Monday, January 30, 2012

Complete DHS Daily Report for January 30, 2012

Daily Report

Top Stories

• The Securities and Exchange Commission (SEC) claimed a trader in Latvia, as well as four U.S. trading firms and their executives, used an online account intrusion scheme to manipulate the prices of more than 100 U.S.-exchange listed securities, causing more than $2 million in harm. – U.S. Securities and Exchange Commission (See item 16)

16. January 26, U.S. Securities and Exchange Commission – (National; International) SEC charges Latvian trader in pervasive brokerage account hijacking scheme. The Securities and Exchange Commission (SEC) January 26 charged a trader in Latvia for conducting a widespread online account intrusion scheme in which he manipulated the prices of more than 100 New York Stock Exchange (NYSE) and Nasdaq securities and caused more than $2 million in harm to customers of U.S. brokerage firms. The SEC also instituted related administrative proceedings against four electronic trading firms and eight executives charged with enabling the trader’s scheme by allowing him anonymous and unfiltered access to U.S. markets. According to the complaint, the defendant broke into online brokerage accounts of customers at large U.S. broker-dealers and drove stock prices up or down by making unauthorized purchases or sales. This occurred on more than 150 occasions over 14 months. The defendant – using the direct, anonymous market access provided by various unregistered firms – traded those same securities at artificial prices and reaped more than $850,000 in illegal profits. According to the SEC, the four electronic trading firms allowed the defendant to trade through their electronic platforms without first registering as brokers. These firms gave the defendant a gateway to U.S. securities markets while circumventing the protections of federal securities law. The SEC’s complaint alleges the defendant violated the anti fraud provisions of federal securities law and seeks injunctive relief, disgorgement with prejudgment interest, and financial penalties. Source: http://www.sec.gov/news/press/2012/2012-17.htm

• Two spans of a heavily-traveled Benton, Kentucky bridge collapsed after being struck by a cargo ship carrying aviation parts. – Associated Press (See item 19)

19. January 27, Associated Press – (Kentucky) Officials: Portion of Kentucky bridge collapses. Two spans of a Benton, Kentucky bridge collapsed after being struck by a cargo ship that carried aviation parts. No injuries were immediately reported, state transportation officials said. The Delta Mariner struck the main span of the Eggner Ferry Bridge January 26 at U.S. Highway 68 and Kentucky Highway 80, said a spokesman for the Kentucky Transportation Cabinet. State inspectors are on their way to determine how much of the bridge, which opened to traffic in 1932, was damaged. Officials said the bridge was closed to traffic, causing vehicles needing to cross the Kentucky Lake reservoir and the Tennessee River to be detoured for dozens of miles. The U.S. Coast Guard also blocked access to boat traffic at the bridge site. Officials say about 2,800 vehicles travel daily on the bridge, which already was in the process of being replaced, although the new bridge has not been built yet. Motorists were advised to take alternate routes. Source: http://www.foxnews.com/us/2012/01/27/officials-portion-kentucky-bridge-collapses/

Details

Banking and Finance Sector

12. January 27, Buffalo News – (New York) 4 men charged after Black Money swindle goes awry. A West African currency scam arrived in Cheektowaga, New York, the weekend of January 21, landing three men in hot water along with their alleged victim, who later tried to take back his money at gunpoint, Cheektowaga police said January 26. Police said the incident began when three Liberian natives targeted a Buffalo man under what police call a Black Money Scam. The scam is a popular fraud in which the victim is presented with black construction paper reported to be real U.S. currency that had been dyed black through a chemical process. The con men told the victim they needed money to buy another chemical to wash away the black dye and make the currency usable. He turned over $21,000 to the three scammers in exchange for half of the black paper, police said. After he realized he had been scammed, the victim called the scammers and told them he had some friends who also wanted in on the “investment” in order to set up another meeting. At that meeting, which took place somewhere in Buffalo late January 21 or early January 22, the three con men were ambushed at gunpoint by the victim and up to three other men and forced into the basement of an unknown address. One of the men was taken back to his hotel room by the original victim, who demanded a return of his money. The three scammers were charged with fraudulent accosting and criminal possession of a forgery instrument. The original victim was charged with conspiracy and robbery. Source: http://www.buffalonews.com/city/communities/cheektowaga/article716451.ece

13. January 27, Somerset Courier News – (New Jersey) FBI nabs would-be Westfield bank robber. FBI agents arrested a TD Bank employee at his Elizabeth, New Jersey home January 26 on charges he conspired to commit bank robbery, according to authorities. According to the complaint, an individual entered a TD Bank in Westfield September 11, and passed a deposit slip across the counter to a bank teller. As the teller stepped back from the counter upon reading the note, the person reached across the counter and grabbed the money the teller had been counting, about $5,721. Between September and December, seven additional bank robberies occurred at TD Bank locations throughout New Jersey, a U.S. attorney said. According to the investigation, the alleged bank robber exchanged text messages in November and December with the arrested TD Bank employee. The two discussed when and how the vault of the Westfield branch could be robbed. During an interview with law enforcement, the employee acknowledged he discussed robbing the vault with the alleged bank robber and others, the U.S. attorney said. The employee said the robber agreed to give him up to $50,000 of the money from the vault. The charge of criminal conspiracy carries a maximum potential penalty of 5 years in prison and a fine of up to $250,000, officials said. Source: http://www.mycentraljersey.com/article/20120126/NJNEWS/301260036/FBI-nabs-would-Westfield-bank-robber?odyssey=nav|head

14. January 27, St. Augustine Record; Florida Times-Union – (Florida) Guilty verdict sparks relief, regret for victims. A jury in a U.S. district court in Jacksonville, Florida, January 26 convicted a woman on all 14 counts in a Ponzi scheme through which she defrauded investors of as much as $100 million. She faces up to 20 years on each of the 14 counts for which she was found guilty. A bankruptcy attorney said all of the investors are to be given stock in Integrity Auto Finance, the new company formed in Chapter 11 bankruptcy from the remains of the woman’s corporation. A cash disbursement is also coming on May 4, the first of an annual disbursement from a creditor trust. That trust is funded by whatever remained of the woman’s assets after the formation of Integrity. Source: http://staugustine.com/news/local-news/2012-01-26/cladeks-guilty-verdict-sparks-relief-regret-victims#.TyLNqIEhxI5

15. January 26, Minneapolis Star Tribune – (National) Bloomington duo accused of mortgage fraud. Two Bloomington residents were arraigned January 26 in Minneapolis on charges they ran an $8 million equity-stripping scheme under the guise of a nonprofit that claimed to help troubled homeowners avoid foreclosure. The residents were each charged January 19 in a sealed indictment with conspiracy, fraud, and money laundering involving transactions that took place from 2005 through October 2007. One of the defendants owned and operated Unified Home Solutions (UHS) and American Mortgage Lenders (AML), a mortgage brokerage that facilitated the transactions, the indictment says. It notes the UHS owner told homeowners facing foreclosure that he offered a rescue program backed by investors who would buy their homes and sell them back after they had regained their financial footing. The indictment says the mortgages were obtained with fraudulent financial information. Investors collected a “risk fee,” generally 3 percent of the purchase price, but most of the equity in the home went to UHS and AML, according to an affidavit filed in the case by an Internal Revenue Service (IRS) criminal investigator. She said UHS, AML, and their owner facilitated the sale of about 79 properties; fewer than five avoided foreclosure. Source: http://www.startribune.com/business/138169374.html

16. January 26, U.S. Securities and Exchange Commission – (National; International) SEC charges Latvian trader in pervasive brokerage account hijacking scheme. The Securities and Exchange Commission (SEC) January 26 charged a trader in Latvia for conducting a widespread online account intrusion scheme in which he manipulated the prices of more than 100 New York Stock Exchange (NYSE) and Nasdaq securities and caused more than $2 million in harm to customers of U.S. brokerage firms. The SEC also instituted related administrative proceedings against four electronic trading firms and eight executives charged with enabling the trader’s scheme by allowing him anonymous and unfiltered access to U.S. markets. According to the complaint, the defendant broke into online brokerage accounts of customers at large U.S. broker-dealers and drove stock prices up or down by making unauthorized purchases or sales. This occurred on more than 150 occasions over 14 months. The defendant – using the direct, anonymous market access provided by various unregistered firms – traded those same securities at artificial prices and reaped more than $850,000 in illegal profits. According to the SEC, the four electronic trading firms allowed the defendant to trade through their electronic platforms without first registering as brokers. These firms gave the defendant a gateway to U.S. securities markets while circumventing the protections of federal securities law. The SEC’s complaint alleges the defendant violated the anti fraud provisions of federal securities law and seeks injunctive relief, disgorgement with prejudgment interest, and financial penalties. Source: http://www.sec.gov/news/press/2012/2012-17.htm

17. January 26, Costa Mesa Daily Pilot – (California) Couple pleads guilty to bank fraud. Two Newport Coast, California residents pleaded guilty January 26 to bank fraud in connection with seven different financial institutions. The couple gained a revolving line of credit from multiple banks, including Bank of America, in the amount of $130 million by falsifying their business revenue for Anaheim-based Galleria USA, according to a news release from the U.S. Department of Justice. The banks lost about $4.7 million because of the fraud between 2008 and 2009. They face a maximum of 40 years in federal prison. Source: http://articles.dailypilot.com/2012-01-26/news/tn-dpt-0127-fu-20120126_1_galleria-usa-thomas-chia-fu-bank-fraud

18. January 26, Associated Press – (International) US hits German-Moroccan brothers, German-Turk with terrorism sanctions. The U.S. Presidential administration is hitting two German-Moroccan brothers and a German-Turk man with financial sanctions for their involvement in terrorist activities in central Asia, the Middle East, and Europe, the Associated Press reported January 26. The State Department and Treasury Department said the brothers are identified as “specially designated global terrorists” along with the third man. The move freezes any assets they have in U.S. jurisdictions and bars Americans from financial dealings with them. The brothers are affiliated with the Islamic Movement of Uzbekistan, a designated foreign terrorist organization that claims responsibility for numerous attacks in Afghanistan. The third man is affiliated with the Islamic Jihad Union, another designated foreign terrorist organization, which was implicated in a 2007 bomb plot targeting U.S. military installations and American citizens in Germany. Source: http://www.washingtonpost.com/politics/us-hits-german-moroccan-brothers-german-turk-with-terrorism-sanctions/2012/01/26/gIQATzb0SQ_story.html

For another story, see item 50 below in the Information Technology Sector

Information Technology

46. January 27, Help Net Security – (International) Facebook scammers leverage the Amazon Cloud. Recently, spammers began using Amazon’s cloud services for hosting fake Facebook pages leading to surveys because it is cheap and because is less likely Facebook will block links from an Amazon domain. Users are usually reeled in with offers to see a funny/amazing/shocking video, and click on the offered URL (often a shortened one). In a recently spotted scam, users who click the link are taken to a fake Facebook page where those who use Chrome and Firefox are asked to install a fake YouTube plug-in to view the video. The offered plugin is not what it claims to be. “Upon installing the plugin, a redirector URL is generated by randomly selecting from the usernames, mo1tor to mo15tor, in the Amazon web service,” explain F-Secure researchers. “Then, the link generated is shortened through bitly.com via the use of any of the 5 hardcoded userID and API key-pairs. These key-pars gives a spammer the ability to auto-generate bit.ly URLs for the Amazon web service link. This ultimately leads to a redirection to the fake Facebook page.” These users are, therefore, responsible for propagating the scam further by unknowingly posting the scam message on their Facebook profiles, and are not asked to fill out surveys. Users who use other browsers are spared from inadvertently spamming their friends but are redirected to surveys provided by affiliate marketers. Source: http://www.net-security.org/secworld.php?id=12301

47. January 27, Help Net Security – (International) Unwanted apps on Android smartphones. Third-party Android Markets have always been the favorite means of malicious app dissemination, especially in regions where users do not have access to the official repository. This is also the case with the latest campaign laid out by cyber criminals to lure users into installing well-known applications on the genuine Android Market, but which have been tampered with to launch additional services along with the original app. Simply put, the original Android application downloaded from a third-party contains the legitimate app as well as a trojanized service (usually called “GoogleServicesFrameworkService”), which is launched with the host application. Identified by Bitdefender as Android.Trojan.FakeUpdates.A, this piece of malware connects to a command and control server and fetches a list of links to different Android application packages (APKs). After that, the malware downloads each APK from the list and then displays a notification in the status bar area, reading “In order to have access to the latest updates, click Install).” This approach confuses the user, as they do not know where the message came from. This trojan requires an extensive array of privileges upon installing, to make sure it can take full control over the smartphone whenever necessary. Depending on the APKs to be downloaded and installed, the application may require up to 10 privileges prior to installation. Most of the users will accept it without any second thoughts, since they believe what is to be installed is an update to one of the applications they already installed. Android applications posted on third-party Android Markets are not new; however, what is particularly important is the attackers’ modus operandi: they publish a legitimate application on the respective Market, let it live for a several days to get the positive ratings and gain users’ trust, and then change the APK with a trojanized one in order to fulfill their malicious goals. Most of the repackaged applications analyzed have low detection rates, which poses a danger even to smartphone users who run a mobile security solution. Android.Trojan.FakeUpdates.A poses a threat to the smartphone user as it can download and install anything, from trial versions of software in pay-per-install campaigns to spyware and other trojans. Source: http://www.net-security.org/malware_news.php?id=1976

48. January 27, Softpedia – (International) XSS vulnerability found in Google, Forbes, Myspace, MTV and Ferrari. A researcher from the Vulnerability Laboratory came across a cross-site scripting vulnerability in the Google Apps Web page, hosted on the google.com domain, but also in other popular Web sites. Longrifle0x found the flaw in Google Apps and reported it to Google. Even though the risk level is estimated as low, if unresolved, the security hole present in one of the search modules could allow a remote attacker to hijack cookies and even steal accounts. However, the attacker would have to social engineer the victim into performing certain tasks for the session hijacking to be successful. The vulnerability was reported January 21 and the vendor responded January 23, but as of January 27 the bug still exists on the Google page. This is not the only vulnerability found by longrifle0x in the past several days. The Forbes search page, Ferrari’s official online store, MTV, and MySpace also contain the same type of vulnerability. None of these pages are currently patched up and reports from XSSed reveal the domains were already cross-site scripted. Source: http://news.softpedia.com/news/XSS-Vulnerability-Found-in-Google-Forbes-Myspace-MTV-Ferrari-248996.shtml

49. January 27, Threatpost – (International) Attackers targeting Windows Media bug with malware. Security researchers saw attackers going after the newly patched CVE-2012-0003 vulnerability in the Windows Media Player. The flaw, which was patched earlier in January by Microsoft, is a critical one that can enable remote code execution, and it affects a wide range of Windows systems. When the patch was released, Microsoft officials recommended customers install it immediately as there was a decent chance of attackers leveraging it in the near future, which is exactly what happened. Researchers at the IBM ISS X-Force saw malicious attacks against the MIDI vulnerability going on in the wild in recent days, and said because exploitation of the flaw is not considered difficult, there may well be more on the horizon. To exploit this vulnerability, an attacker must entice a user into opening a specifically formatted media file. Once the exploit code executes, the attacker would then have full control of the system. There are now pieces of malware circulating online capable of exploiting this vulnerability. The specific attack Trend Micro’s researchers analyzed uses the shellcode to download an encrypted binary, which it then decrypts and executes. The payload in this attack includes some malware with rootkit capabilities, which is installed on the victim’s machine. That rootkit also then connects to a remote server and downloads another component, a backdoor. Source: http://threatpost.com/en_us/blogs/attackers-targeting-windows-media-bug-malware-012712

Communications Sector

50. January 26, WHIZ 40 Zanesville – (Ohio) 9-1-1 emergency service restored in New Concord. New Concord, Ohio, had problems January 25 after a barn fire cut service to 9-1-1 and thousands of cell phones. The New Concord fire chief said the early morning fire happened at 3739 Glenn Highway along U-S 40 in Guernsey County. The fire burned through the main trunk line. As a result, anyone with an 826 exchange was not able to call long distance, outside the village, or 9-1-1. Also, cell service was down to all providers, except Verizon. Due to the outages, Muskingum University, banks, and a number of other business were forced to shut down. Repair crews from Frontier Communications worked nearly all day to repair the damaged cables but the fire chief said the problem could have been prevented by having a back-up 9-1-1 connection — saving the county both money and potential lives. The Muskingum County Emergency Management Agency director said 9-1-1, and most of the other phone service were restored by the afternoon of January 25. Source: http://www.whiznews.com/content/news/local/2012/01/26/9-1-1-emergency-service-restored-in-new-concord-0

For more stories, see items 46, 47, and 48 above in the Information Technology Sector