Monday, March 28, 2011

Complete DHS Daily Report for March 28, 2011

Daily Report

Top Stories

• Associated Press reports a Michigan doctor was arrested and accused of unlawfully distributing 5 million doses of narcotics between 2008 and 2010, and fraudulently billing Medicare more than $5.7 million. (See item 30)

30. March 24, Associated Press – (Michigan) Michigan doc arrested for prescribing 5M doses of narcotics, $5.7M Medicare fraud. A Michigan doctor has been arrested, accused of prescribing more than 5 million doses of narcotics between 2008 and 2010 and fraudulently billing Medicare for more than $5.7 million. The man was arrested March 23 after authorities searched his office in Monroe, the U.S. attorney’s office in Detroit said. He is charged in a criminal complaint with health care fraud and unlawfully distributing prescription drug controlled substances, including the painkiller Oxycontin. If convicted, he faces up to 20 years in prison, a $1 million fine, or both. The complaint said the doctor prescribed controlled substances for as many as 250 patients per day, paying bonuses to employees when the number exceeded 200. Authorities said he saw few of the patients, and had patients get medical tests without regard to their symptoms or medical conditions. The government also claimed the doctor was aware of some patients selling their prescriptions in the parking lot but did not take steps to stop that. Source:

• According to CBS and WISH-TV, a suspended student was is in custody after shooting a fellow student at Martinsville West Middle School in Martinsville, Indiana. (See item 35)

35. March 25, CBS and WISH 8 Indianapolis – (Indiana) Indiana school shooting: Martinsville schools on lockdown. A 15-year-old is in custody following a shooting about 7 a.m. March 25 at Martinsville West Middle School in Martinsville, Indiana, according to police. Indiana State Police said the suspect, a suspended student, opened fire with a handgun. Police told CBS affiliate WISH that one person, also a student, was shot twice in the stomach. He was flown from the scene to Methodist Hospital in Indianapolis. There is no word as to the extent of his injuries. All Martinsville schools were on lockdown as police investigated. Police said there was no longer any danger. Parents were told the school was on lockdown via text message. Martinsville Police, Morgan County Sheriff’s Deputies, and Indiana State Police are investigating. WISH found the suspected gunman’s Facebook page where the most recent post was from the morning of March 25. It reads: “Today is the day.” Source:


Banking and Finance Sector

12. March 24, Bloomberg News – (National) SEC sues Connecticut feeder fund, manager over alleged fraud. A Connecticut hedge fund and its manager were sued by the Securities and Exchange Commission (SEC) for disgorgement of gains made while sending hundreds of millions of investors’ dollars to a fraud scheme operator. The SEC complaint was filed March 24 against the manager and his Greenwich, Connecticut-based Acorn Capital Group LLC. The complaint also names as a defendant Stewardship Investment Advisors LLC, another firm controlled by the manager. The manager “funneled hundreds of millions of dollars to a scheme operator and his notorious Ponzi scheme” from 2001 through 2008, taking in more than $459 million from about 165 people and sending most of it to entities owned by the scheme operator, according to the complaint in federal court in Minneapolis, Minnesota. The scheme operator is serving a 50-year federal prison sentence after being found guilty in December 2009 of running the $3.5 billion scam. He was convicted of bilking hundreds of investors who thought they were financing short-term transactions involving consumer electronics. The hedge fund manager concealed evidence of the fraud, including by engaging in $187 million in “round-trip” transactions designed to hide the scheme, SEC said. During the fraud, the manager pocketed $90 million in fees, an SEC assistant regional director for the Chicago Region said. The agency is seeking disgorgement of at least that sum together with an order freezing the man’s assets, including a $14 million payment he is slated to receive from the scheme operator’s receivership as early as March 25, according to SEC. Source:

13. March 24, Associated Press – (Maine) Maine park users warned of credit card breach. A security breach may have exposed credit card information from people who bought Maine state park passes through an online vendor used by the state conservation department, and the potential breach could be much larger and involve consumers in other states, Maine officials said March 24. The company that handled the online park pass purchases warned a malware attack potentially exposed credit cards used in transactions last year from March 21 to December 22, a conservation spokeswoman said. State officials learned of the problem in February. Notices were sent to 970 credit card holders in Maine, and no one to date has reported any fraudulent charges, she said. Maine officials sought to reassure residents the problem was limited to park passes and did not affect any other state computer operations. The online park pass transactions were handled by InfoSpherix, a Maryland company and subsidiary of San Diego-based Active Network. The scope of the security breach was unclear as of March 24. Active Network manages online registration, payment processing, donations and transactions for businesses and organizations nationwide. The company told Maine officials the problem could go far beyond the state because hackers managed to breach several servers containing credit card numbers and expiration dates, an assistant attorney general said. Names associated with those cards were kept on another server, he said. As a precaution, the Maine attorney general’s office alerted attorneys general in other states. Maine officials said the number of credit cards that may have been exposed was around 1,000. State law required that notifications be mailed to card holders in Maine, and they were advised to report any suspicious activity. Source:

14. March 24, Echo Park Patch – (California) ‘All Ears Bandit’ tied to Saturday’s attempted bank robbery. Surveillance camera photos sent to the FBI after an attempted robbery at the Echo Park, California, Bank of America (BofA) March 19 now link the suspect to two other bank robberies within a week’s time. One was at a Citibank March 12 in Bell Gardens. The other was at another BofA in Carson March 14. Dubbed the “All Ears Bandit” by law enforcement, the suspect came in to the Echo Park BofA just after 1 p.m. March 19 and slipped a teller a note saying he had a gun and demanding money. According to the FBI’s Los Angeles office, the suspect used a similar note in the Bell Gardens and Carson thefts. The suspect fled the Echo Park bank without taking money. Los Angeles Police Department detectives interviewed witnesses to the Echo Park incident. They coordinated their efforts with the FBI, who helped link the suspect to the other robberies. According to the FBI, the suspect also fled the Carson Bank of America without any cash. The suspect is believed to be a Latino male in his late 20s or early 30s. Source:

15. March 24, KSDK 5 St. Louis – (Illinois) Former insurance agent admits to multi-million dollar fraud investment scheme. A St. Louis, Missouri woman faces up to 30 years imprisonment and/or $250,000 in fines after pleading guilty to defrauding clients of more than $6 million, a U.S. Attorney for the Southern District of Illinois said. According to court documents, the 58-year-old woman pleaded to one count of mail fraud and one count of engaging in a monetary transaction over $10,000 in property derived from specified unlawful activity. The woman was a licensed insurance agent and securities broker with Tower Squares Securities, Inc., a MetLife Company, in an office out of Swansea, Illinois. She admitted that between January 2003 and January 2010, she enticed clients into paying for investment and insurance products that she never purchased. She diverted, deposited, and commingled the funds into personal accounts, which she then used for travel, increasing personal wealth, to purchase and rehab rental properties, and to finance a chain of clothing stores (Essential Elements, Elements of Denim). She will be sentenced on July 8. In addition to jail time, she faces mandatory restitution and up to 3 years of supervised release. Source:

16. March 24, Associated Press – (Illinois; New Jersey) SEC: Illinois money manager took $6 million. The U.S. Securities and Exchange Commission (SEC) filed a civil complaint March 24 against an eastern Illinois money manager accusing him of stealing more than $6 million from investment plans he managed. The News-Gazette in Champaign reports the complaint accuses the 55-year-old Urbana man of taking shares from plans he managed for employees of other companies. According to the complaint, he then sold those shares and moved the money to accounts he controlled. The man worked for New Jersey-based Comprehensive Capital Management. He has not been charged with a crime. Source:,0,1225922.story

17. March 24, KXXV 25 Waco – (Texas) FBI asking for help finding serial bank robber. The FBI is asking the public for help locating a serial bank robber striking across Central Texas. Authorities said the man is suspected in four bank robberies from Killeen to Austin since September 2010. In all of them, the suspect entered the bank, threatened the teller with a gun, and then demanded money. This same man reportedly fled on foot after robbing the Eisenhower National Bank in Killeen in September 2010. There is a possibility he is living outside the Austin-Killeen corridor. “We definitely have a Killeen-Austin corridor connection, he possibly lives in Waco on one side of I-35, or on the other side of I-35 being San Antonio,” an FBI spokesperson said. The suspect is described as a white male 25 to 35 years of age, 5 feet 7 inches to 5 feet 9 inches tall, muscular build, brown hair (short), may have shaved head, blue or hazel eyes, and clean shaven or with a brown goatee. Source:

Information Technology

41. March 25, H Security – (International) Chrome 10 update patches security vulnerabilities. Google has released version 10.0.648.204 of its Chrome Web browser, a maintenance and security update to the Chrome 10 stable branch. The update addresses a total of six vulnerabilities in the WebKit-based browser that can be “exploited by malicious people to compromise a system” and rates all of them with a “High” priority. Secunia rates the vulnerabilities as highly critical. According to Google, one of the high risk issues relates to a buffer error in base string handling, while two others have to do with use-after-free, where memory is deallocated but later accessed, in the frame loader and in HTMLCollection. The other issues range from a stale pointer in CSS handling and in SVG text handling, as well as a DOM tree corruption bug. The update also includes several performance and stability fixes, and adds support for the browser’s password manager on Linux systems. Source:

42. March 25, The Register – (International) Spotify splattered with malware-tainted ads. Users of the ad-supported version of Spotify were hit by a malware-based attack March 24. The assault takes advantage of a Java-based exploit to deposit trojan horse malware or exploit kits on vulnerable Windows machines. Only users of the free version of the music streaming service seem to be affected. In response, Spotify pulled its ad feed March 25 while it investigated the problem. The Joint Academic Network is reportedly looking into incidents of viral warnings linked to Spotify. “We’re not investigating any specific infections at this moment, but our community is asking for more info,” it said. The malware was inserted via malicious third-party ads, a factor that shows the threat is not persistent and may be region specific. This makes it harder for anti-virus firms to pin down the outbreak. The problem was far from isolated, with several Twitter users reporting the same issue. Source:

43. March 24, Help Net Security – (International) Linux Kernel ROSE multiple vulnerabilities. Some vulnerabilities have been reported in the Linux kernel. These can be exploited by malicious, local users to cause a denial of service and potentially gain escalated privileges, according to Secunia. The vulnerabilities are caused due to various errors within the implementation of the ROSE protocol and can be exploited to cause memory corruptions via specially crafted FAC_CCITT_DEST_NSAP or FAC_CCITT_SRC_NSAP fields. Source:

44. March 24, Help Net Security – (International) Twitter tests XSS attack prevention on its mobile Website. Twitter has been testing and has now implemented Content Security Policy — a new standard developed by Mozilla to block cross site scripting (XSS) attacks — on its mobile Web site. “In a typical XSS attack, the attacker injects arbitrary Javascript into a page, that is then executed by an end-user,” Twitter said. “When a website enables CSP, the browser ignores inline Javascript and only loads external assets from a set of whitelisted sites. Enabling CSP on our site was simply a matter of including the policy in the returned headers under the CSP defined key, ‘X-Content-Security-Policy.’ “ The policy also contains a “reporting URI” to which the browser sends JSON reports of any violations, Twitter noted. This feature not only assists debugging of the CSP rules, it also has the potential to alert a site’s owner to emerging threats. The testing executed in the last few weeks revealed situations that triggered a report without being malicious attempts. Twitter engineers said this is a big step towards thwarting XSS attacks. They plan to implement it across the rest of Twitter in upcoming months. Source:

45. March 24, Softpedia – (International) Japanese earthquake spam starts distributing German ransomware. Security researchers from Kaspersky Lab warned recent spam run using the Japanese earthquake as lure has been modified to spread ransomware. This is the same campaign that used fake news articles many days ago to direct recipients to Java-based malware. “Instead, the payload is now Ransomware (detected as Trojan-Ransom(dot)Win32(dot)PornoBlocker(dot)jtg), disguising itself as a fake warning message from the German Federal Police,” one Kaspersky Lab researcher said. Once installed, the malicious application prevents users from using their system and displays a fake message on the desktop claiming illegal content, such as child pornography, was detected on the computer. The warning purports to come from the German Federal Police and asks the user to pay a 100 Euro fine within 24 hours if they do not want their hard drive erased. The payment is requested via Ukash, which relies on prepaid cards with unique codes. Cyber criminals prefer this payment method because it cannot be tracked or reversed. To increase the credibility of their message, the warning page displays the logos of McAfee, Symantec, Kaspersky Lab, and Microsoft as well as the German police. Upon installation, the ransomware adds itself to the start-up sequence, suspends explorer.exe, and blocks taskmgr.exe (task manager) from running. Source:

Communications Sector

46. March 24, IDG News Service – (National) Quakes called signal of danger to cell networks. Citing how mobile networks were damaged by an earthquake in New Zealand versus one in Haiti, the chairman of Trilogy International Partners called attention to the vulnerability of U.S. networks, IDG News Service reported March 24. The way mobile infrastructure is deployed in the United States and many other developed countries, with cell sites designed to be unobtrusive and shared among carriers, could make it vulnerable to widespread disasters like the recent earthquake in Japan, he said. In the January 12, 2010, quake in Haiti, Trilogy-owned carrier ComCEL lost 26 cell sites out of more than 300, the chairman said. A key reason for the network’s resilience was each cell site had its own battery and generator, and a long-lasting supply of fuel. In the United States, carriers rely on portable generators distributed around the country and count on being able to deploy those to the scene of a disaster where cell sites have failed, the chairman said. “The wireless systems are not, in general, serviced by more than a couple of hours of battery backup and not serviced by generators,” he said. “The premise in the U.S. is essentially that a disaster will be isolated.” Source:

47. March 24, Victoria Advocate – (Texas) Satellite and cable companies continue fight against piracy. Recent lawsuits filed against residents in Crossroads, Texas, are indicative of satellite companies’ continued efforts to crackdown on satellite television piracy nationwide. Two men from Victoria were sued in federal court in March for stealing satellite television programming by purchasing subscriptions to a pirate television service operated by www(dot)dark-angel(dot)ca, thus unlawfully circumventing the DISH Network security system and receiving copyrighted, subscription-based DISH Network satellite television programming without authorization and without payment. In a separate lawsuit, DISH Network sued Dark Angel in Canada and seized the pirate television service’s computer server and business records, which showed the two men had been subscribers. The supervisor of Corporate Communications for Suddenlink Communications, said his company did not have any information that would indicate an increase in cable theft in the Victoria area. The lack of area cable theft is most likely because of the transition from analog to digital signals, which industry experts have attributed to the decrease in siphoned cable. Source: