Monday, October 29, 2012
Daily Report
Top Stories
• A Los Angeles-based accountant who admitted
to participating in a $100 million mortgage fraud scheme by creating fake
documents for straw buyers pleaded guilty October 25 to wire fraud. – Courthouse
News Service
6. October
25, Courthouse News Service – (California; Washington) Fraud
ring guilty of $100 million in fake mortgage applications. A Los
Angeles-based accountant who admitted participating in a fraud scheme by
creating fake W-2 forms, pay stubs, and other records for straw buyers so that
her fellow conspirators could collect more than $14.5 million in kickbacks from
fraudulently obtained mortgage loans pleaded guilty October 25 to wire fraud.
In entering her guilty plea, she admitted reviewing payment records that showed
the kickbacks were collected from the fraudulent purchase of $100 million in
properties. A federal grand jury in September handed up superseding indictments
charging a Laguna Hills loan processor for submitting false loan applications
using falsified documents to mortgage lenders on behalf of straw buyers in the same scheme, a
U.S. Attorney said. In addition, the loan processor allegedly maintained what
he called a “pipeline” of additional properties to purchase as part of the
scheme, each of which included an additional $100,000 or more in potential
kickbacks. The accountant and loan processor joined other defendants that
include an unlicensed mortgage broker, a Ramona real estate agent, the mortgage
broker’s assistant, and a Seattle businessman. As alleged in court records, the
defendants carried out their scheme by recruiting “investors” through the
Internet and advertisements in the Los Angeles Times. Each was a straw buyer
promised $10,000 for their role in the scheme. Source: http://www.sandiego6.com/news/local/Wire-Fraud-Ring-Guilty-of-100-Million--175907611.html
• A New York City Police Department officer
who allegedly used law enforcement databases to plan to kidnap, cook, and eat
as many as 100 women was arrested following a joint NYPD and FBI investigation.
– ABC News
23. October
25, ABC News – (New York) ‘Cannibal’ cop plotted to eat 100 women: Feds. A
New York City Police Department (NYPD) officer who allegedly planned to kidnap,
cook, and eat as many as 100 women was arrested following a joint NYPD and FBI
investigation, ABC News reported October 25. The officer was charged with one
count of conspiracy to commit kidnapping, according to a federal criminal
complaint, as well was using the National Crime Information Center database to
access unauthorized data. The complaint alleged that he exchanged electronic
messages with an unnamed co-conspirator “about kidnapping, cooking and eating
body parts of [Victim 1].” He allegedly created computer files pertaining to
“at least 100 women and containing
at least one photograph of each woman.” According to the complaint, he used law
enforcement databases to conduct surveillance on potential victims. A U.S.
Attorney for the Southern District of New York said the investigation was
ongoing. Source: http://abcnews.go.com/Blotter/cannibal-cop-plotted-eat-100-women-feds/story?id=17562584#.UIquLK7TKCx
• The CoDeSys software tool used to manage
equipment in power plants, military environments, and nautical ships contains
an undocumented backdoor that could allow malicious hackers to access sensitive
systems without authorization. – Ars Technica See item 31 below in the Information Technology Sector
• Kentucky State Police searched for the
suspect who called in several bomb threats in Monroe County, forcing
evacuations at several businesses, schools, and government offices. – WTVF 5
Nashville
32.
October 26, WTVF 5 Nashville –
(Kentucky) Businesses evacuated after bomb threats in Tompkinsville. Kentucky
State Police searched for the suspect who called in several bomb threats in
Monroe County, forcing several evacuations, WTVF 5 Nashville reported October
25. Among the buildings threatened were a school, an office, a store, and
restaurants in Tompkinsville. The first call came in October 25 and started a
chain reaction that shut down the entire small town. One of the first places to
get a threat was Tompkinsville Elementary School. Officials said the students
had to be evacuated. Some were sent to a nearby National Guard armory where
parents picked them up. All Monroe County schools were shut down as a
precaution. The local Walmart, McDonald’s, and Sonic all got the same call — as
did the law offices of the Monroe County Attorney. Police went building to
building, checking for explosives. None were found, but each location was
evacuated as a precaution, forcing people to wait hours until it was deemed
safe. Source: http://www.newschannel5.com/story/19913136/businesses-evacuated-after-bomb-threats-in-tompkinsville
Details
Banking and Finance Sector
6. October
25, Courthouse News Service – (California; Washington) Fraud
ring guilty of $100 million in fake mortgage applications. A Los
Angeles-based accountant who admitted participating in a fraud scheme by
creating fake W-2 forms, pay stubs, and other records for straw buyers so that
her fellow conspirators could collect more than $14.5 million in kickbacks from
fraudulently obtained mortgage loans pleaded guilty October 25 to wire fraud.
In entering her guilty plea, she admitted reviewing payment records that showed
the kickbacks were collected from the fraudulent purchase of $100 million in
properties. A federal grand jury in September handed up superseding indictments
charging a Laguna Hills loan processor for submitting false loan applications
using falsified documents to mortgage lenders on behalf of straw buyers in the same scheme, a
U.S. Attorney said. In addition, the loan processor allegedly maintained what
he called a “pipeline” of additional properties to purchase as part of the
scheme, each of which included an additional $100,000 or more in potential
kickbacks. The accountant and loan processor joined other defendants that
include an unlicensed mortgage broker, a Ramona real estate agent, the mortgage
broker’s assistant, and a Seattle businessman. As alleged in court records, the
defendants carried out their scheme by recruiting “investors” through the
Internet and advertisements in the Los Angeles Times. Each was a straw buyer
promised $10,000 for their role in the scheme. Source: http://www.sandiego6.com/news/local/Wire-Fraud-Ring-Guilty-of-100-Million--175907611.html
7. October
25, Sunshine State News – (Florida) State Attorney: Seven charged
in mortgage fraud. Six individuals from south Florida and one Orlando
resident were charged as part of a mortgage fraud scheme that totaled nearly $5
million, according to the Florida Attorney General and Miami-Dade Police
Department October 25. According to the release, the scheme operated with straw
buyers who used their names and credit to purchase numerous properties. Once
the loan had been secured and records reflected a price well over the actual
price paid to the seller, a variety of financial exchanges would take place to
make the purchase appear legitimate. The laundered money would then go back to
the closing agent’s escrow account and be characterized in the records as the
cash brought to the closing by the straw buyer. Those arrested face charges
including grand theft and organized fraud. Source: http://www.sunshinestatenews.com/blog/state-attorney-seven-charged-mortgage-fraud
8. October
25, Wall Street Journal – (International) Moscow police arrest
internet scam suspects. Russian authorities charged nine West African
immigrants with allegedly stealing $28.8 million from hundreds of foreign
companies through what police described as an elaborate scheme using bogus
passports bearing names that appeared very similar to those of major Russian
companies like Gazprom, Rosneft, and Murmansk Shipping Company, the Wall Street
Journal reported October 25. The alleged scam targeted firms dealing in
minerals, oil and gas, and other commodities operating in the United States,
the European Union, China and South-East Asia and had been going on for many
years, Russia’s interior ministry said in a statement. The alleged fraudsters
managed the ruse by using the companies’ Russian names on the bogus IDs, which
tricked the companies into thinking they were actually doing business with real
firms. Raids on the homes of seven of the suspects uncovered counterfeit
documents, bogus notary stamps, falsified company paperwork, and printing
equipment capable of producing it all, the police said. Investigators said the
proceeds of the scam appeared to have been sent to Africa. Source: http://blogs.wsj.com/emergingeurope/2012/10/25/moscow-police-arrest-internet-scam-suspects/
Information Technology Sector
25. October
26, Softpedia – (International) DoS vulnerability found in wireless chips
used by Apple, HTC, Samsung, Ford, others. Researchers from Core Security’s
Core Impact team uncovered a remotely exploitable vulnerability in Broadcom
BCM4325 and BCM4329 wireless chipsets that could be leveraged by cybercriminals
to launch a denial-of-service (DoS) attack. According to advisories published
by the U.S. Computer Emergency Readiness Team (US-CERT) and Core Security, the
vulnerability is caused by an out-of-bounds read error condition that exists in
the chips’ firmware. Apparently, an attacker sending an RSN (802.11i)
information element can cause the WiFi NIC to stop responding. The flaw affects
Apple, HTC, Samsung, Acer, Motorola, LG, Sony Ericson, and Asus products,
including iPhone 4, iPod 3G, Xoom, Galaxy Tab, Nexus S, and Evo 4G. The Ford
Edge car is also affected. The experts notified Broadcom and although there
were some communication problems, the company released an official statement to
say a patch was developed. Since many of the affected products are out of
service, the patch will be provided to customers on a case-by-case basis.
Source: http://news.softpedia.com/news/DOS-Vulnerability-Found-in-Wireless-Chips-Used-by-Apple-HTC-Samsung-Ford-Others-302384.shtml
26. October
26, The H – (International) Germany gets the most malicious spam. German
email users unseated users from the United States as the recipients of most
malicious email messages. According to a report on September’s spam by
Kaspersky, Germany hit the top of the chart with 13.87 percent of malicious
mail being directed at its users, followed by Spain (7.43 percent), Russia
(6.85 percent), India (6.39 percent), Vietnam (5.95 percent), Australia (5.94
percent), China (5.80 percent), and the United States (5.62 percent). The
United States led the chart for the previous 8 months. Overall, Kaspersky says
3.4 percent of all emails contained malicious files, a drop of 0.5 percentage
points compared to August. Germany saw a six percentage point rise in its
detections and Spain saw a four percentage point rise, while United Kingdom’s
share dropped two percentage points to 4.67 percent. It was also a month for
drastic changes in the top 10 malware detected by Kaspersky. Long-term leader
“Trojan-Spy.HTML.Fraud.gen” fell out of the top 10 completely, giving its top
spot to “Backdoor.Win32.Androm.kv” (aka Backdoor.Trojan and PWS-Zbot.gen.ana),
a backdoor trojan which enables remote access, being found in 6.32 percent of
the malicious emails. It was followed by “Email-Worm.Win32.Bagle.gt”, an email
address harvester and malicious program downloader, and then the
“Email-Worm.Mydoom.m” and “Mydoom.l” email address harvesters. Also in the top
10 were 4 ransomware trojans. Source: http://www.h-online.com/security/news/item/Germany-gets-the-most-malicious-spam-1737717.html
27. October
26, Wired – (International) Man claiming half of Facebook arrested on
fraud charges. A man claiming to own half of Facebook was arrested October
25 and charged with a multibillion dollar scheme to defraud the
social-networking site and its chief executive and founder. The man, of
Wellsville, New York, filed a federal lawsuit in 2010, citing documents and a
contract between him and Facebook’s CEO that promised him half the company.
Facebook made it clear from the beginning that it believed the contract and emails
the man produced as evidence were fakes. Facebook told a federal judge that its
forensic examiners proved that a 9-year-old contract the man submitted to the
court was “forged.” The analysis also claimed that 27 emails between Facebook’s
CEO and the man — some of which mention Facebook — were “fabricated” by the
man. Facebook’s CEO has said all along that an authentic “Work for Hire”
contract between the two involved another project. The man hired Facebook’s CEO
to work his StreetFax company nearly a decade ago, the CEO claimed. The man,
however, alleges the contract also included fronting Facebook’s CEO $2,000 in
exchange for half of Facebook when he was a college student. Federal
authorities agreed with Facebook’s CEO and its forensic analysis. The man is
accused of one count of mail fraud and one count of wire fraud, authorities
said. Each count carries a maximum 20-year term. Source: http://www.wired.com/threatlevel/2012/10/facebook-fraud-arrest/
28. October
26, The H – (International) Exim mail servers susceptible to DKIM
attacks. There is a critical vulnerability in functions for verifying
DomainKeys Identified Mail (DKIM) signatures in the widely used open source
mail server Exim. The problem appears to be a buffer overflow on the heap which
can be exploited by crafted DNS records to inject code that could compromise
the server. According to an announcement on the Exim mailing list (alternative
list archive), versions 4.70-4.80 are affected, if DKIM support is included.
The developers released version 4.80.1 which specifically fixes this
vulnerability. To avoid confusion, the next version will not be named 4.81. As
a workaround, DKIM verification can be disabled using the option “warn control
= dkim_disable_verify” within an ACL. Both Debian and Ubuntu released packages
in which the vulnerability is fixed. Source: http://www.h-online.com/security/news/item/Exim-mail-servers-susceptible-to-DKIM-attacks-1737670.html
29. October
25, Softpedia – (International) Scam alert: US Customs and Border Protection
Service Department package delivery. Scammers started sending out emails
entitled “US Customs and Border Protection Service Department” to trick
recipients into thinking they received a package from overseas. “We write to
inform you that your package with reference number 2661428 has been in Customs
facility custody waiting for resolutions of the clearance to further the
delivery to your delivery address by the delivery Agent who came all the way
from Africa,” the scam emails read. “We have been waiting for you to contact us
regarding your consignment box which the agent suppose to deliver to you which
was on hold by USA Customs Department and they are requesting for clearance
certificate....” The scammers are attempting to convince victims to send back
their personal details, including name, contact information, and passport or ID
card number. Source: http://news.softpedia.com/news/Scam-Alert-US-Customs-and-Border-Protection-Service-Department-Package-Delivery-302159.shtml
30. October
25, ZDNet – (International) Google, Yahoo and Microsoft fix email
security flaw. Google, Yahoo, and Microsoft all fixed a vulnerability in
their email-signing mechanisms that made it possible for people to spoof
messages coming from their systems. The problem was that they were using keys
of less than 1,024 bits in length in their implementations of the DomainKeys
Identified Mail (DKIM) mechanism. Some consider even 1,024-bit RSA keys as
being too easy to crack, but shorter keys are definitely too insecure for
serious use currently, as the computational power available in the cloud makes
it relatively easy to crack them by brute force. According to a U.S. Computer
Emergency Readiness Team (US-CERT) note released October 24, Google, Microsoft,
and Yahoo were all using RSA signing keys that were too-short, and all three
vendors have now fixed the problem after being notified. Source: http://www.zdnet.com/google-yahoo-and-microsoft-fix-email-security-flaw-7000006379/
31. October
25, Ars Technica – (International) Backdoor in computer controls opens critical
infrastructure to hackers. Software used to manage equipment in power
plants, military environments, and nautical ships contain an undocumented
backdoor that could allow malicious hackers to access sensitive systems without
authorization. The CoDeSys software tool, which is used in industrial control
systems sold by 261 different manufacturers, contains functionality that allows
people to remotely issue powerful system commands, a researcher with security firm
ioActive, told Ars Technica. The CoDeSys tool will grant a command shell to
anyone who knows the proper command syntax and inner workings, leaving systems
that are connected to the public Internet open to malicious tampering. Of the
two specific programmable logic controllers (PLCs) the researcher tested, both
allowed him to issue commands that halted the devices’ process control. He
estimated there are thousands of other models that also ship with CoDeSys
installed, and he said most of them are probably vulnerable to the same types
of attacks. He declined to identify the specific models he tested except to say
that one ran the Linux operating system on Intel-compatible processors and the
other used Microsoft’s Windows CE running on ARM chips. He said a quick search
using the Shodan computer location service showed 117 devices directly
connected to the Internet, but he suspects more detailed queries could reveal
many more. A blog post that contains additional vulnerability details said code
that automates the exploit is expected to be added to the Metasploit software
framework used by hackers and security professionals. Source: http://arstechnica.com/security/2012/10/backdoor-in-computer-controls-opens-critical-infrastructure-to-hackers/
Communications Sector
Nothing to
report.
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.
No comments:
Post a Comment