Monday, September 26, 2011

Complete DHS Daily Report for September 26, 2011

Daily Report

Top Stories

• The former manager of the Milford, Massachusetts, Water Co. was indicted by a grand jury for tampering with water samples so the state would lift a boil order on the contaminated public water supply. – Milford Daily News (See item 32)

32. September 22, Milford Daily News – (Massachusetts) AG: Former Milford Water Co. manager tampered with samples. The former manager of the Milford, Massachusetts-based Milford Water Co. was indicted by a Worcester County grand jury on six counts of tampering with an environmental-monitoring device or method, and two counts of making false statements, the attorney general's office said September 21. Investigators allege the manager added chlorine to samples in August 2009 so the state would lift an order for the public to boil the contaminated public water supply. The boil order was in place for almost 2 weeks because the water tested positive for E. coli, with the town distributing 167,000 gallons of bottled water — an average of 18,000 gallons a day — during the ban. Authorities traced the problem to the corroded roof of a water tank. According to the attorney general's office, the manager submitted tampered samples to a lab for testing. During tests, the samples immediately turned black. Lab technicians found the chlorine level was so high it exceeded the limits of the test. The Massachusetts Department of Environmental Protection (DEP) and the inter-agency Massachusetts Environmental Strike Force later tested the suspicious samples and found levels of chlorine in some samples that were 700 times greater than the acceptable level for drinking water. The privately owned Milford Water Co. has made improvements since the boil-water order, including changing its manager and, as required by a DEP consent order issued after the boil water incident, making plans to build a new treatment plant by 2013, an official said. The former manager retired from the company in December 2009. Source:

• Police in Toledo, Ohio, are investigating after bullets were fired at two fire stations, and a suspicious package was planted at another fire station over the course of two days. – WTOL 11 Toledo (See item 40)

40. September 22, WTOL 11 Toledo – (Ohio) Three threats in two days against Toledo fire stations. Police are investigating two shootings and a bomb threat at three fire stations in Toledo, Ohio. Around noon September 22, firefighters at Fire Station 18, located at 5221 Lewis, discovered a suspicious package outside the station. The Toledo Police called in their bomb squad, which dismantled the package. Inside was found a propane tank and a bag of charcoal. On September 21, sometime between 4 and 4:30 p.m., firefighters at Fire Station 6, located at 642 Starr Avenue, heard five shots fired. Two of the bullets made it inside the fire department. One of the bullets ricocheted off of one of the fire trucks, and one bullet lodged itself in a back wall. The shots were fired at an area frequently used by firefighters. No spent shells were found outside the station. Also on September 21, bullets were fired at Fire Station 9 at 900 South Street. Source:


Banking and Finance Sector

15. September 23, Spokane Spokesman-Review – (International) SEC accuses woman of huge Ponzi scheme. The U.S. Securities and Exchange Commission (SEC) September 22 accused the owner of a bankrupt Spokane, Washington-based payday loan business with conducting a massive Ponzi scheme. The SEC alleges she defrauded investors in her company, Little Loan Shoppe, by misrepresenting the profitability and safety of investments, and giving them the false impression their money was being used to grow her business. Millions of dollars also were misappropriated for personal use, the agency alleged. According to the complaint filed in federal court, she raised about $135 million between 1999 and 2008 from at least 650 investors in the United States, Canada, and Mexico. She misled investors by telling them Little Loan was financially sound, the SEC said. The complaint alleges she sold promissory notes assuring investors of annual returns of 40 to 60 percent she claimed would be paid through Little Loan's profits. She also told investors their money was safe because she had insurance or a separate account to pay back investors. As the scheme neared collapse in mid-2008, the complaint alleges she made a last-ditch effort to attract new investments by announcing a “window to invest” and falsely telling investors Little Loan had ”defied financial gravity” in the deteriorating economy. Investors responded by pouring millions more into Little Loan. The business soon buckled, payments were cut and missed, and investors dragged the company into bankruptcy in 2009. The SEC charged her with violating the antifraud and registration provisions of the federal securities laws. In seeking bankruptcy protection, the company claimed it owed more than $100 million to more than 1,300 creditors. Source:

16. September 23, Softpedia – (International) Millions stolen through Internet retail scam. Approximately $450 million was illegally obtained by a man who allegedly sold products and services on the Internet and took advantage of hidden charge clauses to con people. The U.S. Federal Trade Commission (FTC) heard of his operation and immediately shut it down. By hiding behind 10 company names, the head of the scheme commercialized all sorts of products from personal care items to acai berry weight-loss pills, and even health supplements. He offered users in the United States and other countries free product trials that were actually charged with up to $80 even if the customer did not at any time agree to pay the amount. After freezing the man's assets, the court stated “Not only has [the FTC] shown a likelihood that Defendants have engaged in misleading marketing practices, but it has also shown that Defendants have moved substantial funds to offshore companies and bank accounts. . .” To better hide his income, the man opened bank accounts in Cyprus, where he also established several holding companies to facilitate international merchant banking. A woman and her company, Mobile Web Media LLC, were also charged for aiding the man by offering credit and debit card processing services. During the trial, the accused parties are banned from selling or offering any products as free trial or as bonus, and they're also forbidden from making any sort of Internet transactions that might be misinterpreted or misleading. Source:

17. September 22, Twin Cities Business – (Minnesota) Former MN bank executives face new fraud charges. Two former officers of a St. Paul, Minnesota bank and a customer are facing additional charges in an alleged $1.9 million “check-kiting” scheme that led to the closure of Pinehurst Bank, Minnesota’s U.S. attorney’s office said September 22. The 57-year-old former president of Pinehurst and the bank’s 43-year-old former chief credit officer and senior vice president were each charged with five counts of misapplication of bank funds in June. A 71-year-old customer, was charged with the same counts. The 57-year-old now also faces one count of bank fraud, and one count of making a false statement. The 43-year-old has now been charged with one count of bank fraud, and two counts of making false statements, and the customer has been charged with two counts of bank fraud, and one count of theft from an employee benefit plan. The customer is accused of kiting increasingly large sums between Pinehurst and a second bank from March 2006 until February 2009, when the second bank discovered his insufficient funds and returned more than $1.8 million in bad checks to Pinehurst. The Pinehurst employees then allegedly recruited five straw borrowers to get $1.9 million in loans from Pinehurst for the customer, and the three defendants concealed the scheme from the bank’s board and regulators. Each defendant faces up to 30 years in prison for each bank fraud and misapplication count. The bank employees also face a maximum of 5 years on each false statements count, while the customer faces up to 5 years for his count of theft from an employee benefit plan. Source:

18. September 22, Bloomberg – (National) Investment club manager pleads guilty to $40 million fraud. A Michigan man who ran an “investment club” pleaded guilty September 22 in federal court in Virginia to defrauding more than 750 members out of almost $40 million. The 46-year-old entered his guilty plea in U.S. district court in Alexandria to one count of wire fraud. He faces a maximum penalty of 20 years in prison, according to court documents. ”[He] took huge risks with others’ money and lost big,” a U.S. attorney in Alexandria said. “He covered up his massive losses through lies and deceit to members of his investment club.” From 2006 through July 2009, the man solicited about $40 million from investors who were members of a club he created that the Commodity Futures Trading Commission (CFTC) in a lawsuit described as a ”commodity pool.” He told them their money was being invested through an equities-trading system developed by an expert consultant, Trade LLC, with a promised return on investment of 10 percent per month, according to court papers filed in Alexandria and in a related lawsuit in Michigan. Trade LLC, which is no longer in business, was sued separately by the commission over activities related to the club, according to the CFTC. Only $6 million was invested with Trade LLC, prosecutors said. The rest was “secretly invested” in more than 25 other ”high-risk” ventures, losing almost $34 million, the government said. In 2009, the man stopped investing in Trade LLC and “re-deposited” that money in other losing ventures, according to court documents. He also created false monthly statements for his investors showing they were making money, prosecutors said. Source:

19. September 22, Charleston State Journal – (West Virginia; Michigan) Man arrested after 126 fraudulent credit cards found in vehicle. One man was behind bars September 22 after 126 fraudulent credit cards were found in his vehicle in West Virginia. According to a U.S. attorney, the 25-year-old Michigan man was arrested after a nearly hour-long search September 21 on the bridge over I-70 near Cabela Drive. The stop was made by the Mountaineer Highway Interdiction Team, and the FBI and Secret Service are assisting with the case. An officer with the West Virginia State Police said suspicion was gained during the traffic stop, that led officers to search the vehicle. "We're dealing with multiple jurisdictions, tying a criminal organization from the Detroit, Michigan area to their destination travels of Morgantown, West Virginia, to try and uncover just what it was they were doing, coming to West Virginia and why they had 126 fraudulent cards that represent 126 potential bank accounts ... on them," the officer said. Source:

20. September 22, WTAM 1100 AM Cleveland – (Ohio) Indictments handed-up in mortgage scam. Investigators September 22 announced the indictment of 32 defendants for fraudulently obtaining $5.1 million in loans to purchase 44 houses in Cuyahoga County, Ohio. According to the Cuyahoga County Mortgage Fraud Task Force, a 40-year-old Cleveland man, a 50-year-old Cleveland man, and a 49-year-old Parma man, were the key members of the enterprise. They and 29 other defendants were indicted by a Cuyahoga County grand jury for engaging in a scheme that involved buyers, sellers, mortgage brokers, loan officers, title agents and processors, private investors, and appraisers. According to an assistant prosecutor, the scam involved houses purchased at sheriff’s sales or other sources for meager amounts, with mortgages taken out on those properties simultaneously, with an open-end loan allowing their values to be artificially inflated. Authorities contend most of the properties were purchased without any of the buyers’ personal money. They also claim

many of the title company files contained invoices for rehabilitation work done by one company in particular, when in fact no work had been done to the property. Officials site fraudulent invoices they believe show most of the buyers were paid for lending their names and credit to the transactions. Investigators maintain some buyers were duped into participating in the scheme on the pretense they would become investors and reap the benefits when they sold the houses after owning them for a few years, while others knowingly participated by buying the properties, never intending to occupy, lease, or maintain them. They said most of those buyers received payments of several thousand dollars after the properties sold. Source:

21. September 22, Crain's Detroit Business – (Michigan) Injunction sought against couple, attorney accused of preparing fraudulent tax returns. The U.S. Department of Justice (DOJ) September 22 was seeking an injunction against a Sterling Heights couple and their Oakland County attorney to stop them from preparing allegedly fraudulent income tax returns for Southeast Michigan residents. The DOJ brought civil action against a minister at Perfecting Church in Detroit and his wife along with their company, Diamond & Associates Enterprises LLC, and an attorney and owner of Southfield-based T. Daniels & Associates PLLC. The civil complaint alleges the minister, his wife, and their company prepared more than 180 income tax returns for taxpayers on income in 2009 and 2010, and sought more than $29 million in fraudulent refunds. In 2010, Diamond Tax Services allegedly began filing false returns as a paid preparer of returns for taxpayers under the federal Filing Information Returns Electronically system of the Internal Revenue Service (IRS). Under the scheme, the couple allegedly told taxpayers they had a secret account within the U.S. Department of Treasury that could hold up to millions of dollars and which they could access to pay debts, as a credit against tax liabilities or to draw upon for refunds. The preparers then filed an IRS form, usually a 1099-OID or Original Issue Discount form, claiming the taxpayer was an issuer or purchaser of a debt instrument for which income was previously withheld for taxes. This increased the taxpayer’s tax liability, but also used the phony withholding as a credit or deduction. The DOJ estimates the IRS has paid out nearly $1.7 million in “erroneous refunds because of [their] fabricated withholding claims." Returns prepared through Diamond Tax Services allegedly have sought fraudulent refunds for tax years going back to 2006, and the couple allegedly sought $2.5 million in bogus refunds on their own returns. Source:

22. September 22, IDG News Service – (National) FTC targets mortgage and debt relief Web sites. The U.S. Federal Trade Commission (FTC) September 22 asked a court to shut down Web sites that falsely suggested they were federal consumer assistance agencies or affiliated with government agencies focused on mortgage or debt relief. Web sites operated by a man from San Antonio allegedly misled consumers about their connection to the U.S. government, the FTC said in a press release. The man conducted business as the Department of Consumer Services Protection Commission, U.S. Debt Care, and World Law Debt. The Web sites had no government connection, but instead referred customers with financial problems to companies selling mortgage, tax and debt relief services, with promises that consumers' debts would be substantially reduced or eliminated, according to the complaint. The FTC asked the court to permanently shut down the man's operation. The FTC charged the man with multiple violations of the FTC Act for allegedly misrepresenting his affiliations with federal agencies, misrepresenting that the services advertised on his Web sites were government-approved, and making deceptive debt relief claims. His businesses also violated rules governing telemarketing and mortgage relief, the agency said. The man, a lead generator for other businesses, impersonated the FTC and other agencies, the FTC said. His Department of Consumer Services Protection Commission appears to combine two real government agencies, the FTC and the Consumer Financial Protection Bureau, the agency said. His Web sites used the FTC's official seal and copied language about the fictitious agency's consumer protection mission almost verbatim from the FTC site. Source:

For another story, see item 48 below in the Information Technology Sector

Information Technology Sector

44. September 23, Softpedia – (International) Browser vendors prepare for SSL attacks. Soon, SSL BEAST research will be revealed and Web browser vendors will have to devise new ways of protecting their products from attack. The easiest way to fix the problem would be to upgrade to the newer versions of the security protocols implemented so far. For example, TLS 1.1 and 1.2 are insusceptible to the attack, but the problem is most Web sites do not support these types of encryption protocols. Opera has already successfully incorporated the improved protocols and they are activated by default. Internet Explorer 9 has the ability to protect users against SSL attacks, but only if they activate the later versions manually. Google officials are patching up Chrome, their only fear being they might have to make a forced release of the product because of hacking activities. Mozilla's Firefox only support SSL 3.0 and TLS 1.0, which are highly vulnerable to the BEAST's attack. Source:

45. September 23, threatpost – (International) New Mac OS X trojan Imuler hides inside malicious PDF. Malware that targets Mac OS X is not anywhere near catching up to Windows-based malware in terms of volume and variety, but it appears OS X malware may be adopting some of the more successful tactics Windows viruses have been using to trick users. Researchers have come across a sample of an OS X-based trojan that disguises itself as a PDF file, a technique in favor among Windows malware authors for several years now. The new piece of malware hides inside a PDF file and delivers a backdoor that hides on the user's machine once the malicious file is opened. Once the user executes the malware, it puts the malicious PDF on the machine and then opens it as a way to hide the malicious activity going on in the background, according to an analysis by researchers at F-Secure. The trojan then installs the backdoor, which is named Imuler.A, which attempts to communicate with a command-and-control server. That server is not capable of communicating with the malware, however, the researchers found, so the malware is on its own once it is installed on a victim's machine. Source:

46. September 23, IDG News Service – (International) 'Lurid' malware hits Russia, CIS countries. Researchers from Trend Micro said September 22 they discovered a series of hacking attacks targeting space-related government agencies, diplomatic missions, research institutions, and companies located mostly in Russia but also Vietnam and Commonwealth of Independent States countries. In total, the attacks targeted 1,465 computers in 61 countries. The attacks, which Trend Micro dubbed "Lurid," are not particularly unusual compared to other stealthy, long-range hacking campaigns publicized recently, according to Trend Micro's director of security research and communication for Europe. Targeted e-mails were sent to employees that were engineered to attack unpatched software and sought to steal spreadsheets, Word documents, and other data. The pilfered documents were then uploaded to Web sites hosted on command-and-control servers in the United States and the United Kingdom, the director said. The location of the servers in these attacks shows hackers can choose servers anywhere in the world to collect stolen data, which is not an indication of where the hackers may be located, he said. Source:

47. September 22, CNET News – (Arizona; California; International) Alleged LulzSec, Anonymous hackers arrested in Ariz., Calif. An 23-year-old man from Phoenix, Arizona, was arrested September 22 for allegedly stealing data from Sony Pictures Entertainment earlier in 2011, and two others were indicted on charges of participating in a denial-of-service (DoS) attack that temporarily shut down Santa Cruz County, California servers in late 2010. The 23-year-old was indicted September 2 by a federal grand jury on charges of conspiracy and unauthorized impairment of a protected computer, the FBI said in a statement. Separately, a 47-year-old man from Mountain View, California, was arrested and appeared before a magistrate judge in U.S. District Court for the Northern District of California in San Jose, said a U.S. Department of Justice statement released September 22. The judge ordered a bail study be done, and set a court appearance for September 29. The 47-year-old, who allegedly uses the alias "Commander X," and a 26-year-old from Ohio, were indicted on charges of conspiracy to cause intentional damage to a protected computer, causing intentional damage to a protected computer, and aiding and abetting by participating in a distributed DoS attack on Santa Cruz County servers December 16, 2010, shutting down the Web site. A criminal summons was issued to the 26-year-old, aka "Absolem" or "Toxic," to appear before a magistrate in San Jose November 1. Source:

48. September 21, Computer Weekly – (International) Hackers turn to online games to target victims. Scammers and hackers are increasingly using online games to trick victims into installing malicious software onto computers, warns security firm BitDefender. Children are the most obvious target with simple games being laced with botnet infections and malware targeting financial data. The problem is only set to grow, said BitDefender, with a recent online survey revealing that about 47 percent of children in the United Kingdom and the United States have their own social network accounts, and a quarter of parents do not monitor their children's online activity. In the past week, BitDefender researchers have discovered more than half a dozen samples of games rigged with trojans that could steer children to Web pages that install malicious software potentially capable of stealing financial data or injecting spyware. Cyber criminals are also targeting children through educational and entertainment sites. In all cases, researchers found the malicious code was planted on legitimate, high-traffic Web sites. Source:

49. September 20, threatpost – (International) Nation-state attackers are Adobe's biggest worry. Attackers have made Adobe's products key targets for the last several years, routinely going after bugs in Reader, Flash, and Acrobat in targeted attacks and widespread campaigns alike. However, it is not just the rank-and-file miscreants who are making Adobe a priority; it is more often nation-states, the company's top security official said. Adobe, like many other large software companies, has contacts in the big defense contractors, government agencies, and other organizations that are most often the targets of state-sponsored attacks. So when a new attack begins, the company typically hears about it within hours as customers begin to call and report a new threat involving an Adobe product. Since the company began its software security program several years ago, the sophistication level of the people finding and exploiting new bugs in Flash or Reader has gone up significantly. Now, according to the senior director of product security and privacy at Adobe, it is at a point where the company's main adversaries are state-sponsored actors. Source:

Communications Sector

Nothing to report

No comments: