Wednesday, April 27, 2011

Complete DHS Daily Report for April 27, 2011

Daily Report

Top Stories

• There are new federal charges in Chicago, Illinois, against four top Pakistani terrorists in connection to the 2008 Mumbai, India attacks at hotels, movie theaters, and other businesses, that killed 164 people, WLS 7 reported. (See item 52)

52. April 25, WLS 7 Chicago – (International) Grand jury adds 4 to ‘Mumbai massacre’ indictment. There are new federal charges in Chicago, Illinois, against four top Pakistani terrorists in connection to the 4 days of attacks in Mumbai, India in 2008 at hotels, movie theaters and other businesses that killed 164 people and wounded at least 308, WLS reported April 25. The terror investigation in Chicago began 3 years ago when federal authorities arrested a mysterious North Sider who had attracted attention by traveling back and forth to Pakistan although he had no apparent means of paying for the trips, and the arrest of his friend and associate, a Chicago travel agent. Since then, the North Side man has pleaded guilty, the travel agent has prepared for trial, and a grand jury in Chicago added four top Pakistani terrorists to the case April 25. One of the men has attracted the attention of U.S. counterterrorism agents for years. He is a Pakistan resident now in hiding. He joined the Pakistani terror group called Lashkar at age 16. He is now in his mid-30s, and has worked as a handler, taking American recruits and converting them to work as Muslim terrorists. He was assigned to the North Side Chicago man, who has pleaded guilty in connection with Mumbai and has submitted to hundreds of hours of interrogation by the FBI. There is also a warrant for the Pakistani’s arrest in India. During the siege of Mumbai in 2008 that saw 10 coordinated shooting and bombing attacks, Indian federal police intercepted phone calls between the man and his terror teams in Mumbai. Even though the suspect was hundreds of miles away in Pakistan, according to Interpol, he is heard on the phone talking to some of the hostages in India and then giving orders to his gunmen to kill them. Source:

• There was at least one breach in the levee keeping the swollen Black River from inundating Poplar Bluff, Missouri, April 26, reports. (See item 59)

59. April 26,; NBC News; KSDK 5 St. Louis; KAIT 8 Jonesboro; Weather Channel; Associated Press – (Missouri; National) Police: Levee protecting Missouri town breaches. A levee keeping the swollen Black River from inundating Poplar Bluff, Missouri, breached downriver April 26, but water pouring through the crack was unlikely to force the further mass evacuation of homes in the area, authorities said. Crews were also looking into reports of another breach, a police officer told the Associated Press. The water was pouring into a drainage ditch along a road, and even if it topped the ditch, was unlikely to cause enough backflow to threaten homes upstream, he said. A powerful storm system dumped several inches of rain on already-swollen rivers and spawned at least one tornado. Poplar Bluff deputy police chief said more than 6 inches of rain fell on the town April 25, bringing the 4-day total in the area to 15 inches and causing the Black River to pour over the levee in 30 places, from Poplar Bluff to the town of Qulan, downriver. More showers and thunderstorms were expected April 26. He said street department workers hurriedly filled small boats with sandbags and were able to shore-up a vulnerable section of the levee. Crews rescued 59 people in an hour-and-a-half late April 25 after water spilled over the dam. Sandbagging was not an option — the river simply rose too quickly. Severe storms that began early the week of April 18 have hammered a swath of the nation’s midsection without letup. Governors in Arkansas and Kentucky declared states of emergency. The U.S. Army Corps of Engineers was considering the extraordinary step of intentionally breaching the Birds Point levee in southeast Missouri, just downriver of the confluence, in a bid to reduce the amount of water moving down the Mississippi. The move would soak 130,000 acres of farmland, and Missouri’s governor objected to the idea. A decision was expected by some time April 26. Source:


Banking and Finance Sector

11. April 26, Federal Bureau of Investigation – (Alabama) Former president of Alabama Central Credit Union charged with bank fraud. Federal prosecutors April 26 charged a former credit union president with bank fraud in connection with fictitious companies whose bills were paid through the Birmingham, Alabama-based credit union, announced a U.S. attorney and the FBI Special Agent in Charge. The U.S. Attorney charged the former president of Alabama Central Credit Union in a one-count information filed April 26 in U.S. District Court. Prosecutors also filed a plea agreement in which the 42-year-old acknowledges the fraud and agrees to plead guilty to the bank fraud charge. As part of the plea agreement, the man agrees to pay restitution and forfeiture of $140,000. Between about April 2009 and June 2010, the former president submitted fraudulent bills and invoices on behalf of two fictitious companies he had created. Neither business had provided any services or goods to the credit union. He would authorize payment by the credit union of those bills and invoices he submitted in the name of the fictitious companies. The money paid by the credit union to the accounts of the fictitious companies was controlled and ultimately spent by the man. The maximum sentence for the bank fraud charge is 30 years in prison and a $1 million fine. Source:

12. April 25, – (Maryland) Maryland armored truck robbed in brazen midday heist. Two armed men brazenly robbed a midday money shipment April 25 as it was transferred from an armored truck into a Bank of America in Clinton, Maryland, police told Police are searching for two men who wore black masks and approached the victim from behind while he delivered the money to the bank. Both men were armed with what eyewitnesses described as “long guns.” The men apparently used a white truck with a ladder as a getaway vehicle. Authorities are currently reviewing surveillance video. There were no reported injuries, and the amount of money stolen is unclear. Later, police said one suspect displayed an assault rifle and the other a silver handgun. The victim complied and the suspects took an undetermined amount of cash and fled the scene in a white van, according to a statement. Police are asking the public for assistance in searching for the men. Both suspects were identified as black males in their 30s. The man armed with the rifle was about 6-feet tall, and the man with the handgun was about 5-foot-9-inches tall. Source:

13. April 22, U.S. Department of Justice – (International) New York broker pleads guilty in international stock fraud scheme. A 47-year-old New York stock broker pleaded guilty in federal court April 21 in Detroit, Michigan, to conspiracy to commit securities fraud and wire fraud in connection with a spamming organization’s stock pump-and-dump scheme. A federal grand jury indicted the man in December 2010, charging him in a wide-ranging fraud scheme involving four previously convicted co-conspirators as well as a number of others from January 2005 through December 2007. The charges arose after a multi-year investigation, which revealed a sophisticated operation that focused on running a pump-and-dump scheme, whereby the defendants sent spam touting thinly traded Chinese and Israeli penny stocks, drove up their stock price, and reaped profits by selling the stock at artificially inflated prices. The broker’s roles in the scheme included trading the stocks that were illegally promoted by spam e-mail campaigns; arranging for shares of the stocks to be transferred into the brokerage accounts he established; executing stock trades at the direction of one of the conspirators rather than the direction of the named account holders; causing funds that resulted from the stock trades to be transferred to bank accounts beneficially controlled by other co-conspirators; and providing confidential account data to his co-conspirators and others involved in the scheme without authorization from the account holders. The indictment alleged that during the course of the scheme the broker caused the sale of about 30 million shares of stock, generating about $30 million for the co-conspirators and more than $600,000 in commissions for himself. Source:

14. April 22, IDG News Service – (Washington) Seattle police say ‘wardrivers’ are hitting small businesses. Police in Seattle, Washington, are investigating a group of criminals who they say have been cruising around town stealing credit card data by tapping into wireless networks belonging to area businesses, IDG News Service reports April 22. The group has been at it for about 5 years, according to an affidavit signed by a fraud investigator with the Seattle Police Department. “A number of area small and medium-sized businesses have been targeted in these network intrusions, which have also involved a pattern of financial and personal identifying information (such as credit card information),” the investigator wrote in his affidavit, dated April 13. He believes the group has been “wardriving” the Seattle area in a customized 1988 Mercedes Benz, looking for companies using an unsecured Wi-Fi standard called Wired Equivalent Privacy (WEP). WEP has well-documented security flaws and has been considered for years to be insecure, but was widely used in routers built between about 2000 and 2005. Wardrivers typically use long-range antennas connected to laptops to compile lists and locations of wireless networks, driving from street to street and logging the Wi-Fi activity they find. Many big retailers have increased security in response to previous incidents, but small companies are often at risk. Investigators had been tracking the gang and the black Mercedes since at least February 2010, police said in a court filing requesting permission to seize the car. A spokeswoman with the U.S. Department of Justice would not say whether charges had been brought against any of the suspects. The gang is thought to have stolen more than $750,000 worth of items, according to the Seattle Post-Intelligencer. Source:

15. April 22, Minneapolis Star Tribune – (Minnesota) Kickbacks alleged in a Trooien condo project in Minnetonka. Three real estate professionals were charged April 21 in an alleged kickback conspiracy involving a condominium project by a bankrupt St. Paul, Minnesota developer. The alleged conspiracy involved more than 40 units in the Cloud 9 Sky Flats, an office tower in Minnetonka that the developer converted into condos several years ago. Federal prosecutors charged a defrocked Apple Valley real estate broker, a Minneapolis appraiser, and an inactive Eden Prairie real estate agent in what is described as a $4.2 million mortgage fraud conspiracy involving the Cloud 9 condos. The Apple Valley broker also faces a charge of money laundering. The charges were filed in a “felony information” rather than an indictment, which generally indicates that a plea agreement is expected. The developer, a businessman with more than 100 business entities, filed for Chapter 11 bankruptcy in October. He was not mentioned in the charging documents filed April 21, but earlier in 2011, federal agents raided the headquarters of his company, JLT Group, searching for evidence of a fraud scheme. The affidavit they used to obtain the search warrant has remained under seal. According to the government, the three defendants knew buyers of the Cloud 9 units were being paid about 30 percent of the purported purchase price outside of the formal closing. That money went into an account under the Apple Valley broker’s control, and she skimmed some for herself and her co-conspirators before returning the rest to the buyers, who had agreed to the process. Prosecutors said lenders knew nothing about the arrangement and ended up funding artificially inflated loans. Records show that at least 32 units have gone into foreclosure. Source:

Information Technology

40. April 25, IDG News Service – (International) Lawmakers quiz Apple, Google about location tracking. A U.S. Senator from Minnesota and the attorney general of Illinois have separately pressed Apple and Google to provide more information about the location data they collect about their end users. The requests from the politicians follow recent reports Google and Apple have been collecting data about the location of Android and iPhone users without their permission. While both companies ask permission before collecting the location data required for certain applications, the reports, starting with one in the Wall Street Journal, show the companies also collect location information when not required to do so by an application. The attorney general said she has asked the companies to explain what information they store, for how long they store it, and what it is used for. The Senator April 25 asked representatives from Google and Apple to attend a hearing May 10 about protecting mobile privacy. Also, two consumers filed a lawsuit in Florida April 22 that charges Apple with fraud over the alleged data collection. In addition, a U.S. Congressman from Massachusetts said he wrote to Apple’s CEO the week of April 18 with questions about the company’s data collection practices. Apple has not commented on the matter. Google said it does not collect location information without user permission. Source:

41. April 25, IDG News Service – (International) DHS chief: What we learned from Stuxnet. If there is a lesson to be learned from 2010’s Stuxnet worm, it is the private sector must be able to respond quickly to cyber-emergencies, the head of DHS said April 25. “The key thing we learned from Stuxnet was the need for rapid response across the private sector,” she told engineering students at the University of California, Berkeley. “There, we need to increase the rapidity of response, because in that area — as in several other recent attacks — we’ve seen very, very sophisticated, very, very novel ways of attacking. When you’re getting at control systems, now you’re really talking [about] taking things over, so this is an area of deep concern for us.” Stuxnet was a watershed event, according to the Secretary. When Stuxnet hit, DHS was sent scrambling to analyze the threat. Systems had to be flown in from Germany to the federal government’s Idaho National Laboratory. In short order the worm was decoded, but for some time, many companies that owned Siemens equipment were left wondering what, if any measures, they should take to protect themselves from the new worm. Both Siemens and the DHS group responsible for communicating with operators of industrial systems (the Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT) could have been better at getting information out to the public, a security expert said. Source:

42. April 25, The Register – (International) Sony unsure if PlayStation Network user data was stolen. Sony has yet to determine if customers’ personal information and credit card details have been stolen as part of an external intrusion into its system that has left its PlayStation network inaccessible for 5 days. “Our efforts to resolve this matter involve re-building our system to further strengthen our network infrastructure,” a Sony spokesman blogged April 24. “Though this task is time-consuming, we decided it was worth the time necessary to provide the system with additional security.” The day before, he said Sony systems suffered an “external intrusion” that required the PlayStation Network and the related Qriocity services to be taken offline April 20. He said April 24 Sony had no update or estimate when service might be restored. According to PCWorld, members of Sony’s public relations team said the company has not yet determined if personal information or payment card data of PlayStation Network users was exposed. The intrusion follows months of criticism by some PlayStation fans over Sony’s legal dragnet of hackers who jailbroke the popular game console so it would run apps and games not officially sanctioned by Sony. Critics argued that Sony’s aggressive litigation has targeted hackers for publicly speaking about jailbreaks to hardware they legally purchased. It is still unclear who is behind the PlayStation Network attack, which is affecting about 70 million registered users. Source:

43. April 25, Electronic Engineering Times – (International) Three indicted for PC exports to Iran. Three individuals have been recently indicted on charges of illegally exporting millions of dollars worth of computer-related equipment from the United States to Iran via the United Arab Emirates, according to the U.S. Department of Justice (DOJ), Electronic Engineering Times reported April 25. One man, a U.S. citizen, and his Queens, New York-based company, Sunrise Technologies and Trading Co., were indicted in Washington D.C. on 27 counts relating to the illegal export of computer-related equipment to Iran without first having obtained the required license from the Treasury Department, according to the DOJ. He was arrested on a criminal complaint in New York April 6, and had his initial appearance in court in New York April 7. If convicted, he faces a maximum sentence of 20 years in prison and a $1 million fine for each of the counts and 5 years for each false statement count, according to the DOJ. Two other men, both U.S. citizens, and their Costa Mesa, California company, Online Micro LLC, were indicted in Washington D.C. on 32 counts relating to the illegal export of computer-related equipment to Iran without the required license from Treasury. The two were arrested on a criminal complaint in California April 7, and had their initial appearance in court in the Central District of California April 7. If convicted, both defendants face a maximum sentence of 20 years in prison and $1 million fine for each of the International Emergency Economic Powers Act counts, and 5 years for each false statement, and 20 years for each obstruction of justice count, according to the DOJ. In April 2010, Immigration and Customs Enforcement Homeland Security Investigations agents seized hundreds of laptop computers that originated from Sunrise and were destined for Dubai, United Arab Emirates. Communications related to these shipments indicated the purchasers were located in Iran, according to the affidavit. Source:

Communications Sector

44. April 26, Charleston Daily Mail – (West Virginia) Thieves cut cable wires at department of agriculture. Cable thieves are to blame for cutting off West Virginia’s Department of Agriculture’s headquarters from the outside world April 25, an official said. When employees arrived for work at the department’s Guthrie headquarters, they discovered all external communications had been severed. Thieves cut the wires leading to the department’s headquarters — located about 10 miles north of Charleston — in an attempt to strip copper from the utility cables, the department spokesman said. When the thieves cut the copper phone lines, they also severed the fiber optic data lines that provide online service to the headquarters. As a result, department employees had no way to call or e-mail anyone outside their building. The department of agriculture’s Web site was also down as a result of the outage. Information technology staffers were able to forward incoming office calls to staff cell phones, so no employees were sent home as a result of the outage. The department expected service to be restored by the afternoon of April 27. Source:

45. April 22, NextGov – (National) Federal radio navigation plan relies on GPS, with no backup. The federal government intends to rely on the Global Positioning System (GPS) for precision navigation, location, and timing services for the foreseeable future, with no defined backup, according to a key planning document released April 21 by the Defense, Homeland Security, and Transportation departments. The 2010 Federal Radio Navigation Plan envisions decommissioning key ground band navigation aids maintained by the Federal Aviation Administration as it moves to its GPS-based Next-Generation Air Transportation System. Source: