Monday, June 27, 2011

Complete DHS Daily Report for June 27, 2011

Daily Report

Top Stories

• Two U.S. suppliers pleaded guilty to charges of shipping fighter jet and attack helicopter parts to Iranian military officials, according to the Associated Press. (See item 12)

12. June 23, Associated Press – (International) Feds: 2 plead guilty to supplying Iranian military. Two American suppliers pleaded guilty to federal charges of shipping fighter jet and attack helicopter parts to Iranian military officials, and five other people based in France, the United Arab Emirates and Iran are charged with helping, prosecutors revealed June 23. The charges against the overseas individuals were part of an indictment unsealed in Georgia after a man from Macon, Georgia, and a man from Chicago, Illinois, pleaded guilty to conspiring to illegally export the parts to help repair Iran's aging aircraft fleet, prosecutors said. The man from Chicago, an Iranian-born U.S. citizen, was sentenced June 22 to more than 4 years in prison. The man from Macon could face as many as 40 years at his August sentencing. The indictment puts the Macon supplier at the nexus of a complex plot to export military parts for the Bell AH-1 attack helicopter, the UH-1 Huey attack helicopter, and the F-4 and F-5 fighter jets to Iranian military officials through other suppliers in Europe and the Middle East. Source:

• Associated Press reports two men intent on attacking a military recruiting station in Seattle, Washington, were snared in a terror plot sting. (See item 32)

32. June 23, Associated Press – (Washington) Justice Dept.: 2 men arrested in plot to attack military recruiting station in Seattle. Two men intent on attacking a military recruiting station in Seattle, Washington to inspire Muslims to defend their religion from U.S. actions abroad were snared by FBI agents in a terror plot sting, authorities said June 23. A suspect from Seattle, and a suspect from Los Angeles, California, were arrested June 22 after they arrived at a warehouse garage to pick up machine guns to use in the attack, an FBI agent wrote in a criminal complaint filed in U.S. district court. The machine guns had been rendered inoperable by federal agents and posed no risk to the public. The two suspects appeared in federal court in Seattle June 23 and listened as a prosecutor recited the charges against them. Detention hearings were set for June 29. The suspects could face life in prison if convicted. Authorities learned of the plot early in June when a third person recruited to participate alerted the Seattle Police Department, the complaint said. Investigators immediately began monitoring the men, and the confidential informant continued to string them along by promising to obtain weapons. The building, the Military Entrance Processing Station on East Marginal Way in Seattle, also houses a daycare. Recruits for all military branches are screened and processed there. The DHS said in a May 31 assessment with other organizations that it did not think it likely there would be coordinated terrorist attacks against military recruiting and National Guard facilities. Source:


Banking and Finance Sector

13. June 23, Los Angeles Times – (National) Report: 2,200 IRS databases, including those with taxpayer data, are vulnerable to hackers. Thousands of Internal Revenue Service (IRS) databases that hold sensitive taxpayer information use outdated security software, leaving them vulnerable to hackers, according to a government office that monitors the IRS. The Treasury Inspector General for Tax Administration said that an audit of IRS databases revealed that 2,200 databases the IRS employs to "to manage and process taxpayer data are not configured securely, are running out-of-date software, and no longer receive security patches." The audit, completed in May but released publicly June 23, also said the IRS had not completed its plans to scan its many databases for vulnerabilities. The IRS largely agreed with the report's findings and recommendations, and committed to fixing the issues by December. In a statement June 23, a spokesperson for the agency noted the report made "no direct assertion that any taxpayer data is at risk", and that most of the databases in question do not contain taxpayer data.


14. June 23, Detroit Free Press – (Michigan) Sterling Heights man guilty in bank fraud case. A 54-year-old Sterling Heights, Michigan man was found guilty June 23 of federal bank fraud after a 6-week trial in U.S. district court in Ann Arbor, the U.S. attorney’s office said. The government argued at trial that the man, an unemployed house painter, obtained more than $7.5 million from fraudulent first and second mortgages on 12 Birmingham homes in the spring of 2007. All of the mortgages went into default. The man was one of three men charged in the case. The jury was unable to reach a unanimous verdict against his co-defendants. The jury also failed to reach unanimous verdicts against the three men on charges of conspiracy to commit federal crimes and money laundering. The jury acquitted all three men of wire fraud. Source:

15. June 23, Sarasota Herald-Tribune – (Florida) Craig Adams associates plead guilty to mortgage fraud in Sarasota flipping fraud case. Four members of an alleged mortgage fraud conspiracy appeared June 23 before a federal magistrate, pleaded guilty to one of the largest mortgage fraud cases in Florida history, and were assured by the judge that they all would face prison time. The government's 91-page indictment, issued in February, alleged that the defendants, who are included among the 14 defendants indicted in the $47 million crime, conspired with the two alleged architects of the scheme to inflate property values and lie on mortgage applications to obtain millions in loans. The indictment followed a 2009 investigative series by the Sarasota Herald-Tribune that named the head of the scheme as the most prolific property flipper in Sarasota. The conspiracy count carries a possible sentence of 5 years and up to $250,000 in fines, while the count of making false statements carries a possible sentence of 30 years and up to $1 million in fines. Source:

16. June 23, Washington Post – (International) Iran is target of new U.S. sanctions. The U.S. President's administration June 23 imposed new sanctions against Iran Air, Iran’s largest air carrier, accusing it of aiding government organizations that support international terrorism and nuclear proliferation. The new measures announced by the Treasury Department allege links between Iran Air, the country’s national airline, and illegal weapons shipments to terrorist groups in Syria, and also to the transport of high-tech parts for Iran’s advanced missiles and nuclear programs. The sanctions restrict U.S. firms from conducting business with the airline in the United States or overseas. Also targeted for sanctions was Tidewater Middle East Co., a major port operator in Iran. U.S. officials said the measures were indirectly aimed at Iran’s powerful Islamic Revolutionary Guard Corps, whose leaders are alleged to dominate the country’s illicit trade in weapons parts and technology. Iran Air, a commercial airline with a fleet of 40 aircraft serving 25 international cities, has been under a variety of U.S. and international sanctions for more than 15 years. Its jets are banned from many European countries, in part because of concerns about the airline’s safety record. Tidewater, which operates in seven Iranian ports and manages a major terminal at the port hub Bander Abas, is owned by the Revolutionary Guard and has been previously accused of using its facilities for illegal shipments. The sanctions are intended to “further expose the [Guard’s] central role in Iranian illicit conduct ... so that the international community can take steps to protect against the risk of doing business” with the organization, a senior administration official told reporters in describing the measures at a news conference. Source:

17. June 22, SC Magazine – (International) New Zeus emails cloaked as Fed, IRS messages. Small and midsize organizations may want to take note: There is a particularly large Zeus spam campaign making the rounds. The e-mails piggyback on two trusted names — the Federal Reserve and the Internal Revenue Service (IRS) — to incite recipients to take unwise actions. Researchers at Barracuda Labs first spotted the huge uptick in the malicious messages June 20, when the e-mails were blocked before reaching some 120,000 users within 10 minutes. In particular, the e-mails claiming to originate from the Federal Reserve appear to target individuals in charge of an organization's finances. The body of the messages encourage recipients to click on a malicious link for more information about a wire fund transfer that was not processed. Users who click on the link are asked to install an executable, which actually is the data-stealing Zeus trojan, notorious for keylogging the corporate banking credentials belonging to small and midsize businesses, school districts, and charities. On June 22, the fraudsters switched their tactics to leverage the IRS name in their e-mails. The messages contained the same payload, but victims were told their federal tax payment was canceled by their bank, and they were encouraged to click on the malicious link for further details. Source:

18. June 21, – (National) Banks urged to get faster at reporting cyber breaches. An industry group representing the largest financial institutions said June 21 banks hit by cyber intrusions should immediately notify federal officials and affected customers, amid controversy over Citigroup's decision to wait weeks before informing account holders of a significant breach. The White House recently introduced legislative language that would allow a much longer grace period to inform consumers of data theft. The measure, which is part of a comprehensive proposal to strengthen U.S. network security, would replace a hodgepodge of 47 conflicting state laws with one national requirement to notify people whose personal information has been compromised within 60 days of detecting a breach. Source:

Information Technology Sector

36. June 24, Softpedia – (International) Firefox 4 will no longer receive security updates. Mozilla will not provide any more security updates for Firefox 4.0 because 5.0 is considered a replacement and officially starts a new 6-week development cycle. According to a discussion about Firefox 3.6 and 4.0 support on the mailing list, Firefox 4.0.1 was the only planned update for the 4.0 branch, and it was replaced by Firefox 5.0 when it was release June 21. Mozilla also switched to a silent/automatic update mechanism, but users will be prompted to opt-out if any of their add-ons are not compatible with the new version. Source:

37. June 24, threatpost – (International) Apple issues huge security update, releases OS X 10.6.8. Apple released a massive set of security updates for Mac OS X and a number of other applications June 23, fixing a total of 39 separate vulnerabilities in programs including QuickTime, MobileMe, and others. The company also released OS X 10.6.8. One of the more serious bugs that Apple fixed with the patch release is a vulnerability in OS X's certificate trust policy, which governs the ways in which users' systems handle digital certificates. The vulnerability can allow an attacker who already has a foothold on a network to eavesdrop and intercept users' credentials or other sensitive data. The certificate trust policy issue was identified and reported by two Google researchers. Apple also released patches for five individual vulnerabilities in QuickTime. All of the vulnerabilities Apple fixed can be used by an attacker to run arbitrary code on remote machines. Apple also fixed eight separate flaws in its MySQL implementation in OS X. The application, which ships with OS X Server, had several bugs that could be used for remote code execution. There also were five vulnerabilities in the company's OpenSSL implementation, some of which could be used for remote code execution. Source:

38. June 23, IDG News Service – (International) AT&T iPad hacker pleads guilty. A 26-year-old man who helped hackers steal personal information belonging to about 120,000 iPad users in 2010 pleaded guilty to fraud and hacking charges in a New Jersey court June 23. The man pleaded guilty in federal court to two felony charges, according to a spokeswoman with the U.S. Department of Justice. He faces a maximum of 10 years in prison on the charges, but his plea agreement recommends a 12- to 18-month sentence. He is one of two men charged in the June 2010 incident that embarrassed Apple and AT&T and brought the hacking group, Goatse Security, international attention. The other man is still in negotiations over a plea agreement, according to court records. Both men are facing charges in the U.S. District Court for the District of New Jersey. At the time of the incident, Goatse hackers claimed they were trying to make AT&T aware of a security issue on its Web site. They discovered that anyone could query the site and learn the e-mail addresses and unique integrated circuit card identifier (ICC-ID) numbers belonging to the iPad users. According to reports and court filings, they wrote a script that guessed the ICC-ID numbers (used to identify the iPad's SIM card) and then queried AT&T's Web site until it returned an e-mail address. The 26-year-old was accused of co-authoring this software, called "iPad 3G Account Slurper." The group uncovered e-mail addresses belonging to members of the military, politicians, and business leaders. Source:

For more stories, see items 17 and 18 above in the Banking and Finance Sector

Communications Sector

39. June 23, Government Computer News – (International) Crash takes down Microsoft's cloud-based Exchange service. Network errors took down Microsoft's cloud-based Exchange messaging service for several hours June 22. This latest outage, which affected users across North America, was not the first time customers got hit. Customers of Microsoft's Business Productivity Online Suite services experienced several outages during mid-May. Microsoft attributed the June 22 problem to errors with the network and said it has replaced defective hardware, and that service had been restored later that day. The outage became visible as customers began lodging complaints. Some users were having trouble sending messages, while others were unable to use the Service Health Dashboard. Source: