Monday, June 13, 2011

Complete DHS Daily Report for June 13, 2011

Daily Report

Top Stories

• The San Francisco Examiner reports that a panel investigating a fatal pipeline explosion that killed 8 people in San Bruno, California, issued a report that blasted Pacific Gas & Electric Corp. and the California Public Utilities Commission for their lack of focus on safety. (See item 5)

5. June 9, San Francisco Examiner – (California) San Bruno explosion report blasts PG&E, CPUC. Both Pacific Gas & Electric Corp. (PG&E) and its regulator have had a longstanding culture of simply checking off boxes, rather than deeply considering the safety of their system, according a blistering report released June 9 by an independent panel. The independent panel was assembled last fall by the California Public Utilities Commission (CPUC) to assess the factors that contributed to the explosion of a PG&E gas pipeline in San Bruno, California last September, which took the lives of eight people and destroyed dozens of homes. On June 9, that panel unveiled the results of its months-long investigation. The panel found that both PG&E and CPUC have had a culture more attuned to simply complying with federal code than focusing on the safety of their system. There was a failure at both PG&E and CPUC to adequately learn from mistakes or problems discovered internally and elsewhere in the industry. Major problems existed with the quality and availability of records about pipeline safety. At PG&E, there was a focus on the occupational safety of employees, but no similar focus on pipeline safety. There was a lack of technical understanding among the management at PG&E. People low on the totem pole at CPUC discovered problems at PG&E, but their concerns were never seriously considered by the people at the top of the agency. Finally, the CPUC is understaffed, and the staff it has is undertrained. Shortly after the report came out, PG&E issued a statement calling it “thoughtful” and saying they are moving quickly to adopt its recommendations. Their statement also took full responsibility for the explosion. Source:

• According to Reuters, Spanish police arrested three suspected members of the “Anonymous” group on charges of cyber-attacks against targets including Sony’s PlayStation network, governments, businesses, and banks. See item 45 below in the Information Technology Sector.


Banking and Finance Sector

13. June 10, WXIA 11 Atlanta – (Georgia) Robber threatens to kill bank customer. A bank customer’s life was threatened June 8 in DeKalb County, Georgia, when two masked robbers demanded money from a teller and told her they would shoot the customer if she did not hand it over. The FBI said the two suspects stormed the Bank of America branch at 2850 Candler Road in Decatur at 3:11 p.m. June 8. According to a DeKalb County police incident report, one suspect approached the bank counter and pointed his handgun at the head of a customer at the counter. The report said he told the customer if he moved he would be shot. Witnesses told police the suspects left in a red SUV and they provided the tag number. Police found the car had been carjacked a day earlier. The FBI said the 2002 GMC Envoy driven by a third suspect was found abandoned a short distance from the bank. Federal agents are looking at a similar bank robbery in Murrels Inlet, South Carolina, that happened June 1. During that robbery, shots were fired inside the bank. There were no injuries. The FBI has not established a connection between the two robberies but is looking at that possibility. Source:

14. June 9, WOOD 8 Grand Rapids – (Michigan) Fmr. Kzoo adviser admits stealing $4.8M. A former Kalamazoo, Michigan investment adviser pleaded guilty June 9 to stealing millions of dollars from clients in a fake investment scheme. Federal prosecutors estimate he took $4.8 million. The man could face up to 20 years in prison for wire fraud. He told the judge he took money from a Kalamazoo couple and others, promising he was putting the money in bank CDs. The former investment adviser explained that he created those fake certificates to show clients “where their money was ... but it “really wasn’t” Clients’ money was funneled to other businesses tied to the former investment adviser. Source:

15. June 9, Contra Costa Times – (California) Former Walnut Creek financial adviser pleads guilty to fraud charges. A former financial adviser pleaded guilty in California June 8 to fraud charges after he was caught funneling millions of dollars from his clients’ funds into his own bank accounts, the U.S. attorney’s office said. The 39-year-old Livermore, California man has been ordered to pay back more than $5.4 million and will serve 65 months in prison, according to a plea agreement. He was indicted in federal court in March on one count each of wire fraud and money laundering. Between 2006 and 2009, while working at the Walnut Creek branch of United Bank of Switzerland Financial Services, Inc., he used his access to client accounts to transfer money to himself. Prosecutors said the man wrote off the withdrawals as investments, and forged investors’ signatures on authorization forms. Source:

16. June 9, U.S. Department of Justice – (International) USDOJ: Foreign national pleads guilty for role in international money laundering scheme involving $1.4 million in losses to victims. A Romanian national pleaded guilty June 9 in Washington, D.C., for leading a money laundering network for a transnational criminal group based in Eastern Europe, the assistant Attorney General of the Justice Department’s Criminal Division announced. According to court documents, in less than 1 year, the criminal conspiracy netted about $1.4 million from U.S. victims. According to court documents, the man participated in a scheme that operated from July 2005 through November 2006, and involved the posting of fraudulent advertisements on eBay and other Web sites offering expensive vehicles and boats for sale the conspirators did not possess. When the U.S. victims expressed interest in the merchandise, they were contacted directly by an e-mail from a purported seller. According to court documents, the victims were then instructed to wire transfer payments through “eBay Secure Traders” — an entity that has no actual affiliation to eBay, but was used as a ruse to persuade the victims that they were sending money into a secure escrow account pending delivery and inspection of their purchases. Instead, the victims’ funds were wired directly into bank accounts in Hungary, Slovakia, the Czech Republic and Poland that were controlled by the Romanian’s co-conspirators. Source:

17. June 9, KAKE 10 Whichita – (Kansas) 51-year-old woman robs one bank, and tries to rob another. Newton, Kansas police arrested a 51-year-old woman after she robbed a bank in Newton, and tried to rob a bank in McPherson June 9. According to the Harvey County Sheriff’s office, just before 4:30 p.m., a woman robbed the White Eagle Credit Union in the 300 block of west Broadway. Police said the woman approached a teller, demanded money, and then showed her a gun and a note. After the teller handed over the money, the woman left. Police investigators believe the same woman tried to rob another bank in McPherson earlier in the day. According to a press release from the McPherson Police Department, just before 2:30 p.m. a woman attempted to rob the Home State Bank. The woman made threats, but tellers did not hand over any cash. The FBI has been called in to investigate both incidents. Source:

18. June 9, KGW 8 Portland – (Oregon) Police hunt for ‘Civil War Bandit’ bank robber. Police in Portland, Oregon, are hoping surveillance photos will help them catch a bank robber they have dubbed the “Civil War Bandit.” In one robbery, he wore a University of Oregon Ducks T shirt and an Oregon State baseball cap, which could be seen clearly on the security camera. The man has robbed three banks in three months in the Portland area. He was described as being around 45, 5’10” tall, with an acne-scarred face. Investigators have offered a $1000 reward for information that leads to his arrest. Source:

19. June 9, KIRO 97.3 FM – (Washington) Police search for suspect who robbed Shoreline, Milton banks. A robber made a run for his money by robbing not one, but two banks June 8 in Washington State. The first robbery happened in Shoreline at the Whidbey Island Bank on Ballinger Way around 11:15 a.m. The suspect left on foot into a residential neighborhood with the cash, which had a dye pack. When the pack exploded, police were on the scene within 2 minutes, but the suspect got away. Less than 2 hours later, a Bank of America in Milton was robbed by a man who appears to be the same suspect that robbed the Shoreline bank. A King County Sheriff’s sergeant said his office, Milton Police, and the FBI are looking for the suspect who was caught on surveillance camera at both banks. The suspect is described as a black man, about 6 feet tall, 200 pounds, with sunglasses. He wore different clothes in each robbery. Source:

For another story, see item 45 below in the Information Technology Sector

Information Technology Sector

44. June 10, The Register – (International) Phishers LAMP Web hosts. Phishers compromise LAMP-based Web sites for days at a time and hit the same victims over and over again, according to an Anti-Phishing Working Group (APWG) survey. Sites built on Linux, Apache, MySQL, and PHP are the favored targets of phishing attackers, the APWG report found, with between 76 and 82 percent of respondents using one or more components of the LAMP architecture. All 270 Web sites surveyed had been cracked. In the vast majority of cases, the sites were not the primary targets, but were compromised to act as launching pads for phishing attacks against third parties. “While we acknowledge that LAMP –- Linux, Apache, MySQL, PHP –- is the most popular web operating environment, the APWG IPC is concerned that this profile is exploited with such apparent frequency,” the report noted. According to the latest numbers from Netcraft, Apache has about a 63 percent market share. The APWG survey also found that 37 percent of sites had been compromised more than once in the last 12 months, and that 35 percent were under the control of the attackers for 2 days or more. The report also showed that many Web masters were largely clueless about how and when the attackers managed to break in –- 52 percent of respondents had to be notified about the breach by anti-phishing companies. Thirty-four percent of respondents blamed their PHP applications for the compromise, but 45 percent admitted they had no idea how the attackers got in. Source:

45. June 10, Reuters – (International) Spanish police arrest ‘Anonymous’ PlayStation hackers. Spanish police arrested three suspected members of the so-called “Anonymous” group June 10 on charges of cyber-attacks against targets including Sony’s PlayStation network, governments, businesses, and banks. The police said the accused, arrested in Almeria, Barcelona, and Alicante, were guilty of coordinated computer hacking attacks from a server set up in a house in Gijon in the north of Spain. Spanish police alleged the three arrested “hacktivists” had been involved in the recent attack on Sony’s PlayStation online gaming store which crippled the service for over a month, as well as cyber-attacks on Spanish banks BBVA and Bankia, and the Italian energy group Enel. Source:

