Monday, August 1, 2011

Complete DHS Daily Report for August 1, 2011

Daily Report

Top Stories

• Federal authorities are investigating the deaths of two girls, and the injuries of several other Monsanto workers, electrocuted in a wet field while de-tasseling corn in Tampico, Illinois, WBBM 780 AM Chicago reports. (See item 26)

26. July 26, WBBM 780 AM Chicago and Associated Press – (Illinois) Girls electrocuted while de-tasseling corn in Northwest Illinois. Federal authorities are investigating the deaths of two 14-year-old girls, who were electrocuted in a wet field while de-tasseling corn in Tampico, Illinois July 25. One farm worker told a WBBM 780 AM Chicago reporter that he heard the girls screaming, and he ran to help, but could do nothing without becoming a victim himself. The Sterling, Illinois girls were de-tasseling corn, when the Whiteside County Sheriff’s Department said they were electrocuted by a field irrigator. The 13-year-old male witness said the field was like a pond. The girls were later pronounced dead at CGH Medical Center in Sterling. Two other workers were seriously hurt. In all, six workers were treated at area hospitals. They were among dozens working for St. Louis-based Monsanto, which said nothing like this has happened before. As a precaution, the company has shut down its de-tasseling operations in the Sterling-Rock Falls area for the time being, according to a company spokesman. He said more than 1,000 people have been working for Monsanto this summer. They receive training and are told to walk around irrigation systems. The spokesman said the accident has been reported to the U.S. Occupational Safety and Health Administration. Source: http://chicago.cbslocal.com/2011/07/26/girls-electrocuted-while-de-tasseling-corn-in-northwest-illinois/

• The U.S. Army private who admitted he was planning to bomb a restaurant in Killeen, Texas, popular with soldiers from Fort Hood, was ordered held without bond July 29, according to CNN. (See item 34)

34. July 29, CNN – (Texas) Fort Hood bomb suspect held without bond. The U.S. Army private who admitted he was planning to bomb a restaurant popular with soldiers from Fort Hood, Texas is to be held without bond, a federal magistrate ordered July 29. The suspect was formally charged with possession of an unregistered destructive device. Additional charges are likely, said a spokesman for the U.S. attorney's office in San Antonio, Texas. The 21-year-old shouted an apparent reference to the 2006 rape of an Iraqi girl by U.S. soldiers and a 2009 shooting spree by an army psychiatrist at Fort Hood that killed 13 people, before being hustled out of the courtroom by marshals. A Muslim American soldier granted conscientious objector status before going AWOL, the suspect was held July 29 in federal custody at an undisclosed location. According to the criminal complaint unsealed July 29, the suspect admitted he planned to turn two pressure cookers found in his Killeen hotel room into gunpowder- and shrapnel-filled bombs to detonate inside an unnamed restaurant popular with soldiers from Fort Hood. Among other things, police and FBI investigators who searched the room found six bottles of gunpowder, shotgun shells and pellets, and ammunition cartridges. Police who arrested him found wire, a handgun, ammunition and an article titled, "Make a bomb in the kitchen of your Mom" in the backpack he was carrying, according to the complaint. The backpack also contained a notebook with a hand-written list for many of the components police recovered. Killeen police arrested the suspect July 27 after a gun store employee indicated his behavior had raised red flags when he purchased 6 pounds of smokeless gunpowder, and other supplies. The tip came from a retired police officer who works at the Guns Galore gun store. He said the young man appeared suspicious as soon as he pulled up in a taxi cab. The suspect browsed for about 20 minutes, the tipster said, choosing 6 pounds of gunpowder, shotgun ammunition, and a magazine for a semiautomatic handgun. He asked what smokeless gunpowder was before finishing the purchase. The tipster said he called police after discussing the transaction at length with the owner of the store, which is the same place where the army psychiatrist bought supplies for his Fort Hood shooting spree. The suspect joined the infantry in 2009 and was assigned to Company E of the 101st Airborne Division's 1st Brigade Combat Team when he refused to deploy to Afghanistan on religious grounds. The Army approved his request to be discharged as a conscientious objector. But on May 13, he was charged with possession of child pornography on his computer, according to the statement. After a June 15 hearing, at which the suspect was recommended for court-martial, he went AWOL. Source: http://www.cnn.com/2011/CRIME/07/29/fort.hood.arrest/index.html

Details

Banking and Finance Sector

13. July 28, U.S. Department of the Treasury – (International) Treasury targets key al-Qa’ida funding and support network using Iran as a critical transit point. The U.S. Department of the Treasury July 28 announced the designation of six members of an al-Qa’ida network headed by a prominent Iran-based al-Qa’ida facilitator, operating under an agreement between al-Qa’ida and the Iranian government. The July 28 action, taken pursuant to Executive Order (E.O.) 13224, demonstrated that Iran is a critical transit point for funding to support al-Qa’ida’s activities in Afghanistan, and Pakistan. This network serves as the core pipeline through which al-Qa’ida moves money, facilitators and operatives from across the Middle East to South Asia, including to a key al-Qa’ida leader based in Pakistan, also designated July 28. As a result of the action, U.S. persons are prohibited from engaging in commercial or financial transactions with the designees, and any assets they may hold under U.S. jurisdiction are frozen. Source: http://www.treasury.gov/press-center/press-releases/Pages/tg1261.aspx

14. July 28, Bergen County Record – (New Jersey) Paramus broker admits role in mortgage fraud scheme. A Paramus, New Jersey mortgage broker, one of three men charged in a scheme to bilk lenders, admitted July 28 he helped generate millions of dollars in fraudulent mortgage loans by inflating borrowers’ income, and assets. The 39-year-old pleaded guilty to a single count of conspiracy to commit wire fraud during a hearing before a U.S. district judge in Trenton. He admitted that, from March 2008 to January 2009, he and his co-conspirators hatched a scheme to defraud mortgage lenders by doctoring residential loan applications to obtain millions of dollars in home loans. The loan applications falsely stated borrowers put cash down at the closings and would make the property their primary residence. They also showed inflated assets and earnings for the borrowers, the man admitted. The former broker allegedly conspired with a 38-year-old man from Maywood, and a 35-year-old from Sewaren in Middlesex County, who were arrested last October in connection with the scam. With the help of two attorneys, one of the co-conspirators arranged to purchase properties owned by financial institutions, while the other co-conspirator recruited borrowers to buy the same properties around the same time, authorities said. The conspirators caused the borrowers to obtain loans on properties they did not own, and failed to record deeds with the county clerk’s office, authorities said. When loans were approved, the funds were wired to the lawyers’ trust accounts and disbursed among the conspirators, with enough retained to cover the purchases made in the conspirator's name. After the deeds were transferred to one of the men, he allegedly altered them to reflect a sale to the borrowers at the inflated prices listed on the fraudulent loan applications and settlement forms. Source: http://www.northjersey.com/topstories/paramus/Paramus_broker_admits_role_in_mortgage_fraud_scheme.html

15. July 28, IDG News Service – (International) Phisher who hit 38,500 gets long prison sentence. A California man was sentenced to 12 years and 7 months in prison July 28 for his role as the mastermind behind a widespread phishing scam that took in more than 38,000 victims. He worked with Romanian scammers to drive users to Web sites that were set up to look up like they belonged to legitimate financial institutions. After victims entered their information on the sites, the Californian sold the data to two alleged co-conspirators who used the information to set up lines of credit — typically between $1,000 and $2,000 — at instant credit kiosks at Wal-Mart stores. They used those lines, as well as fake credit cards made using the stolen data, to purchase products from Wal-Mart, which they then sold for cash. Prosecutors said the co-conspirators stole nearly $193,000 in less than 2 months by hitting Wal-Mart stores throughout California. They have both been sentenced to prison in connection with the fraud, according to a spokeswoman for the U.S. Department of Justice. When police arrested the Californian in January 2007, they found stolen information, including bank and credit card numbers, belonging to 38,500 victims. They also found 20 Web templates used to make fake sites for businesses such as eBay, and local banks, including Florida's Fairwinds Credit Union, and Washington's Heritage Bank. Source: http://www.computerworld.com/s/article/9218732/Phisher_who_hit_38_500_gets_long_prison_sentence

Information Technology Sector

38. July 29, H Security – (International) Unpatched hole in FlexNet License Server Manager. The Zero Day Initiative (ZDI) published an advisory about a critical hole in the FlexNet License Server Manager that attackers can use to gain control of a victim's system. The vulnerability is found in the lmadmin component; when attackers send a specially crafted TCP packet to port 27000, they can write data into the server's heap buffer, leading to the possible execution of malicious code. The FlexNet License Server Manager is only intended for use in local networks, and is normally not reachable via the Internet. In January, the researcher who discovered the flaw reported the vulnerability to Flexera, the company that makes the software –- because the firm has yet to publish a patch, details of the vulnerability are now being made public in accordance with the ZDI 180-day deadline. Source: http://www.h-online.com/security/news/item/Unpatched-hole-in-FlexNet-License-Server-Manager-1288337.html

39. July 28, Computerworld – (International) Windows XP PCs breed rootkit infections. Machines running the Windows XP make up a large percentage of infected PCs that can spread malware to other systems, Avast Software announced July 28. Windows XP computers are infected with rootkits out of proportion to the operating system's market share, according to data released by the antivirus company, which surveyed more than 600,000 Windows PCs. While XP now accounts for about 58 percent of all Windows systems in use, 74 percent of the rootkit infections found by Avast were on XP machines. XP's share of the infection pie was much larger than Windows 7's, which accounted for only 12 percent of the malware-plagued machines — even though the 2009 OS now powers 31 percent of all Windows PCs. Source: http://www.computerworld.com/s/article/9218722/Windows_XP_PCs_breed_rootkit_infections

Communications Sector

40. July 28, threatpost – (International) Researchers find SpyEye operations hosted on Amazon's S3. According to researchers at Kapersky Lab, cybercriminals have been using Amazon’s Simple Storage Service (Amazon S3) as a launching point for their SpyeEye operation for at least several weeks. One researcher writes that cyber criminals are drawn to Amazon's S3 offering for its gigabytes of storage, which they can use to host Web-based attacks. Though S3 requires users to register to get access to their accounts, cyber criminals have steered around that roadblock by registering their AWS account using stolen credit cards, and personal information. Source: http://threatpost.com/en_us/blogs/researchers-find-spyeye-operations-hosted-amazons-s3-072811

41. July 28, Associated Press – (Oregon) Stolen phone cable leads to outage in Oregon city. An Oregon telephone service outage in the Junction City area the week of July 25 has been blamed on the theft of an 80-foot-long section of cable for the copper wire it contained. The Eugene Register-Guard reported the July 26 theft left hundreds of people in the Junction City and Cheshire areas without landline telephone service. But the wire was recovered after Lane County sheriff's deputies got a tip about a suspicious man in a pickup truck. Investigators said metal theft often provides a quick payoff for drug users. Officials estimated it cost about $50,000 to repair the cable that was damaged. Source: http://www.greenfieldreporter.com/view/story/7a9a90288c5b4fe4875ddd2d432dc0f0/OR--Stolen-Wire-Outage/

42. July 28, WPSD 6 Paducah – (Kentucky) Comcast outage fixed for some. Around 2 p.m. July 27, Comcast customers in the Paducah, Kentucky area began experiencing an outage of Internet, and phone services. The outage continued into July 28, but came back online for some in the afternoon. "[W]e have experienced a service outage that has impacted our services in Paducah and surrounding areas," Comcast said in a July 27 statement. "While we are still investigating and researching the issues involved, it appears that our fiber was damaged when utility crews were in the area working," it noted. "Our fiber has been cut extensively in several places. We are in the process of restoring, and are hoping to have all customers restored by the end of [July 27]." Source: http://www.wpsdlocal6.com/news/local/Comcast-outage-affects-area-customers-126325563.html