Monday, March 21, 2011

Complete DHS Daily Report for March 21, 2011

Daily Report

Top Stories

• Associated Press reports the Nuclear Regulatory Commission will conduct a “comprehensive review” of the safety of all U.S. nuclear plants in the wake of the situation at Japan’s damaged nuclear reactors. (See item 5)

5. March 18, Associated Press – (National) NRC to review safety of all US nuclear plants. Associated Press reported March 18 the Nuclear Regulatory Commission (NRC) will conduct a “comprehensive review” of the safety of all U.S. nuclear plants following what U.S. officials are calling the dangerous and complicated situation at Japan’s damaged Fukushima Dai-ichi reactors. The U.S. President called upon the independent commission to conduct the review. “When we see a crisis like the one in Japan, we have a responsibility to learn from this event and to draw from those lessons to ensure the safety and security of our people,” he said March 17. There are 104 nuclear reactors in the United States, providing about 20 percent of the nation’s electricity. “Nuclear energy is an important part of our own energy future,” he said. A White House spokesman said the fact the President had taken the rare step of asking the NRC — an independent regulatory agency that is not under the President’s control — to undertake a review of U.S. reactor safety in light of the Japanese disaster “only adds to the urgency of that mission.” Representatives of the nuclear energy industry said March 17 operators of U.S. reactors already had begun taking steps to better prepare for an emergency. Source:

• According to United Press International, two Michigan sisters wanted in a $9.1 million Medicare scam were arrested in Colombia. (See item 32)

32. March 16, United Press International – (Michigan) Sisters arrested in $9M Medicare scam. Two Michigan sisters wanted in a $9.1 million Medicare scam were arrested in Colombia, the U.S. Department of Health and Human Services Secretary said. She announced the arrest March 15 at a Medicare fraud conference in Detroit, Michigan, the Detroit Free Press reported. The government said the Detroit area has been a hotbed of such activity. The sisters, fugitives for 4 years, were on a federal most-wanted list for Medicare fraud. They were caught March 13 as they tried to board a plane in Colombia after tipsters called a hotline, san investigator said. The sisters were charged with a scam at their Dearborn Medical and Rehabilitation Center, a drug infusion clinic that serves people with AIDS, hepatitis, and other chronic illnesses. They were charged with $9.1 million in fraudulent Medicare billings. They moved to Michigan in 2005 to escape an investigation for similar accusations in Miami, Florida, federal court records show. Source:


Banking and Finance Sector

13. March 18, Summit County Citizens Voice – (Colorado) Breckenridge: Credit card fraud linked to software scheme. The Breckenridge Police Department and the FBI are investigating a string of credit card fraud cases originating out of Breckenridge, Colorado. Law enforcement officials believe there is an illegal intrusion occurring through a software program. The police department has 17 active cases at this time and believes there are more victims who have not reported this crime to the police department. The Breckenridge police chief is asking individuals who are aware their credit card was compromised in Breckenridge and used to make fraudulent purchases to come forward and report the crime. Source:

14. March 17, Long Island Press – (New York) 17 charged in $20M mortgage fraud case. Seventeen people were rounded up in connection with an alleged $20 million mortgage fraud scheme in Nassau County, New York — the largest in its history — which authorities say ripped off homeowners, banks, and county taxpayers. Two Westbury men accused of being the ringleaders in the 5-year scheme are facing more than 108 charges, along with 15 other suspects, after they duped homeowners whose houses were for sale or in foreclosure, prosecutors said March 16. Members of the “Sweet Deal” Ring — mortgage brokers, real estate brokers, bank employees, attorneys, an appraiser, a financial consultant, and a U.S. Postal Service worker — face charges including enterprise corruption, larceny, money laundering, identity theft, and conspiracy. The alleged ringleaders negotiated with sellers to purchase properties at a higher price than the seller was asking for. They would then arrange to keep the difference between what the bank lent and the seller’s price. “Sweet Deal” members would impersonate the seller, buyer, and legal representatives and set up fake closings, using fake identities to secure mortgages and sell homes. They allegedly kept the proceeds and let the house go into foreclosure. The ring, according to the district attorney, made millions of dollars in mortgage proceeds from the sale of at least 6 Westbury homes. Source:

15. March 17, New York Times – (National) F.D.I.C. sues ex-chief of big bank that failed. The Federal Deposit Insurance Corporation (FDIC) sued the former chief executive of Washington Mutual (WaMu) and two of his top lieutenants, accusing them of reckless lending before the 2008 collapse of what was the nation’s largest savings bank. The civil lawsuit, seeking to recover $900 million, is the first against a major bank chief executive by the regulator and follows escalating public pressure to hold bankers accountable for actions leading up to the financial crisis. Washington Mutual’s longtime chief executive led the bank on a “lending spree” knowing the housing market was in a bubble, and failed to put in place the proper risk management systems and internal controls, according to a complaint filed March 17 in federal court in Seattle, Washington. WaMu’s president of home lending and its chief operation officer were also accused of negligence for their roles in developing and leading the bank’s aggressive growth strategy. Although the F.D.I.C. is mainly known for its role in shuttering failed lenders, the agency has a legal obligation to bring lawsuits against former directors and officers when it finds evidence of wrongdoing. So far, the F.D.I.C. has brought claims against 158 individuals at about 20 small banks that failed during the recent crisis. The agency is seeking a total of more than $2.6 billion in damages. But the $900 million case against the former WaMu officials is its biggest and most prominent action to date. Source:

16. March 17, WTOP 103.5 FM Washington D.C. – (Washington D.C.) Serial bank robbery suspect nabbed. A man suspected in 11 bank robberies in the Washington D.C. area since 2009 was arrested and has allegedly confessed to the crimes, WTOP has learned. The man was arrested at his home March 16, hours after allegedly robbing a SunTrust bank. The man, who has only been charged with the SunTrust robbery, is being held without bond after making an initial appearance in federal court. In the criminal complaint entered in U.S. District Court in the District of Columbia, a confidential informant earlier in 2011 suggested the FBI Violent Crimes Task Force look at the man as a suspect in the string of robberies that began in November 2009. According to documents, in most robberies the perpetrator would write a demand note on a withdrawal slip, implying he had a gun and a pipe bomb. The suspect always wore a hat or hood during the robberies. After the March 16 robbery, authorities showed surveillance photos to two unidentified individuals who have each known the suspect for more than a year. Each positively identified the suspect in the photos. Source:

17. March 16, FoxNews – (National) Lawmakers ask treasury to stem flow of cash to Mexico on prepaid gift cards. Three U.S. Senators are asking the Treasury Department to finish long-awaited rules on prepaid gift and credit cards that cross the U.S. border with Mexico bypassing anti-money laundering requirements that anyone transporting more than $10,000 declare his holdings. Several Senators wrote in a letter penned March 14 to the Treasury Secretary the substitution of cash for prepaid cards is enabling drug traffickers to escape anti-money laundering laws. “Under current law, a criminal, drug trafficker, or terrorist with hundreds of thousands of dollars on prepaid cards could literally walk across the U.S.-Mexico border without penalty. While the department continues to contemplate a rule, law enforcement’s hands are tied as they observe stored value cards crossing to Mexico and are unable to do anything,” the lawmakers wrote. Stored value cards are currently not subject to any reporting requirements. Treasury developed interim rules published last June that included excluding from reporting any cards that have a $1,000 maximum fill-up or cards meant solely for specific retailers. But the final rules have not been completed. The Aite Group, a research and advisory firm dealing with financial services, estimated in 2007 that branded and private label prepaid card transactions would total $178 billion by 2010. Source:

Information Technology

45. March 18, Wall Street Journal – (International) Sony says six Japan plants remain halted. Japan’s Sony Corp. said March 18 six of its manufacturing plants that make various devices and components, including Blu-ray discs, and lithium-ion batteries, remain closed following the massive earthquake and tsunami that struck the country March 11. Research firm IHS iSuppli Corp. said in a report that at least five components of Apple Inc.’s iPad 2 are sourced from Japanese suppliers, adding that electricity and transportation disruptions in Japan could potentially impact global shipments of the tablet device launched earlier this month. “While some of these suppliers reported that their facilities were undamaged, delivery of components from all of these companies is likely to be impacted at least to some degree by logistical issues now plaguing most Japanese industries in the quake zone,” the research firm said. Depending on the facility, the Sony sites make magnetic tapes, optical devices, integrated circuit cards, and semiconductor lasers. A spokeswoman said the company expects that in the near term, there will be an impact on Sony’s ability to supply components and devices. On the matter of whether a disruption in component supply will impact the company’s ability to deliver and make electronic gadgets, she said: “We’re currently investigating the matter.” Source:

46. March 18, Agence France-Presse – (International) Slick cyber attack hits US security titan RSA. U.S. computer security company RSA said March 17 hackers broke into its computers and swiped data that could be used to breach defenses of some systems guarded with its technology. RSA is the security division of EMC Corporation in Massachusetts. Some of the pilfered data related to SecurID “two-factor authentication products” that lets computers connecting online reliably identify one another, according to the firm’s executive chairman. “While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers,” he said, “this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack.” RSA is working with authorities to investigate the attack. Source:

47. March 18, The Register – (International) MS claims credit for Rustock botnet takedown. Action taken by Microsoft and law enforcement agencies was responsible for the takedown of the Rustock botnet, the software company said March 18. Anti-spam firms were taken by surprise by the abrupt cessation of junk mail from zombie clients in the Rustock botnet network March 16. The reason for the respite, revealed March 17, was a lawsuit by Microsoft that resulted in a series of coordinated raids targeting systems identified as being integral to the botnet’s command and control network. The raids involved the seizure of kits at seven U.S.-based hosting facilities by U.S. Marshals who teamed up with investigators in Microsoft’s digital crimes unit to run the exercise, codenamed Operation b107. The operation followed similar tactics used in the takedown of the Waledac botnet in 2010. Microsoft’s most pressing priority on Rustock is to work in co-operation with national CERTs to organize the clean-up of the estimated 1 million zombie PCs that formed the botnet – and which remain infected. Rustock, which specialized in sending junk mail adverts for sites that sell unlicensed pharmaceutical drugs, was responsible for sending about 39 percent of global spam in circulation in 2010, according to Symantec. Source:

48. March 17, H Security – (International) Under the phishing filters’ radar. Criminals are reportedly using a new phishing technique that allows them to bypass the fraud warnings issued by modern browsers such as Firefox and Chrome. On its blog, security firm M86Security reports the trick involves attaching an HTML document instead of sending a link. It remains unclear how many users have become victims so far. E-mail recipients opening the HTML document in their browsers are, for example, presented with a bogus PayPal form with the usual request to enter their access data due to alleged security issues. As the form is being processed locally on the user’s computer, the phishing filter does not issue a warning because it only filters external URLs. A click on the “Submit” button then transmits the entered data to a PHP script on a (hacked) server using a POST request. According to M86Security, the browser does not warn about this either. Source:

49. March 17, Arizona Republic – (Arizona) 40 evacuated after chemical spill at Mesa business. Fire officials were called to the International Rectifier semiconductor manufacturing plant in Mesa, Arizona, March 17 with report of leaking chemicals, officials said. Crews from Mesa, Tempe, Chandler, Gilbert, and Phoenix were called to mitigate the potential hazards at the facility near Extension and Baseline roads around 2 p.m. A Mesa Fire Department spokesman said a line carrying a liquid regularly used in the semiconductor industry sprung a leak inside the building. After the release of the chemical, the system shut itself down and sounded a warning to employees, he said. The building’s 40 employees were safely evacuated. Seven employees were evaluated by paramedics on scene but none were transported to the hospital, the fire department spokesman said. Fire officials were able to secure the point in the line where the leakage occurred and contain the spill inside the facility. Source:

50. March 17, H Security – (International) PHP 5.3.6 closes five security holes. The PHP developers have released PHP 5.3.6, a maintenance update to the PHP interpreter. Among over 60 bug fixes are a number of fixes for security related problems. A format string vulnerability in the phar extension of PHP 5.3.5, CVE-2011-1153, may allow attackers to view memory, cause a denial of service, or execute arbitrary code. There was also an integer overflow in the shmop_read() function which allowed for denial-of-service (CVE-2011-1092). Other flaws included crashes with crafted tags in exif metadata and ziparchive with empty archives. Security has also been enhanced in the protocol parsing done by the fastcgi process manager (FPM SAPI). Some of the flaws reportedly affect all versions of PHP 5.3.x and earlier. Source:

51. March 17, Darkreading – (International) Office 2010 immune to new zero-day Flash attacks. Microsoft March 17 addressed new, targeted zero-day attacks revealed by Adobe the week of March 14 that hide a Flash Player exploit inside Excel spreadsheet documents — confirming Office 2010 is safe from the attack due to built-in security mitigation features, and offering stopgap protection measures for earlier versions of its software. Adobe plans to issue a patch the week of March 21 for the flaw, which affects Adobe Flash Player versions and earlier. According to Microsoft’s analysis of the exploit, the exploit loads shellcode into memory, executes heap-spraying, and then loads the Flash byte stream from memory to exploit the previously unknown CVE-2011-0609 flaw. Users of earlier versions of Office should run Microsoft’s EMET, which helps block targeted attacks exploiting unpatched vulnerabilities with mitigations for third-party apps and older Microsoft apps. Source:

52. March 14, Electronics Weekly – (International) Japan quake closed seven chip factories, says Renesas. Renesas Electronics has said the impact of the earthquake in northern Japan March 11 has forced a number of production facilities to close. The semiconductor manufacturer has confirmed that 7 out of 22 of its factories in Japan have temporarily shut down production. Among these factories, Renesas Yamagata Semiconductor Tsuruoka Factory is currently beginning its startup procedures to restart its manufacturing. The company said it was “assessing the extent of the status of the remaining six factories.” Renesas Electronics also said that its factories and offices would close at specific times due to the blackout measures announced by Tokyo Electric Power Company. Source:

For another story, see item 13 above in the Banking and Finance Sector

Communications Sector

53. March 17, Portland Press Herald – (Maine) Cape E. man charged with threatening NPR hosts. A former University of Southern Maine (USM) student is facing federal charges for allegedly sending e-mail threats to two National Public Radio (NPR) hosts. The suspect, 38, was arrested in late January by FBI agents and indicted late last month in U.S. District Court in Portland, Maine. The man was arrested inside the USM library as agents found a shotgun and shells in his Volvo station wagon, according to court records. According to an FBI affidavit, the suspect sent a series of threatening messages to the NPR hosts. A January 17 message said the NPR host “is helping to destroy me to use me as a human sacrifice. She will be raped, beaten, tortured, and murdered very soon,” according to the affidavit. That e-mail was traced to the Starbucks on Congress Street in Portland. Because the e-mails crossed state lines, the suspect was charged with transmitting threatening communications in interstate commerce. The suspect was being held in Cumberland County Jail. Source:

54. March 17, Philadelphia Daily News – (Pennsylvania) Sports radio talkers forced to evacuate. Two radio hosts were forced off the air for 40 minutes on March 17, after the 10-story Lower Merion, Pennsylvania building where Sportsradio 610 WIP broadcasts from was evacuated when employees smelled smoke. The fire alarm went off at about 5 p.m. March 17 and most evacuated the building at Bala Plaza near City Avenue, WIP’s program director said. It is not clear whether there was an actual fire but, according to WIP program director, firefighters located a fan in a lower level garage that may have been responsible for the smell. WIP was back on-the-air by 6:05 p.m. Source: