Friday, April 22, 2011

Complete DHS Daily Report for April 22, 2011

Daily Report

Top Stories

 According to the Washington Examiner, the Pentagon mistakenly posted plans online for its new office building in Alexandra, Virginia, showing exactly how big a bomb would have to be to destroy the facility. (See item 37)

37. April 20, Washington Examiner – (Virginia) Army accidentally reveals Mark Center’s bomb security. The Pentagon mistakenly posted plans online for its new office building in Alexandria, Virginia, showing exactly how big a bomb would have to be to destroy the facility, Examiner reported April 20. The 424-page Army Corps of Engineers document detailed the bomb-proofing design of the Mark Center near the intersection of Interstate 395 and Seminary Road, into which 6,400 defense workers are expected to move this fall, raising questions about security not only at the new office building but other Defense Department sites. Reuters, which first discovered the document online, reported that the Mark Center was designed to withstand the blast from 220 pounds of TNT-like material if it is detonated outside the Mark Center’s security perimeter, or 55 pounds if the perimeter is breached. That limit is a fraction of the size of the bombs used in attacks against the World Trade Center in 1993 and an Oklahoma City office building in 1995. The bomb-proofing of office buildings varies greatly, a professor of structural architecture at the University of Virginia said. There are no industry standards for such threats. ―Probably [the Pentagon’s] greater concern is that the information in those documents probably applies to lots of other buildings, and that their entire strategy here may be compromised because of the release of something like this,‖ said the structural engineer. The plan was removed from the Army Corps of Engineers’ Web site and from Internet search engines, according to a corps spokesman. The file was dated 2009 and could have been online since then. Source:

 The Associated Press reports firefighters found two propane tanks and a bomb near the Southwest Plaza Mall food court in Colorado, after a small fire broke out. (See Item 50)

50. April 21, Associated Press – (Colorado) Bomb, propane tanks found at Colorado mall. Firefighters in Littleton, Colorado found two propane tanks and a bomb April 20 near the Southwest Plaza Mall’s food court after a small fire broke out that was quickly extinguished. The bomb did not explode, and the mall was evacuated around noon. Unexploded pipe bombs and a propane tank with explosives attached were found in the school after the shootings. An FBI spokesman said authorities have identified a person of interest seen on surveillance video entering a stairwell he said is not typically used by the public. The man could be a witness or a suspect, the a Jefferson County Sheriff’s Department spokeswoman said. He is described as a white male with graying hair and a silver mustache. Photos taken from surveillance show him in a dark cap, gray and white striped shirt, dark jacket, blue jeans and dark shoes. A daylong search did not turn up any other explosive devices in the mall, which was expected to be open for business April 21. About 25 schools were on lockout as a precaution, meaning access is restricted to one point, according to the Post. Source:


Banking and Finance Sector

14. April 21, Republican-American – (Connecticut) Heist suspect thought to be KISS bandit. Police in Southington, Connecticut, are trying to determine a link between a robbery on April 16 and a robbery in October 2010 in which a man dressed like a member of the rock band KISS, and robbed a bank on Wolcott Road. Southington police arrested a man on April 20 with a last known address in Wolcott on charges related to a bank robbery in Southington on April 16. The 26-year-old man was arrested in Waterbury, Connecticut, on April 20 after family members and associates identified him from bank surveillance pictures released by Southington authorities. Webster Bank at 359 Queen St. was robbed on April 16, shortly before 12 p.m., by a man who passed a teller a note indicating he was armed with a firearm. The robber fled the bank and into a waiting car. Source:

15. April 21, Associated Press – (National) Man pleads guilty in Conn. ATM skimming scheme. A Romanian man pleaded guilty April 20 in Connecticut to participating in a scheme to steal passwords to bank ATM cards and withdrawing more than $200,000. Federal prosecutors say the 30-year-old man pleaded guilty to a charge of conspiracy to commit bank fraud. Authorities say the man was part of a group that installed ―skimming‖ devices on ATMs in Connecticut, Pennsylvania, New York, and New Jersey, and on card swipe devices used by banks to control access to ATM lobbies. The devices captured encoded information, while small cameras were placed on the ATMs to record customer PINs. The information was used to create counterfeit bank cards which the suspects used to withdraw money from customers’ accounts. The man faces up to 30 years in prison. Source:,0,5360596.story

16. April 20, Associated Press – (National) 3 Fla. men indicted in wake of $3.7B Ponzi scheme. A former associate of a fallen Minnesota businessman and two hedge fund managers were indicted April 20 in federal court on fraud charges. The three men were each charged with four counts of securities fraud for allegedly giving false information about Petters Co. Inc. (PCI) to investors. All three men live in Florida. The CEO of PCI is serving a 50-year sentence after being convicted of orchestrating a $3.7 billion Ponzi scheme through PCI. Prosecutors allege that two of the men falsely told investors PCI was generating profits, and that the other allegedly told both men to communicate only with him when dealing with PCI, receiving over $60 million in commissions. The government alleges that the three men made ―material misrepresentations and concealed material information‖ about the PCI investments to induce investors to buy securities. For example, prosecutors say, investors were told that when a retailer bought electronics or other goods from PCI, those products were paid for by the retailer with funds directly deposited into a bank account under the control of two of the men’s management companies. As a result, investors were falsely assured that PCI transactions were taking place when the defendants allegedly knew that the hedge funds actually received payments from PCI alone and never from retailers. The indictment alleges that when PCI’s debts pushed the company to the brink of insolvency in February 2008, the three men took part in a scheme to swap more than $1 billion of PCI promissory notes to create the appearance that PCI could repay the notes held by the hedge funds. Two of the men allegedly continued to report to investors that the hedge funds were generating steady profits, and together with the third man, they solicited new investors and additional money from existing investors, raising more than $75 million in new money from more than 30 investors, according to the indictment. Source:

17. April 20, Associated Press – (Michigan) Facebook photos help FBI solve bank robberies. The FBI said on April 19 a man charged with robbing five Detroit-area banks was caught after investigators matched him to photos on Facebook. The man was indicted April 19, two months after his arrest on a criminal complaint. He is accused of stealing $6,300 during five bank robberies from October through January. An FBI agent said a tipster called after seeing bank surveillance photos. The tipster offered the man’s name, and the FBI found his profile photo on Facebook. The FBI says there were Facebook photos of the 25-year-old man wearing the same clothes that were worn during a robbery. The suspected robber has been free on bond since his arrest. Source:,0,5840950.story

18. April 20, Orange County Register – (California) 3 charged in $11 million insurance scheme. Three people, including an Orange County, California, resident, were charged April 20 in an $11 million scheme to forge repair checks from insurance departments. The three suspects all pleaded innocent, a San Bernardino County Deputy District Attorney said. They were released from custody April 20 pending a preliminary hearing. Two of the suspects co-own the Rancho Cucamonga and Tustin franchise of ServiceMaster, a restoration and cleanup business that is commonly hired after an insured property loss. A criminal complaint filed last week in San Bernardino County Superior Court charged that they stole $11.6 million from nearly three dozen insurance companies by forging names on checks between 2005 and 2009. According to the complaint, the fraud began to unravel in 2007 when a homeowner complained to her insurer about work the ServiceMaster franchise had done on her home following a November 2005 fire. An investigator for Mercury Insurance allegedly then discovered that the suspects had forged signatures on insurance checks payable to the homeowners and mortgage lenders. Source:

19. April 20, Tampa Bay Tribune – (Florida) Seven arrested in $8.8 million mortgage fraud investigation. Three husband and wife teams and one other person were arrested in Florida April 20 in connection with an $8.8 million mortgage fraud scheme. The arrests were the result of an investigation by the Florida Department of Law Enforcement (FDLE), Hillsborough County Consumer Protection Agency and the Attorney General Office of Statewide Prosecution. The investigation centered on what authorities say were 50 fraudulent mortgage applications involving 33 properties purchased from April 2003 to December 2007, with many occurring at the height of Florida’s housing boom. The bad loans totaled about $8.8 million. Each of the buyers, except for one, sold properties among themselves. At one point, the only suspect in the case not to sell properties owned the mortgage company where several of those arrested worked and sometimes prepared fraudulent documents, FDLE said. The buyers would simultaneously apply for multiple mortgages with different lenders, the FDLE said. That way, they would be eligible for lower interest rates and other advantages given to buyers of homesteaded property. All were charged with racketeering, taken to the Hillsborough County Jail and had bails up to $700,000. Many of the fraudulent mortgages were the personal loans of the people arrested, the FDLE said. The subjects prepared 50 fraudulent applications and other documents and submitted them to mortgage lenders, trying to convince them to loan money on homes. The properties were scattered throughout Florida in Pinellas, Pasco, Hillsborough, Hernando, Osceola, Seminole and Orange counties. Twenty-two were taken back by lenders in foreclosure, resulting in $4.2 million in final judgments. Source:

Information Technology

42. April 21, Help Net Security – (International) Gold-themed spam fishing for personal information. Symantec spotted a new spam campaign leveraging the recent news about gold prices. The price for an ounce of gold rose above $1,500 for the first time April 20. Recent global events have made investors turn to gold as the last safe haven investment, and scammers are counting on the fact that people have heard that news and are interesting in doing the same. In a matter of hours, scammers began sending out spam e-mails with ―Is Gold Your Ticket To A Golden Future?‖ in the subject line and a link that takes the recipient to a Web site that offers a ―free investor kit‖ in exchange for some contact information. ―Certain personalities are used in the image for this spam campaign — including [an American conservative television and radio host]. A Google search reveals an interesting angle about [the host] promoting gold investments,‖ a Symantec researcher pointed out. ―It seems that the spammer did some research in order to know about the association before propagating this spam campaign.‖ According to the researcher, this is a typical hit-and-run spam campaign — large volumes of spam messages (usually in HTML) sent out in short bursts, quickly rotating domains, and messages usually sent from within the same /24 IP range. Source:

43. April 21, Softpedia – (International) Royal wedding search results poisoned with scareware links. Security researchers warned that searching for terms related to the upcoming royal wedding carry a risk of scareware infection because the results can be poisoned with malicious links. The wedding is scheduled to take place April 29 at Westminster Abbey in London. As it draws near, the event and related happenings are getting more and more attention from the media. Security researchers from GFI Security warned that searching for recent news of a jelly bean resembling the face of the bride will lead users to a scareware application called XP Antispyware. Meanwhile, experts from ESET warned that searching for keywords such as ―[bride’s name] wedding dress idea‖ carries similar risks. Search result poisoning is part of black hat SEO (BHSEO) campaigns and is a method used with great success to distribute scareware in recent years. Google, is the primary target of such attacks, but scareware pushers have expanded their attacks to other search engines as well, making the threat even more widespread. The schemes rely on the existing PageRank of compromised legitimate Web sites to hijack results for certain terms. Trying to visit the rogue links will redirect users to pages displaying fake antivirus scans that warn them of non-existent infections on their computers. The pages distribute fake security programs under the promise that they will fix the issues. However, after installation, the applications do nothing more than display more alerts and warnings. The end goal is to scare users into buying licenses for the useless programs and expose their credit card details in the process. Source:

44. April 21, The H Security – (International) Spring cleaning: Oracle’s patch day brings73 security patches. Oracle released 73 security patches on its April patch day, closing many holes in Solaris, eponymous database server, WebLogic application server, Fusion middleware, and other products. Among the most critical of the holes closed, scoring 10.0 on the CVS scoring system, are one in Sun GlassFish Enterprise Server and Sun Java System Application Server and one in Oracle jRockit. Among the other holes closed is a vulnerability in the SSL/TLS protocol (CVE-2009-3555) that was reported at the end 2009. The products affected by the fix are Oracle Fusion Middleware and Oracle Database’s Oracle Security Service and Oracle WebLogic Server. Many of the vulnerabilities allow an attacker to inject malicious code over the network. The advisory also lists vulnerabilities in OpenOffice that have already been fixed with the release of OpenOffice 3.3.0. Source:

45. April 20, IDG News Service – (International; Michigan) Woman pleads guilty to selling counterfeit software. A Michigan woman pleaded guilty April 20 to a charge related to selling more than $400,000 worth of counterfeit software on a Web site, the U.S. Department of Justice (DOJ) said. The 31-year-old, from Ypsilanti, pleaded guilty to one count of willful copyright infringement in U.S. District Court for the Eastern District of Michigan, the DOJ said. Between July 2008 and January 2010, she sold more than 7,000 copies of pirated business software at discounted prices through the Web site,, the DOJ said in a press release. The software, with a retail value of more than $2 million, included pirated versions of products from Microsoft, Adobe, Intuit, Symantec, and other vendors, the agency said. Agents with U.S. Immigration and Customs Enforcement made several undercover purchases of the software, the DOJ said. The woman faces maximum penalties of 5 years in prison and a$250,000 fine. During her plea hearing, she agreed to forfeit any illegal profits and pay restitution to companies. Sentencing is scheduled for August 15. Source:

46. April 20, Wired – (International) Skype update for Android fixes security flaw, adds 3G calling. Skype released a new version of its Android app April 20, fixing the app’s recently discovered security vulnerabilities. The new version secures a loophole in which third-party software was able to gain access to data stored on the user’s phone. ―We have had no reported examples of any third-party malicious application misusing information from the Skype directory on Android devices,‖ Skype’s chief information-security officer said in a blog post. The company encouraged users to download its software from the official Android Market or the Skype Web site, rather than an unofficial outside venue. Skype’s popular voice-over-internet service faced criticism the week of April 10 after a blogger discovered the security flaw in the Android version of the app, which allowed access to sensitive user details including a user’s full name, address, and date of birth. The security exploit has existed on Skype’s Android app since its wide release last October. Source:

Communications Sector

47. April 21, Virginia Gazette – (Virginia; North Carolina) Cellphone outage hits Halifax County. People throughout Virginia and North Carolina April 20 experienced cell phone outages since about 5:30 p.m., Verizon Wireless representatives said. Multiple cell tower outages were being reported across the area, with the Halifax County area reporting a 70 percent failure rate for cell phone calls. A customer service representative said the Network Repair Bureau was aware of the problem and was working to repair the network. However, she said they had no timeline of when the problem with the cell towers would be repaired. Source:

48. April 21, CNNMoney – (International) Amazon EC2 outage downs Reddit, Quora. A rare and major outage of Amazon’s cloud-based Web service April 21 took down a multitude of other online sites, including Reddit, HootSuite, Foursquare, and Quora. On its Web services ―Health Dashboard,‖ Amazon says that it is ―investigating instance connectivity, latency and error rates‖ that started at 4:41 a.m. The outages were at Amazon’s northern Virginia data center. Amazon hosts many major Web sites on its Web servers through a service called Elastic Compute Cloud. The ―elastic‖ infrastructure model is designed to scale up automatically to handle giant traffic spikes. Thousands of customers utilize Amazon’s cloud, renting space on its servers, some of which went down in the wake of Amazon’s outage. Source:

No comments: