Wednesday, May 2, 2012

Complete DHS Daily Report for May 2, 2012

Daily Report

Top Stories

• A U.S. soldier sold stolen arms and other sensitive military technology to buyers on eBay while he was deployed in Iraq in 2010, according to DHS investigators. – Orlando Sentinel

7. April 30, Orlando Sentinel – (International) Feds: Soldier sold stolen arms on eBay. A U.S. soldier with connections to Orlando, Florida, sold stolen arms to buyers on eBay while he was deployed in Iraq in 2010, according to DHS investigators. The man is accused of violating federal law regarding the export of sensitive technology such as night-vision equipment, rifle scopes, and high-powered infrared lasers not intended for the public, according to an affidavit filed in federal court in Orlando. The man told buyers he was retired from the military and based in Orlando selling surplus equipment, investigators said. His listing touted the arms as being extremely rare and “impossible to find on the international market,” the affidavit said. He shipped lasers to buyers in Japan and Nevada, a high-tech satellite phone was sent to Kuwait, and other equipment was shipped to California. The items were sold for a few thousand dollars each. eBay eventually took down the postings because they violated its policies. Investigators tracked down some recipients and recovered stolen items. The man told investigators that while he was in the military guarding non-combat envoys, he came across a container with the items and brought them all back to Orlando. He claimed he did not know civilians were prohibited from possessing the equipment, but knew it was wrong to sell them. However, the man’s e-mails with a buyer in Japan show he knew he was violating international arms trafficking regulations and falsified shipping documents to conceal the items as “auto parts.” Source:

• A federal jury in Virginia convicted a former Costa Rican insurance executive for his role in a $485 million fraud scheme. – Associated Press See item 11 below in the Banking and Finance Sector

• U.S. authorities arrested five self-described anarchists in the Cleveland, Ohio area for allegedly plotting to blow up a four-lane highway bridge over a national park. – Reuters

12. May 1, Reuters – (Ohio) Five arrested in Cleveland plot to blow up bridge. U.S. authorities arrested five self-described anarchists in the Cleveland, Ohio area for allegedly plotting to blow up a four-lane highway bridge over Cuyahoga Valley National Park, but they had no ties to foreign terrorism, the U.S. Department of Justice said May 1. The group was arrested by the FBI after planting the explosives on the bridge. Three were charged already with conspiracy and attempting to use explosive materials and the other two are expected to be charged later May 1. The FBI said the five arrested were under continuous watch as part of an undercover operation and therefore the public was never in danger. The explosives, supplied by an undercover FBI agent, were inert. The bridge is about 15 miles south of Cleveland in an area popular with hikers and joggers. The group considered a variety of targets for attacks including the Group of 8 leaders meeting in Chicago and the Republican National Convention in Tampa, Florida, according to the FBI affidavit. They also considered igniting smoke grenades off one bridge while they tried to knock large bank signs off the top of big office buildings in downtown Cleveland and even setting off a car bomb outside the Federal Reserve Bank there, the court papers said. Late in April, the group settled on trying to blow up the four-lane Brecksville-Northfield High Level Bridge by placing explosives on some of the columns in hopes of the entire bridge collapsing. The men were expected to appear in federal court. Source:

• Seventeen people were hurt and a shopping mall was evacuated, due to a fire in a Watsonville, California hotel that had no sprinklers. – Monterey Herald

44. May 1, Monterey County Herald – (California) Calif. two-alarm hotel fire injures 17 people. Seventeen people were injured, five critically, in a two-alarm blaze April 30 at the Stag Hotel in Watsonville, California. The neighboring Discount Mall closed and was evacuated in case the fire spread. The cause of the fire was under investigation. The building, constructed in 1927, had no sprinklers. Source:

• Authorities suspect an arsonist set a fire in Hudson, Florida that forced 150 people to evacuate a mobile home park and closed a highway. – Tampa Bay Times

46. May 1, Tampa Bay Times – (Florida) 150 people evacuated as Hudson brush fire swallows 100 acres. Authorities suspect an arsonist set the fire that caused an April 30 fire that quickly swallowed 100 acres and was still burning late that night. “Our biggest concern is the smoke,” said a public information officer for the Florida Forest Service, the State agency working with Pasco firefighters to battle blazing palmettos and grass flats. U.S. 19 became so choked with smoke that Pasco sheriff’s deputies closed the highway between Hudson and New York avenues. The flames licked the edge of a mobile home park filled with retirees, prompting the evacuation of about 150 residents. About 15 people had gone to a shelter the American Red Cross opened at a church. Fire crews had dug “containment lines” around the fire and planned to set a backfire to burn off any available fuel before the wildfire could get to it and spread further. No homes were damaged by the fire, he said, and one commercial building had only slight damage to its roof. Source:


Banking and Finance Sector

8. May 1, Fairfax News – (Virginia) Ashburn realtor convicted in $7 million mortgage fraud scheme. A man was convicted April 27 by a federal jury for his role in fraudulent mortgage loan transactions involving at least 25 homes in northern Virginia and more than $7 million in losses to lenders. The man is a Washington, D.C. real estate developer and was formerly a realtor with Monorom Realty and Fairfax Realty. He was convicted of conspiracy, nine counts of wire fraud, and two counts of mail fraud. According to court records and evidence at trial, from 2006 to 2008, the man used his position as a realtor and the owner of a title company to engage in a scheme to defraud mortgage lenders and profit from loan proceeds, commissions, and bonus payments. He and other members of the conspiracy recruited unqualified buyers — usually individuals with good credit but insufficient assets or income to qualify for a particular loan — and used them as nominal purchasers in real estate transactions. As part of the conspiracy and fraud scheme, the man and others falsified mortgage loan applications, created fake documents to support the fraudulent applications, and added the unqualified buyers as signatories on their bank accounts to make it appear to lenders as though the buyers possessed sufficient assets to qualify for the loans. When his promise of flipping the properties to other purchasers failed to be fulfilled, and when the kickbacks given to the buyers to fund payments were exhausted, the unqualified buyers promptly defaulted on their loans and the properties went into foreclosure. Source:

9. May 1, Financial Industry Regulatory Authority – (National) FINRA sanctions four firms $9.1 million for sales of leveraged and inverse exchange-traded funds. May 1, the Financial Industry Regulatory Authority (FINRA) announced it sanctioned Citigroup Global Markets, Inc; Morgan Stanley & Co., LLC; UBS Financial Services; and Wells Fargo Advisors, LLC $9.1 million for selling leveraged and inverse exchange-traded funds (ETFs) without reasonable supervision, and for not having a reasonable basis for recommending the securities. The firms were fined more than $7.3 million and are required to pay $1.8 million in restitution to certain customers who made unsuitable leveraged and inverse ETF purchases. FINRA found that from January 2008 through June 2009, the firms did not have adequate supervisory systems in place to monitor the sale of leveraged and inverse ETFs, and failed to conduct adequate due diligence regarding risks and features. As a result, the firms did not have a reasonable basis to recommend ETFs to customers. The firms’ registered representatives also made unsuitable recommendations of leveraged and inverse ETFs to some customers with conservative investment objectives and/or risk profiles. Each of the four firms sold billions of dollars of these ETFs to customers, some of whom held them for extended periods when the markets were volatile. Source:

10. April 30, KTVZ 21 Bend – (Oregon) Another Desert Sun fraud defendant pleads guilty. Another defendant in the massive fraud case involving defunct Bend, Oregon-based Desert Sun Development (DSD) pleaded guilty in federal court to charges of conspiracy to commit bank and loan application fraud, prosecutors said April 30. He appeared April 23 before a judge and pleaded guilty to the two charges that arose out of the collapse of Desert Sun, a development and construction company. As part of his guilty plea, the defendant admitted he caused financial institutions to lose more than $6 million. According to court documents, the defendant owned and operated Advanced Steel Systems, Inc., a corporation in Bend that sold steel building kits for commercial construction projects. In court, the defendant admitted that he, at the request of DSD principals, provided fictitious contracts and invoices for steel building kits and related costs that DSD principals used to obtain financing and loan proceeds for some of DSD’s commercial projects. He knew DSD principals were submitting these fake contracts and invoices to financial institutions to obtain financing and loan proceeds, prosecutors said. To keep track of the fake invoices, the defendant maintained an invoice log in which many of these false invoices were labeled “dummy” or “dummy invoice.” Three co-defendants previously pleaded guilty and are pending sentencing. This case was investigated by the FBI, Internal Revenue Service-Criminal Investigations, and the Oregon Division of Finance and Corporate Securities. Source:

11. April 30, Associated Press – (Virginia; National; International) Va. jury convicts Costa Rican man in $485M fraud. April 30, a federal jury in Virginia convicted a former Costa Rican insurance executive of all counts in a $485 million fraud scheme in which he was accused of lying to clients and investors about the financial stability of his company. The defendant was president of Provident Capital Indemnity Ltd. Provident sold bonds guaranteeing funding for life settlement companies, which buy life insurance policies from insured people at less than face value and collect the benefits when those people die. The government originally claimed Provident sold $670 million in bonds based on fraudulent financial statements, but an accounting done by an Internal Revenue Service investigator verified only $485 million. Prosecutors said the executive misrepresented the company’s assets, and lied when he told clients, investors, and regulators that Provident was protected by reinsurance agreements with major companies. The jury found him guilty of one count of conspiracy and three counts each of mail fraud, wire fraud, and money laundering. A U.S. attorney said in a written statement that the fraud affected thousands of victims worldwide. One of Provident’s major customers was Houston-based, life settlement company A&O. Seven people affiliated with A&O, including its three principals, were convicted in jury trials or pleaded guilty to a $100 million fraud that claimed 800 victims in three dozen states and Canada. Source:

For another story, see item 37 below in the Information Technology Sector

Information Technology

36. May 1, IDG News Service – (International) Skype investigates tool that reveals users’ IP addresses. May 1, Skype said it was investigating a new tool that collects a person’s last known IP address, a potential privacy-compromising issue. Instructions posted on Pastebin April 26 show how a person’s IP address could be shown without adding the targeted user as a contact by looking at the person’s general information and log files. In October 2011, Skype acknowledged a research paper that showed how a Skype user’s IP address can be determined without the user knowing. It also demonstrated that more than half the time the IP address could be accurately linked to sharing content using the BitTorrent file-sharing protocol. Skype uses a peer-to-peer system to route its data traffic, which is also encrypted. However, the program’s encryption system is proprietary and not been open for scrutiny, which has prompted caution from security experts. Source:

37. May 1, Help Net Security – (International) Incessant Blackhole spam runs likely made by same group. An incessant string of spam e-mail campaigns leading to Web sites hosting the Blackhole exploit kit are hitting inboxes around the world in waves. The latest and most prominent ones consisted of the fake Facebook, LinkedIn, U.S. Postal Service, and US Airways notifications, while the most recent one spotted masquerades as an e-mail from employment Web site, indicating the recipient might find a job opening appealing. The offered link takes the recipient through many redirections and lands the user on a compromised site. According to a recent analysis by Trend Micro researchers, these spam messages are mostly targeting U.S. users, and are often realistic spoofs of the companies’ original and legitimate e-mails. “We found clear evidence that all these attacks were linked. In many cases, the same sets of compromised URLs by multiple spam runs,” the researchers said. “This suggests that at least some of the parties responsible for these attacks were identical, if it was not the same group altogether.” The ultimate goal of these attacks is the same: the exploit kit is used to allow installation of malware — predominantly Zeus trojan variants — onto users’ computers. Source:

38. May 1, H Security – (International) Chrome 18 update closes high-risk security holes. Google released a new update April 30 to the stable 18.x branch of its Chrome Web browser to close a number of security holes found in the application. The update, labelled 18.0.1025.168, addresses five vulnerabilities, three of which are rated as “high severity” by the company. These include use-after-free problems in floating point handling and the XML parser; all of these bugs were detected using the AddressSanitizer. Two medium risk problems related to IPC validation and a race condition in sandbox IPC were also corrected. Source:

39. May 1, Government Computer News – (International) Targeted attacks, mobile vulnerabilities on the rise, report states. The findings of the latest “Internet Security Threat Report” from Symantec can be summed up as: “Attacks are rising, but the number of new vulnerabilities is decreasing.” This describes the threat landscape in 2011 in which hackers continued to exploit known vulnerabilities through new vectors as enterprises and end users failed to keep up with the flood of security updates from vendors patching their software. “The old vulnerabilities still work,” said the manager of Symantec’s security technology and response product group and a contributor to the report. Malware variants are being packaged in attack toolkits that effectively circumvent signature-based defenses. The data in the report is gathered from the company’s Global Intelligence Network monitoring activity in more than 200 countries. The total number of vulnerabilities reported in 2011 dropped 20 percent, from a high of 6,253 in 2010 to fewer than 5,000. Over the same time, the number of unique variants of malware identified in the wild increased 41 percent and the number of attacks blocked by Symantec tools jumped 81 percent to 5.5 billion in 2011. The vectors for delivering the malware are shifting, with Web attacks and social engineering through social networks replacing e-mail as the method of choice. This is due in part to successful law enforcement campaigns against command-and-control systems for spam-spewing botnets in 2011, and also because the Web offers a good alternative. Targeted attacks, which have proven to be effective in breaching high-value organizations through carefully crafted social engineering, increased during 2011, from 26 such attacks identified in January of that year to 154 in December. At the same time, the attacks are now targeting smaller organizations and lower-level employees. Source:

40. April 30, H Security – (International) VMware patches vulnerabilities in ESX 4.1. Virtualization specialist VMware is warning customers about multiple security holes in versions 4.0 and 4.1 of its ESX enterprise-level computer virtualization product. According to the company, the Service Console in ESX 4.1 on unpatched systems can be exploited by a local user in a guest virtual machine to gain escalated privileges, or by a malicious remote user to cause a denial-of-service condition or compromise a victim’s system. In its advisory, VMware notes that some of these holes, found in previous versions of the libxml2 XML C parser and toolkit used by the ESX Console Operating System (COS), were closed by updating libxml2 to a newer release. Versions 4.0 and 4.1 of ESX are affected; vCenter, ESXi, and ESX 3.5, as well as hosted products such as VMware Workstation, Player, ACE, and Fusion, are not vulnerable. Patches are available for ESX 4.1 that correct these problems, while patches for version 4.0 are listed as “pending.” Source:

Communications Sector

41. May 1, WJON 1240 AM St. Cloud – (Minnesota) Cell tower outage affecting Sprint customers. Sprint customers trying to use their cell phones in parts of Waite Park and west St. Cloud, Minnesota, found themselves still without service May 1. Sprint officials said they experienced a cell site outage in west St. Cloud since April 29. A Waite Park Sprint store manager said a cell site team was on site working to restore service. She said a T-1 circuit was malfunctioning at the site. There was no time estimate for repairs as of May 1. Source:

For more stories, see items 36 and 39 above in the Information Technology Sector