Wednesday, December 28, 2011

Complete DHS Daily Report for December 28, 2011

Daily Report

Top Stories

• A surgeon, a medical technician, and a pilot were killed December 27 when a medical helicopter crashed 12 miles north of Palatka, Florida. – CNN (See item 29)

29. December 27, CNN – (Florida) 3 dead in Florida medical helicopter crash. A surgeon, a medical technician, and a pilot were killed December 27 when a medical helicopter crashed in Florida, the Mayo Clinic said. The helicopter crashed about 12 miles northeast of Palatka, Florida, according to a Federal Aviation Administration (FAA) spokeswoman. The clinic said the helicopter was carrying two employees to theUniversity of Florida in Gainesville to harvest organs when the crash occurred. The helicopter was owned by SK Jets, according to the FAA. The company has not commented on the crash. Source:

• A fight that started in the Mall of America in Bloomington, Minnesota, lead to 10 arrests December 26. Witnesses said the melee had elements of a ―smash and grab‖ flash mob while police verified that more than 200 people total may have been involved. – Minneapolis Star-Tribune (See item 41)

41. December 27, Minneapolis Star-Tribune – (Minnestoa) Moving melee causes chaos at packed Mall of America. A fight that started in a food court quickly spread through the Mall of America in Bloomington, Minnesota, December 26. Several witnesses said the melee had elements of a ―smash and grab‖ flash mob, including heavy use of cellphones. They said those creating the disturbance numbered in the hundreds, some knocked down shoppers and grabbed items from kiosks and other shoppers. Although Bloomington police verified that some groups were as large as 100 people and that more than 200 people total may have been involved, they received no reports of stolen merchandise. Several stores, including Nordstrom, closed internal gates to the mall court, and a few stayed closed for the evening. More than 30 Bloomington Police, as well as Metro Transit and Richfield officers, responded. Bloomington Police and mall security arrested at least 10 juveniles and young adults on suspicion of disorderly conduct. Mall officials said it took more than an hour to quell the disturbance. However, many witnesses reported that fights continued to flare in the mall well after. Metro Transit Police said they broke up several fights outside the mall later in the evening. That agency‘s officers also monitored bus routes from the mall to Minneapolis, St. Paul, and Brooklyn Center. At a downtown St. Paul stop, four juveniles and an adult were arrested on suspicion of disorderly conduct. Source:


Banking and Finance Sector

10. December 27, Federal Bureau of Investigation – (New York) Queens man who orchestrated $10 million commercial bank fraud and bank bribery scheme pleads guilty in Manhattan federal court. The U.S. Attorney for the Southern District of New York announced that a man pleaded guilty December 27 to participating in a bank fraud and bank bribery scheme to defraud several banks of at least $10 million by obtaining commercial loans and lines of credit using false and fraudulent documents. The defendant was previously charged in a superseding indictment along with two accomplices. As part of the scheme, the man allegedly submitted loan applications in the names of shell companies with no assets and straw owners, using fraudulent documents they created to dupe the banks into believing those entities were real. The defendant also paid bribes totaling over $135,000 to an employee of Citibank to obtain $2.45 million worth of loans. From 2009 to November 2010, the three men and others fraudulently obtained at least 16 commercial loans and/or lines of credit, receiving at least $10 million, from eight different lenders—Capital One Bank, NA.; Citibank, NA. (―Citibank‖); First Republic Bank; Herald National Bank; New York Commercial Bank; Signature Bank; Sovereign Bank; and TD Bank, NA. All of these loans are presently in default. The defendant pleaded guilty to one count of conspiracy to commit bank fraud, five substantive counts of bank fraud, and one count of bank bribery. Each count carries a maximum potential penalty of 30 years in prison. He faces a maximum potential penalty of 210 years in prison. In addition, the bank fraud counts each carry a potential fine of $1,000,000, and the bank bribery count carries a potential fine of $1,000,000 or three times the value of the bribe. As part of his agreement, he agreed to forfeit at least $8,200,000. Source:

11. December 27, Financial Industry Regulatory Authority – (National) FINRA fines Credit Suisse Securities $1.75 million for regulation SHO violations and supervisory failures. The Financial Industry Regulatory Authority (FINRA) announced December 27 that it fined Credit Suisse Securities (USA) LLC $1.75 million for violating Regulation SHO (Reg SHO) and failing to properly supervise short sales of securities and marking of sale orders. As a result of these violations, Credit Suisse entered millions of short sale orders without reasonable grounds to believe that the securities could be borrowed and delivered and mismarked thousands of sales orders. FINRA found that from June 2006 through December 2010, Credit Suisse‘s Reg SHO supervisory system regarding locates and the marking of sale orders was flawed and resulted in a systemic supervisory failure that contributed to significant Reg SHO failures across its equities trading business. During the time period, Credit Suisse released millions of short sale orders to the market without locates, including threshold and hard to borrow securities. The locate violations extended to numerous trading systems, aggregation units, and strategies. In addition, Credit Suisse mismarked tens of thousands of sale orders in its trading systems. The mismarked orders included short sales that were mismarked as ―long,‖ resulting in additional violations of Reg SHO‘s locate requirement. As a result of its supervisory failures, many of Credit Suisse‘s violations were not detected or corrected by the firm until after FINRA‘s investigation caused Credit Suisse to conduct a substantive review of its systems and monitoring procedures for Reg SHO compliance. FINRA found that Credit Suisse‘s supervisory framework over its equities trading business was not reasonably designed to achieve compliance with the requirements of Reg SHO and other securities laws, rules, and regulations throughout the period at least June 2006 through at least December 2010. In concluding this settlement, Credit Suisse neither admitted nor denied the charges, but consented to the entry of FINRA‘s findings. Source:

12. December 23, U.S. Securities and Exchange Commission – (California; International) SEC charges securities trader with cross-border fraudulent interpositioning scheme. The Securities and Exchange Commission (SEC) December 23 charged a former securities trader at a San Diego-based brokerage firm with orchestrating an illegal trading scheme. The SEC alleges that the former trader acted in concert with a Mexican investment adviser, InvesTrust, and unnecessarily inserted a separate broker-dealer as a middleman into securities transactions in order to generate millions of dollars in additional fees. The trader agreed to pay $1 million to settle the SEC‘s charges. The SEC also charged his former firm Investment Placement Group (IPG) and its chief executive officer (CEO) with failing to properly supervise the trader. IPG agreed to pay more than $4 million to settle the charges. In an interpositioning scheme, an extra broker-dealer is illegally added as a principal on trades even though no real services are being provided. The SEC alleges that the trader colluded with InvesTrust and needlessly inserted a broker-dealer based in Mexico into securities transactions between IPG and InvesTrust‘s pension fund clients, causing the pension funds to pay approximately $65 million more than they would have without the middleman. According to the SEC‘s order, the scheme occurred from January to November 2008. The trader in coordination with InvesTrust acquired 10 different credit-linked notes in an IPG proprietary account. The SEC alleges that IPG, through the trader, added a markup of roughly 1.5 to 4.5 percent to the purchase price and then sold the notes to the middleman Mexican brokerage firm. IPG, through the trader, then repurchased the notes from the Mexican brokerage firm within a day or so at a slightly higher price. IPG added another markup and then sold the securities to InvesTrust‘s pension fund clients. According to the SEC‘s order, in some instances the trader repeated the buy-sell pattern with the middleman Mexican brokerage firm multiple times, driving up the price with each successive trade before finally selling the notes to the pension funds at artificially inflated prices. He received millions of dollars in additional markups generated from the interpositioned transactions. Source:

13. December 23, U.S. Securities and Exchange Commission – (National) SEC charges GE Funding Capital Market Services with fraud involving municipal bond proceeds. The Securities and Exchange Commission (SEC) December 23 charged GE Funding Capital Market Services (CMS) with securities fraud for participating in a wide-ranging scheme involving the reinvestment of proceeds from the sale of municipal securities. GE Funding CMS agreed to settle the SEC‘s charges by paying approximately $25 million that will be returned to affected municipalities or conduit borrowers. The firm also entered into agreements with the Department of Justice, Internal Revenue Service, and a coalition of 25 state attorneys general and will pay an additional $45.35 million. The settlements arise from extensive law enforcement investigations into widespread corruption in the municipal reinvestment industry. In thpast year, federal and state authorities have reached settlements with four other financial firms, and 18 individuals have been indicted or plead guilty, including three former GE Funding CMS traders. According to the SEC‘s complaint, in addition to fraudulently manipulating bids, GE Funding CMS made improper, undisclosed payments to certain bidding agents in the form of swap fees that were inflated or unearned. These payments were in exchange for the assistance of bidding agents in controlling and manipulating the competitive bidding process. The SEC alleges that from August 1999 to October 2004, GE Funding CMS illegally generated millions of dollars by fraudulently manipulating at least 328 municipal bond reinvestment transactions in 44 states and Puerto Rico. GE Funding CMS won numerous bids through a practice of ―last looks‖ in which it obtained information regarding competitobids and either raised a losing bid to a winning bid or reduced its winning bid to a lower amount so that it could make more profit on the transaction. In connection with other bids, GE Funding CMS deliberately submitted non-winning bids to facilitate bidset up in advance by certain bidding agents for other providers to win. GE Funding CMS‘s fraudulent conduct also jeopardized the tax-exempt status of billions of dollars in municipal securities because the supposed competitive bidding process that establishes the fair market value of the investment was corrupted. Source:

For more stories, see items 35 and 36 below in the Information Technology Sector, and 39 below in the Communications Sector

Information Technology

33. December 27, Softpedia – (International) Siemens promises to patch SCADA flaws after they angered researcher. Siemens has come forward with a statement reporting that they are planning to fix vulnerabilities in SCADA systems next month after a researcher highlighted the issues earlier in 2011, Softpedia reported December 27. The researcher became upset the week of December 19 after he found out from a Reuters reporter that Siemens officially denied knowing of the authentication flaws he had disclosed to them. Siemens later released an official comment stating that their development team had taken action and the vulnerabilities will be fixed by security updates, the first of which is planned to be issued in January 2012. Source:

34. December 27, Softpedia – (International) HP releases firmware update to prevent unauthorized access. HP released a firmware update to mitigate vulnerabilities that could allow a hacker to remotely control HP LaserJet printers to launch cyberattacks, steal information, and in some scenarios even set them on fire, Softpedia reported December 27. Columbia University researchers discovered the vulnerabilities in November. The vulnerabilities and lack of an HP signature to authenticate firmware updates have concerned security experts since the researchers shared their findings. Source:

35. December 26, MacWorld – (International) Report: Phishing attack targets Apple customers. A ―vast phishing attack‖ that attempts to capture the credit card information of Apple customers was launched December 25, according to a report from Mac security-software company Intego. In a posting on its Mac Security blog, Intego said that the attack was an attempt to fool Apple customers into clicking on a link under the guise of updating the billing information of their Apple accounts. Users who click on the link in the phony e-mail will be taken to a realistic looking sign-in page that asks for the user‘s Apple ID and password. The user is then taken to a page asking them update account profile information, including credit card information. Intego reported that the messages are being sent with the subject ―Apple update your Billing Information‖ from a spoofed email address of ―‖ Source:

36. December 26, CNN – (International) Hackers target global analysis company. The global intelligence company Stratfor was hacked and had user information including credit card numbers posted online, CNN reported December 26. Around 4000 credit card numbers were released. Some Stratfor customers reported fraudulent charges being made to their credit cards after the information was posted on Pastebin. It was unclear whether the breach and apparent release of credit card information was the work of the activist hacking group Anonymous. The initial posting on Pastebin credited the AntiSec group, but a later message claiming to represent Anonymous denied any affiliation with the attack. Source:

Communications Sector

37. December 27, Associated Press – (Texas) West Texas phones out after line severed. All phone service was disrupted for much of December 26 in far West Texas after a fiber-optic line just south of Monahans was severed. An AT&T spokeswoman said a contractor accidentally cut an underground fiber optic line, cutting service in the provider‘s West Central Texas district. That left callers to Fort Stockton, Alpine, Fort Davis, Marfa, and other places getting a persistent busy signal. People in Terlingua in the Big Bend told the Odessa American their landline phones had been fine but cell service was knocked out. The Fort Stockton police chief told television station KOSA his department had to use an emergency backup plan that forwarded calls to a working county, which then relayed the information back. He said AT&T service was restored by the night of December 26. Source:

38. December 25, WZVN 7 Fort Myers – (Florida) Copper theft disrupts Port Charlotte phone service. 300 Port Charlotte, Florida residents were without phone service after a copper theft from Century Link telephone equipment the week of December 19. The Charlotte County Sheriff‘s Office said this is the fifth copper theft from phone equipment boxes in Charlotte County in the past several days. The service disruption affected customers within a square mile area. CenturyLink officials said the repairs were completed by 7 p.m. December 24. Source:

39. December 23, Fort Worth Star-Telegram – (Texas) Feds untangle $20 million scheme in DFW against telecom companies. For years, a dozen or more conspirators ran a scheme in North Texas to rip off some of the nation‘s telecommunication giants, the Fort Worth Star-Telegram reported December 23. The $20 million cybercrime spree crumbled because of evidence painstakingly gathered from businesses and seized from the homes of conspirators. The week of December 19, two conspirators were convicted by a federal jury of one count each of conspiracy to commit wire fraud and mail fraud, federal officials said. One of the men was also convicted on three other counts. Twelve others charged in the case have pleaded guilty to their various roles, including the scheme‘s mastermind and his wife. The fraud went on for years as the conspirators played shell games and ripped off telecommunication giants for services they seldom paid for, court records say. The scheme included using homeless people, fake tax documents, bogus financial statements, and ever-changing addresses. To prosecute the case, the government gathered invoices, contracts, and financials. There were e-mails discussing subjects such as avoiding detection, due process, ―burning cash,‖ ―flaming ferrets,‖ and hiding spam. Federal agents seized tax reports, passports, computers, memory sticks, hard drives, and power supplies. The government presented evidence that, as part of a conspiracy, the men lied to obtain goods, such as computers and telecommunication equipment. They also created and bought shell companies to hide the identities of the owners or operators of the companies. ―The conspirators paid ... homeless persons for the use of their identities to ‗act‘ as the officers, directors or managers of the shell companies,‖ a news release from a U.S. attorney said. The conspirators defrauded companies including AT&T, Verizon, XO Communications, Excel Communications, Waymark Communications,, and CommPartners, the government said. Landlords were stiffed. Leasing companies and creditors, including Wells Fargo and AT&T Capital Services, were not paid. Credit-reporting agencies, power companies, insurance and air-conditioning companies, and Web site developers were among those deceived. Source:

No comments: