Monday, September 19, 2011

Complete DHS Daily Report for September 19, 2011

Daily Report

Top Stories

• An Amish man from Sugarcreek, Ohio, who is accused of defrauding 2,700 people in 29 states out of more than $16 million, was indicted September 15 on mail fraud charges. – WOIO 19 Cleveland See item 15 below in the Banking and Finance Sector

• Tests of a firm's proposed wireless broadband network show it would interfere with GPS systems vital to the military, U.S. Department of Defense officials told Congress September 15. – American Forces Press Service (See item 37)

37. September 16, American Forces Press Service – (National) Department seeks to protect GPS operations. U.S. Department of Defense (DOD) officials raised concerns that a company’s proposed wireless broadband network would cause harmful interference to essential Global Positioning System (GPS) operations. LightSquared’s new terrestrial network has the potential to wreak havoc on GPS systems vital to the military, and used in a host of applications, the DOD’s chief information officer (CIO) and a U.S. Air Force General, the commander of Air Force Space Command, told members of the House Armed Services Committee’s Subcommittee on Strategic Forces September 15. GPS is the cornerstone of the DOD's positioning, navigation, and timing services, and is integrated into nearly every aspect of the nation’s military operations, the CIO said. The military recently conducted testing on LightSquared’s network in concert with the Federal Aviation Administration, the general explained. Test data indicate LightSquared’s signals interfered with every type of receiver in the test, the general said. “Based on test results and analysis to date, LightSquared’s network would effectively jam vital GPS receivers, and to our knowledge thus far, there are no mitigation options that would be effective in eliminating interference to essential GPS services in the United States,” the general testified. The CIO said the DOD is also evaluating the effects of LightSquared’s terrestrial transmissions on the military’s use of Inmarsat satellite systems for its data and voice needs. Inmarsat satellite terminals are used by military units, commanders, and other senior government officials for global communications. ”The LightSquared terrestrial system will likely interfere with DOD usage of Inmarsat if appropriate actions are not taken to mitigate interference,” she said. Source:


Banking and Finance Sector

13. September 16, City News Service – (California) 'Triple Threat' bandit arrested after Lakewood bank robbery. The FBI took custody of a 40-year-old Anaheim man it believes is the "Triple Threat" bandit who was arrested September 15 in Hawthorne, California, after a high-speed chase that started after bank robberies in Lakewood and Fullerton. The suspect, who is on probation for a bank robbery conviction, was being held in Santa Ana on a probation violation, an FBI official said. He was scheduled to be arraigned September 16 on a bank robbery charge, she said. The suspect is alleged to have robbed the Farmers & Merchants Bank branch at 5101 Lakewood Boulevard in Lakewood, then held up the Banco Popular branch at 1701 N. Euclid Street in Fullerton, the FBI said. The September 14 Banco Popular hold-up happened before 1 p.m., a Fullerton police sergeant said. The suspect gave the teller a note demanding money but did not show a weapon, the sergeant said. Police spotted the maroon sport utility vehicle the suspect was driving and gave chase. The vehicle was slowed about 2:10 p.m. by traffic on the Glenn Anderson (105) Freeway near Prairie Avenue in Hawthorne. The suspect then stopped his car, got out, raised his hands, surrendered, and was arrested by California Highway Patrol officers. An FBI agent said based on the suspect's description, the vehicle he was driving and modus operandi, he was believed to be the "Triple Threat Bandit," who held up three Orange County banks August 19. In each robbery, the bandit approached a teller and passed a note demanding 100- and 50-dollar bills. No weapon was seen during the crimes. Source:

14. September 16, United Press International – (Missouri) 'Private Bank' owner convicted of fraud. A Missouri man found to have made $100 million from selling worthless financial documents was found guilty September 15 of 21 federal fraud charges. Prosecutors said the 52-year-old used his home computer to create 2,000 "bonded promissory notes" he claimed to have backed by a U.S. Treasury Department account and sold them for a fee at the "Private Bank of Denny Ray Hardin," which he ran out of his Kansas City home, the Kansas City Star reported September 15. He threatened creditors who refused to accept his notes with legal action, prosecutors said. The man was convicted in a federal court on 11 counts of creating fictitious obligations, and 10 counts of mail fraud. He faces up to 30 years in prison. Source:

15. September 15, WOIO 19 Cleveland – (Ohio; National) Amish man indicted for operating investment scheme. A 77-year-old man of the Amish religious faith from Sugarcreek, Ohio, was indicted September 15 on mail fraud charges, accused of defrauding his fellow Amish of millions of dollars. The man ran his own investment company, A & M Investments. He is accused of operating a scheme that defrauded nearly 2,700 people in 29 states out of more than $16 million, including the Amish Helping Fund. Beginning in or about 1990 and continuing through in or about June, 2010, the man represented to investors that money deposited with his investment company would be safe and would secure a positive rate of return. He specifically represented to investors that A & M would invest in Ginnie Mae Bond Funds, a type of mortgage-backed security issued by the Government National Mortgage Association and guaranteed by the full faith and credit of the U.S. government, according to the indictment. He did not invest the money as represented and, as such, about 2,698 people and entities were defrauded with a combined loss in excess of approximately $16.8 million. Among the investors that lost money was the Amish Helping Fund, which was established to assist members of the Amish community with the purchase of land and buildings, among other things. Source:

16. September 15, Savage Pacer – (Minnesota) Real estate agent from Savage indicted for assisting in mortgage fraud scheme. A federal indictment unsealed September 15 charges a 48-year-old real estate agent from Savage, Minnesota, for her participation in a multi-million dollar mortgage fraud scheme that victimized lenders across the country. The indictment charged the agent with one count of conspiracy to commit wire fraud, and 12 counts of wire fraud. It alleges that from January 1, 2005, through January 1, 2008, she conspired with others to fraudulently obtain loan proceeds by making false representations to, and withholding material information from lenders. She was employed by HomStar USA, ReMax Advantage Plus and Coldwell Banker Burnet, and was responsible for representing and recruiting buyers and sellers of residential properties. She owned TRAE, Inc., and allegedly arranged for homeowners to sell their properties to straw buyers at inflated prices. In each case, she then funneled to her co-conspirators the difference between the amount a particular home seller would accept and that home’s inflated sale price. In addition to representing sellers, she often represented straw purchasers during the same transaction. She allegedly produced fraudulent documentation for lenders and title companies causing disbursements to be made to her co-conspirators and to companies she controlled. These were then routed back to the agent, the buyers, and co-conspirators. In addition to the concealed disbursements, she collected substantial commissions that exceeded industry standards. The agent and her co-conspirators convinced straw purchasers to buy about 22 residential properties in Minnesota in this manner, resulting in fraudulent loans in excess of $10 million and losses of about $5.3 million. If convicted, she faces a potential maximum penalty of 20 years in prison on each count. Source:

17. September 15, Wilmington Star-News – (North Carolina) Cooperative Bank, ex-chief and board sued for $33 million by feds. Federal regulators have sued the former chief of Cooperative Bank and the board of directors of the failed institution, charging neglect of duty and seeking more than $33 million. The Federal Deposit Insurance Corporation (FDIC) was acting as receiver for Cooperative in its suit filed in August in U.S. District Court for Eastern North Carolina. Cooperative failed June 19, 2009, when the FDIC took control of its $774 million in deposits. It was taken over by First Bank, of Troy, North Carolina, in a loss-share agreement with the federal regulator. The suit concerns the FDIC's losses and charges Cooperative's board failed to manage the inherent risks associated with their aggressive growth strategy –- a goal to grow from $443 million in assets in 2001 to $1 billion in 2005. The suit charged that, "rather than employing methods to properly monitor and mitigate the risks associated with the highly speculative lending in which Cooperative was engaging, the director defendants permitted a lax loan approval process which did not include a formal loan committee to meet, review and analyze the loans." Individually, the suit seeks judgments against the former chief for $33.274 million and against various board member for a combined total of about $112 million. The FDIC cited losses from the bank's lot loan program and certain commercial real estate loans. The suit said that by June 2007, two members of the board knew some loan officers and an appraiser had questioned the values of the lots upon which Cooperative was making loans, but took no corrective action. The FDIC also claims loses of more than $20 million from commercial real estate loans by Cooperative. Source:

For more stories, see items 44 and 47 below in the Information Technology Sector

Information Technology Sector

43. September 16, IDG News Service – (International) Oracle security flaw could bring down app servers. Oracle issued an emergency patch to fix a vulnerability it said could bring down HTTP application servers it sells based on Apache 2.0 or 2.2. Attackers can exploit the weakness remotely without a username or password, Oracle said in a security alert issued September 15. Products impacted by the bug include Oracle Fusion Middleware 11g Release 1, versions,, and; Oracle Application Server 10g Release 3, version; and Oracle Application Server 10g Release 2, version The U.S. Government's National Vulnerability Database has assigned a Common Vulnerability Scoring System (CVSS) rating of 7.8, "indicating a complete Operating System denial of service," Oracle said. Oracle took issue with that assessment in its security alert. "A complete Operating System denial of service is not possible on any platform supported by Oracle, and as a result, Oracle has given the vulnerability a CVSS Base Score of 5.0 indicating a complete denial of service of the Oracle HTTP Server but not the Operating System," it stated. Source:

44. September 16, Help Net Security – (International) When scammers socialize. A sophisticated, seemingly broadly orchestrated online scam that promises bogus prizes to dupe Internet users into giving up their identifying personal information has been plaguing popular social media sites, Help Net Security reported September 16. This scam uses typographic variations of the social media sites' domain names to host Web pages formatted to look just like the home page, deceiving users into thinking they are legitimate. A recent study conducted by FairWinds Partners revealed this scam impacts 281 typos of the top 10 most popular social media sites, and puts a total of 48 million unique visitors per year at risk for spam, phishing, and identity theft. The scam has become pervasive among the most highly used social media Web sites, including Facebook, Twitter, LinkedIn, YouTube, and others. "It systematically steals Internet users' identifying information by targeting a relatively narrow percentage of typo domain names –- only those that receive extremely high volumes of traffic –- in order to reach as many unsuspecting users as possible," explained the co-founder and managing partner of FairWinds. Promising prizes and rewards in exchange for answering survey questions, these scam sites can quickly acquire a user's personal data, including his or her full name, telephone number, e-mail address, physical address, date of birth, and even financial and credit information. The group behind the scam sells this data to spammers and other digital miscreants. Source:

45. September 16, Softpedia – (International) Bing and Yahoo advertise malware. Malware spreading Web sites might appear to users who are using search engines to find and download programs including Skype, Firefox, or Adobe Player. The GFI Labs' blog revealed their discovery September 16 after noticing something was suspect when the Web sites behind the links appeared to be strange. While hiding behind what seemed to be a genuine link belonging to Yahoo and other known portals, the connections led to rogue sites that kept redirecting the user. It appears all the malicious links reroute to a domain called “,” which is packed with malware waiting to be downloaded by unsuspecting users. For example, the Firefox install kit actually releases a rootkit that runs Internet Explorer in the background and performs automated clicks on advertisements. The discovered Win32(dot)Malware!Drop also makes redirects to malicious Web sites when Google is used to seek something. Yahoo and Microsoft were alerted on the issue and they promised a fix. Source:

46. September 16, Softpedia – (International) Major vulnerabilities found in popular learning platform. Softpedia reported September 16 Blackboard Learn, one of the most used educational platforms in the world, was discovered as being insecure because of multiple vulnerabilities that could expose sensitive information to unauthorized parties. The platform is used by schools and universities all over the world, and is used by the U.S. military to educate soldiers. According to SC Magazine, Australian universities might have been the ones to detect the flaws. Blackboard Learn did not respond at first, but took measures to patch up the holes after AusCERT contacted them. The vulnerabilities appear to be caused by improper configuration of the Web application and other issues that were supposed to be fixed in later versions of the software. The security director of the company that owns the platform told SC Magazine the exploit possibilities were not considered critical, and no institutions were compromised because of them. Blackboard Learn has fixed most of the problems, and said recently they have only one remaining issue to address. Source:

47. September 15, Dark Reading – (International) Microsoft still spots lots of zeus infections. Microsoft detects and cleans up between 60,000 and 100,000 machines infected with the zeus trojan each month, according to newly released data from the software giant. It appears zeus is alive and well despite rumors of its "death" or morph into the SpyEye trojan. "...We're still seeing both distinct malware families out and about in the wild. Between the two, we're finding that they're responsible for a significant amount of the e-commerce-related fraud happening at any given time," wrote a researcher at the Microsoft Malware Protection Center. Microsoft snuck more protections from new zeus malware variants into the latest version of its Malicious Software Removal Tool (MSRT), he said September 15: "[In September] (carefully hidden under the Win32/Bamital blanket), employing the old adage 'fight fire with fire', we decided to fight sneakiness with sneakiness and quietly slipped a fairly major Win32/Zbot update into MSRT." The software giant detected 103,391 zeus-infected machines in March; 113,814 in April; 60,385 in May; 83,555 in June; 61,323 in July; and 89,994 in August. Source:

Communications Sector

48. September 15, WISH 8 Indianapolis – (Indiana) WISH signal restored after power outage; Big Brother available online. WISH 8 Indianapolis in Indiana was off the air for about half an hour September 14 due to a power outage. Indianapolis Power & Light Co. (IPL) reported more than 600 customers without power at about 10:45 p.m. Within an hour, electricity had been restored to most customers. A WISH 8 photographer at the scene reported a power line was down at 16th Street and Martin Luther King Boulevard. Witnesses in the area reported seeing sparks before the lights went out. IPL officials said September 15 a lightning strike to a primary power line downtown around 10:30 p.m. triggered the outage. Source:

For more stories, see items 44 and 45 above in the Information Technology Sector