Monday, July 25, 2011

Complete DHS Daily Report for July 25, 2011

Daily Report

Top Stories

• Swiss Technology, Inc., a manufacturer of weapons and defense systems in Clifton, New Jersey, admitted in court it exported U.S. Department of Defense (DOD) drawings to China, the Clifton Journal reports. (See item 17)

17. July 22, Clifton Journal – (International) Swiss Tech admits to exporting U.S. Defense drawings to China. Swiss Technology, Inc., a manufacturer of weapons and defense systems in Clifton, New Jersey, admitted July 12 in federal court it conspired to violate the Arms and Export Control Act and export U.S. Department of Defense (DOD) drawings to the People’s Republic of China. During the proceeding in Newark, the company said it contracted with an unidentified Chinese company to make parts more cheaply than it would cost to make them in the United States. According to documents filed in the case and statements made in court, the company contracted with the DOD to manufacture parts of M4 and M16 rifles and M249 machine guns from 2004 until 2009. Rather than manufacture the parts, Swiss Tech exported DOD drawings, specifications, and sample parts to China without obtaining a license from the U.S. State Department. As a result of the conspiracy, Swiss Tech caused the DOD to sustain losses of more than $1.1 million in connection with the fraudulent contracts. Additionally, Swiss Tech’s interim president pleaded guilty on the company’s behalf and, as part of the plea agreement, agreed to pay about $1.14 million in restitution to the DOD. Source:

• At least 16 people were killed and dozens were injured when linked attacks occurred in Norway, July 22, according to CNN. The attacks included a massive bombing of government buildings, and a shooting at the ruling party’s youth camp. (See item 36)

36. July 22, CNN – (International) Norway struck by 2 deadly attacks. Norway came under deadly attack July 22 with a massive bombing in the heart of its power center and a shooting at the ruling Labor Party’s youth camp on an island outside the capital — attacks that police said are definitely linked. At least seven people were killed in the blast in Oslo, and at least nine were killed on Utoya Island, which is about 20 miles away, police said. A police spokesman said a man arrested on the island appeared to match the description of a person seen near government buildings shortly before the bomb erupted. He said the man was wearing a police emblem on his blue sweater, though he does not work for police. Oslo University Hospital reported receiving 11 people seriously wounded by the attack in the capital, and eight others wounded in the camp shooting. The prime minister, whose office was badly damaged in the Oslo blast, leads Norway’s Labor Party, which runs the youth camp, where about 700 people were in attendance July 22. People at the camp on northern Utoya Island said the man arrived on the boat that ferries most visitors across the three fourths of a mile of water from the mainland, and told campers that he was carrying out a security check, a Labor Party member said. “After just a few minutes, he took a handgun and started to shoot people,” he said. Citing Norwegian broadcasters, the party member said the man was stopped by Norwegian police. An Oslo police spokesman said the explosion in the capital was caused by a bomb. Several buildings were damaged, many of the windows of the government tower that houses the prime minister’s offices were blown out. Several buildings in Oslo were on fire, smoke billowing from them, a witness said. He said the blast severely damaged the oil ministry and left it in flames. Source:


Banking and Finance Sector

21. July 22, Denver Post – (Colorado) Lochmiller convicted in $30 million real estate fraud. A federal jury in Grand Junction, Colorado, July 21 found a former mortgage firm executive guilty on conspiracy, money laundering, and mail fraud charges related to a $30 million real estate scheme that claimed more than 400 victims, federal prosecutors announced. Two other co-defendants previously pleaded guilty, and are awaiting sentencing. The man’s firm, Valley Mortgage, began in 2000 buying vacant land or existing mobile home parks and selling lots with either a mobile or manufactured home on them, according to prosecutors. The firm, which operated as Valley Investments in 2007, advertised in local newspapers to solicit investments from the public with promised returns ranging from 10 to 18 percent. Investors were promised a promissory note and a recorded first deed of trust on individual lots, and told their funds would go exclusively to acquire properties and finance the subdivisions. Despite those assurances, investor funds went to pay off earlier investors and to cover personal expenses, prosecutors alleged. Investors also were not told the assets the company owned fell far short of the investments gathered, and that their liens were not first position, making them worthless. Source:

22. July 21, San Antonio Express-News – (Texas) Man admits Ponzi scheme. A one-time San Antonio, Texas businessman faces up to 8 years in federal prison after pleading guilty July 21 for his role in a multimillion-dollar Ponzi scheme. The 58-year-old pleaded guilty in San Antonio federal court to securities fraud, and money laundering. He likely will have to make restitution. He was part of a six-person network that raised more than $100 million from hundreds of investors around the country in return for promises of lofty returns on investments made with major foreign banks, federal prosecutors allege. None of the money was invested, however. The man used investor funds to pay personal and business expenses, including paying off the mortgage on the office building once occupied by TNT Office Supply, his now-defunct company. From 2003 to 2005, he personally collected more than $20 million from about 40 investors. More than $8 million in investor losses were blamed on the former businessman. He was described by prosecutors as a “sub-promoter” for another man who is serving a 9-year prison sentence. He also must pay $29 million in restitution. The convict told investors they could earn monthly returns of 5 percent to 8 percent, which amounts to a return of 60 percent to 96 percent on an annual basis. He previously settled civil nor denied the agency’s allegations. Source:

23. July 21, KAPP 35 Yakima – (Washington) FBI believes Bad Hair Bandit has robbed again. The FBI believes a bank robbery in Richland, Washington, July 18 was likely the work of the so-called Bad Hair Bandit. A woman robbed the Yakima Federal Savings and Loan on Jadwin Avenue in Richland. The FBI said based on the how the robber carried out the crime and physical description given by witnesses, it is safe to say the Bad Hair Bandit has struck again. The woman has robbed several banks across Washington since last December. Source:

24. July 21, Reuters – (International) Swiss adviser charged in tax fraud tied to UBS. A Swiss financial adviser was charged July 21 with helping more than 60 U.S. taxpayers hide more than $184 million in Swiss bank accounts, and move assets from UBS AG to other Swiss banks to avoid getting caught. The owner of Zurich-based Sinco Treuhand AG was indicted on a charge of conspiring to hide clients’ income from the Internal Revenue Service from 1998 to 2009, the office of the U.S. Attorney in Manhattan, New York said. The indictment came nearly two and a half years after UBS avoided U.S. criminal prosecution by agreeing to pay a $780 million penalty, and admitting it helped Americans hide income from the IRS. Criminal charges were formally dropped in October 2010. If convicted, the 57-year-old man could face 5 years in prison plus a fine. U.S. authorities separately charged several Credit Suisse Group AG bankers July 21 — including a former head of North America offshore banking — of helping wealthy Americans evade taxes. The owner of Sinco is an accountant. Prosecutors said that to further his conspiracy, he began in 2001 creating sham corporations, “establishments”, and “foundations” under the laws of Hong Kong, Liechtenstein, and elsewhere. Several of the entities have been named in earlier cases filed in New York and Boston federal courts against former UBS clients. In 2008, upon learning U.S. authorities were investigating UBS, he helped his U.S. clients move accounts to other Swiss banks, prosecutors said. He also was said to provide various Swiss banks with bogus IRS forms that fraudulently stated that undeclared accounts at those banks were not U.S. clients. Source:

Information Technology Sector

44. July 22, H Security – (International) CA Gateway Security vulnerable. CA warned of a critical vulnerability in its Gateway Security 8.1 business security solution that allows attackers to inject malicious code into systems. According to the Zero Day Initiative, special HTTP requests to port 8080 can be used to remotely write code into critical areas of the heap, and the arbitrary code can then be executed within the context of the Gateway Security service. The company has provided a fix for Gateway Security. Alternatively, users can upgrade to version 9.0. Users of Total Defense Suite r12 are also advised to take action quickly as the vulnerable version of Gateway Security is part of this security package. Source:

45. July 21, Dark Reading – (International) Embedded Web servers exposing organizations to attack. A researcher who has been scanning the Internet for months looking for unsecured, embedded Web servers has found a bounty of digital scanners, office printers, voice-over-IP (VoIP) systems, storage devices, and other equipment fully exposed and ripe for attack. The vice president of security research for Zscaler Labs, at Black Hat USA 2011 in August, will demonstrate his findings: Ricoh and Sharp copiers, HP scanners, and Snom VoIP phones were the most commonly discovered devices, all accessible via the Internet. The researcher indicated the issue is a recipe for disaster: embedded Web servers with little or no security get misconfigured when they are installed. Most likely, the potential victims are small to midsize businesses or consumers with less technical expertise who misconfigure their devices and have no idea they are showing up online. Source:

46. July 21, Softpedia – (International) XSS vulnerability fixed in Joomla update. The Joomla Project released version 1.7 of its content management platform as a security update that patches a cross-site scripting vulnerability and introduces an easier update mechanism. The XSS flaw is located in the Joomla core components and stems from inadequate input escaping. The vulnerability was reported by July 11, and affects Joomla 1.6.5, and all earlier 1.6.x versions. It is rated as medium severity. Source:

47. July 21, H Security – (International) Security update for Foxit Reader 5 released. Foxit Software released version 5.0.2 of its PDF Reader, a maintenance and security update that addresses two vulnerabilities in the application. According to the company, the update closes a hole, rated as “highly critical” by security specialist Secunia, caused by a memory boundary error that could result in a heap-based buffer overflow. For an attack to be successful, a victim must first open a specially crafted PDF file in a Web browser. A second Insecure Library Loading vulnerability that could be exploited by an attacker to execute arbitrary code when opening certain PDF files has also been fixed. The first vulnerability was discovered by a Secunia researcher, while the second bug was reported by a researcher from Security Consulting Services. Versions up to and including Foxit Reader 5.0.x are said to be affected. Source:

Communications Sector

48. July 22, The Register – (International) Evil ‘666’ auto-whaler tool is even eviler than it seems. Hackers have created a fake tool especially designed to exploit the laziness of clueless and unskilled phishing fraudsters. The fake tool poses as a utility that scours the net for fraudulent sites and pilfers any log-in credentials that victims might have entered, making them available to crooks who had nothing to do with the original fake site. Tools of this type are called auto-whalers and are not unprecedented. This particular variant, however, comes with surprise backdoor functionality, GFI Software has discovered. The utility steals passwords from a user’s machine using a password-stealing trojan called Fignotok-A. Source: