Friday, June 24, 2011

Complete DHS Daily Report for June 24, 2011

Daily Report

Top Stories

• According to IDG News, Ukraine’s security service said June 23 it had disrupted a cybercrime ring that cost the banking industry more than $72 million using Conficker, a worm unleashed in 2008. See item 15 below in the Banking and Finance Sector

• The Associated Press reports a U.S. Marine Corps reservist arrested in a security scare near the Pentagon was charged June 23 in a series of 2010 pre-dawn shootings at military buildings in the Washington D.C. area. (See item 41)

41. June 22, Associated Press – (Virginia; Washington, D.C.) Va. man charged in 2010 DC-area military shootings. A U.S. Marine Corps reservist arrested in a security scare near the Pentagon in Arlington, Virginia, the week of June 13 was charged June 23 in a series of pre-dawn shootings at military buildings in the Washington D.C. area last year. Federal prosecutors said in court documents they found bomb-making materials in a backpack carried by the 22-year-old, and found a list of suspicious items inside his home. They also said authorities discovered a video he took of himself firing shots outside one building last fall and repeatedly saying the Arabic words “Allahu Akbar,” which means “God is Great.” He was detained June 17 for trespassing inside Arlington National Cemetery. Investigators said he carried a backpack with some ammonium nitrate, which is widely used in explosives and is available commercially as fertilizer; a spiral notebook containing references to al-Qa’ida and Osama bin Laden; spent 9 mm shell casings; and cans of spray paint. Authorities also recovered a videotape from his bedroom that shows him firing shots out the passenger-side window of his car outside the National Museum of the Marine Corps. Inside his home, authorities found numbered items — including alkaline battery, battery connector for 9 volt, LED light, and epoxy or super glue — consistent with making a bomb. Investigators said forensic evidence links the suspect to five shootings last October and November, including at a U.S. Coast Guard recruiting office, a Marine Corps recruiting sub-station, and near the Pentagon. He was charged in two of the shootings, outside the Pentagon and the National Museum of the Marine Corps. An official has said the suspect has no known ties to al-Qa’ida or any other terrorist organization. Source: http://www.google.com/hostednews/ap/article/ALeqM5i72MzeKFFwTwkJZgVoPQmC2qHlZg?docId=d24b688a9a1b47e59a87541b273bd395

Details

Banking and Finance Sector

15. June 23, IDG News – (International) Ukraine disrupts $72M Conficker hacking ring. Ukraine’s security service said June 23 it had disrupted a cybercrime ring that cost the banking industry more than $72 million using Conficker, a fast-spreading worm unleashed in 2008. The hackers allegedly used Conficker to spread antivirus software, according to a translation of a news release from the SBU, the Ukraine’s state security service. The antivirus software, however, contained malware that collected online banking details. The SBU said it conducted 19 raids June 21 in tandem with law enforcement in other countries. Latvian police arrested two people, and more than 40 financial accounts were frozen in banks in Cyprus and Latvia. The FBI also participated in the investigation, along with agencies in England, the Netherlands, France, Germany, Cyprus, Latvia, and two other unnamed countries, the release said. Thirty servers were seized in countries outside the Ukraine. Ukrainian authorities questioned 16 people, and have seized computer equipment, documents, and money. Source: http://www.pcworld.com/businesscenter/article/230959/ukraine_disrupts_72m_conficker_hacking_ring.html

16. June 23, Nashville Tennessean – (National) Morgan Keegan to pay $200M in fraud settlement. Tennessee-based investment firm Morgan Keegan & Co. may soon be up for sale after agreeing to pay federal and state regulators $200 million to settle civil charges of defrauding investors during the housing crisis. The $200 million will be divided among some 39,000 investors who lost $1.5 billion in 2007 and 2008, according to the settlement announced June 23. Of the $1.5 billion in reported damages, about $300 million was lost in Tennessee, representing the greatest loss among the states impacted, said a spokeswoman with the Tennessee Department of Commerce and Insurance in a conference call with reporters. The settlement concludes the Securities and Exchange Commission’s charges last year against Morgan Keegan accusing the company of inflating the values of mortgage-backed securities during the subprime housing crisis. Morgan Keegan did not use “fair practice” procedures in determining security values in funds backed by risky mortgage loans, the regulators said. The firm inflated fund values and soft-pedaled potential risks to entice investors, the suit noted. Source: http://www.tennessean.com/article/20110623/BUSINESS01/306220130/Morgan-Keegan-to-pay-200M-in-fraud-settlement

17. June 22, KIMT 3 Mason City – (Minnesota) Counterfeit bill arrests. After a 2-month long counterfeit bill investigation, six people in three counties were arrested in Southern Minnesota. During the investigation since May of this year, the Secret Service, Southern Central Drug Investigation unit, and other agencies, have purchased more than $30,000 worth of counterfeit $100 bills. They also collected $3,200 worth of fake bills from businesses. On June 21, an undercover agent talked with one of the suspects to buy $5,000 worth of counterfeit currency. The suspect’s husband then showed up with $5,400 worth of counterfeit $100’s to sell to the agent, and he was put under arrest. Within a few minutes, search warrants were executed in the cities of Albert Lea, Owatonna, and Faribault. During a search, officers also found money making equipment, methamphetamine, and meth paraphernalia items. Source: http://www.kimt.com/content/localnews/story/Counterfeit-Bill-Arrests/7rmTOpd0ok-Nb0G82NyclA.cspx

18. June 22, Associated Press – (Minnesota; Wisconsin) 4 from Minn., Wis. charged in mortgage scheme. Four people from Minnesota and Wisconsin face racketeering charges in a multimillion-dollar mortgage fraud scheme that authorities said involved extensive and intricate false documents, including fake college transcripts, phony divorce decrees, and the forged signatures of Minnesota judges, according to a criminal complaint made public June 22. The complaint said the scheme operated from June 2009 through August 2010 and may have involved 136 properties in the Minneapolis-St. Paul area, and $23 million in federally insured loans. Officials said that unlike subprime mortgages of the past, the federally insured loans require extensive documentation, so the level of forgery that went into creating the documents in this case was intricate. The criminal complaint charges the four with racketeering, a charge which carries a penalty of up to 20 years in prison, and a fine up to $1 million if convicted. Prosecutors and commerce officials said that as part of the scheme, the defendants focused on homes sold at sheriff’s sales, and used the fake documents so straw buyers would qualify for loans they otherwise would not get. Then, they created a fake second mortgage against the property so that when the property was sold, they would collect kickbacks. In just nine of the dozens of suspected transactions, prosecutors allege the defendants collected more than $840,000 in kickbacks. Source: http://www.businessweek.com/ap/financialnews/D9O173780.htm

19. June 22, FBI – (Minnesota) 2 Twin Cities’ bank officers and customer indicted in multimillion dollar check-kiting scheme. In federal court June 22, two Twin Cities area bank officers were indicted, along with their bank customer, for allegedly concealing the customer’s multimillion dollar check-kiting scheme through a series of fraudulent nominee loans. The three Minnesota men were charged with five counts of misapplication of bank funds. The indictment alleges that from March 6, 2009 through January 29, 2010, the bank officers, aided and abetted by a third man, misapplied about $1.9 million from Pinehurst Bank in St. Paul. One of the men was the bank’s president and the other was the bank’s chief credit officer and senior vice president. The indictment alleges a businessman was kiting larger and larger amounts of bad checks between Pinehurst Bank and the second bank until late February 2009, when the second bank discovered the scheme and returned more than $1.8 million in bad checks to Pinehurst. Allegedly, the men then arranged five loans to go to straw borrowers of the businessman, and disbursed the $1.9 million to them, knowing those funds were intended to cover and did cover the check-kiting scheme. The indictment alleges the bank officers actively recruited the straw borrowers, were on the bank committee that approved the five loans, and took steps to conceal the loans from the bank’s board and regulators. If convicted, the defendants face a potential maximum penalty of 30 years in prison on each count. Source: http://www.loansafe.org/2-twin-cities-bank-officers-and-customer-indicted-in-multimillion-dollar-check-kiting-scheme

20. June 21, Agence France-Presse – (National) JPMorgan to settle securities fraud charges. A JPMorgan Chase affiliate will pay $153.6 million to settle charges it misled investors in a mortgage securities deal as the housing market bubble was collapsing, regulators said June 21. The Securities and Exchange Commission (SEC) said JPMorgan Securities, one of the Wall Street bank’s broker-dealer affiliates, has agreed to repay fully the harmed investors. The SEC alleged JPMorgan developed and marketed a complex financial instrument — collateralized debt obligation (CDO) — “without informing investors that a hedge fund helped select the assets in the CDO portfolio and had a short position in more than half of those assets.” The CDO — known as Squared CDO 2007-1 — was tied to the U.S. residential housing market, where prices plummeted following the sub-prime mortgage crisis. The SEC alleged that in March and April 2007, JPMorgan knew it faced growing financial losses amid the signs of distress in the housing market and then launched a “frantic” global sales effort that went beyond its traditional customer base for mortgage securities. Source: http://www.google.com/hostednews/afp/article/ALeqM5iclwQq_8MW68egw9Y7Chph6ffkdQ?docId=CNG.ec1ca707e5ead72afaed8780a6c517c1.551

21. June 21, CNN – (International) JPMorgan, RBS sued over securities sales. A federal watchdog for the credit union industry has sued JPMorgan and the Royal Bank of Scotland (RBS) for allegedly misrepresenting the value of the mortgage-backed securities that they sold in recent years, triggering the failure of five credit unions. The National Credit Union Administration (NCUA) filed suit in federal district court for $800 million against the two financial firms June 21. The agency, which regulates and charters credit unions, said it expects “to file additional actions and seek a total amount of damages in the billions of dollars.” It has accused JPMorgan and the RBS of making “numerous material misrepresentations” of the “questionable securities” they sold to the credit unions for a total of $3 billion. In one of the lawsuits, the regulator said that many of these securities, which were backed by mortgages, “were all but certain to become delinquent or default shortly after origination. As a result, the [securities] were destined from inception to perform poorly.” Source: http://money.cnn.com/2011/06/21/news/companies/jpmorgan_rbs_credit_union/?section=money_latest

Information Technology Sector

47. June 22, Computerworld – (International) Feds bust international gangs distributing scareware products. Federal law enforcement authorities working in cooperation with their counterparts in more than 10 countries disrupted the operations of 2 gangs responsible for distributing malicious scareware programs to more than 1 million people. Two Latvian citizens were indicted and more than 40 computers and several bank accounts were seized in connection with the action dubbed Operation Trident Tribunal. The two individuals face up to 20 years in prison if they are convicted on all charges. A statement issued by the FBI June 22 said the two Latvians were arrested June 21 in Rezekne, Latvia, for allegedly distributing and selling nearly $2 million worth of such scareware products. The two were charged with wire fraud, conspiracy to commit wire fraud, and computer fraud. An indictment unsealed in federal court in Minneapolis, Minnesota, accused the two of creating a fake advertising agency, and using it to plant a malicious advertisement in the Minneapolis Star Tribune with the intent of distributing scareware. Source: http://www.computerworld.com/s/article/9217866/Update_Feds_bust_international_gangs_distributing_scareware_products

48. June 22, Help Net Security – (International) Bad software patches cause critical IT failure. Half of businesses have suffered at least one business critical IT failure as a result of installing a bad software patch, according to a new study from GFI Software. The research also revealed that a quarter of those surveyed suffer recurring IT failures and lost productivity resulting from software bugs and incompatibilities introduced by badly developed software updates. Commitment to deploying critical updates quickly is clear, with 90 percent of those surveyed applying patches within the first 2 weeks after they are released. However, for many the process remains a manual one, with 45 percent not using a dedicated patch management solution to distribute and manage software updates. This lack of automation is a major contributing factor that explains why 72 percent of surveyed decision makers do not deploy within the all-important first 24 hours after a critical patch is released to the public. Source: http://www.net-security.org/secworld.php?id=11208

49. June 21, Dark Reading – (International) Malware increasingly being signed with stolen certificates. Cybercriminals are increasingly targeting developers’ systems to steal the private keys used to sign software. Programs signed with a digital certificate are considered safer by the operating system and security software, and the authors of malicious software have caught on. Thousands of certificates have been stolen and are being used by malware, according to the chief technology officer of AVG. In a quarterly security report, AVG found that in the first half of 2011, three times as many certificates were used to sign malware than the first half of 2010. Companies need to better protect their certificates, and security software should become more skeptical of signed code, AVG’s CTO said. Source: http://www.darkreading.com/advanced-threats/167901091/security/application-security/231000129/malware-increasingly-being-signed-with-stolen-certificates.html

For another story see item 15 above in the Banking and Finance Sector

Communications Sector

50. June 21, Fierce Government IT – (National) Federal government has dot-secure Internet domain under consideration. The federal government is considering creating a separate Internet domain for private sector critical infrastructure, one that would be subject to monitoring by the government for cyber threats, a federal official said during a June 21 Senate hearing. The idea of a dot-secure domain is “under great discussion among the interagency groups that work on these issues,” said the Internet policy advisor at the National Institute of Standards and Technology. He spoke before a panel of the Senate Judiciary crime and terrorism subcommittee. During the hearing, the panel chairman also criticized the White House cybersecurity proposal for not going farther in requiring private and public sector entities to disclose cybersecurity events. Source: http://www.fiercegovernmentit.com/story/federal-government-has-dot-secure-internet-domain-under-consideration/2011-06-21

51. June 21, Wall Street Journal – (International) Web addresses enter new.era. The organization that regulates the world’s Internet domain names approved changes June 20 that could allow anyone to register any name they like in almost any language as a Web address. The new rules affect what the industry calls top-level domain names, the familiar dot-coms and dot-nets that end every Web address. Now, instead of having to use one of those existing forms, users will be able to end their addresses with the name of their company, such as dot-Ford, or their city, like dot-Berlin. If successful, the change could alleviate a shortage of dot-com Web addresses and produce hundreds of millions of dollars in business for the companies whose business is managing the Internet’s vast registries, as well as those selling the names, called registrars. Companies could gain new tools for highlighting their identities and networking with suppliers and distributors. The shift, however, could also cause anxiety and disputes among governments, companies and other entities in safeguarding their brands and identities in cyberspace. Those seeking religious or political names, for example, could lead to sensitive situations. Companies, even those that are happy with dot-com and are not interested in adopting a new domain-name suffix, will have to monitor the process to head off any potential trademark or brand-name infringement from other applicants, Internet experts said. Source: http://online.wsj.com/article/SB10001424052702303936704576396963900727284.html?mod=googlenews_wsj