Thursday, March 10, 2011

Complete DHS Daily Report for March 10, 2011

Daily Report

Top Stories

IDG News Service reports a former engineer with U.S. military contractor L-3 Communications is facing as much as 20 years in prison on charges he illegally exported military data to China. (See item 16)

16. March 8, IDG News Service – (New Jersey; International) Defense contractor charged with stealing secrets on laptop. A former engineer with U.S. military contractor L-3 Communications is facing as much as 20 years in prison on charges he illegally exported military data to China, IDG News Service reported March 8. He was charged March 4 in United States District Court for the District of New Jersey, but the complaint was not unsealed until March 8, the date the suspect was set to appear in federal court in Chicago. The man was stopped by U.S. Customs and Border Protection officers November 29, 2010, after flying back from a speaking engagement at a highly technical nanotechnology conference hosted by local universities and Chinese government officials. Border agents became suspicious when the agents found a conference lanyard in his luggage during a secondary inspection at New Jersey’s Newark Liberty International Airport. The suspect had said he had been in China to visit family. “Customs officers found a folder containing multiple pages of technical language, pictures of military weapons systems, and documents written in Chinese,” wrote an FBI special agent in an affidavit. Border guards also found a laptop. After obtaining a search warrant, federal investigators then discovered hundreds of company documents on the man’s computer, including several that contained technical data on guidance and control systems governed by U.S. arms export control laws. Source:

• According to the Baltimore Sun, Maryland health officials said nearly 100 people reported symptoms of viral gastroenteritis after a swim meet at the U.S. Naval Academy in Annapolis. (See item 37)

37. March 8, Baltimore Sun – (Maryland) Nearly 100 ill after weekend swim meet at Naval Academy. Nearly 100 people reported symptoms of viral gastroenteritis after a swim meet at the U.S. Naval Academy in Annapolis, Maryland, state health officials said. Several athletes got sick on the pool deck during the finals session of the Maryland State Swimming Championships March 5, according to a letter on the Maryland Swimming Web site. Of the 99 people who reported illnesses to Maryland Swimming after the events, 89 were swimmers, about 7 or 8 others were officials or coaches on the pool deck, and others were parents or spectators, said the organization’s general chair. “This is unprecedented,” he said. The state health department is still testing stool samples from people who were sick to determine what pathogen caused the illness, said the chief of the health department’s center for surveillance, infection prevention, and outbreak response. The symptoms match those of viral gastroenteritis, which typically passes within 24 to 48 hours, she said. Gastroenteritis is caused by noroviruses, which are normally transmitted through contact with an infected person, such as sharing food or a water bottle, or on dirty towels or bathroom doorknobs — “anything where the virus would be on the material,” she said. The naval academy follows federal guidelines for maintaining the pool and cleaning it after biologic material has entered the water. “It would be unusual in a chlorinated pool where they were doing proper protocol for that to be the source of transmission,” she said. One swimmer, at the conclusion of a March 5 event, vomited on the pool edge as he left the water. Meet officials stopped the competition for at least 45 minutes to clean up the area, treat the water and check disinfectant levels, which were within the proper range, he said. About 20 percent of scheduled participants did not return to the venue March 6. Source:,0,2367500.story


Banking and Finance Sector

17. March 9, KVOA 4 Tucson – (Arizona) 12 Arizonans charged in $24 million mortgage fraud scheme. Twelve Arizonans have been indicted, allegedly for conspiring to commit mortgage fraud in Tucson and Scottsdale, Arizona, to obtain loans totaling almost $19 million, and $5 million in “cash back” loan proceeds. The indictment alleges the defendants knowingly submitted a materially false loan application, or other false documents, to banks and lending institutions for the purchase, refinance, or home equity financing of 18 residential properties. The total cash back received by the co-conspirators was about $2.9 million — most of the properties went into foreclosure. The indictment alleges similar activity — that false loan applications containing misinformation about the borrowers’ income and liabilities were submitted to lending institutions, with over $2.5 million in loan proceeds ultimately directed back to the defendants. “Mortgage fraud has contributed to the collapse of our real estate market in Arizona,” said a Special Agent in Charge, Internal Revenue Service, Criminal Investigation. Source:

18. March 8, Miami Herald – (Florida) Star witness in mortgage fraud conspiracy case testifies against police officers. Testimony continued March 8 in Fort Lauderdale, Florida, in the federal mortgage fraud trial of six Broward law enforcement officers. Prosecutors said the five cops and one federal agent secured $16.5 million in mortgage loans during the boom by falsifying documents and lying on loan applications for 68 properties. Facing conspiracy charges are former or current Plantation police officers, a Lauderhill police officer, and an FBI special agent. The defendants claimed they did not lie about anything. The mortgage brokers handling their transactions lied and falsified the documents, duping the officers and agent as well as several banks and mortgage lenders. Two men claimed they persuaded lenders to approve the applications, by making up fake lease agreements for properties the defendants already owned, to try to show non-existent rental income. Many of the fake leases used the names of one man’s high school classmates and in-laws. The two men also falsely told lenders the defendants planned to make the investment properties their primary residences. The ultimate goal, the man said, was to secure better interest rates and larger loans for the defendants. Source:

19. March 8, ATM Marketplace – (Missouri) Two men pled guilty to ATM Solutions robbery. Two men have pleaded guilty to the robbery of ATM Solutions Inc.’s St. Louis, Missouri office and warehouse before escaping with $6.6 million in the summer of 2010. The suspect admitted March 3 to being one of four gunmen who robbed the business August 2. Another man pleaded guilty to four counts of superseding information, charging him with armed robbery. The U.S. Attorney’s Office filed the complaint January 21 with the United States District Court for the Eastern District of Missouri in St. Louis. The two men are St. Louis residents. The holdup occurred when four robbers, armed with assault rifles and handguns, forced their way inside ATM Solutions offices at 5 a.m., just as a security guard arrived for work. The robbers disarmed him and waited for a second security guard to arrive. They also took his gun and forced the security guards to open the safe. After tying up the guards, the robbers loaded the cash into an armored car and escaped. ATM Solutions, which is based in Cincinnati, offered a reward of up to $150,000 for information leading to the arrest and capture of the gunmen. FBI agents arrested one man after $250,000 was found in the trunk of his Dodge Charger. In addition to his car, FBI agents found money taken in the robbery in the attic of the man’s home and in a storage locker. Source:

For another story, see item 53 below

Information Technology

49. March 9, IDG News Service – (International) Tests find security tools failures. A new round of antivirus testing found some products fail to detect malware that tries to infect a computer via a different attack vector, such as through a local network fileshare or a USB drive. The tests, conducted by NSS Labs, sought to find out how effective security products are at detecting malware from various attack vectors. Malware can be delivered to a computer via rigged Web sites, e-mail attachments, and USB flash drives, among other ways. Although drive-by downloads remain the most common attack vector, about 15 percent of attacks are delivered via e-mail with a malicious attachment, such as a PDF document. Many security products allow users to download all of their e-mail to their inbox by default and not scan it, even if it contains malware. “Surprisingly, many products tested did not remove malware from the inbox by default,” according to the report, titled “Socially-engineered Malware Via Multiple Attack Vectors.” Of the 10 products tested, the average protection rate was just 36 percent. NSS Labs said if a company runs a centralized, server-based security product that is integrated with the e-mail servers, such as Microsoft’s Exchange or IBM’s Lotus Notes, the malware may be removed before it reaches an end user. Source:

50. March 9, H Security – (International) Apple releases Java security updates. Apple has issued Java updates for versions 10.5 Leopard and 10.6 Snow Leopard of its Mac OS X operating system, patching a number of security holes and bringing its two latest versions of OS X up to date. The updates include Java SE 6 Update 24 from the middle of February, which addressed a floating point vulnerability that affected Java. Update 4 for Mac OS X 10.6 fixes 16 vulnerabilities, while Update 9 for Mac OS X 10.5 closes 27 holes. According to Apple, many of the issues could allow an untrusted Java applet to execute arbitrary code outside the Java sandbox when visiting a malicious Web page. Java for Mac OS X 10.6 Update 4 requires version 10.6.4 or later, and Java for Mac OS X 10.5 Update 9 requires 10.5.8 or later. Source:

51. March 9, H Security – (International) Google releases Chrome 10 stable, improves JavaScript performance. Just over 1 month after the previous stable channel release, Google has issued version 10 of the Chrome Web browser into the stable channel. This major update to the WebKit-based browser was previously only available in the Beta channel and moves the full version number up to 10.0.648.127. The update addresses a total of 25 security vulnerabilities in the browser, a majority of which are rated as “high-risk” by Google. The security issues range from memory corruption problems to script handling, crashing bugs, text rendering, and same origin bypass holes. Further details of the vulnerabilities are being withheld until “a majority of users are up-to-date with the fix.” Source:

52. March 9, H Security – (International) Microsoft closes critical holes in Windows Media Player and Media Center. Microsoft has released three updates to close four holes. MS11-015 fixes two bugs in its Windows Media Player and Media Center software. Attackers can exploit a bug in the code for processing DVR-MS files (Microsoft Digital Video Recording) to inject and execute arbitrary code. Microsoft said that visiting a specially crafted Web page is all that is required to become a victim. The company considers it likely functioning exploits will appear. The second hole in the Media Player and Media Center is a further instance of the problem known as DLL hijacking or binary planting that has been around for months. If a developer has not explicitly stated the path of a DLL, Windows successively searches various folders to find it. In the worst case, the program will retrieve the DLL from a network volume that has been compromised by an attacker. The remaining two updates for the Remote Desktop Client (RDP) and the Office Groove collaboration software also deal with the same problem. Source:

53. March 9, The Register – (International) DDoS botnet attacks gold miners and wine makers. Security researchers have discovered a strain of DDoS botnet agent that launches an attack against large corporate investment groups and mining-related interests. The JKDDOS botnet launches packet-flooding attacks on targeted Web sites from malware-infected zombie PCs. Targets over the months have included gaming sites and online stores as well as more obscure and unusual targets. For example, an investment firm was repeatedly targeted for attack, DDoS mitigation tool firm Arbor Networks reports. “A well-known investment company based in New York City was attacked by a JKDDOS botnet on six separate occasions during the 10-day period starting on October 21, 2010, with the shortest and longest attacks lasting approximately three and 33 hours, respectively,” a security researcher at Arbor, writes. “Three different victims have some connection to the gold mining industry, and one victim was a manganese miner.” The botnet, seeded from exploit-serving Web sites in China and the United States and controlled through a command infrastructure in China, has also attacked a “a corporate holding company that invests in major wineries.” Source:

54. March 8, Associated Press – (Minnesota) Minnesota man sentenced for stealing $388K from computer parts manufacturer. A Minnesota man has been sentenced to more than a year in prison for scheming to cheat computer parts maker Cisco Systems Inc. out of about $388,000. The U.S. Attorney’s office said the 46-year-old of Brooklyn Park was sentenced March 8 to 15 months in prison on one count of mail fraud. The man was manager of network services for Woodbury-based Postal Credit Union. In his plea agreement, he admitted that from June 2007 to October 2009 he falsely notified Cisco that parts in PCU’s computer systems were faulty. He sold the Cisco replacement parts online and returned cheap secondhand units to Cisco as the allegedly defective parts. Source:

Communications Sector

55. March 8, Homeland Security News Wire – (Wisconsin) Wisconsin introduces law to ban fake caller IDs. Republican legislators in Wisconsin have introduced a bill that would make it illegal to use caller ID services that can generate fake numbers, Homeland Security News Wire reported March 8. The law drafted by a Wisconsin senator and a state representative prohibit people from using a fake caller ID number to “defraud, cause harm, or gain anything of value.” In 2010, Congress passed a similar bill that banned the use of “phone spoofing” technologies. Companies like Spooftel and Spoofcard allow an individual to choose what number they wish to appear on another person’s caller ID when they call. The new bill would allow law enforcement officials to target individuals making prank calls in addition to prosecuting companies that provide spoofing technology. Source: