Wednesday, March 16, 2011

Complete DHS Daily Report for March 16, 2011

Daily Report

Top Stories

 Associated Press reported dangerous levels of radiation leaked from the Fukushima Dai-ichi nuclear plant in Japan after an explosion and a fire, after which authorities ordered 140,000 people to seal themselves indoors March 15. (See item 8)

8. March 15, Associated Press – (International) Radiation level soars after Japan nuke plant fire. Dangerous levels of radiation leaking from the Fukushima Dai-ichi nuclear plant forced Japan to order 140,000 people to seal themselves indoors March 15 after an explosion and a fire at the plant along the country‘s northeastern coast. In a nationally televised statement, the Japanese prime minister said radiation had spread from the four stricken reactors. Japanese officials told the International Atomic Energy Agency the reactor fire was in a fuel storage pond and ―radioactivity is being released directly into the atmosphere.‖ After the fire was extinguished, a Japanese official said the pool might still be boiling, though the reported levels of radiation had dropped dramatically by the end of the day. That reactor, Unit 4, had been shut down before the quake for maintenance. Experts noted much of the leaking radiation was apparently in steam from boiling water. It had not been emitted directly by fuel rods, which would be far more virulent, they said. Less clear were the results of the blast in Unit 2, near a suppression pool, which removes heat under a reactor vessel, said plant owner Tokyo Electric Power Co. The nuclear core was not damaged but the bottom of the surrounding container may have been, said a spokesman for Japan‘s nuclear safety agency. On March 15, the complex was hit by its third explosion since March 11, and then a fire in a separate reactor. Some 70,000 people had already been evacuated from a 12-mile radius from the Dai-ichi complex. Source:

 Computerworld reported March 14 that scammers are leveraging Japan‘s earthquake and tsunami disasters to spread multiple-style Internet scams at record speed. See item 39 below in the Information Technology Sector


Banking and Finance Sector

12. March 14, Reuters – (California) Bomb house suspect pleads guilty to bank robbery. An unemployed computer software engineer originally from Serbia and living in Escondido, California, faces up to 30 years in federal prison after pleading guilty to two counts of brandishing a firearm in the commission of a robbery March 14. As part of the plea deal, federal prosecutors agreed to dismiss five other charges against the man, including one count of possessing explosive devices and one count of illegally manufacturing explosives. But he admitted in court to possessing explosives and the materials to make them, as well as to committing two additional bank robberies, while verifying the plea agreement before a U.S. district judge. Federal investigators said they uncovered evidence linking the man to the robberies after the rented house he shared with his spouse was found stuffed with high explosives, bomb-making chemicals, homemade grenades, guns, and ammunition mixed with paper and other debris piled floor to ceiling. Source:

13. March 14, Bloomberg News – (National) Former mortgage executive pleads guilty in TARP fraud. The former president of Taylor, Bean & Whitaker Mortgage pleaded guilty March 14 in an Alexandria, Virginia, court in connection with a $1.9 billion fraud that included trying to deceive the federal bank bailout program. The 45 year-old Atlanta resident admitted to one count of conspiracy to commit wire fraud, bank fraud, and securities fraud and one count of making false statements. He agreed to cooperate with prosecutors‘ investigation of the company. Federal prosecutors filed a criminal case against the man before a U.S. district judge a week prior to his guilty plea. The former executive faces a maximum of 5 years in prison on each count, plus a fine of as much as $500,000 and full restitution to victims, according to prosecutors. Two other Taylor Bean executives, including its former chairman were charged previously in the scheme by covering up shortfalls at the company. Taylor Bean was once the largest non-depository mortgage lender in the United States, the Securities and Exchange Commission said in a statement. Source:

14. March 14, WJXT 4 Jacksonville – (Florida) 15 charged in tri-county mortgage fraud. Eleven people were arrested March 14 and 4 others are still being sought in connection with a mortgage fraud case that spanned Flagler, Volusia, and Lake counties in Florida. The case involved 23 homes and resulted in more than $9 million in losses. Investigators said those arrested were charged with one count of criminal racketeering and one count of conspiracy to commit racketeering, both first-degree felonies. The 2-year investigation, named ―Operation Fast Cash Kickback,‖ focused on a complex scheme involving home buyers, realtors, appraisers, and mortgage brokers, investigators said. They said the suspects artificially raised home prices, falsified appraisals, and pocketed large amounts of cash by facilitating a series of fraudulent home sales. The scam involved using straw buyers to purchase a home, investigators said. They said the straw buyer‘s realtor then asked the seller to raise the price of the home in order for the difference to be provided back to the straw buyer for renovations. Investigators said the appraiser would then inflate the price of the home to meet the contract sales price. At closing, a designated third party individual or shell company received the proceeds for renovations, which ranged from $25,000 to $320,000 for each sale, investigators said. They said the third party recipient then returned a majority of the money back to the straw buyer via check or wire transfer. No renovations were ever conducted on the homes, and each of the properties foreclosed a short time after the sale. Source:

Information Technology

33. March 15, H Security – (International) Adobe warns of zero day vulnerability in Flash and Reader. Adobe has reported that an unpatched vulnerability in its Adobe Flash Player can be exploited to inject and execute malicious code. The vulnerability has reportedly been used for targeted attacks in which victims, rather than being lured to a crafted Web page, were sent infected Excel files via e-mail. These contained a crafted Small Wave Format (SWF) file which ran in Flash Player when the Excel file was opened. Version 10.x for Windows, Mac OS X, Linux and Android, and the embedded Flash plug-in for Chrome, are all reportedly affected. Versions 10.x and 9.x of Adobe Reader and Acrobat for Windows and Mac are also vulnerable, as they contain the same bug in their integrated authplay.dll Flash engine. In at least the Windows edition of version 10 (aka X) the bug cannot be exploited to compromise a system. The sandbox function prevents malicious code from accessing the operating system, blocking attackers from installing malware. No attacks on Adobe Reader have been observed. Source:

34. March 15, Help Net Security – (International) Complexity as the leading security issue. Research from Check Point and the Ponemon Institute shows organizations struggle with a growing set of security priorities and limited employee awareness about corporate policies. According to the survey of over 2,400 IT security administrators around the world, managing complex security environments is the most significant challenge facing organizations today, with over 55 percent of companies using more than seven different vendors to secure their network. According to the survey, over 700 respondents believe the primary concern with emerging technology adoption is compliance. With the proliferation of cloud computing, mobility, Web 2.0, and file sharing applications, organizations often struggle to apply the appropriate levels of security across all layers of the network, while also adhering to stringent compliance requirements. While emerging technologies have created new methods of communication and collaboration for enterprises, organizations struggle with managing multifaceted IT environments; this often contributes to greater security complexity and the risk of data loss by employees. Source:

35. March 14, H Security – (International) Pwn2Own 2011: Google patches hole in Chrome. Google has released an update for the Windows, Linux, and Mac OS X versions of its browser. The update closes a hole in WebKit that was originally exploited in Blackberry devices –- because, like the Blackberry browser, Chrome and Safari are also based on WebKit. The hole has yet to be closed in BlackBerry, Safari, Mobile Safari, Android, and other WebKit-based products. Source:

36. March 14, threatpost – (International) Scammers pushing fake AV via Skype. According to a new report from, groups responsible for pushing fake anti-malware programs are using Internet-based phone calls over the Skype network to trick unsuspecting users into downloading their fraudulent software. Skype users are reporting they are getting automatic calls from vendors pushing rogue anti-virus. The scam is not unlike an unwanted telemarketer call, with users asked to follow instructions given by the mechanized call. Those who fall for the ruse find themselves hit with a ubiquitous scareware page, warning them that their computer is infected and advising them to erase the threats from their computer. After clicking through the warning, users are sent to a ―shopping cart‖ which convinces them to purchase their ―professional online repair service.‖ Previously spammers have used Skype to peddle their malware via online notifications, while larger projects, like spam campaigns and worms, have become more commonplace with the software. Source:

37. March 14, The Register – (International) Windows 7 customers hit by service pack 1 install ‘fatal error’ flaws. A brace of ―fatal errors‖ is hampering Windows 7-based computers that have been updated with Microsoft‘s first service pack for its current operating system. Since Windows 7 SP1 was released late in February, many users have been complaining on forums about problems with the install of the update package. Similarly, The Register has heard from many upset readers who are wasting time rebuilding their machines after the service pack had led to fatal flaws in the OS. ―Basically, if you have an OEM machine connected to a server running WSUS [Windows Server Update Services] with the default settings it offers and installs SP1 automatically. This is killing machines and stopping them booting with a C00000034 fatal error,‖ said one reader. Separately, Windows 7 punters applying the SP1 update package have stumbled into a reboot looping glitch after encountering: ―Error C000009A applying update operation 120782 of 367890.‖ A Microsoft employee confessed March 14 that the firm had yet to discover the cause of the errors. Source:

38. March 14, Dallas Morning News – (International) Texas Instruments plant in Japan will be idle for months because of earthquake. Texas Instruments Inc. said March 14 that damage at one of its chip plants in Japan is so severe that it will return to full production no sooner than mid-July. The Dallas, Texas-based semiconductor maker said the Miho plant made products that accounted for about 10 percent of total sales in 2010, and the shutdown will reduce first- and second-quarter financial results. The company said it has identified alternate manufacturing sites for about 60 percent of Miho‘s production, which consisted of analog and DLP chips for a variety of high-tech devices. The company said the return to normal production could be delayed further if the power grid is not repaired or other complications arise. The Miho plant is about 40 miles northwest of Tokyo. Texas Instruments said the infrastructure that delivers chemicals, water, and other materials to the plant was damaged, and about 60 percent of the chips under construction when the earthquake hit were destroyed. The extent of the harm to manufacturing equipment will not be known until power is fully restored. Source:

39. March 14, Computerworld – (International) Criminals kick off Japanese disaster scams at record speed. Criminals have jumped on Japan‘s twin earthquake and tsunami disasters at record speed, security experts said March 14. Scams range from links to fake anti-virus downloads and phony donation sites to classic online swindles that rely on greed. ―What‘s surprising this time is how quickly they picked up on the news,‖ said a security researcher with U.K.-based Sophos. ―We knew [scams] were coming, but they started appearing in record-breaking time, less than 3 hours after the earthquake.‖ Facebook has been used by cyber-crooks to collect information when users click on a link posing as CNN video footage of the tsunami, said Sophos. Scammers are also flooding e-mail inboxes with messages asking recipients to donate money to relief efforts, said a Symantec researcher. Another Symantec researcher noted that other scams have appeared taking advantage of news of the earthquake and tsunami. ―Symantec has observed a classic 419 message targeting the Japanese disaster,‖ said the researcher. ―The message is a bogus ‗next of kin‘ story that purports to settle millions of dollars owing to an earthquake and tsunami victim.‖ Crooks have also registered a large number of domains with URLs that may fool users into thinking that they are legitimate donation or relief sites, he said, a tactic that can also push those sites higher on search results. Source:

Communications Sector

40. March 14, Associated Press – (International) Pentagon blocks workers’ access to Japan videos to free bandwidth. The Pentagon‘s Cyber Command has shut down Defense Department workers‘ access to popular streaming video Web sites including YouTube, Amazon, and Googlevideo, Associated Press reported March 14. Officials say the tremendous demand to see the Japan earthquake is eating up bandwidth already weakened by Internet problems in that part of the world. Cyber Command has directed the Defense Information Systems Agency to temporarily restrict access to the Web sites. Most employees see the message ―Website Blocked‖ in bright red letters when they go to one of the sites. Cyber Command says the restrictions are no reflection on the Web sites. The command says the sites have been blocked at the request of U.S. Pacific Command to help meet the needs of the military because its networks and circuits in the region are facing extreme demands. Source:

No comments: