Department of Homeland Security Daily Open Source Infrastructure Report

Friday, April 23, 2010

Complete DHS Daily Report for April 23, 2010

Daily Report

Top Stories

 According to the Associated Press, Southern California homes of dozens of white supremacists were raided Tuesday as part of a probe into a string of potentially deadly booby trap attacks targeting police officers, authorities said. None of the arrests were directly related to the booby-trap attacks that have plagued the small Hemet Police Department since New Year’s Eve. (See item 57)

57. April 21, Associated Press – (California) Booby trap probe leads to Calif. raids, arrests. The Southern California homes of dozens of white supremacists were raided Tuesday as part of a probe into a string of potentially deadly booby trap attacks targeting police officers, authorities said. Federal and local officers converged on 35 homes and took 16 people into custody in Riverside County for a variety of crimes, including weapons, narcotics and parole violations, Hemet’s police captain said. None of the arrests were directly related to the booby-trap attacks that have plagued the small Hemet Police Department since New Year’s Eve. “But we hope some (arrests) will lead us to our suspects,” the captain said. Hemet police have been targeted at least three times. In one case, a ballistic device strapped to a fence at the gang unit compound sent a bullet within inches of an officer’s face. In another incident, someone rerouted a natural gas line at the compound, filling the building with flammable vapor. No one was hurt. Source: kzcwD9F745FO0

 The Associated Press reports that computers in companies, hospitals, and schools around the world got stuck repeatedly rebooting themselves on Wednesday after McAfee’s antivirus program identified a normal Windows file as a virus. (See item 61 below in the Information Technology Sector)


Banking and Finance Sector

19. April 22, WPDE 15 Florence – (Ohio) Suspicious substance found at second business office. A spokeswoman with JP Morgan Chase told NewsChannel 15 another suspicious package was sent to one of their locations, this time to their Ohio office. She said it happened April 21. She said the package contained a white powdery substance. Initial tests on the powder proved negative for poisonous or otherwise dangerous toxins, the spokeswoman said. On April 20 a package containing a white powdery substance was mailed to JP Morgan Chase’s Florence Office. Two mail-room employees, who opened the package, were sent to the hospital as a precaution. The Florence County Sheriff’s Office said the exact nature of the substance has not been identified, indicating however, that preliminary chemical analysis of the substance ruled out that it was any viral, biological, explosive or radiological threat. The spokeswoman said the FBI is now involved in both investigations. Source:

20. April 21, Wall Street Journal – (National) U.S. unveils new $100 bill. The U.S. Treasury secretary and the Federal Reserve chairman unveiled a new $100 bill equipped with two new security features. The bill will go into circulation February 10, 2011. The Fed, along with the Treasury Department, the Bureau of Engraving and Printing and the U.S. Secret Service, “continuously monitor the counterfeiting threats” for each denomination and redesign decisions are made based on those threats, the Fed chairman said. The bill — the highest denomination of all U.S. notes — circulates widely around the world, with circulation in the past 25 years growing to $890 billion from $180 billion. Because about two-thirds of all $100 notes circulate outside the U.S., the chairman said the agencies must ensure people around the world are aware of the design change. Over the next several months, officials at the agencies will work to educate cash handlers, consumers, and others about the design and explain how to use its security features. The 6.5 billion or so $100 notes in circulation now will remain legal tender, he said. The new bill’s security features include a blue 3-D security ribbon on the front of the note that contains images of liberty bells and the number “100,” which move and change from one to the other as you tilt the note, according to joint release from the agencies. Another security feature is the “Bell in the Inkwell” image that changes color from copper to green when the note is tilted, an effect that makes it appear and disappear within the inkwell. Source:’s_Most_Popular

21. April 21, U.S. Department of Justice – (National) CEO of Capitol Investments USA charged in $880-million Ponzi scheme. The former owner and chief executive officer of Capitol Investments USA, Inc., a purported wholesale, grocery-distribution business, was charged April 21 in a criminal complaint with operating a $880-million Ponzi scheme, a U.S. attorney announced. The 41-year-old suspect, of Miami Beach, Florida, surrendered to special agents of the FBI and the Internal Revenue Service (IRS) in Newark, New Jersey. From January 2005 through November 2009, the suspect, through Capitol, solicited investors from New Jersey and throughout the United States, telling them that he would use their money to fund his wholesale, grocery-distribution business. To induce those investors, the suspect directed others to create and show to the investors documents fraudulently touting Capitol’s profitability. Those documents included: financial statements, profit and loss figures that fraudulently represented that Capitol’s wholesale grocery business was generating tens of millions of dollars in annual sales; personal and business tax returns for the suspect and Capitol which also fraudulently reflected those sales; and numerous invoices fraudulently reflecting transactions between Capitol and other companies in the wholesale grocery business. As a result of these solicitations, more than 60 investors sent more than $880 million to the suspect and Capitol. To date, the investigation has revealed that the suspect caused investor losses of at least $80 million. Capitol had no active wholesale grocery business during the time period relevant to this complaint. In fact, Capitol had virtually no business sales. Source:

22. April 21, Chico Enterprise Record – (California) Tri Counties Bank says VISA credit breach is concern for its customers. Tri Counties Bank in California confirmed April 21 it has sent out certified letters to at least 220 customers whose VISA credit and debit card information may have been illegally obtained. Tri Counties officials said VISA notified them, and other financial institutions, of the breach earlier this month. A bank spokeswoman emphasized that the breach is not directly connected to Tri Counties. The Chico-based bank reportedly began sending the letters out recently, and is already in the process of issuing new cards to customers whose accounts may have been compromised. Cards previously held by those customers are now blocked and can’t be used, but the spokeswoman acknowledged that some unauthorized use of VISA credit and debit cards obtained through Tri Counties has already been discovered. She said the bank would quickly accommodate any customer who requested a new card. It is possible the breach has affected customers of other banks in many geographic areas, the spokeswoman said. She said VISA declined to acknowledge exactly where the theft took place, but in a communication simply said they “had a brick and mortar breach of information.” Source:

23. April 21, Associated Press – (Oregon) ‘Grandpa Bandit’ strikes again in Medford. The so-called “Grandpa Bandit” may have struck again. Medford, Oregon police say a robber left with an undisclosed amount of money April 20 after handing a note to a bank teller and lifting up his windbreaker to reveal a black revolver. A police lieutenant said the middle-aged suspect resembled the man dubbed the Grandpa Bandit by the FBI. The Grandpa Bandit has been linked to half-dozen bank robberies — five in the Willamette Valley and a previous one in Medford. Source:

24. April 21, KWTX 10 Waco – (California) FBI searches for elderly bank robber after series of stickups. The FBI is looking for an elderly, gray-haired robber who is suspected in eight bank stick-ups, the latest of which was April 20 in San Diego County, California. Authorities said the man, whom authorities have dubbed the “Geezer Bandit,” showed a gun to a teller at a California Bank and Trust branch in Vista and asked for cash. He walked out of the bank with an undisclosed amount of money. Police are offering $16,000 in rewards leading to the arrest and conviction of the Geezer Bandit. Source:

25. April 21, Pittsburgh Post-Gazette – (Pennsylvania) Two Romanian nationals charged with stealing bank account numbers. Two Romanian nationals are in federal custody for allegedly using card skimmers in Pittsburgh to steal the account numbers from PNC Bank card users and then using those accounts to spend some $200,000. The suspects are charged with bank fraud, access-device fraud and aggravated identity theft. The Western Pennsylvania Financial Crimes Task Force received information from PNC Bank that in January, investigators learned that more than $200,000 in fraudulent credit- and debit-card purchases had been made in New York City and Washington, D.C. The investigators were able to trace the compromised accounts to ATMs in Pittsburgh, according to a criminal complaint filed in the case. Video surveillance at the ATMs showed two white men installing what is known as a skimmer onto the machine. The skimmer, which goes undetected by customers, collects account information from the magnetic strip on debit and credit cards. The suspects installed the skimmer about five times, including twice at PNC’s branch in Shaler Plaza on Route 8. Agents did surveillance at that location April 15, and at 5 p.m., they saw men matching the surveillance photographs approach the ATM, the complaint said. As a detective approached them, both men walked away in different directions. Both men, who had Romanian passports and American visas, waived their detention hearings and are in custody. Source:

26. April 21, U.S. Government Accountability Office – (National) Federal Reserve Banks: Areas for Improvement in Information Security Controls. The U.S. Government Accountability Office (GAO) Fiscal Year 2009 audit procedures identified four, new, general information-security control deficiencies related to security management and access controls. It made five recommendations to address these deficiencies. None of the deficiencies identified represented significant risks to the key financial systems maintained and operated by the Federal Reserve Banks (FRB) on behalf of the Bureau of the Public Debt (BPD), the GAO said. The agency found that the potential effect of such control deficiencies on financial reporting relevant to the Schedule of Federal Debt was mitigated by FRB’s physical security measures and a program of monitoring user and system activity, and BPD’s compensating management and reconciliation controls designed to detect potential misstatements in the Schedule of Federal Debt. In addition, during it’s FY 2009 follow-up on the status of FRB’s corrective actions to address 11 open recommendations related to general information security control deficiencies identified in prior years’ audits, the GAO determined that as of September 30, 2009, corrective action on eight of the 11 recommendations was completed, while corrective action was in progress on the three remaining open recommendations, which related to security management. The Board of Governors of the Federal Reserve System provided comments on the detailed findings and recommendations in the separately issued Limited Official Use Only report. In those comments, the director of reserve bank operations and payment systems stated that the agency takes control deficiencies, and actions to address them, seriously. The director further commented that three deficiencies have already been addressed or remediated, and that the remainder have corrective actions planned or in progress. Source:

Information Technology

60. April 21, – (International) Cloud computing putting data at increased risk. Nearly two thirds of companies have detected attempts to break into their networks in the past year, double that of two years ago, according to the latest biennial Information Security Breaches Survey from PricewaterhouseCoopers (PwC). The latest figures from the report, which will be launched in full at the Infosecurity Europe show next week, blame the rise in part on the increasing use of cloud computing and social networks within the enterprise. Around 15 percent of large organizations said that they had been infiltrated by an “unauthorised outsider” in the past year, and a quarter had suffered a denial-of-service attack, more than double the proportion in 2008, according to the report. Over three-quarters of those polled were using software-as-a-service and cloud computing, while 44 percent entrusted critical services to third parties. A partner at PwC noted that only 17 percent of companies that allow external providers to handle highly confidential data ensure that it is encrypted. The increasing use of third parties and externally provided services in the current business environment means that organizations are being forced to look to standards to provide some sort of assurances over data protection and compliance, said the report. Source:

61. April 21, Associated Press – (International) McAfee antivirus program goes berserk, freezes PCs. Computers in companies, hospitals, and schools around the world got stuck repeatedly rebooting themselves on April 21 after an antivirus program identified a normal Windows file as a virus. McAfee Inc. confirmed that a software update it posted at 9 a.m. Eastern time caused its antivirus program for corporate customers to misidentify a harmless file. It has posted a replacement update for download. McAfee could not say how many computers were affected, but judging by online postings, the number was at least in the thousands and possibly in the hundreds of thousands. McAfee said it did not appear that consumer versions of its software caused similar problems. In a statement, the company said it is investigating how the error happened ‘‘and will take measures’’ to prevent it from recurring. The computer problem forced about a third of the hospitals in Rhode Island to postpone elective surgeries and stop treating patients without traumas in emergency rooms, said a spokeswoman for the Lifespan system of hospitals. The system includes Rhode Island Hospital, the state’s largest, and Newport Hospital. In Kentucky, state police were told to shut down the computers in their patrol cars as technicians tried to fix the problem. The National Science Foundation headquarters in Arlington, Virginia, also lost computer access. Intel Corp. appeared to be among the victims, according to employee posts on Twitter. Intel did not immediately return calls for comment. A systems administrator at Illinois State University in Normal, said that when the first computer started rebooting, it quickly became evident that it was a major problem, affecting dozens of computers at the College of Business alone. Source:

Communications Sector

62. April 22, The Register – (International) Mobile network hack reveals sensitive cell phone data. Researchers have demonstrated structural cracks in GSM mobile networks that make it easy to find the number of most US-based cellphone users and to track virtually any GSM-enabled handset across the globe. The hack builds off research by Tobias Engel who in late 2008 showed how to track the whereabouts of cell phones by tapping into mobile-network databases. At the Source Conference in Boston April 21, an independent researcher, and a researcher of iSec Partners demonstrated how to use similar techniques to track an individual’s location even when his number is not known, and to glean other details most users presume are untraceable. “Now, we can even assign a name to a number and we can find someone’s number,” the independent researcher told The Register by phone shortly after his presentation. “The scary thing is that you can give me a random cell phone number and I can tell you, usually, who owns it. So if I want to find [a famous U.S. actor’s] number I can dump all the cellular phone caller ID information out of California and hunt for his number.” The information disclosure hack works by tricking the GSM caller ID system into assembling what amounts to a white pages directory of virtually every cell phone number. Source:

63. April 22, Casper Star-Tribune – (Wyoming; Colorado) Verizon wireless outage in WY, CO. Verizon Wireless customers throughout Wyoming and most of Colorado may be experiencing spotty coverage after a 2 a.m. technical snafu at a switching center in Colorado. Switch centers handle wireless phone calls and text messages, said a Verizon spokesman. He said the problem happened overnight. “Technicians have been on it for better than six hours and expect to have it back up by late morning,” the spokesman said. The Denver metro area and Front Range have their own switching center, and another one handles the rest of Colorado and all of Wyoming, including Casper. “Think of it as a traffic routing center for calls. As calls are made they go to a traffic switching center for completion to whatever number was dialed,” the spokesman said. “They’re sizable buildings. We have them all over the country.” He said Internet usage for customers with data plans should not be affected. Source:

64. April 22, State Journal – (National) Sentence handed out in Sequelle Broadband fraud case. Two business people accused of engaging in a fraudulent scheme to build a broadband Internet provider in the Mid-Ohio Valley region were sentenced April 19 in U.S. District Court in Huntington. The judge sentenced one of the suspects to 18 months in prison and ordered her to pay $848,871 in restitution. She is to surrender to federal authorities May 25, which allows her to testify in a related trial next month. She is to be on supervised release for three years after her prison sentence. The judge sentenced the other suspect to six months of home confinement followed by two years of supervised release. The sentencing stems from a 12-count indictment that accused the two suspects and a third as well as the company MentorGen LLC of defrauding the U.S. Department of Agriculture, the USDA’s Rural Utility Service, the states of West Virginia and Ohio and others. Source: