Thursday, September 1, 2011

Complete DHS Daily Report for September 1, 2011

Daily Report

Top Stories

• Portions of Interstate 680 and Interstate 29 in Nebraska and Iowa were destroyed due to flood waters. Repairs are expected to run well into 2012, officials said the week of August 29. – Omaha World-Herald (See item 17)

17. August 31, Omaha World-Herald – (Iowa; Nebraska) I-680 is ‘obliterated ... gone’. Interstate 680 between Omaha, Nebraska, and western Iowa is no longer a freeway, the Omaha World-Herald reported August 31. It is a crumpled, massive jigsaw puzzle of concrete and asphalt, with massive chunks turned over by Missouri River floodwaters that channeled under the road bed, then collapsed it. That is one reason officials say it could take long into 2012 or later to complete repairs to I-680 from the Mormon Bridge to Interstate 29 north of Council Bluffs — largely because parts of the road and its supports ran against floodwaters flows and washed away. A member of the Iowa Transportation Commission said officials estimate it will be October 19 before floodwaters have receded enough to allow Iowa Department of Transportation employees to properly assess flood damage to Interstate 29, much of which was also closed due to flooding. Iowa transportation officials say the state has about 60 miles of primary roads closed, including portions of I-680 and I-29. About 25 miles of those remained underwater the week of August 22. Source: http://www.omaha.com/article/20110831/NEWS01/708319910/0

• Several dozen Web sites, including Google, were affected by a security breach in which attackers created fraudulent authentication certificates, the Dutch company that issues the certificates reported August 30. – IDG News Service. See item 43 below in the Information Technology Sector

Details

Banking and Finance Sector

10. August 31, Atlanta Journal-Constitution – (Georgia) Georgia man convicted in $7 million scheme. A Georgia man was convicted August 30 in a scheme that netted him more than $7 million, the U.S. Attorney’s Office announced. The 46-year-old and his corporation, Frontier Holdings Inc., were found guilty of two counts of mail fraud, 17 counts of wire fraud, and 11 counts of money laundering by a federal district court jury in Rome, Georgia. “He persuaded retired teachers and dental hygienists to give them the equity in their homes and retirement plans. Then he spent the victims’ hard-earned money on lavish vacation cruises, real estate, fur coats, Tiki carvings, and luxury cars,” a U.S. attorney said. The broker promised returns of between 41 and 1066 percent on money put in high-yield investment accounts, according to the evidence presented in court. He also claimed to own a bank and be a “special agent” of the Federal Reserve. More than 30 people sent over $7 million to the man. When investors demanded payments, he could not deliver, authorities said. Source: http://www.ajc.com/news/georgia-man-convicted-in-1152357.html

11. August 31, WTVT 13 Tampa Bay – (Florida) ATM skimmer used in account thefts. The Pasco Sheriff’s Office in Florida was still searching August 31 for a man seen in surveillance video, apparently skimming ATMs in Pasco and Pinellas County. In video from a Bank of America on Bartlet Road in Holiday, he makes no attempt to hide his identity. Using ATM skimmers, the unidentified man stole $26,000 from customers at various Bay Area banks, compromising 44 accounts. “It looks like he would go in late at night to put these skimmers on the ATM and then come back, say, two in the morning and remove the skimmer before the bank noticed that it was there,” explained a Pasco Sheriff’s Office spokesman. The man has been caught on camera with Krazy Glue, apparently sticking the skimmer onto the ATM card reader. Source: http://www.myfoxtampabay.com/dpp/news/local/nature_coast/atm-skimmer-suspect-083011

12. August 30, U.S. Department of Treasury – (International) Treasury targets additional Syrian government officials for sanctions. The U.S. Department of the Treasury August 30 announced the designations of three senior officials of the government of Syria – Syria’s Foreign and Expatriates Minister, Syria’s Presidential Political and Media Adviser, and Syria’s Ambassador to Lebanon – pursuant to Executive Order (E.O.) 13573. Signed by the U.S. President on May 18, 2011, E.O. 13573 targets senior officials of the government of Syria. On August 18, 2011, the President signed E.O. 13582, imposing additional sanctions – the strongest to date – against the government of Syria and its instrumentalities, including its Central Bank and its energy sector. As a result of the August 30 action, U.S. persons are generally prohibited from engaging in transactions with any of the designees and any assets they may have subject to U.S. jurisdiction are frozen. Source: http://www.treasury.gov/press-center/press-releases/Pages/tg1283.aspx

13. August 30, Bloomberg – (National) U.S. Bancorp unit sues BofA’s Countrywide over loan pool. A U.S. Bancorp unit asked a New York court to force Bank of America Corp.’s Countrywide Financial unit to repurchase more than 4,000 loans in a mortgage pool to repair breaches of contract related to improper underwriting. The unit, U.S. Bank National Association, sued Countrywide August 29 in state court in New York, saying the lender agreed when it sold the pool in 2005 that it would repurchase all the loans within 90 days of receiving notice of a material breach. U.S. Bank is trustee for HarborView Mortgage Loan Trust 2005-10, which held the pool. The pool’s original value was $1.75 billion, the bank said in court papers. “Soon after being sold to the trust, Countrywide’s loans began to become delinquent and default at a startling rate,” U.S. Bank said in its complaint. “During the time period in which Countrywide originated the loans, it completely ignored its underwriting guidelines.” U.S. Bank asked the court to find that, as a result of a breach of its seller representation, Countrywide must repurchase all the loans. Or the court can order Countrywide to repurchase all defective loans, U.S. Bank said. A review of loan performance found that in a sample of 786 loans “an extraordinary 66 percent of the loans breached one or more mortgage representations,” according to the U.S. Bank complaint. The bank asked Countrywide to “either cure the breaches or repurchase the loans,” according to the lawsuit. “To date, Countrywide has failed to repurchase any loan put back to it by the trustee and has offered no basis for its refusal,” U.S. Bank’s lawyers said in court papers. Source: http://www.bloomberg.com/news/2011-08-30/u-s-bank-national-association-sues-bofa-over-home-loans.html

14. August 30, Enid News & Eagle – (National) IRS warns taxpayers of widespread scam. The Internal Revenue Service (IRS) August 29 warned taxpayers to be on the lookout for a widespread scam targeting church congregations and civic groups. An IRS spokesman said the new scam is aimed at getting unsuspecting taxpayers to fill out illegitimate claims for IRS refunds or tax credits and to pay the scammers for filling out the fraudulent paperwork. Unlike the common Internet, email, and phone scams, the new scam involves teams of individuals appearing in person at churches and civic groups to entice people into filing for refunds to which they are not entitled. The IRS spokesman said the traveling scam predominantly focuses on claims people can obtain refunds of the Social Security taxes they have paid over the years by transferring their Social Security benefits to the IRS and then filing for a credit. Victims of the scam pay the scammers to fill out the fraudulent paperwork, which is mailed into the IRS and duly rejected. The scam is believed to have originated in Alabama, and it has since been reported to IRS officials in 33 states. The spokesman said it now is being seen in Arkansas, “and it looks to be headed towards Oklahoma.” Source: http://enidnews.com/localnews/x1823386236/IRS-warns-taxpayers-of-widespread-scam

15. August 29, San Bernardino County Sun – (California) Two men accused of scamming struggling homeowners. Two men suspected of scamming homeowners struggling to avoid foreclosure were arraigned August 29 in San Bernardino, California, on a 45-count criminal complaint. Prosecutors said the men defrauded at least 25 people with their Fontana business and affected more than $17 million in home loans. The alleged victims reportedly paid between $3,500 and $7,000 to participate in a process they believed would pay off their home loans and save them from foreclosure, according to a news release August 29 from the San Bernardino County district attorney’s office. In the end, they would end up with two outstanding home loans and the houses went into foreclosure, prosecutors said. The men were arrested August 26 when investigators served a search warrant at Fidelity Group Realty, in Fontana. In this case, the men signed documents as “authorized representatives” of various banks, according to prosecutors. Between the pair, more than 70 fraudulent documents are alleged to have been recorded. Prosecutors said one of the men also created fictitious checks, mailed them to banking institutions, and told victims he was paying off their loans. He faces 21 counts of forgery and 16 counts of procuring or offering a false or forged document from October 25, 2010, to June 29, according to the criminal complaint. The other suspect faces four counts each of forgery and procuring or offering a false or forged document between March 23, 2010, and November 24. Source: http://www.sbsun.com/news/ci_18783842

Information Technology Sector

40. August 31, Softpedia – (International) Google and Mozilla release updates to kill hacked CA. Google and Mozilla released updates to Chrome and Firefox August 31 in order to remove the root certificate of DigiNotar, the hacked Dutch Certificate Authority that failed to revoke a rogue google.com cert. The security industry is in uproar over a rogue *.google.com SSL certificate being found in the wild and having possibly been used by the Iranian government in country-wide man-in-the-middle attacks against Gmail users. As a result, Mozilla, Google, and Microsoft quickly announced their plans to remove the DigiNotar root certificate from their products. Mozilla and Google released Firefox 6.0.1, Firefox 3.6.21, and Chrome 13.0.782.218 respectively to fix the issue. Source: http://news.softpedia.com/news/Google-and-Mozilla-Release-Updates-to-Kill-Hacked-CA-219578.shtml

41. August 30, IDG News Service – (International) Akamai employee tried to sell secrets to Israel. A former Akamai employee pleaded guilty to espionage charges August 30 after offering to hand over confidential information about the Web acceleration company to an agent posing as an Israeli consular official in Boston, Massachusetts. Starting in September 2007, the Akami employee forwarded information for 18 months to a man he thought was an Israeli intelligence officer. He handed over pages of confidential data, providing a list of Akamai’s clients and contracts, information about the company’s security practices, and even a list of 1,300 Akamai employees, including mobile numbers, departments, and e-mail addresses. Unbeknownst to the Akami employee, his Israeli spy was actually a special agent with the counterintelligence squad at the FBI’s field office in Pittsburgh, Pennsylvania. In October 2010, the Akamai employee was arrested and charged with committing foreign economic espionage. Source: http://www.computerworld.com/s/article/9219628/Akamai_employee_tried_to_sell_secrets_to_Israel

42. August 30, The Register – (International) Apache squashes ‘devastating’ bug under attack. Maintainers of the open-source Apache Web server fixed a severe weakness that attackers are exploiting to crash Web sites. Flaws in Apache’s HTTP daemon made it easy to crash servers using publicly available software released the week of August 22. The bugs in the way the HTTPD processed multiple Web requests that involved overlapping byte ranges allowed attackers to overwhelm servers by sending them a modest amount of traffic. An advisory on Apache’s Web site said the bug, formally known as CVE-2011-3192 has been fixed in version 2.2.20. Source: http://www.theregister.co.uk/2011/08/30/apache_dos_vuln_patched/

43. August 30, IDG News Service – (International) Google one of many victims in SSL certificate hack. A Dutch company that issues digital certificates used to authenticate Web sites said August 30 that several dozen other Web sites in addition to Google have been affected by a security breach. The company, DigiNotar, issues Secure Sockets Layer (SSL) and Extended Validation (EVSSL) certificates, which are validated by Web browsers to ensure people are not visiting a fake Web site that is trying to appear legitimate. DigiNotar is a Certificate Authority (CA), an entity that sells digital certificates to legitimate Web site owners. But DigiNotar issued a digital certificate for the google.com domain, a mistake that could allow a skilled attacker to intercept someone’s e-mail. Google said August 29 the fraudulent certificate was used and targeted users in Iran, although a security feature in its Chrome browser detected the certificate, tipping off users with a warning. DigiNotar, a subsidiary of a security company called Vasco Data Security International, issued a statement August 29 saying it discovered July 19 during an audit that its infrastructure used to issue the certificates had been breached. In an interview August 30, a corporate communications director for Vasco said the attackers created fraudulent certificates for “several dozen” Web sites. Most were revoked after their discovery, he said. However, the digital certificate for google.com — which was issued July 10 — only went live August 28, he said. In its statement, Vasco said that it was notified by the Dutch Computer Emergency Response Team that it had not been revoked yet. It was finally revoked August 29, the communication director said. Source: http://www.computerworld.com/s/article/9219612/Google_one_of_many_victims_in_SSL_certificate_hack

44. August 29, IDG News Service – (International) Facebook pays out $40K to hackers over three weeks. Three weeks after launching a bug bounty program that pays Web hackers cash for finding flaws with its Web site, Facebook said it has paid out more than $40,000 in rewards. Facebook called the program a success August 29, saying it has mobilized security researchers around the world to help make Facebook.com more secure. “We know and have relationships with a large number of security experts, but this program has kicked off dialogue with a whole new and ever expanding set of people across the globe in over 16 countries, from Turkey to Poland who are passionate about Internet security,” the company said in a Facebook post about the program. In recent years, technology companies have started paying hackers to encourage them to quietly report any bugs they find rather than simply dumping them out in public where they could be misused by criminals. Google and Mozilla, for example, operate similar bug bounty programs. Facebook pays $500 per bug, but will shell out more money for exceptional issues. Source: http://www.computerworld.com/s/article/9219572/Facebook_pays_out_40K_to_hackers_over_three_weeks

Communications Sector

45. August 31, DavidsonNews.net – (North Carolina) MI-Connection working to restore data service. Two of three high-speed data lines serving the MI-Connection communications system failed August 31 around 9:30 a.m., cutting telephone and internet service for thousands of customers in the Lake Norman area of North Carolina. The outage appeared to be affecting users throughout the company’s territory in south Iredell and north Mecklenburg counties. The data lines are not part of MI-Connection’s network, but are provided by outside vendors XL Communications and Level 3 Communications, MI-Connection said. Because MI-Connection’s phone service relies on Internet connections, instead of standard phone lines, it was also affected. But the phone service appeared to be restored by 10:20 a.m. Connections between the company’s Mooresville headquarters and Bristol Virginia Utilities, its third-party manager in Bristol, Virginia, were also restored. MI-Connection provides Internet, phone, and cable TV to about 14,200 customers in the Lake Norman area. Source: http://davidsonnews.net/2011/08/31/mi-connection-phones-and-internet-down/

46. August 30, New Jersey Star-Ledger – (New Jersey; New York) WNYC (AM820) forced off-air due to Kearny floods, where antenna in located. WNYC’s AM station (AM820) was forced off the air August 29 because of flooding in Kearny, New Jersey, where its antenna is located. The New York public radio network, which purchased four of the former-New Jersey Network radio licenses in July, continued to broadcast on its FM station and streamed its AM programming online. Weekend coverage of the storm was broadcast on the NJPR stations, which returned to regular programming August 29. A WNYC spokeswoman said the extent of the antenna damage is not yet known. Parts of it remained underwater August 29, making inspection difficult. The network expects repairs to take a week. Source: http://www.nj.com/hudson/index.ssf/2011/08/wnyc_am_820_forced_off-air_due.html

47. August 30, WRTA 1240 AM Altoona – (Pennsylvania) Fire that knocked WRTA off air ruled accidental. A fire the weekend of August 26 that damaged a vacant city home in Altoona, Pennsylvania, has been ruled an accident. An Altoona Fire Department spokesperson says the blaze at 1910 12th Avenue was sparked by a candle. City police say vagrants have been living in the condemned structure. The blaze is also responsible for knocking WRTA’s programming off-air. The flames destroyed a Verizon high-speed fiber optic line that carries WRTA programming to its Altoona transmitter site. Source: http://www.wrta.com/Fire-That-Knocked-WRTA-Off-Air-Ruled-Accidental/10768149