46. June 10, H Security – (International) Microsoft to fix many critical vulnerabilities on Patch Tuesday. Microsoft announced it plans to release 16 security bulletins June 14. The company rates nine of the bulletins as critical; the remaining seven are considered to be “Important.” According to Microsoft, the bulletins will patch 34 vulnerabilities in its products. In a post on its Security Response Center blog, Microsoft said the bulletins also include issues related to “cookiejacking” –- in May, a security researcher discovered a zero-day hole in all versions of Internet Explorer (IE) that allows an attacker to steal cookies from a user’s machine and access Web sites the user has previously logged into. Microsoft said the updates for IE will address one of the known vectors to the cookie folder. Source:

47. June 10, H Security – (International) Adobe to patch critical holes in Reader and Acrobat. Adobe announced iit will patch holes in its Reader and Acrobat products June 14. The company said the updates will close several critical vulnerabilities. Adobe Reader X for Windows (version 10.0.1) and Mac OS X (version 10.0.3), Reader 9.4.3, and Acrobat X 10.0.3 and 9.4.3 are all said to be affected. The company released updates for its Flash Player June 5. The update addressed a zero-day “universal” cross-site scripting vulnerability that could be used to take actions on a user’s behalf on any Web site or Web mail provider once the user had visited a malicious site. At that point, Adobe was still investigating whether Acrobat Reader and its embedded Flash Player were vulnerable. Source:

48. June 9, Network World – (International) Feds seize Swiss bank account of scareware mogul. Federal authorities have seized all the cash in a Swiss bank account held by a scareware mogul and scam artist who is charged with selling phony Symantec security software, Network World reported June 9. The U.S. attorney’s office in New York filed for the forfeiture of $14.8 million stashed in the account by the man, who has fled the United States after being charged in the counterfeit antivirus scheme. He was charged 3 years ago, but has been on the run since after failing to show for court appearances, and authorities believe he has moved to the Ukraine. The suspect is charged with trafficking in counterfeit goods, wire fraud, and mail fraud. His scheme employed spam to lure victims to a Web site where they used credit cards to buy what was purported to be genuine Symantec antivirus software. In return, they were sent counterfeit software from a facility in Ohio, according to U.S. Immigration and Customs Enforcement. He is also charged with selling scareware products as WinFixer, Antivirus 2008, and VirusRemover 2008, all of which are represented as antivirus software but which actually install spyware and malware and otherwise slow down victim computers. He ran Innovative Marketing, which prosecutors said sold 1 million copies of fake antivirus products. Authorities believe he set up corporations in the United States and overseas to hide the transactions, and that he opened bank accounts and investment accounts in the United States, Uruguay, and Switzerland. Source:

49. June 8, Wall Street Journal – (International) Some top apps put data at risk. Computer security firm viaForensics found the applications for top Internet companies LinkedIn Corp., Netflix, Inc., Foursquare, and Square, Inc. stored various forms of users’ personal data in plain text on a mobile device, putting sensitive information at risk to computer criminals. The Android applications of LinkedIn, Netflix, and Foursquare stored user names and passwords in unencrypted form on their Google-powered devices. Storing that data in plain text violates a commonly accepted best practice in computer security. Since many people tend to use the same usernames and passwords across any number of sites, the failing could help hackers penetrate other accounts. ViaForensics also found the iPhone version of Square’s mobile payments app exposed a user’s transaction amount history and the most recent digital signature of a person who signed an electronic receipt on the app. The apps exposed other types of personal data in plain text on cell phones, including e-mails sent from the app by a LinkedIn member, the movie queue of a Netflix app user, and the search history under Foursquare’s Places tab. Source:

Communications Sector

50. June 7, Nextgov – (National) Planned LightSquared cell network is incompatible with aviation GPS, group says. A new nationwide broadband cellular network planned by startup LightSquared will cause complete loss of Global Positing System (GPS) receiver functionality when operated in the upper band of the frequency allocated to the company, a Federal Aviation Administration (FAA) advisory group said in the executive summary of a report sent to FAA the week of May 30. Manufacturer Deere and Co., whose agricultural equipment uses GPS to support precision farming operations, told the Federal Communications Commission (FCC) late last month that tests this April in New Mexico showed that the LightSquared network will result in “massive interference” to the system it uses to provide location information. First responders reported in May that the LightSquared system knocked out GPS receivers in tests at Holloman Air Force Base in New Mexico. LightSquared, the GPS industry and federal agencies are conducting tests to determine the extent of interference from the company’s system to GPS receivers, with a final report due to the FCC June 15. Source:

For another story see item 49 above in the Information Technology Sector.