Wednesday, September 28, 2011
Complete DHS Daily Report for September 28, 2011
Daily Report
Top Stories
• A 22-year-old man from Russia pleaded guilty in court in New York to his role in a global bank fraud scheme that used malware to steal more than $3 million from U.S. bank accounts. – Federal Bureau of Investigation See item 16 below in the Banking and Finance Sector
• The North American Liberation Press animal-rights group has claimed responsibility for a series of recent attacks, including a September 26 fire in Idaho that destroyed a fur and fireworks store. – Boise Weekly (See item 52)
52. September 26, Boise Weekly – (Idaho; Oregon; International) Animal-rights group claims responsibility for fireworks-fur shop arson. In a letter obtained by the Associated Press, a group called the North American Liberation Press has claimed responsibility for an arson that torched the Rocky Mountain Fireworks and Fur Co., north of Caldwell, Idaho, September 26. The fire broke out around 5 a.m. at the facility on Highway 20-26, damaging the store that sells fireworks and fur. Crews from Caldwell, Eagle, Middleton, Parma, and Star battled the fire, while morning rush-hour traffic was diverted away from Exit 26 of Interstate 84. The FBI, Bureau of Alcohol, Firearms, and Tobacco, and Canyon County Sheriff's Office are investigating. On September 3, the North American Liberation Press claimed responsibility for destroying fencing at an Oregon elk farm. In June, the group targeted a Vancouver, British Columbia, Canada, fur shop, soaking racks of clothing with chemicals. Source: http://www.boiseweekly.com/CityDesk/archives/2011/09/26/animal-rights-group-claims-responsibility-for-fireworks-fur-shop-arson
Details
Banking and Finance Sector
12. September 27, NBC Connecticut – (Connecticut) Bank bomb threat suspect nabbed. Coventry, Connecticut police September 26 arrested a suspect in a series of bomb threats at local banks. Between September 22 and September 23, three reports of bombs were made at Coventry banks, police said. Two were at the First Niagara Bank, at 3534 Main Street, and the other was at First Niagara Bank at 1372 Main Street. Twice, a woman called the banks and said a bomb might be inside. The third complaint was a hand-written letter left in the night deposit box that threatened a bomb. Police identified a 45-year-old Coventry woman as the suspect. A detective and FBI agents found her driving in Coventry, apprehended her, and later arrested her. She was charged with three counts of first-degree threatening, and bond was set at $375,000. Police said similar bomb threats were also made against First Niagara Banks in Mansfield and Cromwell, as well as bomb threats in Manchester. Those incidents are still under investigation. Source: http://www.nbcconnecticut.com/news/local/Coventry-Bank-Bomb-Threat-Suspect-Nabbed-130625243.html
13. September 27, U.S. Securities and Exchange Commission – (Wisconsin) SEC charges RBC Capital Markets in sale of unsuitable CDO investments to Wisconsin school districts. The U.S. Securities and Exchange Commission (SEC) September 27 charged RBC Capital Markets LLC for misconduct in the sale of unsuitable investments to 5 Wisconsin school districts and its inadequate disclosures regarding the risks associated with those investments. According to the SEC’s order, RBC marketed and sold to district-created trusts $200 million of credit-linked notes tied to the performance of synthetic collateralized debt obligations (CDOs). The school districts contributed $37.3 million to the investments with the remainder of the investment coming from funds borrowed by the trusts. The sales took place despite significant concerns within RBC about the suitability of the product for municipalities like the districts. Additionally, RBC's marketing materials failed to adequately explain risks associated with the investments. RBC agreed to settle the SEC’s charges by paying $30.4 million that will be distributed in varying amounts to the districts. Last month, the SEC separately charged St. Louis-based brokerage firm Stifel, Nicolaus & Co. and a former senior executive with fraudulent misconduct in connection with the same sale of CDO investments. RBC consented to the entry of the SEC’s order without admitting or denying the findings. The order censured RBCl and directed that it cease and desist from committing or causing any violations and any future violations of Sections 17(a)(2) and 17(a)(3) of the Securities Act of 1933, which among other things prohibit obtaining money by means of an untrue statement of material fact, and engaging in any transaction, practice, or course of business that operates as a fraud or deceit upon the purchaser. RBC agreed to pay disgorgement of $6.6 million, prejudgment interest of $1.8 million, and a penalty of $22 million. Source: http://www.sec.gov/news/press/2011/2011-191.htm
14. September 26, Bloomberg – (Georgia) Carter’s ex-executive Elles pleads not guilty to fraud charges. A former sales executive at Carter’s Inc. September 26 pleaded not guilty in Atlanta, Georgia, to charges he reported inflated sales at the world’s biggest maker of children’s clothing. A U.S. magistrate judge granted $100,000 bail after his arraignment on 32 counts including securities fraud, wire fraud, causing the filing of false financial statements, and falsifying corporate books and records. The 57-year-old former executive vice president “induced” customers such as Kohl’s Corp. to make ”substantial purchases” of Carter’s products at unauthorized millions of dollars in discounts that he did not disclose, according to the indictment filed September 21. He allegedly hid those discounts, causing the company to overstate profit, prosecutors said. He also aided others, some of whom U.S. prosecutors have not identified, according to the indictment. The U.S. Securities Exchange Commission (SEC) sued the ex-executive in December 2010. He faces up to 10 years in prison if convicted, an assistant U.S. attorney said in court. The executive's employment “terminated in March 2009,” Carter’s vice president of investor relations said in an e-mailed statement. Source: http://www.businessweek.com/news/2011-09-26/carter-s-ex-executive-elles-pleads-not-guilty-to-fraud-charges.html
15. September 26, Associated Press – (National) Feds returning funds to online Ponzi scam victims. Federal authorities said September 26 they are returning $55 million to people ripped off by an Internet-based Ponzi scam. The Justice Department and Secret Service announced that they are returning the funds to 8,400 victims who invested on sites run by AdSurf Daily Inc. The company's founder of Quincy, Florida, has been indicted in connection with the investigation but has pleaded not guilty and is awaiting trial. He is accused of drawing in investors by promising returns of 125-150 percent on their money if they would view Web sites for a few minutes each day. The U.S. attorney's office in Washington D.C. obtained money to repay victims through forfeiture of numerous bank accounts, real estate, luxury vehicles, and watercraft. Source: http://www.google.com/hostednews/ap/article/ALeqM5itDhHyJl_Zm41GxHTr3KGXuSx_Pw?docId=e1638f9cc9f949f1b78e76050c210376
16. September 23, Federal Bureau of Investigation – (International) Nikolay Garifulin pleads guilty in Manhattan federal court to involvement in global bank fraud scheme that used “Zeus trojan” to steal millions. The U.S. Attorney for the Southern District of New York announced a 22-year old man from Russia pleaded guilty September 23 to conspiracy to commit bank fraud and possess false identification documents for his role in a global bank fraud scheme that used hundreds of phony bank accounts to steal more than $3 million from U.S. accounts compromised by computer malware attacks. The man was the last of 27 defendants arrested on federal charges to plead guilty to participating in the scheme. The cyber-attacks began in Eastern Europe, and included the use of a malware known as the “Zeus trojan.” It was typically sent as seemingly benign e-mail to computers at small businesses and municipalities in the United States. Once the e-mail was opened, the malware embedded itself in users' computers, and recorded keystrokes as they logged into bank accounts. The hackers used the stolen data to take over the bank accounts, and made unauthorized transfers of thousands of dollars at a time to receiving accounts controlled by co-conspirators. These receiving accounts were set up by a ”money mule organization” responsible for retrieving and transporting or transferring the stolen money overseas. To carry out the scheme, the money mule organization recruited individuals who had entered the United States on student visas, providing them with fake foreign passports, and instructing them to open false-name accounts at U.S. banks. Once these fake accounts were successfully opened and received the stolen funds, the “mules” were instructed to transfer the proceeds to other accounts, most of which were overseas, or to withdraw the proceeds and transport them overseas as smuggled bulk cash. The convict who pled guilty September 23 faces a maximum penalty of 45 years in prison. Source: http://www.fbi.gov/newyork/press-releases/2011/nikolay-garifulin-pleads-guilty-in-manhattan-federal-court-to-involvement-in-global-bank-fraud-scheme-that-used-zeus-trojan-to-steal-millions-of-dollars-from-u.s.-bank-accounts
17. September 23, Federal Bureau of Investigation – (Arizona) Wanted: “Can You Hear Me Now Bandit”. The Phoenix FBI Special Agent in Charge in Arizona announced the FBI’s Bank Robbery Task Force is seeking the public’s assistance in identifying the “Can You Hear Me Now Bandit.” In nine of the robberies, the suspect presented the teller with a demand note. In two other robberies, he made a verbal demand for money. The subject is described as a white or Hispanic male, early 20s to early 30s, 5’3” to 5’10”, 150 to 180 pounds, short black hair, wearing black plastic or aviator sunglasses. He started off wearing jeans with a long sleeve, button-down shirt and a black hat with the “Famous,” ”Etnies,” or “O’Neill” logo on the front, and ”skater”-type shoes. In later robberies, the suspect wore a black suit with a neck tie and a black fedora or cowboy hat. During the last four robberies, he wore a pageboy hat with jeans and a long-sleeve, button-down shirt. In some robberies, the suspect appears to be on a cell phone. Wells Fargo and U.S. Bank are offering up to $10,000 for information leading to the identification and conviction of the robber. Source: http://www.fbi.gov/phoenix/press-releases/2011/wanted-can-you-hear-me-now-bandit?utm_campaign=email-Immediate&utm_medium=email&utm_source=fbi-in-the-news&utm_content=33826
Information Technology Sector
43. September 27, SC Magazine UK – (International) MySQL hack leads to BlackHole exploit. The MySQL Web site was hacked September 26 with a redirect to a malicious domain added. According to a blog post by the CEO of the Web application company Armorize, it redirected to a domain hosting the BlackHole pack that exploits the visitor's browser and plugins to secretly install malware. “The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection”, he wrote. According to a security blogger, he was on "a fairly exclusive Russian hacker forum" the week of September 18 and stumbled upon a member selling root access to mysql.com. The blogger noted MySQL is "a prime piece of real estate for anyone looking to plant an exploit kit." It boasts almost 400,000 visitors per day. ”He offered to sell remote access to the first person who paid him at least $3,000 via the site's Escrow service” according to the security blogger. He said it was possible that 120,000 visitors to the site could have been exposed to the exploit kit. Source: http://www.scmagazineuk.com/mysql-hack-leads-to-blackhole-exploit/article/212902/
44. September 27, IDG News Service – (National) Scammers pretend to be friendly office printers. Hackers have found a new hook to trick people into opening malicious attachments: sending e-mails that purport to come from office printers, many of which now have the ability to e-mail scanned documents, IDG News Service reported September 27. The e-mails invariably contain a Trojan downloader that can be used to download other malware or steal documents from the computer. They have the subject line "Fwd: Scan from a HP Officejet" and read "Attached document was scanned and sent to you using a Hewlett-Packard HP Officejet 05701J" and then "Sent by Morton." A senior analyst at Symantec said it is common for the scammers to spoof the sender's name and make it appear the e-mail came from the same domain as the one that belongs to the recipient. The attachment is a ".zip" file, which experts think seems odd. Most printers with e-mail sending ability can't send a ".zip" file; those printers mostly send image files. Although Windows has the ability to open ".zip" files, there is evidence the scammers are trying to obscure the ".zip" extension for those who use third-party tools to unzip the content. In some archiving tools, the malicious attachment appears to have a ".doc" or ".jpg" file extension. Source: http://www.computerworld.com/s/article/9220315/Scammers_pretend_to_be_friendly_office_printers
45. September 26, Ars Technica – (International) Mac trojan pretends to be Flash player installer to get in the door. Hot on the heels of Mac malware posing as a PDF, Ars Technica reported September 26 a new piece of malware posing as a Flash player installer. Security firm Intego was the first to post about the new malware on its blog, noting although the company has only received one report so far from a user who downloaded it, the malware does exist in the wild and may trick Mac users who don't yet have Flash installed. The malware in question is a trojan horse called Flashback (OSX/flashback.A). If those users also have their Safari settings to automatically open safe files, an installer will show up on their desktops as if they are legitimately installing Flash. Continuing through the installation process will result in the trojan deactivating certain types of security software and installing a dynamic loader library (dyld) that can auto-launch, "allowing it to inject code into applications the user launched." The trojan then reports back to a remote server about the user's MAC address, and allows the server to detect whether the Mac in question has been infected or not. Source: http://arstechnica.com/apple/news/2011/09/mac-trojan-pretends-to-be-flash-player-installer-to-get-in-the-door.ars
For more stories, see item 16 above in the Banking and Finance Sector
Communications Sector
46. September 26, KKTV 11 Colorado Springs – (Colorado) Comcast service restored after crash. Things should be back to normal for Comcast customers in Colorado Springs, Colorado, after a September 26 crash near the intersection of Cascade and Harrison led to an outage for 12,000-15,000 customers. It appears a yellow car hit a utility pole and a stone wall. At least four Comcast vehicles responded. Service was expected to be restored by midnight. Comcast said it does not appear Colorado Springs Utilities (CSU) were disrupted, but their fiber was damaged. CSU must repair the pole before Comcast can fix its equipment, a task that could take take up to 2 hours. The cable provider said this affected roughly 10 percent of their customers in Colorado Springs. Affected customers were on the northwest side of Colorado Springs, including the U.S. Air Force Academy, and Rockrimmon area. Source: http://www.kktv.com/news/headlines/Crash_Causes_Comcast_Outage_130600458.html?ref=458
No comments:
Post a Comment