Tuesday, February 28, 2012

Complete DHS Daily Report for February 28, 2012

Daily Report

Top Stories

• The cost of repairing and expanding U.S. drinking water infrastructure will top $1 trillion in the next 25 years, an expense that will be covered by higher water bills and fees, a new study found. – PRWeb (See item 26)

26. February 27, PRWeb – (National) Water infrastructure bill to top $1 trillion: AWWA ‘Buried No Longer’ report highlights cost of repair, expansion; shows impact on U.S. households. The cost of repairing and expanding U.S. drinking water infrastructure will top $1 trillion in the next 25 years, an expense that will be met primarily through higher water bills and local fees, according to a study by the American Water Works Association (AWWA), PRWeb reported February 27. The report, titled “Buried No Longer: Confronting America’s Water Infrastructure Challenge,” analyzes many factors, including timing of water main installation and life expectancy, materials used, replacement costs, and shifting demographics. Nationally, infrastructure needs are almost evenly divided between replacement and expansion requirements. Cities will be impacted in different ways depending on size and geography. Many small communities will face the greatest challenges because they have smaller populations across whom to spread expenses. Source: http://www.prweb.com/releases/prweb2012/2/prweb9222932.htm

• A teenager at a high school in Chardon, Ohio, opened fire in the cafeteria February 27, killing one student and wounding four others before being caught, according to FBI officials. – Associated Press (See item 31)

31. February 27, Associated Press – (Ohio) 1 dead, 4 wounded in Ohio school shooting. A teenager at Chardon High School in Chardon, Ohio, opened fire in the cafeteria February 27, killing one student and wounding four others before being caught a short distance away, authorities said. A student who witnessed the attack from just a few feet away said it appeared the gunman was targeting a group of students sitting at a cafeteria table, and the student who was killed was trying to duck under the table. Panicked students screamed and ran through the halls after the gunfire broke out at the start of the school day at the 1,100-student school, about 30 miles from Cleveland. The suspect was arrested near his car a half-mile away, the FBI said. He was not immediately charged. FBI officials would not comment on a motive. Five students were taken to Cleveland-area hospitals, and one later died, officials said. At least one other victim was listed in serious condition. Parents thronged the streets around the school as they heard from students via text message before official word came of the attack. Officers investigating the shooting blocked off a road in a heavily wooded area several miles from the school. Source: http://www.google.com/hostednews/ap/article/ALeqM5hztXIBuN1ZWUvDZBE7Pq41lejdLw?docId=2c15575fa3a34a4a91bd90b0dc0eaf44


Banking and Finance Sector

10. February 26, Louisville Courier-Journal – (Kentucky) Five Occupy Louisville members arrested in protest at Chase bank. Five people were arrested at an Occupy Louisville demonstration in Louisville, Kentucky, that turned into a confrontation with Louisville Metro Police February 25 at a Chase bank branch. Several people at the demonstration described what they saw as physical encounters between the police and protesters. Officers were called to the bank on a report demonstrators were blocking the entrance, a police spokesman said. He said they were told by management protesters tried to occupy the inside of the bank. He stated officers advised the demonstrators they could protest but could not block the bank entrance or prevent customers from entering. After a few customers were let inside the bank, several protesters tried to rush the door. The officers called for backup and arrested five people. An Occupy Louisville spokeswoman estimated there were 35 demonstrators. Source: http://www.courier-journal.com/article/20120225/NEWS01/302250052?odyssey=mod|mostcom

11. February 25, Fort Launderdale Sun Sentinel – (Florida) FBI searching for possible serial bank robber. A TD Bank was robbed in Boca Raton, Florida, February 24 and the robber may be responsible for seven other bank heists since December 25, 2011, the FBI said. Agents released surveillance photographs from the February 24 bank robbery. The robber entered the bank and demanded money from an employee. An undisclosed amount of cash was taken. Customers were in the bank at the time of the robbery, officials said. The FBI believes the robber may be involved in other bank robberies that included the Amtrust Bank and Valley Bank in Hollywood, Regent Bank in Davie, a TD Bank and Bank of America in Fort Lauderdale, Comerica Bank in Boca Raton, and the IberiaBank in Pompano Beach. Source: http://www.orlandosentinel.com/news/local/fl-boca-bank-robbery-20120224,0,5301551.story

12. February 24, San Diego Union-Tribune – (California) ‘Well-dressed Bandit’ admits 9 heists. A San Diego man dubbed the “Well-Dressed Bandit” by the FBI pleaded guilty in federal court February 21 to nine bank and credit union robberies, the San Diego Union -Tribune reported February 24. He faces up to a 20-year prison term at sentencing, federal officials said. The suspect did not plead guilty to a 10th count, involving what the FBI believes was the beginning of the holdup series May 18, 2010, at an Escondido Wells Fargo Bank. The other nine cases included three San Diego holdups in 2010 and four in 2011. One of the banks, in the Carmel Valley area, was hit three times, including the final case in the series September 23, 2011. A Solana Beach credit union was robbed twice in 2011. The robber got his FBI nickname for sometimes wearing a suit jacket, leather coat, or a dapper hat. In the September holdup, witnesses saw the robber leave in a black luxury sedan and noted some of the license plate numbers. the suspect was arrested by FBI agents and San Diego police October 19. Source: http://www.utsandiego.com/news/2012/feb/24/well-dressed-bandit-admits-nine-bank-robberies/

13. February 24, Bloomberg – (International) Russian man pleads guilty to cyber-fraud conspiracy in U.S. A Russian national charged by U.S. authorities with orchestrating a cyber-fraud scheme from Europe has pleaded guilty to illegally gaining computer access to bank accounts via Web sites claiming to offer goods and merchandise, Bloomberg reported February 24. He pleaded guilty in federal court in Manhattan February 17 to a count of conspiracy and a count of wire fraud, records show. Federal prosecutors alleged a scheme from 2004 to 2005 involving the man, his son, and others preying on U.S. consumers who believed the unauthorized charges were for legitimate goods. They said the father, son, and unidentified accomplices controlled U.S.-registered companies Sofeco LLC, Pintado LLC, and Tallit LL that appeared to be legitimate Internet merchants. The defendants took unauthorized charges on customers’ credit cards, prosecutors said. They also got credit card numbers by buying them from people or by using computer programs surreptitiously installed on victims’ computers. The pair engaged in a scheme from June 2004 to February 2005 to access financial services accounts of U.S. victims and attempted to transfer hundreds of thousands of dollars into bank accounts they controlled, prosecutors said. The defendants also bought and sold securities in publicly traded companies through a firm called Rim Investment Management Ltd. Source: http://www.businessweek.com/news/2012-02-24/russian-man-pleads-guilty-to-cyber-fraud-conspiracy-in-u-s-.html

14. February 24, San Diego Union-Tribune – (California) Photos of ‘Insistent Bandit’ released. Security camera photos of a scruffy-bearded man who robbed an El Cajon, California bank February 21, believed to be his fifth heist, were released by the FBI February 24. Investigators have dubbed him the “Insistent Bandit” because of his manner of demanding money from tellers. He held up a Pacific Western Bank in El Cajon February 21 and rode away on a red mountain bike. He is suspected of robbing a US Bank in Santee February 10, January 23, and January 17, and a Home Bank of California in Pacific Beach February 6, the FBI said. The robber carried a pistol in his waistband in the most recent case and lifted his shirt so the teller could see it. Source: http://www.utsandiego.com/news/2012/feb/24/photos-insistent-bandit-released/

15. February 24, Detroit Free Press – (National) Flagstar mortgage fraud lawsuit settled for $133 million. The U.S. government announced February 24 it had reached a $133-million settlement with Troy, Michigan-based Flagstar Bank that resolves a civil fraud lawsuit accusing the bank of fraudulent mortgage lending practices. The lawsuit, filed in New York, alleged Flagstar used unqualified employees to approve mortgage loans backed by the U.S. Department of Housing and Urban Development (HUD) that did not comply with HUD and Federal Housing Administration (FHA) underwriting requirements, and made false certifications on mortgage loans. Under terms of the settlement, Flagstar agreed to pay $15 million within 30 business days and will pay an additional $118 million as soon as it meets certain financial benchmarks. An independent third party, paid for by Flagstar, will monitor compliance with HUD and FHA lending rules for at least 1 year. Flagstar also agreed to implement a training program for employees involved in the originating and underwriting of FHA loans, and to terminate the senior managers who had been overseeing the bank’s manual underwriting process. Source: http://www.freep.com/article/20120224/BUSINESS06/120224054/Flagstar-mortgage-fraud-lawsuit-settled-133-million

16. February 24, U.S. Securities and Exchange Commission – (National; International) Court accepts guilty plea in $72 million Ponzi scheme. The U.S. Securities and Exchange Commission (SEC) announced February 24 that a U.S. district judge in Michigan accepted a February 16 guilty plea from a Flint-area resident to 1 count of wire fraud for his role in orchestrating a $72 million Ponzi scheme involving at least 3,000 investors. He faces a potential maximum penalty of 20 years in federal prison. The criminal charges arose out of the same facts that were the subject of an emergency action the SEC filed against him and others May 5, 2008. The SEC’s complaint alleged that from December 2005 through November 2007, the defendant, through his company Legisi Holdings, conducted a fraudulent, unregistered offering of securities in which he raised about $72 million from more than 3,000 investors in all 50 states and several foreign countries. According to the complaint, he said he would invest the offering proceeds in various investment vehicles and pay interest of as much as 15 percent per month from the resulting profits. The complaint charged that he invested less than half of the offering proceeds, and that these investments resulted in millions of dollars in losses. The Commission’s complaint further charged he used investor funds to make Ponzi payments to investors and for his own use. Source: http://www.sec.gov/litigation/litreleases/2012/lr22269.htm

Information Technology

37. February 27, H Security – (International) ASLR to be mandatory for binary Firefox extensions. A patch recently introduced to the Firefox repository is designed to make the browser more secure by forcing certain binary extensions to use address space layout randomization (ASLR) under Windows. Mozilla developers said the change, which will prevent cross platform component object module (XPCOM) component dynamic link libraries (DDLs) without ASLR from loading, should be included in Firefox 13 “if no unexpected problems arise.” This could, for example, affect products from anti-virus firms Symantec and McAfee. As recently as 2011, these products were noted installing DLLs compiled without ASLR in the browser, enabling malware to predict with relative ease the memory addresses used for heap and stack areas by the DLLs. ASLR is designed to randomize all memory addresses, so the program components in question will be placed in different locations each time they start. Source: http://www.h-online.com/security/news/item/ASLR-to-be-mandatory-for-binary-Firefox-extensions-1443131.html

38. February 24, The Register – (International) Anti-phishing DMARC adoption gathers (free) steam. The world’s biggest names in the consumer Web mail space are sharing security intelligence with businesses for free to help drive adoption of the Domain-based Message Authentication, Reporting, and Conformance (DMARC) e-mail authentication system. In January, Google, Microsoft, AOL, Facebook, and Yahoo! joined up with service providers such as PayPal to push the DMARC standard, which integrates with Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM) systems. The advantage of participating in DMARC for businesses is that they, as domain name holders, can specify e-mail handling policy via DMARC, which acts as an overlay for SPF and DKIM checking. By confirming an e-mail message is actually coming from a firm’s servers and not from a spammer, spoofed e-mails are cut out, and info about that spam-blocking is then fed back into the DMARC register to identify the e-mail systems being used by the spammers. The open flow of information between DMARC and businesses ensures both sides benefit from more efficient spam blocking. The week of February 20, the e-mail intelligence firm and founding member of the DMARC consortium Agari opened up its Receiver Program, making it free to all comers. Businesses can sign up to get the latest anti-spam and anti-phishing intelligence from members of DMARC, and can use it to refine filtering techniques. Source: http://www.theregister.co.uk/2012/02/24/dmarc_spam_phishing_free/

Communications Sector

39. February 26, Diamond Bar Patch – (California) Cut cable knocks out service to DB residents. A cut cable February 26 affected service to customers in Diamond Bar, Walnut, and Rowland Heights, California, a Time Warner Cable spokesperson said. It was not immediately clear how or where the cable was cut. Less than 5,000 customers in all three cities were affected by the outage, officials said. Services were restored by February 26, the spokesperson said. However, no explanation of how a cable was cut had been offered. Source: http://diamondbar.patch.com/articles/cut-cable-knocks-out-service-to-db-residents

40. February 25, Sarasota Patch – (Florida) Verizon VoIP phone outage resolved. Verizon was working to fix a disruption in its Voice over Internet Protocol phone service that happened February 25, but 9-1-1 calls were not affected, according to the Sarasota County Sheriff’s Office. Customers who use the Internet phone service can still dial 9-1-1 as the call will be routed through a third party system to the sheriff’s office 9-1-1 call center, they said. Verizon was aware of the problem and was working to resolve the outage, according to the sheriff’s office. “According to the Public Safety Communications Center there have not been any issues since midnight and Verizon believes the problem has been resolved,” a spokeswoman for the sheriff’s office said. Source: http://sarasota.patch.com/articles/verizon-experiencing-voip-phone-outages

41. February 24, Orange County Register – (California) Cox home voice mail to be restored by tonight. Cox Communications customers have been without residential voice mail for 4 days, the Orange County Register reported February 24. The company expected the problem to be fixed February 24, a company spokeswoman said. Residential customers in Orange County, San Diego, and Santa Barbara had been unable to get voice mail since February 21, a spokeswoman said. Other phone service, such as call-forwarding, was not affected, she stated. When service is restored, the spokeswoman said all the voice messages received since the outage should also be restored. Source: http://www.ocregister.com/articles/phone-341841-restored-service.html

For another story, see item 38 above in the Information Technology Sector.