Thursday, July 21, 2011

Complete DHS Daily Report for July 21, 2011

Daily Report

Top Stories

• A Nuclear Regulatory Commission inspection found numerous safety problems at the Watts Bar nuclear plant near Spring City, Tennessee, WRCB 3 Chattanooga reports. (See item 10)

10. July 19, WRCB 3 Chattanooga – (Tennessee) Report shows safety concerns at TVA's Watts Bar Nuclear plant. A post-Fukushima evaluation of the Tennessee Valley Authority's (TVA) Watts Bar nuclear plant near Spring City, Tennessee, by the Nuclear Regulatory Commission (NRC) reveals many safety issues, WRCB 3 Chattanooga reported July 19. The NRC inspector said many of the Site Emergency Directors were not qualified as decision makers in the event of a major accident. He noted that 8 of the 33 emergency responders for a severe incident either did not have training, or had allowed their Severe Accident Management training to expire. The inspector also found diesel generators could not "be connected to required boards in an efficient manner." The NRC also suggested when the the back-up generator is built for Watts Bar Unit 2, it should be moved away from the Unit 1 generator because of "flooding events that would render [Unit 1's] mobile diesel generator not usable due to its current location below Max Flood Elevation." But the greatest concern for the inspector in the case of a blackout was Watts Bar plan to use one power plant to power the other. He said: "This supply was currently not available due to design changes and modifications." Among the items the NRC wanted to examine was the plant's ability to deal with more than one event at a time. A concern is if the plant were hit with a one-two punch, all of the firefighting equipment is stored in a building that is not earthquake-proof. One way the plant could find itself in a Fukushima-like flooding event would be destruction of a nearby dam in an earthquake. The report found Watts Bar's contingency plans for having enough water on hand to cool the super-heated nuclear material were drawn up before the construction of the Watts Bar Dam in 1943. Source:

• The FBI said July 19 it arrested 14 people thought to belong to the hacking group Anonymous for alleged participation in a series of distributed denial-of-service (DDoS) attacks against PayPal, according to Computerworld. (See item 17 below in the Banking and Finance Sector, item 46 below in the Communications Sector and item 37)

37. July 20, Orlando Sentinel – (Florida) UCF student arrested in national FBI roundup of cyberattack suspects. The FBI arrested a University of Central Florida (UCF) student on a computer-hacking charge July 19, the same day agents across the country arrested more than a dozen others for their suspected roles in cyberattacks reportedly linked to the group Anonymous. The 21-year-old computer engineering major from North Fort Myers, was arrested at his dorm on the UCF campus about 11 a.m. FBI agents said the suspect hacked into the Tampa Bay InfraGard site June 21 and uploaded three files. InfraGard is an FBI program designed to establish an alliance among academia, private industry and the federal agency, where members exchange information.



Banking and Finance Sector

13. July 19, Reuters – (National) NYC jury convicts ex-CEO in $110 million fraud. A Manhattan, New York jury convicted a former Industrial Enterprises of America Inc. chief executive July 19 of stealing more than $110 million from the chemicals company and its investors, prosecutors said. The 47-year-old was convicted on 30 felony counts, including grand larceny, scheming to defraud, conspiracy falsifying business records, and violating the Martin Act, a state law used to combat securities fraud. The man's predecessor as chief executive pleaded guilty in January to four felony counts over the same scheme. He testified against his successor in the 6-week trial before the New York State Supreme Court. According to prosecutors, the man ran a "pump-and-dump" scheme from 2004 to 2008 in which he fraudulently issued 43 million Industrial Enterprises shares totaling more than $90 million, and used the proceeds to inflate the Pennsylvania-based company's balance sheet. They said the Cleveland, Ohio resident then sold his stock at inflated prices to bankroll a lavish lifestyle. The former chief executive retired in 2007, and the 47-year-old succeeded him for a short time in 2008, having also served as chief financial officer and general counsel, prosecutors said. Industrial Enterprises filed for bankruptcy protection in May 2009. The former chief executive testified he and his successor created bogus minutes of board meetings that never took place, and tried to conceal the fraud by falsifying documents of consulting services that were never provided. Source:

14. July 19, New Orleans Times-Picayune – (Louisiana) 'Paw Paw bandit' sought in Metairie, Kenner bank robberies. Robbery investigators were trying to identify a heavy-set man about 60-years-old who knocked off four banks in Metairie and Kenner, Louisiana, in the past 6 weeks. In each case a man now dubbed the "Paw Paw bandit" for his apparent age handed a robbery note to a teller and made off with an undisclosed amount of cash, the FBI said July 19. He wore a different ball cap each time. The robberies occurred: June 10 at a Whitney Bank, 2609 Veterans Memorial Boulevard, Kenner; June 24 at a Capital One, 1501 Veterans Memorial Boulevard, Metairie; July 8 at a Whitney Bank, 3060 N. Causeway Boulevard, Metairie; and July 16 at a Capital One, 2200 N. Causeway, Metairie. The first three robberies happened on Fridays in late afternoon, and in each, the man wore sunglasses and implied he had a weapon. The fourth robbery occurred July 16 about 11 a.m., and the robber did not imply a weapon. The Metropolitan Orleans Bank Security Association and the FBI are offering a reward of as much as $5,000 for information leading to the arrest and indictment of this robber. Source:

15. July 19, FBI – (Connecticut) Connecticut man admits obtaining $4.7 million in fraudulent mortgages on 21 homes in New Haven County. The U.S. Attorney for the District of Connecticut, announced that a 56-year-old of East Haven, Connecticut man waived his right to indictment and pleaded guilty July 19 in Hartford to one count of conspiracy to commit wire fraud stemming from his participation in a mortgage fraud scheme in New Haven County. According to court documents and statements made in court, the man owned and operated ATZ Realty. From June 2006 to October 2007, he conspired with a former employee to purchase 11 properties in New Haven County in her name. As part of the conspiracy, the pair made false statements to various mortgage lenders, including statements about the former worker's income, assets, liabilities, employment, and intention to occupy the home as a primary residence. Through this scheme, the man obtained more than $2.7 million in fraudulent mortgages. In pleading guilty, he also admitted that he committed mortgage fraud with respect to another 10 properties in the greater New Haven area from March 2005 to November 2006. By making, or causing to be made, materially false statements to various mortgage lenders, he obtained 11 fraudulent mortgages totaling more than $2 million to purchase the 10 properties in another individual’s name, but for his own benefit. In total, he obtained, or helped to obtain, 22 fraudulent mortgages totaling about $4.8 million to purchase 21 properties in New Haven County. All 21 properties have been foreclosed upon or are in default, causing losses of more than $1 million to the lenders. He faces a maximum term of imprisonment of 5 years. Source:

16. July 19, Bergen County Record – (National) Lodi man faces prison time in $40.8-million fake loan scheme. A Lodi, New Jersey man pleaded guilty July 19 to charges in a mortgage fraud scheme that netted $40.8 million in falsely obtained home loans, authorities said. The 33-year-old man created fake W-2 forms, fake income tax returns, and fake investment returns to help “straw” buyers get approved for a number of loans for homes in Wildwood Crest, Georgia, South Carolina, and elsewhere, said a spokeswoman for the U.S. attorney's office. Much of the proceeds from those loans were then distributed to the man — said by authorities to have made $2.8 million — and a number of other co-conspirators, who include many of the ”straw” buyers, prosecutors said. The scheme, which ran from September 2006 to September 2008, entrapped a number of prominent banks, including Wells Fargo, Wachovia, and Chase, which were defrauded of millions of dollars on the properties, prosecutors said. At least 17 other conspirators were involved in the scheme. The man's role, prosecutors said, was to locate properties for potential purchase and line up straw buyers to apply for the mortgages. Buyers were told that in exchange for the use of their names and credit scores, they would receive an upfront payment after the mortgage was approved. Any closing costs, monthly mortgage payments, and other expenses were then assumed by the man and others, according to the court papers. He pleaded guilty to one count each of conspiracy to commit wire fraud, and conspiracy to commit money laundering. He faces up to 30 years in prison and a $1 million fine for the wire fraud charge, and up to 10 years in prison and a $250,000 fine for the money laundering charge. As part of a plea deal that he struck with prosecutors, he also must repay the $2.8 million prosecutors said was his personal profit from the scheme. Source:

17. July 19, Computerworld – (National) Anonymous' arrests tied to PayPal DDoS attacks, FBI says. The FBI said July 19 it arrested 14 people thought to belong to the hacking group known as Anonymous for alleged participation in a series of distributed denial-of-service (DDoS) attacks against PayPal in 2010 in retaliation for its perceived opposition to WikiLeaks. The defendants were arrested on no-bail arrest warrants in a series of raids in Alabama, California, Colorado, Washington D.C., Massachusetts, and five other states. All were charged in an indictment unsealed in federal court in San Jose, California, July 19. Two other individuals were arrested on related cybercrime charges. One was arrested in Florida on charges he illegally accessed files from a Tampa Bay InfraGard Web site in 2010, and then publicly posted information telling others how to break into the site. The other indictment unsealed in federal court in New Jersey charged a man from Las Cruces, New Mexico, with allegedly stealing roughly about 1,000 documents, applications and files with protected business information from an AT&T server in June 2011, and posting them on a public file-hosting site. The attacks, dubbed "Operation Avenge Assange," were coordinated by Anonymous using an open-source tool called Low Orbit Ion Cannon the group made available for public download. The 14 individuals named in the indictment have each been charged with conspiring to cause damage to a protected computer, and intentionally causing damage to a protected computer. The conspiracy charge carries a maximum of 5 years in prison and a $250,000 fine, while the intentional damage charge carries a maximum penalty of 10 years in prison and a $500,000 charge. Source:

18. July 15, Security News Daily – (National) Fake banking E-mail targets your wallet, computer. A new spin on an old cybercrime ploy is using a devious fake warning about users' bank account information to trick them into opening their wallets. Scam e-mails are spreading on the Web claiming to contain an important financial statement, researchers at the security firm BitDefender reported July 15. The supposed important data is located in what looks to be a Microsoft Word attachment called "Financial_Statement(dot)exe," BitDefender said. (Similar scams use a "Postal_document(dot)exe" attachment.) However, the financial statement attachment has no sensitive information; instead, it has a Trojan that copies itself onto the user's system. In this case, the rogue attachments attempt to trick users into purchasing anti-virus software they don't need. "The application floods the screen with lots of warning pop-ups to scare the user into buying a useless disinfection tool," BitDefender wrote. The offending Trojan also shuts down programs and informs victims that the programs are infected with a virus. BitDefender warns users to never open suspicious e-mail attachments, especially if they come from a bank, as banks will never send unsolicited e-mails about financial data. Source:

Information Technology Sector

41. July 20, H Security – (International) Oracle patch day closes 78 security holes. Oracle released 78 security patches as part of its July Critical Patch Update. There are 13 fixes for the Oracle Database server, two of which could be remotely exploited by an attacker without authentication. Some of the most critical bugs fixed include holes in Oracle Secure Backup, JRockit, and the Sun SPARC server (Netra T3 and T3 Series). Each product contains vulnerabilities that have a Common Vulnerability Scoring System (CVSS) score of 10.0, the highest possible level of severity. Other vulnerabilities addressed by these updates include holes in, for example, Solaris, Oracle Fusion Middleware, and Oracle Enterprise Manager Grid Control. As several of the vulnerabilities allow an attacker to remotely exploit systems, Oracle recommends system administrators install the patches as soon as possible. Source:

42. July 20, Softpedia – (International) DDoS bot hides as Java update. Antivirus vendor BitDefender warned a piece of malware designed for DDoS is being distributed as a Java update. "...[I]nvestigation on the file revealed more than meets the eye: a carefully-crafted piece of malware that is extremely viral [...] and can be used as a powerful tool to initiate distributed denial-of-service attacks," a BitDefender security expert said. Besides being distributed from legitimate compromised sites, the piece of malware, which BitDefender detects as Backdoor.IRCBot.ADEQ, is capable of spreading itself through a variety of methods. These include copying itself to folders shared by default by certain P2P applications, infecting USB drives, copying itself to network shares, and sending itself via Windows Messenger or e-mail. The trojan is designed to uninstall other DDoS bots including Cerberus, Blackshades, Cybergate, or the OrgeneraL DDoS Bot Cryptosuite which infect winlogon.exe, csrss.exe, and services.exe. The botmasters can schedule the bot to launch DDoS attacks against particular URLs at particular times, for predefined intervals of times, and with a specific frequency of requests. Some experts think this capability suggests the bot's creators might be running a pay-for-DDoS or botnet-for-hire business. Source:

43. July 19, Computer Reseller News – (International) Another cloud outage strikes Microsoft BPOS, Exchange Online. Microsoft Business Productivity Online Suite (BPOS) suffered another outage July 19, adding to its recent streak of cloud outages and issues. The outage put the BPOS Exchange Online e-mail services out of commission for an unknown number of customers for more than 2 hours. Source:

44. July 19, threatpost – (International) Microsoft research team reports bugs in Facebook, Google Picasa. Microsoft's Vulnerability Research team disclosed a vulnerability in Google's Picasa photo editing and sharing application, and a bug in Facebook that could lead to the compromise of a victim's account. The bug in Picasa could allow an attacker to gain complete control of a user's machine if he/she could entice the victim into downloading a malicious JPEG file. The vulnerability in Facebook involves a problem with the way the site implemented its protection against clickjacking attacks. An attacker could use the vulnerability to gain full access to a victim's account. Facebook has since fixed the problem. Source:

45. July 19, H Security – (International) Wireshark updates fix security vulnerabilities. Wireshark developers announced the release of versions 1.6.1 and 1.4.8 of their open source, cross-platform network protocol analyzer. The developers said these maintenance and security updates address multiple vulnerabilities that could cause Wireshark to crash "by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file." These include problems related to the Lucent/Ascend file parser and the ANSI MAP dissector, both of which were susceptible to an infinite loop bug. Wireshark 1.4.0 to 1.4.7 and 1.6.0 are said to be affected. A number of bugs in both versions were also fixed. Source:

For more stories, see items 17 and 18 above in the Banking and Finance Sector, 37 above in Top Stories and 46 below in the Communications Sector.

Communications Sector

46. July 20, Las Cruces Sun-News – (National) Local man allegedly stole, posted AT&T customer data. A former Las Cruces, New Mexico call center employee was arrested July 19 by FBI agents for allegedly leaking confidential files that ended up in the hands of a computer hacking group, the Department of Justice and the FBI announced. While working as an AT&T customer support representative at Convergys in Las Cruces, he allegedly stole confidential business data stored on AT&T's servers and posted it on a public file sharing site, according to the complaint unsealed in the District of New Jersey, where AT&T is headquartered. On April 10, the 21-year-old allegedly downloaded thousands of documents, PowerPoint presentations, images, PDFs, applications, and other files that, on the same day, he allegedly posted on, a public file hosting site that promises user anonymity. AT&T's Chief Security Office Team in New Jersey discovered the breach April 16, and found the suspect had downloaded the material in question and accessed using an address on the company's internal network, according to court documents. He was terminated May 19. On June 25, the computer hacking group LulzSec publicized that they had obtained the confidential AT&T documents and made them publicly available on the Internet. Source:

47. July 19, – (North Carolina) The FCC drops a $25,000 fine on a North Carolina gospel station. Wilson, North Carolina's WGTM-AM 590 was recently hit by the Federal Communications Commission with a fine totaling $25,000, covering three major operational problems. The violations include the failure to maintain and make available for inspection the public file ($10,000), failure to have a working Emergency Alert System ($8,000), and failing to properly enclose the tower site ($7,000). The owner of WGTM-AM, Spirit Broadcasting, claims they were in the process of moving the radio station at the time of the violations in 2010. Source:

48. July 18, WSAZ 3 Huntington/Charleston – (West Virginia) Seven arrested in connection with copper thefts in Southern W.Va. Seven people were arrested in connection with stealing copper, disrupting telephone service, and causing hundreds of thousands of dollars worth of damage in Logan County, West Virginia, WSAZ 3 Huntington/Charleston reported July 18. The investigation stretches all the way back to last summer when thieves targeted phone lines in the Buffalo Creek area. The phone company hopes the arrests by West Virginia State Police will send a strong message because copper theft has plagued the entire state. Police said the ring was made up of seven people, all of whom pleaded guilty to many charges — including grand larceny, and transferring stolen property. Frontier Communications said it has made stopping such crime a top priority. While the suspects may have made just a few hundred dollars from the thefts, they’re expected to pay more than $200,000 in restitution to Frontier. Source:

For another story, see item 17 above in the Banking and Finance Sector