDefender noted that fake greeting card spam is also popular during holidays. E-mails purporting to carry Mother’s Day e-cards as attachments can distribute dangerous trojans such as ZeuS or SpyEye which then steal personal and financial information from the victim’s computer. Source:

47. May 4, H Security – (International) VLC Media Player vulnerable to buffer overflow exploits. According to an advisory from security services provider Secunia, the VLC Media Player is at risk from multiple vulnerabilities in the Libmodplug library, which it rates as “highly critical.” First reported by a user with the pseudonym of “epiphant,” Libmodplug, also known as the ModPlug XMMS Plugin, is said to be prone to stack-based buffer overflows caused by “boundary errors within the ‘abc_new_macro()’ and ‘abc_new_umacro()’ functions in src/load_abc.cpp.” This could be exploited by an attacker to execute arbitrary code on a victim’s system. For an attack to be successful, a user must first open a specially crafted malicious media file. Secunia noted this may, however, only affect precompiled versions of VLC. The vulnerabilities have been confirmed to affect the latest 1.1.9 release of VLC for Windows. Source:

48. May 4, Macworld – (International) Apple releases iOS 4.3.3 to patch location bugs. Apple released the iOS 4.3.3 update to fix a handful of bugs related to the storage of location data, Macworld reported May 4. The update addresses three bugs related to the database of location information on iOS devices. Firstly, it reduces the amount of the cached location information to a week’s worth, rather than relying on a size limit, as it previously did. Secondly, it no longer backs up the cache to a user’s Mac or PC via iTunes upon syncing, so the information is not available to anyone with access to their computer. Finally, the cache is now deleted from the device when Location Services are disabled in iOS’s Settings app. Apple has also announced plans to encrypt the location information on iOS devices itself in the next major update to the operating system. Source:

49. May 4, The Register – (International) Sony implicates Anonymous in PlayStation Network hack. Forensics experts investigating the security breach on Sony’s PlayStation Network found a file on one of the hacked systems that was entitled “Anonymous” and contained the phrase “We are Legion,” the company’s chairman told members of the U.S. Congress. The revelation, made in a letter that Sony’s chairman sent May 3 to members of the U.S. House of Representatives, was used to support the company’s contention the massive security breach was carried out by members of Anonymous, the loosely organized griefer and hacker collective that sometimes uses the tag line: “We are Legion.” The breach caused 100 million user accounts to be compromised. “Just weeks before, several Sony companies had been the target of a large-scale, coordinated denial of service attack by the group called Anonymous,” Sony’s chairman wrote. “The attacks were coordinated against Sony as a protest against Sony for exercising its rights in a civil action in the United States District Court in San Francisco against a hacker.” Source:

Communications Sector

Nothing to report