Tuesday, November 15, 2011

Complete DHS Daily Report for November 15, 2011

Daily Report

Top Stories

• The Securities and Exchange Commission, which failed to stop a long-running investment fraud despite repeated warnings, has disciplined eight agency employees, but did not fire anyone. – Washington Post See item 15 below in the Banking and Finance Sector

• The owner of a company that defrauded more than 1,000 homeowners — most from Maryland — in a $78 million scheme was convicted of conspiracy to commit money laundering and related crimes in federal court. – Baltimore Sun See item 19 below in the Banking and Finance Sector


Banking and Finance Sector

12. November 13, Associated Press – (New Jersey) NJ man admits swindling 4 banks out of more than $1 million, now faces up to 30 years in jail. Federal prosecutors said a New Jersey businessman has admitted swindling four banks out of more than $1 million through an elaborate scheme that involved stolen Social Security numbers, the Associated Press reported November 13. The businessman faces up to 30 years in prison, and a $1 million fine. The man, who owns an auto repair business, pleaded guilty November 11 to bank fraud. He admitted bribing a Social Security Administration staffer to obtain numerous Social Security numbers, then used the information to illegally obtain many credit cards. Prosecutors said the businessman provided false employment and salary histories through his firm for many people, who then used the false data and the stolen Social Security numbers to obtain various credit cards and home mortgages. Source: http://www.therepublic.com/view/story/013ef7db4d414a0e96bcf70586e3e2eb/NJ--Bank-Fraud/

13. November 13, Washington Examiner – (Virginia; Maryland; Pennsylvania.) Guilty pleas for leaders in card-skimming ring. One of the leaders in an identity-theft ring that stole the credit card numbers of hundreds of Washington, D.C. metropolitan area consumers has pleaded guilty, and the other was scheduled to do so November 14. The men were charged in July with running a card-skimming ring that stole credit card numbers, re-encoded those numbers on credit and gift cards, and used the cards to buy merchandise and additional gift cards at stores in Virginia, Maryland, and Pennsylvania. They also recruited and paid "runners" to use the re-encoded credit and gift cards to buy merchandise and return previously purchased items for cash, according to court records. Three other men have also been charged with working with the pair. One leader pleaded guilty to conspiracy to commit access device fraud and aggravated identity theft earlier in November. Court records don't give totals of how many credit card numbers ring members stole, or how many fraudulent purchases were made. But some details provided show the ring had a broad scope, affecting hundreds of consumers and purchases. The ring operated from at January 2010 until June 2011, according to an indictment. A single restaurant server who swiped customers' cards after they paid for their meals obtained about 100 credit card numbers every 4-6 weeks during that time, the indictment says. The group made more than 1,000 transactions at area stores using skimmed credit cards, according to a plea agreement. An unnamed informant who worked as a "runner" in the scheme fraudulently returned nearly $25,000 in merchandise to one store, Nordstrom, according to court documents. Two of the other men charged in the scheme pleaded guilty in October. Source: http://washingtonexaminer.com/local/crime-punishment/2011/11/guilty-pleas-leaders-card-skimming-ring

14. November 12, Pierce County Herald – (Wisconsin) Milwaukee police kill bank robber. Milwaukee police said convicted bank robber fired at officers after sticking up the Guaranty Bank in the Grand Avenue Mall November 11. One officer returned fire, killing the robber. The suspect had been convicted of robbing the same bank 10 years ago, serving time for that crime. He was also wanted in connection with two other recent bank robberies. A witness said he saw a man being chased by police in the mall, then heard shooting and yelling. The Milwaukee police officer who fired the fatal shot has been placed on administrative duty while the incident is investigated. Source: http://www.piercecountyherald.com/event/article/id/40786/group/News/

15. November 11, Washington Post – (National) Eight SEC employees disciplined over failures in Madoff fraud case; none are fired. The Securities and Exchange Commission (SEC), which failed to stop a long-running investment fraud despite repeated warnings, has disciplined eight agency employees over their handling of the matter but did not fire anyone, reported the Washington Post. The SEC’s head of human resources and a law firm hired to advise the agency had recommended the chairman fire one person, whom the SEC described as a manager in the office that inspects investment firms. But the chairman did not fire the worker because doing so "would harm the agency’s work," a SEC spokesman said. The Washington Post reported November 11 seven SEC employees had been disciplined, based on details provided by a person familiar with the actions. A second source, an official involved in the process, told the Post the chairman had received recommendations to fire an employee over the mishandling of the case. Later November 11, the SEC spokesman confirmed details and added that an eighth employee also received disciplinary action. A ninth employee, who was facing a 7-day suspension, resigned before disciplinary action was taken, the spokesman said. The punishments given the SEC employees varied and included suspensions, pay cuts, and demotions. Although the SEC conducted five examinations and inspections of the hedge fund manager based on complaints, agency personnel "never took the necessary and basic steps to determine if [he] was misrepresenting his trading," the inspector general reported. "While examiners and investigators discovered suspicious information and evidence and caught [the manager] in contradictions and inconsistencies, they either disregarded these concerns or relied inappropriately upon [his] representations and documentation in dismissing them," the inspector general added. Source: http://www.washingtonpost.com/business/economy/seven-sec-employees-disciplined-on-failure-to-stop-madoff-fraud/2011/11/10/gIQA3kYYCN_print.html

16. November 11, San Francisco Chronicle – (California) Mouli Cohen guilty in $30 million investment fraud. A federal court jury November 9 convicted a former Marin County, California businessman of a $30 million investment fraud whose victims included the Vanguard Public Foundation, a long-time patron of causes on the political left. The defendant was found guilty of 29 counts of fraud, money laundering, and tax evasion, and acquitted of six additional charges. The fraud charges are punishable by up to 20 years in prison. Prosecutors said the businessman falsely told investors his company, Ecast, was about to be acquired by Microsoft Corp. and would exchange its shares for Microsoft shares worth six to 10 times as much. Ecast provided digital music, games, and interactive advertising to bars and nightclubs. He later told investors U.S. and European Union regulators were holding up the acquisition and needed fees and bonds to approve it, prosecutors said. They said investors initially spent more than $6 million on Ecast shares, and paid another $25 million over the next 3 years for the purported fees and bonds. Meanwhile, prosecutors said, the businessman was spending millions on luxury cars, jet rentals, jewelry, vacations, and rent on a home. The charges covered a period from 2002 to 2008. Officials of Ecast have been quoted as saying the businessman, who co-founded the company in 1999, was no longer connected with it after 2002. Prosecutors said most of the victims were affiliated with Vanguard Public Foundation, which has attributed its collapse to its investments with the businessman. Source: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2011/11/10/BAQI1LTH3U.DTL

17. November 10, U.S. Securities and Exchange Commission – (National) SEC charges UBS with faulty recordkeeping related to short sales. The Securities and Exchange Commission (SEC) November 10 charged UBS Securities LLC for inaccurate recording practices when providing and recording "locates" to customers seeking to execute short sales. UBS settled the enforcement action by agreeing to pay an $8 million penalty, and retain an independent consultant. According to the SEC’s order instituting settled administrative proceedings, UBS employees routinely recorded the name of a lender’s employee even when no one at UBS had contacted the employee to confirm availability. The SEC’s investigation found UBS employees sourced thousands of locates to lender employees who were out of the office and could not have provided any information to UBS on those days. "UBS permitted its employees to create records that do not accurately convey the basis upon which its employees granted locates," the director of the SEC’s New York Regional Office said. The SEC’s investigation found that since at least 2007, UBS’s "locate log" that records the locates it granted "inaccurately portrayed which locates were based on electronic feeds or direct confirmation with specific lenders. UBS’s practices obscured inquiry into whether UBS had a reasonable basis for granting locates, and created a risk of locates being granted based on sources that could not be relied upon if shares were needed for settlement." Source: http://www.sec.gov/news/press/2011/2011-240.htm

18. November 10, U.S. Securities and Exchange Commission – (New York) SEC charges New York-based hedge fund managers ThinkStrategy Capital and Chetan Kapur with securities fraud. The Securities and Exchange Commission (SEC) November 10 filed a civil injunctive action charging ThinkStrategy Capital Management, LLC (ThinkStrategy) and its sole managing director with deceptive conduct in connection with two hedge funds that they managed and advised: ThinkStrategy Capital Fund (Capital Fund) and TS Multi-Strategy Fund (Multi-Strategy Fund). The Capital Fund primarily traded equities, while the larger Multi-Strategy Fund holds investments in other hedge funds. At its peak in 2008, ThinkStrategy managed about $520 million in assets. The SEC’s complaint alleges that for more than 7 years, ThinkStrategy and the managing director engaged in a pattern of deceptive conduct designed to bolster their track record, size, and credentials. ThinkStrategy and its director materially overstated the performance of the Capital Fund, giving investors the false impression the fund’s returns were consistently positive, and minimally volatile. The Multi-Strategy Fund made investments in certain hedge funds later revealed to be Ponzi schemes or other serious frauds, including Bayou Superfund, Valhalla/Victory Funds, and Finvest Primer Fund. Had ThinkStrategy adhered to its stated due diligence standards, and required audited financial statements certified by bona fide accounting firms, the Multi-Strategy Fund may not have invested detrimentally in those funds. The complaint seeks permanent injunctions, disgorgement and prejudgment interest thereon, and civil monetary penalties against ThinkStrategy and its director. Source: http://www.sec.gov/litigation/litreleases/2011/lr22151.htm

19. November 10, Baltimore Sun – (Maryland; National) Metro Dream Homes owner convicted in $78 million scheme. The owner of a company that defrauded more than 1,000 homeowners — most from Maryland — in an "egregious" $78 million investment scheme was convicted of conspiracy to commit money laundering and related crimes November 10 in federal court in Greenbelt, Maryland. The defendant, who ran Metro Dream Homes, promised to pay off people's mortgages if they invested in his company, according to a U.S. attorney. But it was nothing but a Ponzi scheme, prosecutors said. The defendant and other company officials used some of the proceeds to enrich themselves, at one point hiring chauffeurs to drive them around in a fleet of luxury cars. According to prosecutors, the pitch was as follows: invest at least $50,000 in Metro business ventures, and the company would in turn make mortgage payments — paying the loan off completely in 5-7 years. But the company's ventures, such as electronic kiosks that sold goods and services, never produced much money, prosecutors said. The defendant and other Metro leaders used money from new recruits to pay the mortgages of early investors, who were then asked "to attend recruitment meetings to assure potential investors the Dream Homes Program was not a fraud," according to the U.S. attorney. Metro — which began recruiting investors in 2005, during the housing bubble — encouraged victims to raise the necessary money by refinancing their mortgages, prosecutors said. The defendant faces the possibility of 30 years in prison for each of 15 counts of wire fraud, up to 30 years for fraud conspiracy, and up to 20 years for conspiracy to commit money laundering. Source: http://articles.baltimoresun.com/2011-11-10/business/bs-bz-dream-home-fraud-20111110_1_metro-dream-homes-scheme-money-laundering

For another story, see item 36 below in the Information Technology Sector

Information Technology

35. November 14, Softpedia – (International) sn3Ak3r hacks social network and leaks 57,000 credentials. Social network FindFriendz.com was attacked by An0nym0us sn3Ak3r, a member of t34m t!g3R, and credentials on 57,000 members were stolen. E Hacking News reported the social network's Web site lost the information as a result of an SQL injection attack that took advantage of a common vulnerability. The hacker published only a small part of the stolen data, but he claimed he would make the rest available for anyone who requests it. Source: http://news.softpedia.com/news/sn3Ak3r-Hacks-Social-Network-and-Leaks-57-000-Credentials-234240.shtml

36. November 13, The Register – (International) Valve says credit card data taken. Valve confirmed the hack of its Steam forums reported the week of November 7 may have included the theft of credit card numbers. The company e-mailed users saying the intruders that defaced its forums also accessed a database that included "information including user names, hashed and salted passwords, game purchases, email addresses, billing information, and encrypted credit card information." Since the card data was encrypted, it may not be usable to the attackers, operating under the handle fkn0wned. However, according to the Washington Post and others, the e-mail from Valve's founder advised customers to watch their credit card statements for evidence of misuse. Valve has sought to reassure users it was not slack with their personal information. A password reset was applied to all forum users, and the company suggests any gamers whose Steam password was the same as their forum password should reset that as well. Source: http://www.theregister.co.uk/2011/11/13/steam_confirms_credit_card_database_attacked/

37. November 11, The Register – (International) Duqu targeted each victim with unique files and servers. The creators of the Duqu malware that penetrated industrial manufacturers in at least eight countries tailored each attack with exploit files, control servers, and booby-trapped Microsoft Word documents that were different for each victim, according to research published November 11. Two of the drivers the sophisticated, highly modular rootkit used in one attack showed compilation dates of 2007 and 2008, the Kaspersky Lab expert and author of the report said. If the dates are genuine, they suggest the Duqu architects may have spent the past 4 years developing the malware. The Duqu version examined in the report was recovered by the Sudan Computer Emergency Response Team from an undisclosed company the attackers targeted in advance. Like attacks on other targets, it was launched using a booby-trapped Word document with content tailored to the receiving organization, and exploited a previously unknown vulnerability in the kernel of all supported versions of Microsoft Windows. Source: http://www.theregister.co.uk/2011/11/11/duqu_analysis/

38. November 11, Softpedia – (International) Patched Adobe Flash SWF vulnerability still makes victims. While Adobe patched a SWF file vulnerability in April 2011, users who failed to update their browser plug-ins are still highly targeted by attacks that rely on the outdated version of Flash Player, Softpedia reported November 11. Zscaler researchers noticed the phenomenon which still makes many victims out of the 7 percent of customers who still use an old version of the software. In April, Adobe made sure the weakness that would allow a cyber criminal to execute arbitrary code or launch a denial of service attack by using specially crafted Flash content, would never hurt customers who updated the player to the latest versions. Now, it turns out since many still rely on the old variants, they become easy targets for hackers who encapsulate malevolent swf files into Microsoft Office documents or html pages. A location discovered recently by the experts embedded a nb.swf flash file into a page executed by Adobe's Flash Player when the site was loaded. The execution of the specially crafted element leads to a memory corruption in the player that allows for a piece of shellcode to be passed on as an input parameter. At the time when it was discovered, only half of the security vendors listed in Virus Total detected the swf file as a threat. Source: http://news.softpedia.com/news/Patched-Adobe-Flash-SWF-Vulnerability-Still-Makes-Victims-233980.shtml

39. November 11, H Security – (International) Apple closes iPhone keysigning hole. Apple released iOS 5.0.1 –- an update to October's publication of iOS 5.0 for iPhones and iPads –- which includes fixes for two major security holes discovered since the release. A researcher recently revealed he was able to run unsigned code on Apple's devices by exploiting a flaw in versions of iOS 4.3 and later. That flaw, a logic error in the kernel's mmap system call and its checking of flags, is now corrected. Exploitation of the flaw could have allowed an attacker to inject unsigned code into a maliciously crafted signed application, bypassing many of Apple's security restrictions. The problem with the iPad 2's Smart Cover and iOS 5.0 which allowed the passcode lock to be bypassed has also been fixed. Among the other issues resolved in the update are two flaws said to "lead to the disclosure of sensitive information:" one in CFNetwork's handling of URLs, and the other in the handling of DNS lookups. Apple also configured the default trust system for certificates to no longer trust DigiCert Malaysia's certificates after they were found to be weak and incorrectly formed. Source: http://www.h-online.com/security/news/item/Apple-closes-iPhone-keysigning-hole-1377460.html

40. November 11, H Security – (International) Chrome 15 update closes holes, updates Flash. Google released version 15.0.874.120 of Chrome. The maintenance and security update to the WebKit-based browser upgrades the V8 JavaScript engine to version, addresses several vulnerabilities, and includes the recent Flash Player 11.1 release, which also closes critical security holes. The Stable channel update fixes five "high-risk" bugs: a heap overflow in the Ogg Vorbis decoder, a double free issue in the Theora decoder, and a memory corruption regression in VP8 decoding, as well as a use-after-free error and a buffer overflow in shader variable mapping. Two medium-risk out of bounds reads in MKV and Ogg vorbis media handlers, and a low-risk issue that caused JRE7 to fail to ask for permission to run applets have also been fixed.

Source: http://www.h-online.com/security/news/item/Chrome-15-update-closes-holes-updates-Flash-1377300.html

41. November 11, H Security – (International) Adobe closes 12 critical holes in Flash. Adobe closed 12 critical holes in all supported versions of Flash Player up to and including version The memory corruption vulnerabilities allowed attackers to inject malicious code on computers; visiting a specially crafted Web page is all that was required to become a victim. When Internet Explorer is used, attackers can exploit a further hole to bypass the cross-domain policy. It is recommended all users update to the latest version of Flash to protect their systems. Flash Player for Android is also affected –- the most recent vulnerable version is; the update to version can be installed via the Android Market. Version 3.0 of the AIR application platform (including Adobe AIR for Android) is also vulnerable. Updating to version fixes the issues. Source: http://www.h-online.com/security/news/item/Adobe-closes-12-critical-holes-in-Flash-1377759.html

42. November 10, Softpedia – (International) Researchers find way to protect hardware against trojans. Researchers from the Polytechnic Institute of New York University (NYU-Poly) and the University of Connecticut managed to design a new technique thatshould assure the integrity of hardware components against malicious altering or manufacturing flaws. According to the Sacramento Bee, a professor of electrical and computer engineering at NYU-Poly believes people are falsely assuming hardware elements are free of malware. He claims that since products are in many cases assembled of components manufactured all over the world, during the transportation and in other processes, hardware elements can be tampered with. Since many organizations could end up with such units, the professor's team believed something had to be done to verify the integrity of hardware, especially since in many cases it is utilized by critical infrastructure agencies. One of the techniques proposed by the scientists involved ring oscillators, devices composed of odd numbers or NOT gates whose output oscillates between two voltage levels. Since circuits that contain these devices produce specific frequencies, any kind of tampering would alter their original design, thus alerting testers the circuit was compromised. To make it difficult for criminals to replicate these frequencies, the researchers proposed the creation of more versions of the ring oscillator arrangements to make it impossible to keep track of. Source: http://news.softpedia.com/news/Researchers-Find-Way-to-Protect-Hardware-Against-Trojans-233568.shtml

For another story, see item 44 below in the Communications Sector

Communications Sector

43. November 12, Examiner.com – (Florida; Alabama) WHBR-TV not broadcasting due to technical issues. WHBR-TV Pensacola in Florida stopped broadcasting November 11 due to technical issues with the Robertsdale, Alabama-based transmitter used to broadcast their programming. According to a message on the WHBR-TV's Web site, the issues were described as "major" and folks at the station were told the station could be off the air for about a week. The message advised visitors of the site they could still watch programming streamed live on the World Wide Web. The last image WHBR-TV broadcast on their main channel was frozen for cable TV customers. The station was broadcasting on two digital sub-channels in addition to the main channel. The programming for the main channel included local programs and national programs from CTN. The sub-channels had programming from Christian Television Network International (CTNi) and BLAB TV, a broadcaster based in Pensacola, Florida, respectively. Unlike the stream of programming for the main channel, the streams of programming from the sub-channels were not available to cable TV and satellite TV customers in Mobile, Alabama. Source: http://www.examiner.com/tv-in-mobile/whbr-tv-not-broadcasting-due-to-technical-issues

44. November 10, WNCT 9 Greenville – (North Carolina) Internet service restored in Craven County. Century Link representatives said a cut fiber was the cause of a wide spread Internet outage that affected parts of Craven and Pamlico Counties, North Carolina, November 10, WNCT 9 Greenville reported. The outage lasted a little more than hour and affected thousands of customers, including Century Link customers, and customers who use other Internet providers. As of 5:45 p.m. November 10, a spokesperson for Century Link said the fiber had been repaired and service had already been restored in most places. Source: http://www2.wnct.com/news/2011/nov/10/2/widespread-internet-outage-reported-craven-county-ar-1597159/

For another story, see item 39 above in the Information Technology Sector