Thursday, June 23, 2011

Complete DHS Daily Report for June 23, 2011

Daily Report

Top Stories

• According to CNN, powerful storms in the Chicago, Illinois area knocked out power to more than 300,000 customers and caused hundreds of flights to be canceled. (See item 2)

2. June 22, CNN – (Illinois) Storms leave 300,000 without power in Chicago area; flights canceled. More than 300,000 electric customers were without power June 22 in Chicago, Illinois, and its suburbs, electric company Commonwealth Edison said. A spokeswoman for the electric company said while crews are working to restore power, it could take days to return service to all customers. The severe weather also caused travel problems in the Chicago area. At O'Hare International Airport, 350 flights were canceled, according to the Chicago Department of Aviation. The department also reported departure delays of up to 2 hours late June 21. Flights were delayed at Chicago's Midway Airport for up to 2 hours due to rain and thunderstorms, according the the city's aviation department. Thirty flights were canceled at that airport. Source:

• The Salt Lake Tribune reports that more than 11,000 people were ordered to evacuate from Minot, North Dakota to avoid water overtopping levees as crews raced to build dikes to protect critical infrastructure, including water plants and schools. (See item 60)

60. June 22, Salt Lake Tribune – (North Dakota) North Dakota city faces flood evacuation, again. Thousands of Minot, North Dakota residents face a 6 p.m. June 22 deadline to evacuate their homes for a second time this spring as the rising Souris River moves closer with what is predicted to be its worst flood in four decades. Officials have ordered about 11,000 people to evacuate, but they cautioned even that deadline may be too generous; warning sirens will signal if water spills over Minot's protective levees any earlier. Water from the Souris River, which loops down from Canada through north central North Dakota and is bloated by heavy spring snowmelt and rain on both sides of the border, is forecast to top the city's levees within 2 days. Crews are focusing efforts on building dikes to protect critical infrastructure such as the sewer system, water plants, schools, and City Hall. The city also is working on plans to put up secondary dikes outside fringe areas. Similar protective efforts are being made in the nearby 1,200-resident town of Burlington. The South Dakota governor said June 21 that residents in Burlington evacuation zones must be out by noon June 22. Ward County residents living along the river must evacuate by 6 p.m., he said. Nearly 500 North Dakota National Guard soldiers were in Minot to provide traffic control, ensure people were leaving left their homes, and secure neighborhoods. Source:


Banking and Finance Sector

11. June 22, Bloomberg News – (National) Fourth Rothstein associate pleads guilty in fake lawsuit settlement scheme. A fourth associate of a convicted fraudster admitted June 22 to his role in a $1.2 billion investment scheme involving fake lawsuit settlements. The 38-year-old pleaded guilty to conspiracy to commit wire fraud a in Fort Lauderdale, Florida, federal court. Prosecutors said the man and an accomplice worked for a law firm as technology specialists and set up a fake TD Bank Web site showing the head of the firm had $1.1 billion in a trust account. The accomplice pleaded guilty the week of June 13. The head of the firm used the site to convince potential investors their investments would be safe, prosecutors said. Source:

12. June 22, Chicago Tribune – (Illinois) U.S. sues to seize funds from investor linked to bin Laden. A key al-Qa'ida member had access to the group's former leader and allegedly financed terrorism invested millions of dollars with a Chicago futures brokerage firm — and now the U.S. government wants to take control of the remaining cash. The man wired $26.7 million into an associate's account in 2005, according to a federal lawsuit by the U.S. Justice Department. The U.S. government froze the accounts in 2007, and is moving to collect the money under federal laws that allow seizure of assets connected to terrorism. While the civil lawsuit does not link the man's money to any terror activity, it portrays him as an al-Qa'ida operative who raised money for the terrorist group and plotted attacks on U.S. citizens and allies. "[The suspect] began raising significant amounts of money through ... a Saudi Arabian-based investment scheme," the lawsuit alleged. "[He] then used the funds raised, in part, to finance jihadist-related activities." He was well connected to al-Qa'ida having met with the group's former leader in 2000 or 2001 in advance of the September 11th attacks on the United States. Source:

13. June 21, Reuters – (Pennsylvania) Pennsylvania couple convicted in mortgage fraud scheme. A Pennsylvania husband and wife were convicted June 21 in federal court for what prosecutors said was a $14.6 million mortgage fraud scheme that targeted financially distressed homeowners. The New Hope, Pennsylvania couple each face up to 240 years in prison, fines of up to $3.25 million, and possible forfeiture of money made from the scheme totaling $14.6 million, according to the U.S. attorney's office. Under the scheme, Axxium Mortgage Co., operated by the couple, would promise homeowners it would find an investor to help them save their homes, prosecutors said. The couple would arrange for a so-called straw purchaser to get a fraudulent mortgage and transfer title of the home to that purchaser. Then they would take whatever equity was left, put some in a shell company to pay the new mortgage, and pocket the rest, prosecutors said. Another operator of Axxium pleaded guilty in the case earlier. Prosecutors said he and the wife each acted as straw purchasers for 10 homes. Source:

14. June 21, Arizona Republic and KPNX 12 Phoenix – (Arizona) Phoenix real-estate investor pleads guilty in fraud scheme. A Phoenix, Arizona real estate investor June 20 pleaded guilty to conspiracy to commit wire fraud in a $50 million, Phoenix-based mortgage-fraud scheme, federal officials said June 21. Authorities said two others have entered guilty pleas and are awaiting sentencing. In his guilty plea, the 46-year-old admitted that, as president and CEO of Maricopa Property Investment Solutions Inc., he recruited straw buyers in real-estate seminars, according to a spokesman for the U.S. Attorney's Office for the District of Arizona. From about January 2005 through September 2006, the man helped to speed up the submission of mortgage-loan applications for unqualified straw buyers containing false data such as employment, income, assets and the intent to occupy homes as their primary residence, the spokesman said. Authorities said some loan-application packages contained altered pay stubs, false bank statements, and bogus verifications of employment and deposit. In total, the scheme involved 52 properties and nearly $50 million in fraudulent loans, according to the U.S. attorney's office. Lenders, who were not aware of the arrangement between the man and the straw buyers, collectively lost nearly $20 million. Source:

15. June 21, St. Joseph News-Press – (Missouri) Blythedale bank robbed. Officials in Northwest Missouri were looking for a possible serial bank robber June 21. The Citizens Bank of Blythedale, located at 727 Seventh Street, in Blythedale was robbed by an armed suspect at 10:45 a.m., an FBI Special Agent said. Similar robberies occurred at the Bank Northwest in Hamilton May 20, and the Preferred Bank in Brookfield June 1. “At this time, there’s reason to believe it’s the same person that robbed the bank in Hamilton, and the bank in Brookfield,” the special agent said. The suspect used the same modus operandi as the previous two robberies –- where a man stole a vehicle near the bank, robbed that bank, and later abandoned the vehicle. The suspect is described as a man in his 20s who is 5-foot-10 to 6-feet tall with a medium build. Source:

16. June 21, CoinWeek – (National) Postal inspectors probe gold coin purchases made with stolen American Express cards. U.S. Postal Service inspectors are investigating the fraudulent use of stolen American Express credit cards to purchase tens of thousands of dollars of gold coins. “The orders are placed by phone, often for $10,000 to $20,000 worth of Liberty Double Eagles or other, large-sized gold coins,” said the president of Universal Coin & Bullion in Beaumont, Texas, who has been working with postal inspectors. ”The callers want the coins shipped by overnight delivery to residential addresses and the location they give for delivery matches the address you get when you use the American Express address verification system; however, it turns out those are not the actual addresses of the victims whose stolen credit card numbers are being used,” he said. “The four-digit verification codes and other information on the credit card are also seemingly correct when you check with American Express or the credit card processor. However, it appears that various precautionary security mechanisms may have been tampered with because it’s really not the right verification information despite the seemingly correct initial match up. The thieves may have somehow compromised the American Express records system," he said. Source:

Information Technology Sector

44. June 22, Softpedia – (International) WordPress resets passwords due to backdoored plugins. The WordPress team announced June 21 it decided to reset all passwords on,, and Web sites, after discovering several plugins were rigged with backdoors. "Earlier today, the WordPress team noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory," WordPress's founder and lead developer announced. While the intrusion was detected quickly, it is unclear how many Web sites updated to the backdoored versions. The compromise might be serious, considering all of the affected plugins are very popular. AddThis has almost 450,000 downloads to date, W3 Total Cache has more than 500,000, while WPtouch, a theme for iPhones, has been downloaded more than 2 million times. Source:

45. June 21, IDG News Service – (International) Google builds developer tool for Chrome browser to flag web app vulnerabilities. Google released an experimental extension for its Chrome browser developers can use to scan Web applications and flag code that could make them vulnerable to malware attacks. The free tool, called document object model (DOM) Snitch, is designed to sniff out security holes in applications' client-side code that could be exploited by attacks such as client-side scripting, Google said June 21. "To do this, we have adopted several approaches to intercepting JavaScript calls to key and potentially dangerous browser infrastructure such as document.write or HTMLElement.innerHTML," a Google official said. Besides developers, DOM Snitch is also aimed at code testers and security researchers, the company said. The tool displays DOM modifications in real time so developers do not have to pause the application to run a debugging tool. DOM Snitch also lets developers export reports so they can be shared with others involved in developing and refining the application. Source:

46. June 21, ZDNet – (International) Hackers hit Sony Pictures France site, grab 177K e-mails. Sony Pictures France is the latest Sony Web site to suffer at the hands of hackers, ZDnet reported June 21. This time, two hackers claimed credit and said they copied more than 177,000 e-mails from the site. They are identified as a Lebanese student called “Idahc” and ”Auth3ntiq,” a friend of his from France. The hackers claim to have exploited a SQL flaw to get the data. Idahc and Auth3ntic posted information about their feat, along with a sample of the e-mails they took, to the Web site The same sort of exploit was used to break into, Sony Pictures Russion, and other Sony-owned sites in recent weeks. Idahc appears to be on a crusade to teach Sony a lesson about bad security. In a recent interview on, he said he is attacking global Sony sites to demonstrate Sony’s lax attention to security. Source:

47. June 21, CSO – (International) DNS agility leads to botnet detection. Online criminals have evolved tactics to harden botnets against takedown using many tactics, including fast-flux networks and Conficker-like dynamic domain generation. Yet, such tactics can also pinpoint when such networks are being created by bot operators, according to research from the Georgia Institute of Technology. The research found that dynamically detecting changes in the domain name system (DNS) can lead to the early detection of botnets. When bot masters create the infrastructure for a botnet, the reputation of the domain names can tip off defenders. In two papers, researchers found they can detect anomalies in the domain name system indicative of botnets and have documented recognition rates greater than 98 percent. Network security firm Damballa announced June 20 a service based on the research to provide intelligence on botnet-infected systems. Called FirstAlert, the service can detect the characteristic DNS queries indicative of botnet infections inside a customer's network. Source:

Communications Sector

See item 44 above in the Information Technology Sector