Monday, March 14, 2011

Complete DHS Daily Report for March 14, 2011

Daily Report

Top Stories

• Associated Press reports a massive earthquake in Japan caused a power outage that disabled a nuclear reactor’s cooling system, and led the nation for the first time ever to declare a state of emergency at a nuclear plant. (See item 9)

9. March 11, Associated Press – (International) Nuke plant trouble after Japan quake; 3K evacuated. Japan’s massive earthquake March 11 caused a power outage that disabled a nuclear reactor’s cooling system, triggering evacuation orders for about 3,000 residents in Onahama City as the government declared its first-ever state of emergency at a nuclear plant. Japan’s nuclear safety agency said pressure inside one of six boiling water reactors at the Fukushima Daiichi plant had risen to 1.5 times the level considered normal. Hours after the evacuation order, the government announced the plant in northeastern Japan will release slightly radioactive vapor from the unit to lower the pressure in an effort to protect it from a possible meltdown. The agency said the radioactive element in the vapor would not affect the environment or human health. After the quake triggered a power outage, a backup generator also failed and the cooling system was unable to supply water to cool the 460-megawatt No. 1 reactor, though at least one backup cooling system was being used. The reactor core remained hot even after a shutdown. The agency said plant workers were scrambling to restore cooling water supply at the plant but there was no prospect for immediate success. Speaking at the White House, the U.S. Secretary of State said U.S. Air Force planes were carrying “some really important coolant” to the site. She said “one of their plants came under a lot of stress with the earthquake and didn’t have enough coolant.” This plant is just south of the worst-hit Miyagi prefecture, where a fire broke out at another nuclear plant. The blaze was in a turbine building at one of the Onagawa power plants; smoke could be seen coming out of the building, which is separate from the plant’s reactor, Tohoku Electric Power Co. said. The fire has since been extinguished. Another plant at Onagawa is experiencing a water leak. Source:

• According to the Anchorage Daily News, five people in the Fairbanks, Alaska, area were arrested on charges connected with a plot to kidnap or kill state troopers and a Fairbanks judge. (See item 48)

48. March 11, Anchorage Daily News – (Alaska) Five charged in alleged plot to kidnap or kill troopers, judge. Five people in the Fairbanks, Alaska, area were arrested March 10 by state and federal law enforcement on charges connected with a plot to kidnap or kill state troopers and a Fairbanks judge, according to the Alaska State Troopers. The Fairbanks police chief said the operation involved multiple police actions related to Fairbanks-area members of the “sovereign citizen” movement. The movement is characterized by a rejection of U.S. laws and taxes. In general, participants believe federal, state and local statutes and laws do not apply to them. The suspects are accused of conspiring to commit murder, kidnapping, and arson, as well as weapons misconduct, hindering prosecution and tampering with evidence, a trooper spokeswoman said in a written statement March 10. An investigation “revealed extensive plans to kidnap or kill Alaska state troopers and a Fairbanks Judge,” the statement said. The plans included “extensive surveillance” on the homes of two Fairbanks troopers, the statement said. “Investigation also revealed that extensive surveillance on troopers in the Fairbanks area had occurred, specifically on the locations of the homes for two Alaska state troopers,” the statement said. “Furthermore, [the suspects] had acquired a large cache of weapons in order to carry out attacks against their targeted victims. Some of the weapons known to be in the cache are prohibited by state or federal law.” Along with troopers and Fairbanks police, the FBI, and U.S. Marshals Service carried out the arrests. Source:


Banking and Finance Sector

18. March 11, Reuters – (Florida; International) British man pleads guilty in U.S. stocks fraud. A British man pleaded guilty March 10 to committing mail and wire fraud in an investment scam selling worthless stocks of dormant and sham U.S. companies that bilked investors of more than $40 million. The man, along with several others, hijacked the trading symbols and other key information of publicly traded companies that had run afoul of U.S. regulators and gone “dormant,” the U.S. attorney’s office in Tampa, Florida, said. Using telemarketers based mostly in Spain, the group sold shares of the stocks, primarily to investors in the United Kingdom, urging them to wire their money to investment funds with bank accounts in Florida, according to prosecutors. The convict faces a maximum penalty of 20 years in federal prison. He was extradited from Spain to face prosecution in the case. As part of a plea agreement, he was ordered to pay restitution to the investors and forfeit properties linked to him in the Turks and Caicos Islands and the Dominican Republic, along with money found in numerous bank accounts in Europe and the United States. Source:,0,7965337.story

19. March 11, WCMH 4 Columbus – (Ohio) Suspect pulls gun on Fifth Third Bank employees. FBI investigators said a man pulled a gun on several bank employees March 10 in Columbus, Ohio. They have released surveillance pictures of the robbery at the Fifth Third at 3460 S. High Street. Witnesses said the man waited in a line, then went to the counter and pulled out a small, silver-colored semi-automatic pistol from his coat pocket. Investigators said the suspect threw a bag over the counter and ordered employees to put money in the bag. The employees gave the suspect cash, and the suspect fled, agents said. According to a witness, the suspect got into a gray, four-door sedan with duct tape over the rear driver’s side window. Source:

20. March 10, Federal Bureau of Investigation – (California) Orange County couple arrested on federal charges of bilking banks out of $130 million in line of credit scam. A Newport Coast, California couple were arrested March 10 after being indicted on federal charges of defrauding a consortium of 8 banks, including Bank of America, out of approximately $130 million. The husband and wife were arrested without incident at their residence by federal authorities. A federal grand jury returned a 9-count bank fraud indictment against the couple March 9. The couple owned an Anaheim company called Galleria USA, Inc., which imported home decor items manufactured in China. The couple obtained a $130 million revolving line of credit for Galleria from a consortium of 8 banks, and they borrowed on this line of credit by exaggerating — allegedly as much as 100 times — the company’s in-transit inventory and accounts receivables. The couple also allegedly fabricated bills of lading and invoices to support the exaggerated numbers and hide Galleria’s true financial status. Each charge of bank fraud carries a statutory maximum sentence of 30 years in federal prison. The case was investigated by the Office of the Special Inspector General for the Troubled Asset Relief Program, the FBI, and the U.S. Secret Service. Source:

21. March 10, KATU 2 Portland – (Washington) Police find ATM skimmer at credit union; suspect sought. Police in Vancouver, Washington, were searching for a man who allegedly put a skimming device on an ATM at a local credit union. At approximately 10:30 p.m. March 6, Vancouver Police responded to the Lacamas Credit Union at 19200 SE 31st Street after someone reported a suspicious device on one of the ATMs, saying he believed there was some type of device located over the card slot. Vancouver police arrived and located a credit card skimming device attached to the ATM as well as a pinhole camera mounted just above the key pad. According to police, it does not appear any financial information was compromised at the ATM where the skimmer was found. The credit union ATM was also equipped with surveillance capability and an image of the suspect was captured. Source:

22. March 10, KWGN 2 Denver – (Colorado) 102 victims now ID’d in eastern Colo. credit card skimming case. So far 102 cases have been reported in a credit card crime spree in Deer Trail, Colorado. On March 8, one victim said the King Soopers gas station in Bennett, Colorado was the only place she had ever used her credit card. Authorities have checked out the credit card readers at that station as well as another local business withing the last 2 weeks. No skimming devices were found. Authorities warned the lack of a device does not mean thieves did not install the skimmers and then remove them. King Soopers has continued to deny their machines are the source of the problem and has even said their internal security procedures prevent the use of skimming devices, but authorities now confirm they have 64 active identity theft cases. Their bigger concern is new victims continue to pop up every day. Authorities said credit card skimmers are often installed and then removed, the data downloaded from a chip and then sold on the black market. Source:,0,6534066.story

23. March 10, Wilmington News Journal – (Ohio) Bank employee charged with embezzling $15k. A Clinton County, Ohio woman was arrested March 9 and charged with embezzling $15,000 from the Blanchester bank where she worked, police said. The woman is accused of pocketing “nearly $15,000” from payroll and employee profit sharing accounts at First National Bank of Blanchester, according to the Blanchester police chief. Bank officials alerted police in February that someone had stolen the money over a 6-month period between July 2010 to January 2011. Because the woman was a bank officer and responsible for managing employee accounts, bank officials suspected she was involved in the theft. She was arraigned March 10 and charged with one felony count of grand theft. The bank hired a forensic accountant to investigate. Police also contacted the FBI’s White Collar Crimes unit for help, but decided to let the accountant finish the investigation. The suspect, a 10-year employee promoted to bank officer in 2009, was fired from her position shortly after police were notified of the theft. Source:

Information Technology

51. March 11, Trend Micro – (International) ‘Most recent earthquake in Japan’ searches lead to FAKEAV. According to Trend Micro March 11, blackhat SEO attacks began appearing almost immediately after an 8.9 magnitude earthquake hit Japan and then was followed by a tsunami, causing massive damage. The company began to monitor immediately for any active attacks as soon as the news broke out. Results found Web pages inserted with key words related to the earthquake. One of the active sites used the keyword “most recent earthquake in Japan” and led to FAKEAV variants currently detected as Mal_FakeAV-25. Users were advised to get the latest news from trusted media outlets to prevent being victimized by this blackhat SEO. Source:

52. March 11, Help Net Security – (International) Zeus toolkit with ‘ghost’ panel for better evasion. The last version of the Zeus builder before its author gave up its source code to the author of the SpyEye toolkit is, and it is still being offered on the online black market by resellers. This last version has new and improved features when compared with the previous one, such as support for almost all Windows versions, an injection module for Firefox, and multi-user session session infection. According to Trend Micro researchers, the control panel has remained practically the same. Named “Ghost” panel by the authors, it supposedly has two features that allow it to remain hidden from analysis with automated tools and researchers that search for it in the usual places. One is by using unusual file and folder names, and the other is to block IP addresses of malware-monitoring sites such as ZeuS Tracker when they try to access the Web panel by using a configurable script located in the .htaccess file. The panel presents other advantages such as optimizing PHP scripts for smaller file sizes (to make their upload to hosting sites easier), filtering that only allows the storage of financial information, and an easy and automatic update of the configuration file. Source:

53. March 11, The Register – (International) InterWorx admits password security FAIL led to attack on users. Web-hosting administration outfit InterWorx warned users to change their passwords following a penetrating hack attack. The assault on the firm’s support desk database exposed log-in credentials because the support desk software was storing e-mail and password data in plain text. Users were strongly advised to change their passwords on any site they accessed using the same log-in credentials as they used with InterWorx. The compromise –- which ran between February 28 and March 5 –- gave hackers admin control of Web sites administered through InterWorx, a facility they soon began abusing to distribute malware. In a notice warning of the breach, InterWorx said a “few clients” had their servers “modified to distribute malware javascript, as a direct result of this attack”. InterWorx provides a Web-hosting control panel designed to make work easier for Web site administrators. Source:

54. March 11, Softpedia – (International) Anonymous attacks Broadcast Music Incorporated. Anonymous hacktivist group has revived Operation Payback by launching distributed denial-of-service (DDoS) attacks against, the Web site of Broadcast Music Inc. (BMI). BMI is a U.S. organization which collects music license fees and represents the interests of songwriters, composers, and publishers. The attacks started earlier the week of March 6, and BMI announced it has taken its Web site offline willingly. In a manifesto posted online, Anonymous announced the resurrection of Operation Payback, its several-month-long DDoS campaign that targeted anti-piracy organizations in 2010. The harsh copyright laws that media organizations lobby for worldwide are at the center of Anonymous’ agenda as the group feels they have a negative impact on creativity and freedom of information. The BMI Web site remained down March 11. Source:

55. March 10, Help Net Security – (International) Most sites are exposed to at least one vulnerability each day. The average Web site has serious vulnerabilities more than 9 months of the year and data leakage has over taken cross site scripting as the most common Web site vulnerability, according to WhiteHat Security. The average Web site falls into the “always” and “frequently” vulnerable categories – meaning they were exposed more than 270 days of the year. When looking at window of exposure across industries it becomes apparent there is a vast difference in the approach to Web site security. Heavily regulated industries such as healthcare and banking have the lowest rates, yet still 14 and 16 percent (respectively) of the sites had a serious vulnerability throughout the year. Social networking and retail have two of the largest windows of exposure, potentially reflecting the rate at which they update sites and introduce new code. The education industry leads the category with 78 percent of sites being vulnerable at least 9 months of the year. Source:

56. March 10, Help Net Security – (International) Cloud streamlines efficiency of identity theft. Phishers are leveraging cloud-based form management sites, such as Google docs or to collect information from unwitting victims, according to Commtouch. With this technique, the phisher does not have to worry about creating/managing/storing back-end form data and can more easily scale the harvesting of phished data. Those tricked into divulging their personal information will not be aware of this nuance. Source:

57. March 10, IDG News Service – (International) With hacking, music can take control of your car. Researchers at the University of California, San Diego, and the University of Washington have spent the past 2 years combing through the myriad computer systems in late-model cars, looking for security flaws and developing ways to misuse them. In a new paper, they said they have identified several ways a hacker could break into a car, including attacks over the car’s Bluetooth and cellular network systems, or through malicious software in the diagnostic tools used in automotive repair shops. One method of attack focused on the car stereo. By adding extra code to a digital music file, they were able to turn a song burned to CD into a Trojan horse. When played on the car’s stereo, this song could alter the firmware of the car’s stereo system, giving attackers an entry point to change other components on the car. This type of attack could be spread on file-sharing networks without arousing suspicion, they believe. In 2010, the researchers described the inner workings of the networks of components found in today’s cars, and they described a 2009 experiment where they were able to kill the engine, lock the doors, turn off the brakes, and falsify speedometer readings on a late-model car. Source:

Communications Sector

Nothing to report