Monday, May 23, 2011

Complete DHS Daily Report for May 23, 2011

Daily Report

Top Stories

• According to Associated Press, a report found Massey Energy Company recklessly ignored safety and allowed dangerous conditions to build inside a West Virginia mine until a blast last year killed 29 men. (See item 2)

2. May 20, Associated Press – (West Virginia) Study faults owner in W.Va. mine explosion. Massey Energy Company recklessly ignored safety and allowed dangerous conditions to build inside a Montcoal, West Virginia mine until a blast last year killed 29 men in the deadliest U.S. coal accident since 1970, according to an independent report released May 19. The report by a former top federal mine regulator, commissioned by the governor, said Massey could have prevented the April, 5, 2010, disaster with standard safety practices, including better ventilation to reduce potentially explosive levels of gas and dust in the tunnels. It also cast blame on state and federal regulators for failing to adequately enforce safety laws at the sprawling Upper Big Branch mine. The report was released to members of the victims’ families during a private briefing. Several said its findings did not surprise them because they knew the mine was not safe. The study said the explosion could have been prevented “had Massey Energy followed basic, well-tested, and historically proven safety procedures.’’ It also supported the federal government’s theory that methane gas mixed with huge volumes of explosive coal dust turned a small fireball into an earth-shattering explosion. Massey disputed the report, saying the explosion was sparked by an uncontrollable inundation of natural gas inside the mine. The report is the first of several that are expected. State and federal investigators are pursuing their own investigations, while federal prosecutors conduct a criminal investigation. Source:

• The Victorville Daily Press reports that for hours, all 911 phone lines and thousands of phone and Internet customers, including banks and other businesses, lost service after a construction crew drilled into a network cable in Barstow, California. (See item 45)

45. May 19, Victorville Daily Press – (California) 911 phone lines down across High Desert. All 911 phone lines in the High Desert and Lancaster area were down for hours May 19 after a city construction crew drilled into a network cable conduit in Barstow, California, according to a Verizon spokesman. The incident also impacted thousands of phone and Internet customers in the area. Banks, stores, and other businesses temporarily closed down in the afternoon, unable to accept credit cards or use their security systems. The incident happened at 1:45 p.m. By 4:30 p.m., 911 calls from Victor Valley residents were being automatically routed to the San Bernardino County Sheriff’s dispatch center, according to a department spokeswoman. It took longer to route emergency calls for Barstow residents, though the Verizon spokesman said all 911 service was restored by 6 p.m. Verizon workers were at the scene May 19 using a backhoe to access the underground cable, according to the Verizon spokesman. He said the conduit was heavily damaged, with the fiber optic line reportedly wrapped around the city crew’s auger. Source:


Banking and Finance Sector

13. May 20, Associated Press – (Florida) Key guilty plea in huge Fla. insurance fraud case. A lawyer’s decision to plead guilty May 18 in a $1 billion Florida insurance fraud case could speed up things up for three others awaiting trial. A Fort Lauderdale, Florida attorney pleaded guilty to conspiracy and admitted helping now-defunct Mutual Benefits Corp. persuade thousands of investors around the world to put money into risky life insurance policies held by the elderly and AIDS sufferers. The investors made money when the policyholders died. The man admitted in court May 18 that he helped mislead investors about the policies and the value of their investments. He has agreed to testify against the others charged in the case. Prosecutors want the trial moved up by a year, to February 2012. Source:

14. May 20, Silicon Valley Mercury News – (International) Escondido woman pleads not guilty in $17m ID scam. A San Diego County, California woman pleaded not guilty May 19 to involvement in a $17 million, multinational identity theft scheme. A 17-count indictment accuses her of identity theft, fraud and conspiracy in a scheme affecting some 3,000 victims. Prosecutors said the 59-year-old Escondido, California woman received stolen credit card and bank account numbers electronically from co-conspirators in countries including Nigeria, Abu Dhabi, and the United Kingdom. She also allegedly received counterfeit money orders and traveler’s checks. Prosecutors charge the woman would then use the stolen data to create phony checks she would mail along with the other counterfeit materials. Source:

15. May 20, Spokane Spokesman-Review – (Washington) Bike bandit pleads guilty to nine counts. A hooded, BMX bike-riding Spokane, Washington man who terrorized local bank tellers for almost a year pleaded guilty May 19 in federal court to nine counts of armed bank robbery that netted more than $166,000. The 34-year-old faces between 17 and 22 years in prison after admitting he was the so-called Bicycle Bandit. The convict would don a hooded sweatshirt, cover his face, display a black handgun and ask tellers to count backward from 500 before he pedaled away on his bike. According to court records, the most he scored at one time during his spree was $44,528. He netted more than $12,000 in every other robbery, aside from one at Chase Bank that produced $1,992. As part of the agreement, attorneys will allow a U.S. district court judge to determine how much prison time the convict will receive. The agreement also calls for the man to repay $166,849 that he stole from banks. Source:

16. May 20, Quincy Patriot Ledger – (Massachusetts) HarborOne says 800 people affected by breach at Randolph branch. The assailant who attacked a courier May 9 at the HarborOne Credit Union branch in Randolph, Massachusetts, didn’t end up getting any cash. But he did end up with some sensitive information that was in a courier bag. That’s why the credit union sent out letters the week of May 16 to about 800 people warning that their paperwork from transactions conducted at the branch May 5 may have been compromised by the attack. A spokesman for the Brockton-based credit union, said a Transpro courier working for the credit union was attacked shortly after 5 p.m. May 9. The transactions had all been processed, but related paperwork, including checks, were in the bag. While the suspect was caught, the bag has not been found, the spokesman said The compromised data was limited to names, addresses, and account numbers. Source:

17. May 19, San Jose Mercury News – (National) Federal grand jury in San Jose indicts six in mortgage fraud scheme. An unfolding Silicon Valley mortgage fraud investigation has netted six more targets who have been charged in San Jose, California federal court with orchestrating a multimillion-dollar mortgage and real estate scam, according to a 32-count indictment unsealed May 18. Federal prosecutors accuse the defendants of duping banks into extending loans to unqualified homebuyers, siphoning off more than $1 million in illicit commissions for themselves. The indictment was handed down by a federal grand jury earlier in May, but made public the week of May 16. It alleges that between 2004 and 2007, two members of the group solicited low-income homebuyers to purchase homes typically priced more than $500,000, even though they did not qualify based on assets. At the time, they were working as real estate agents for Century 21 Golden Hills Real Estate. The real estate agents would then refer clients to a mortgage firm, which would inflate the prospective homebuyers’ assets. They allegedly wound up coaxing more than $40 million in bad loans from banks. The defendants face a maximum penalty of 30 years in prison, though they are likely to face much less under federal sentencing guidelines. Source:

18. May 18, San Antonio Express-News – (Texas; California) Arrested bank robbery suspect reportedly admits to several heists. A 32-year-old man wanted in a bank robbery in San Antonio, Texas was arrested May 17 and reportedly confessed to several heists. The man even told members of an FBI task force that he used paint on his face to disguise himself as a black man in 2 of the 15 to 20 heists he admitted committing, according to court documents. The suspect was arrested May 17 in Columbus, Texas, 2 hours after the 11 a.m. robbery at the Falcon International Bank in the 2500 block of S.W. Military Drive in San Antonio. He had already been under suspicion for two bank robberies in Austin, records show. When agents caught him, the suspect was cooperative and gave a statement regarding heists in other states, including California, and one in Austin March 17, records show. His purported heists might equal those attributed to a serial bank robbery suspect dubbed the “I-35 Bandit,” who got the moniker for targeting banks along the Interstate 35 corridor in Texas. That suspect is known for takeover-style robberies and a ZZ-Top-style beard as part of his disguise. He is still being sought, officials said. Source:

For another story see item 48 below

Information Technology

47. May 20, The Register – (International) Firefox add-on with 7m downloads can invade privacy. A high-rated Firefox extension with more than 7 million downloads secretly collects data about every Web site the open-source browser visits and combines it with uniquely traceable information tied to the user, an independent security researcher said. The undisclosed behavior of the Ant Video Downloader and Player add-on takes place even when the Firefox private browsing mode is turned on or when users are availing themselves of anonymity services such as Tor. The add-on carries a rating of four out of five possible stars and gets an average of almost 7,000 downloads per day, according to official Mozilla statistics. The revelations raise new questions about the safety of extensions offered on Mozilla’s Web site. A spokeswoman for the open-source developer said the media player, like all public extensions not designated experimental, was vetted to make sure it meets a list of criteria. Chief among them is add-ons “must make it very clear to users what [privacy and security] risks they might encounter, and what they can do to protect themselves.” In the meantime, the add-on is available for download on Mozilla’s site with no warning. Source:

48. May 20, The Register – (International) Sony’s Thai website pwned by phisher scoundrels. Security researchers have discovered a phishing site running on Sony’s servers. A fraudulent site running off the domain is targeting an Italian credit card company, F-Secure reports. The incident means that another Sony property, in this case its Thai Web site, has been hacked. The incident is less serious than the PlayStation Network (PSN) hack in April, however, it does not bode well, especially after Sony went to great lengths to reassure everyone that it was tightening up security controls across the board in the wake of the PSN hack and a separate problem involving its online store. In related news, phishing e-mails seeking to con gamers into handing over their PSN log-in credentials to bogus sites have begun to appear. Source:

49. May 19, Computerworld – (International) Microsoft links fake Mac AV to Windows scareware gang. Microsoft said the week of May 16 it has evidence of a link between the fake security software targeting Mac users and a family of similar software on Windows. Phony security software, labeled “rogueware” and “scareware” by experts, has long been a huge thorn in Windows’ side. Earlier in May, however, researchers announced the discovery of a Mac-specific scam that claims the machine is heavily infected. Once installed, the software nags users with pervasive pop-ups and fake alerts until they disclose a fee to purchase the worthless program. To get rid of the program’s alerts, many Mac owners pay the $79.50 “registration fee” for the program. Mac users reported being tricked into downloading the fake software on Apple’s support forums and increasing numbers to Mac-centric antivirus vendor Intego, which identified at least three names for the same product: MacDefender, MacSecurity, and MacProtector. The bogus program is believed to be the first Mac security software scam. Engineers who work for the Microsoft Malware Protection Center said May 17 users who visit a Web page posing as a free online virus scanner get served either Mac or Windows scareware. The site delivers scareware dubbed “Win32/Winwebsec,” while Macs get “MacOS_X/FakeMacdef,” the engineers said. There is also evidence the same cyber criminal, or gang of scammers, created both versions. The engineers cited several similarities in the code of the two phony security programs, including nearly-identical URLs as the destination for “phone home” transmissions, similar Web addresses for the purchase pages of the pair, and sharing the same payment gateway, the site where users enter their credit card information to buy the useless utilities. They also suspect the maker of both pieces of scareware is Russian. Source:

50. May 19, IDG News Service – (International) Siemens says it will fix SCADA bugs. Siemens is working on a fix for some serious vulnerabilities recently discovered in its industrial control system products used to manage machines on the factory floor. The company said May 19 it was testing patches for the issues, just one day after a security researcher from NSS Labs was forced to cancel a talk on the issue because of security concerns. NSS Labs had been working with Siemens and the DHS’s Industrial Control Systems Cyber Emergency Response (ICS CERT) on addressing the issues for the past week-and-a-half. However, the company decided to cancel the talk when it turned out that Siemens’ proposed fixes were not completely effective, according to the CEO of NSS Labs. Siemens did not say when it expected to fix the problems. “Our team continues to work diligently on this issue — also together with both NSS Labs and ICS CERT. We are in the process of testing patches and developing mitigation strategies,” Siemens said in a statement. Source:

For another story see item 51 below

Communications Sector

51. May 20, TMC Net – (Virgina) Northrop Grumman fined $5M for massive government computer outage. Last summer, technical and human errors combined to cause a massive outage in data centers and data storage facilities operated by defense contractor Northrop Grumman, disrupting services of some 26 Virginia state agencies, including the Virginia Department of Motor Vehicles. Of those 26 agencies, 16 reported a financial impact due to the outage. Consequently, the state government has fined the contractor, who has also agreed to implement a corrective action plan that addresses the findings and recommendations in the independent third party audit report. Under an agreement, Northrop Grumman will provide $4.748 million in financial compensation and operational improvements to the Commonwealth for losses from the computer outage. Source:

52. May 20, – (Pennsylvania) Philly restaurant fire forces evacuation at two Beasley stations and Metro. A fire that started in the kitchen of a Houlihan’s restaurant caused two radio stations to send their staff to the street, and also impacted the Metro Networks traffic and news operation in Philadelphia, Pennsylvania May 20. The restaurant fire sent smoke billowing into the adjacent office building which houses Beasley’s Country WXTU-FM (92.5) and Rhythmic/CHR WRDW-FM “Wired” (96.5), as well as Metro Networks. Some sprinkler units within the building were set off due to the smoke on the lower floors of the 11-story building, causing some water damage which included the office that houses the radio stations. The Beasley stations remained on the air using automation. The Metro Networks regional director of operations told Radio-Info his staff was forced to evacuate, and some were sent down the street to a CBS Radio studio where reports for all-news KYW-AM (1060) continued. Metro Network staff was able to return to the building within a few hours after fire crews gave the go-ahead. Fire investigators and clean-up crews remained on site May 19 to assess the damage and continue with repairs. Source:

53. May 20, CNN – (National) Muslim convert charged with threats to ‘South Park’ creators. Federal authorities are using words uttered by the co-founder of a radical Islamic group to charge him with threats of violence against the creators of the “South Park” television show A criminal complaint alleging the communication of threats was filed in Virginia the week of May 9 against the Islamic leader. A senior law enforcement source told CNN May 19 the suspect is believed to be in Morocco, where he maintains Islampolicy(dot)com, an English-language Web site propagating pro al Qaida views. That Web site is a successor to Revolutionmuslim(dot)com. The man, a former resident of Brooklyn, New York, is the second person charged in the “South Park” case. Source:

54. May 19, IDG News Service – (International) Exchange Online has downtime problems again. Exchange Online, the hosted version of Microsoft’s e-mail system, ran into technical problems again May 19, the latest in a series of downtime and performance hiccups. The May 19 problems apparently began affecting users in North America, and at close to 5 p.m. seemed still unresolved, prompting frustrated IT administrators to post complaints on various discussion forums. A Microsoft official posted the following message to some of the discussion threads: “As of this morning, we are investigating reports of intermittent mail flow issues affecting Exchange Online users served from the Americas data center.” The outages affected 1 percent of all Exchange users, Microsoft said in an e-mail shortly after 5:30 p.m. “Currently all new inbound and outbound messages are delivering as expected; however there is a small percentage that remain in the queue awaiting delivery. Full resolution of the issue is expected shortly,” the company said. A spokeswoman said Microsoft does not disclose how many Exchange Online users there are. In October last year, the general manager of Microsoft’s Online Services division, told IDG News Service there were 40 million paid end-user seats of Microsoft Online Services, of which Exchange Online is a part. Source:

55. May 19, Cliffview Pilot – (National) Hudson swindler admits swiping $4.4 million worth of VOIP services. A Hudson County, New York con man admitted his role in a scheme to steal more than $4.4 million from several Voice Over Internet Protocol service providers by setting up shell companies that he and his cohorts claimed operated from the Empire State Building and other prominent addresses. The 32-year-old man, of Guttenberg, New York, admitted he and crew members held themselves out as the owners and operators of shell companies that purported to be established VOIP wholesalers. Their victims included AT&T, Cordial Communications, Digerati Networks, France Telecom, Iristel, Keywest Communications, Maxcom Telecomunicaciones, Pipeline Telecom, Primus Communications, Surfcreek Communications, and Verizon –- all of whom provided services to the crew on credit. The thieves then sold the VOIP services to legitimate wholesalers and pocketed the profits, the government said. Source:

For another story, see item 45 above in Information Technology