Department of Homeland Security Daily Open Source Infrastructure Report

Monday, April 27, 2009

Complete DHS Daily Report for April 27, 2009

Daily Report

Top Stories

 The Associated Press reports that the FBI’s Los Angeles office was dispatched to La Mesa Junior High School in Santa Clarita, California on April 23 because school officials reported that 12 students were complaining of headaches, nausea, and dizziness after consuming Aquafina water from a vending machine that appeared to contain a “bleach-like substance.” (See item 25)

25. April 24, Associated Press – (California) FBI investigates bottled water contamination that sickened 12 California students. An FBI spokeswoman said the agency’s Los Angeles office was dispatched to La Mesa Junior High School in Santa Clarita on Thursday. The Los Angeles County fire inspector said that at about 12:45 p.m., school officials reported that 12 students were complaining of headaches, nausea, and dizziness after consuming Aquafina water from a vending machine that appeared to contain a “bleach-like substance.” The students were taken to a hospital and released. A spokesman for the Pepsi Bottling Group, which manufactures Aquafina, said there is no evidence that the contamination was caused by the company’s manufacturing process and the company believes it was an isolated incident. “We have examined and tasted numerous bottles that were produced at the same time as those in this case and have found them to be free of any problems whatsoever,” a Pepsi statement said. “The only products in question have been those that were previously opened, and we are working closely with local authorities to determine exactly what happened.” Pepsi is conducting its own tests, he said. Students who spoke with a KTLA reporter at the scene said the water looked cloudy and had a chemical smell. A community liaison for William S. Hart Union School district said the district ordered all schools to remove the water from vending machines or shut down the machines until further notice. Source:,2933,517752,00.html

 According to Reuters, the World Health Organization voiced concern on April 24 at a confirmed outbreak of swine flu in the United States and what it called more than 800 human “influenza-like” cases in Mexico, including about 60 deaths. (See item 33)

33. April 24, Reuters – (International) WHO concerned at new swine flu in U.S., flu in Mexico. The World Health Organization voiced concern on Friday at a confirmed outbreak of swine flu in the United States and what it called more than 800 human “influenza-like” cases in Mexico, including about 60 deaths. The United Nations agency said it had activated its Strategic Health Operations Center — its command and control center for acute public health events — but could not say whether it was considering issuing a travel advisory. U.S. public health officials said on Thursday that seven people had been diagnosed with a new kind of swine flu in California and Texas while Mexican authorities were due to announce test results later on Friday. Source:


Banking and Finance Sector

11. April 23, Bloomberg – (International) Seattle bank sued over role in $600 million swindle. Regal Financial Bancorp Inc., which operates a closely held bank in Seattle, was sued by a group of more than 4,000 Indonesian investors over accusations it helped operate a $600 million Ponzi scheme. Regal Financial helped to promote the scheme that embezzled $500 million to $600 million using two investment funds operated through an Indonesian corporation, according to a complaint filed in federal court in Seattle the week of April 13. Investors are seeking to recoup at least $175 million in losses, according to the complaint filed by Investor Association of Crisis Center Dressel, based in Jakarta. “The vast majority of these Indonesians were middle-class citizens who could ill afford to lose their life savings to an American-operated criminal enterprise,” U.S. lawyers for the association said in the complaint filed April 17. According to the complaint, the Ponzi scheme was operated by Dressel Investment Ltd., based in the British Virgin Islands, which began to raise money in Indonesia around April 2001 through two investment funds promising annual returns of 24 percent. The Regal Financial Bank president allegedly conspired with Dressel by providing letters of recommendation to help raise funds for the fraud, according to the complaint. Source:

12. April 23, Bloomberg – (New York) Cosmo indicted for mail, wire fraud in Ponzi scheme. An investor, accused by prosecutors the week of April 13 of operating a Ponzi scheme that swindled at least 6,000 people out of $413 million, was indicted on April 23 on charges of wire and mail fraud. The owner of Agape World Inc. and Agape Merchant Advance LLC on New York’s Long Island has been in custody since January 26, when prosecutors charged him with operating a fraud scheme that they initially believed cheated at least 3,000 investors out of $370 million. Prosecutors in the office of the U.S. Attorney in Brooklyn, New York unsealed a 32-count indictment against the defendant that includes 10 counts of wire fraud and 22 counts of mail fraud. The defendant claimed Agape solicited investor funds that were used to make short-term bridge loans. Agape received about $413 million from investors, while only about $30 million in loans were made, prosecutors said. “Although he told investors that their money was needed to fund specific bridge loans, the defendant and account representatives working at his direction solicited investments well in excess of what was needed to fund the specific loans,” the U.S. said in the indictment. “The defendant also claimed that Agape was making certain loans to particular borrowers when, in fact, as defendant then well knew and believed, Agape was not,” the U.S. said in the indictment. Source:

13. April 23, KOLR 10 Springfield – (Missouri) Koster investigating mortgage scams. Mortgage companies are using the housing crisis as a way to prey on people who may be down on their luck. They are sending tens of thousands of letters to people in Missouri. Those letters are designed to use what is thought to be private information to rip people off. A real estate manager says a recent rise in mortgage scams has sent up a red flag. “Hopefully, they will not go directly to that source that is on the document or phone call that they receive.” The manager says she is worried about mortgage companies who are using public housing records to make them look like a bank. “It is a little challenging for us because we will not solicit like that. Number two it makes our customers a little confused. We do not want them to be that way.” That confusion is angering the Missouri Attorney General. “They are intended for the recipient to think this came from the Federal Government.” The Attorney General says his office is investigating at least a dozen companies who are targeting people in Missouri. He says the companies are sending out fraudulent letters claiming to be federal agents or representatives of banks. The Attorney General’s office has filed three lawsuits hoping to put an end to the misleading ads. “The fact that there are so many consumers in desperate financial situations is actually providing unscrupulous business with additional targets.” Source:

14. April 23, PC World – (National) Forget computers, phone crime is worrying banks. Computer fraud may be a big problem for banks currently, but the telephone is becoming a critical tool for fraudsters, bank executives say. In addition to calling customers about suspicious transactions, banks use SMS (Short Message Service) to request that customers contact them. So, fraudsters have begun using a variety of techniques to try to trick the banks into thinking they are communicating with legitimate customers via the telephone. “Call-center authentication is, to me, the biggest pain point right now,” said the remote channel risk director with JP Morgan Chase, speaking at the RSA conference in San Francisco the week of April 20. Malware, phishing and cyberattacks may get talked about, but “we should never fool ourselves into thinking that is the only place [crime is happening],” he said. “The biggest risks I see are social engineering, and that is exactly how the crooks are getting in.” Social-engineering attacks occur when fraudsters trick bank customers or employees into divulging sensitive information, usually by pretending to be someone they are not. Sometimes fraudsters will hack into a bank account and change the customer’s contact phone number. Then, when a suspicious transaction posts to the account, the bank will call the fraudster instead of the customer. In cybercrime forums there is even a job title for people who do this: confirmer. “There are companies that specialize in it,” said the senior vice president for online security and enrollment with Bank of America. Fraudsters will sell the services of people who have the language skills to mimic legitimate customers, offering, for example, four males and six females who speak English, one with a Spanish accent. “They say, ‘We can match the phone number where your real customer is calling from,’” he said. In another scam, criminals activate automatic call-forwarding features to essentially take over their victim’s telephone lines for a period of time. Source:

15. April 23, Bloomberg – (National) U.S. plans test sales of distressed assets, Bair says. The U.S. government will conduct a trial run of its Public-Private Investment Program by June using at least $1 billion of distressed loans in a pilot sale, the Federal Deposit Insurance Corp. chairman said on April 23. The FDIC is working with the Treasury Department and the Federal Reserve to complete planning for the program, the chairman said at a conference in Washington. The program will use as much as $100 billion of Troubled Asset Relief Program funds to remove impaired assets from banks’ balance sheets. “We are working very hard on getting that and we hope to have a pilot sale by at least early June,” the chairman told reporters after giving a speech. “We do have some interested banks that are willing to be our guinea pigs.” The U.S. Presidential Administration unveiled the program on March 23 as the centerpiece of its effort to clean up the U.S. banking system after the worst financial collapse since the Great Depression. The effort aims to use government matching funds and debt guarantees to attract private investors to buy loan pools. The government said the plan will provide as much as $500 billion of buying power to purchase banks’ distressed assets. The FDIC has received a “tremendous amount of investor interest” and has lined up banks willing to unload illiquid loans into public-private investment funds, the chairman said. The agency is considering allowing banks selling loans to also take equity stakes in the investment funds, she said. Source:

Information Technology

46. April 24, IDG News Service – (International) Conficker hype a ‘problem,’ says FBI cyber-chief. Mainstream media hype leading up to the Conficker worm’s April 1 software update may have distracted people from legitimate cyber threats, the U.S. Federal Bureau of Investigation’s head of cyber security said on April 23. “For the general public to focus on Conficker, that is the threat they are worried about, I think that is actually a bit of a problem for us as a society,” said the assistant director of the FBI’s Cyber Division, speaking at the RSA security conference in San Francisco on April 23. “There are dozens of Conficker-like threats and vulnerabilities out there…while the media stories helped to raise awareness, I think that focusing people on that particular aspect, perhaps took away their attention from the overall threat, which is just as great or greater than Conficker itself.” Although nobody knows the worm-network’s exact size, security researchers agree that Conficker is an unusually large ‘botnet’ of hacked computers, perhaps numbering as many as 4 million machines. However, there are many other threats on the Internet, including other, less-publicized botnet networks, fake antivirus software, and targeted ‘spear-phishing’ attacks. Source:

47. April 24, ComputerWeekly – (International) Facebook hacks highlight business vulnerability, says security firm. The hacking of the former British prime minister’s charity foundation profile on Facebook should serve as a serious warning, says security firm Fortify Software. The Facebook profile set up to promote his Faith Foundation was defaced by hackers the week of April 13 who covered the site with personal attacks on the former prime minister and his wife. The fact that his page was hackable highlights the need to include code auditing in the software development process, said Fortify’s European director. “That is something that whoever created the Facebook application used by the Faith Foundation appears to have overlooked,” he said. According to the director, the sheer volume of hacking activity on Web portals in general means that any company planning to show its Web pages to the public on the Internet should audit the code of any pages or applications used on the Internet. This especially applies to Web 2.0 services such as Facebook, he said, where the extensible nature of the Internet environment allows users to program their own applets for use on the service. Source:

48. April 23, CNET News – (International) Google fixes severe Chrome security hole. Google released a new version of its Chrome browser on April 23 to fix a high-severity security problem. The problem affects Google’s mainstream stable version of Chrome and is fixed in the new version Google has built Chrome so it updates itself automatically with no user intervention, though the software must be restarted for the new version to run. The security problem, reported April 8 by the IBM Rational Application Security Research Group, allowed cross-site scripting attacks. Such methods can make a Web browser process unauthorized code such as JavaScript, enabling a variety of attacks, including impersonation or phishing. The Google Chrome program manager described the problem this way in a blog posting on April 23: An error in handling URLs with a chromehtml: protocol could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk under certain conditions. If a user has Google Chrome installed, visiting an attacker-controlled Web page in Internet Explorer could have caused Google Chrome to launch, open multiple tabs, and load scripts that run after navigating to a URL of the attacker’s choice. Such an attack only works if Chrome is not already running. Source:

49. April 23, HS Daily Wire – (International) Cybercriminals adopt industrial methods to enhance effectiveness. Cybercriminals have become industrialized to increase their effectiveness. They are increasingly using encryption to cover their tracks and prevent forensic investigators from recovering evidence, according to a security researcher for SecureWorks. The researcher, speaking at the RSA Security Conference in San Francisco on April 23, said the criminals are using virtual private networks to siphon stolen information from hacked companies so the stream of exiting data often goes undetected by the victim. They have also wised up to encrypting their hard drives so even when they are captured by authorities, evidence stored on their computers cannot be cracked. A security consultant and operator of MyNetWatchman, who spoke on a panel with the researcher, described malware-distribution services that help malicious-code creators infect machines with viruses and keystroke logging programs. The entrepreneurs behind the distribution services control legions of hacked computers corralled into botnets, and charge customers (other hackers and spammers) for the privilege of running their own malware on the hacked machines. The going rate for infection distribution varies from $5 per 1,000 computers in Asia to $130 for 1,000 installations in the United States. The distribution services are just one example of the ways that criminals in the computer underground have become industrialized to trade niche skills and expertise. The security consultant also described anonymization VPN services catering to the underground that use hijacked botnet computers to hide a criminal’s tracks. Using a VPN client, a criminal can choose any hacked system or node on the botnet through which to tunnel his traffic or access a victim’s bank account. Source:

Communications Sector

50. April 23, Ventura County Star – (California) Power poles topped with communications gear go unchecked. It is uncertain why Southern California Edison is allowing various wireless communications companies to add heavy, wind-catching cables and antennas to wooden electric-wire poles without calculating possible collapse risk. Some government officials say the utility’s decision may mean that no one is keeping track of weight and wind-load dangers on power poles across Edison’s 50,000-square-mile service area, home to 13 million people in Ventura and 10 other counties. The Malibu mayor was aghast at the state’s inquiry into who, if anyone, was in charge of making sure utility poles are not top-heavy. The formal probe by the California Public Utilities Commission was triggered by the collapse of three utility poles in Malibu Canyon on October 17, 2007, which snapped in 50-mph winds. The wooden poles had just passed a state-mandated inspection by Edison, and should have withstood winds of 92 mph. The three poles were supporting four sets of heavy, insulated fiber-optic trunk lines; cell antennas; a 66,000-volt electrical circuit; a 16,000-volt local distribution circuit; and street lights. The gear toppled onto the road with such force that a guy-wire yanked a 2,600-pound concrete anchor from surrounding rocks, landing in the middle of Malibu Canyon Road, the state report says. In fours hours, the subsequent fire burned 3,836 acres, 10 houses, a landmark Malibu castle, several businesses and classrooms at two schools. Edison is a state-regulated utility owned by the shareholders of Edison International, a for-profit company that could be on the hook for hundreds of millions of dollars in damages from this one fire alone. The Public Utilities Commission said Edison and four cellular companies — Verizon, Sprint, AT&T and NextG Networks — apparently failed to coordinate weight loads with each other, or properly measure just how sturdy the aging poles were as heavy new cables and cellular phone transceivers and antennas were added. Source: 009/apr/23/no-oversight-of-power-poles-topped-with-heavy/