Friday, September 16, 2011

Complete DHS Daily Report for September 16, 2011

Daily Report

Top Stories

• A rogue trader has cost Switzerland’s largest bank, UBS, about $2 billion in losses –- the biggest such scandal in Swiss financial history. – swissinfo See item 10 below in the Banking and Finance Sector

• The world's busiest border crossing, located between San Diego and Tijuana, Mexico, reopened 13 of 24 vehicle lanes after scaffolding collapsed a day before, injuring at least 11 people and halting all U.S.-bound traffic. – KSWB 5 San Diego (See item 15)

15. September 15, KSWB 5 San Diego – (California; International) San Ysidro border to reopen after accident. The world's busiest border crossing has reopened 13 of 24 vehicle lanes after scaffolding collapsed a day earlier, injuring at least 11 people and halting all U.S.-bound traffic. U.S. Customs and Border Protection (CBP) said the San Ysidro border crossing connecting San Diego and Tijuana, Mexico, opened the lanes at midnight September 15. The agency was uncertain when the remaining 11 lanes would reopen, but did not expect it would happen September 15. Southbound traffic at the border was closed briefly, but all lanes were reopened except the far left lane, which was reserved for emergency vehicles, Caltrans officials said. The collapse happened at about 10:45 a.m. September 14 at a covered area of the port undergoing demolition as part of an expansion, a CBP spokeswoman said. She said the collapse started at lane 8 and continued across other lanes to the pedestrian processing building. Debris from the collapse trapped 15 vehicles under the canopy, a San Diego Fire-Rescue spokesman said. Eight of the victims were able to free themselves from their autos, and emergency crews extricated the rest, he said. Eleven people were taken by ambulance to three area hospitals, and one person had serious injuries, but all were expected to recover said the fire rescue spokesman. Border agents re-opened the pedestrian bridge and began processing pedestrian traffic at 6:30 p.m. after safety checks were completed on the building, the CBP spokeswoman said. The scaffolding was meant to protect cars from debris falling during the demolition. The cause of the collapse is under investigation. Source:,0,2145807.story


Banking and Finance Sector

10. September 15, swissinfo – (International) UBS hit by $2 billion rogue-trader losses. A rogue trader has cost Switzerland’s largest bank, UBS, about $2 billion in losses –- the biggest such scandal in Swiss financial history. UBS warned the unauthorized trading by one of its investment bankers is likely to negatively impact its third quarter results. A 31-year-old man was arrested in London, England, under suspicion of fraud. Details are scarce, with the bank only estimating losses and refusing to elaborate on what markets the rogue trades took place. UBS said no clients were affected, leading some to conclude the employee was gambling with the bank’s own money. UBS launched an investigation into how internal controls failed to spot the fraud and the regulator, the Swiss Financial Market Supervisory Authority (Finma) was alerted. The estimated $2 billion losses would list the UBS scandal among the world’s biggest rogue trading frauds. The discovery of a rogue trader is the latest in a series of blows that has pounded UBS in the past 3 years. The bank is also facing a series of lawsuits in the United States from clients and institutions that lost money during the financial crisis. Source:$2_billion_rogue-trader_losses.html?cid=31145086

11. September 15, Help Net Security – (California; International) Russian cyber criminal steals $3.2 million in 6 months. A Russian resident in his early 20s is believed to be the leader of a tightly knit gang using banking Trojans and money mules to earn themselves millions of dollars. The actions of this group have been followed for awhile by Trend Micro researchers, who said "Soldier" — as the young gang leader is known in the criminal underground — has managed to steal more than $3.2 millions in only 6 months, starting in January 2011. To that effect, he uses a variety of malware: the SpyEye and ZeuS Trojans for stealing online banking and other credentials, and a number of exploit kits to install them on target computers. The overwhelming majority of the infected computers are located in the United States, where the money mules recruited by an accomplice believed to reside in Hollywood, California, are also located. The researchers have analyzed the IP addresses recorded by one of his SpyEye botnet's command and control centers and have come to the conclusion that computers from various organizations and businesses were compromised, including those belonging to the U.S. government and military, educational and research institutions, airports, banks, and other companies. They believe all these organizations were not the main target of this gang. They were after easy money that could be gained by stealing online banking credentials and accessing the victims' accounts, or by selling other stolen log-in credentials such as those for social networks, e-mails, and PayPal. "Compromise on such a mass scale is not that unusual for criminals using toolkits like SpyEye, but the amounts stolen and the number of large organizations potentially impacted is cause for serious concern," said the researchers, who are in the process of informing the owners of the enslaved machines about their findings. Source:

12. September 15, Sacramento Business Journal – (California) Five Sacramentans indicted in $26M real-estate investment fraud. A federal grand jury in Sacramento, California, September 14 returned a 27-count indictment for mail fraud, wire fraud, and investment fraud against five people from Sacramento associated with Diversified Management Consultants. Diversified operated as an umbrella group for investment clubs, which the indictment states defrauded 180 victims out of about $26 million. The consultants allegedly got people to invest their savings, tax-deferred retirement savings, and money from residential loan refinancing into investments. The investments were purported to include buying and developing property. According to the indictment, the money from new investors was used to pay off returns to earlier investors, and for the luxury lifestyle of the defendants. Source:

13. September 14, Associated Press – (Oregon; Washington) Guilty plea for 'River Rat Bandit' in bank jobs. A 34-year-old man pleaded guilty September 14 in federal court to four Portland, Oregon, bank robberies attributed to the "River Rat Bandit." The River Rat is blamed for a 2009 series of armed robberies on both sides of the Columbia River that netted more than $96,000. In addition to the four Portland bank jobs, the Oregonian reports that the robber hit 14 banks or check cashing outlets in Washington, from Clark County to the Puget Sound area. Prosecutors said the man relied on an accomplice to drive the getaway vehicle. The driver was earlier sentenced to 18 years. Under the plea agreement, the bandit is expected to serve 28 years in federal prison and be ordered to pay nearly $25,000. The newspaper said prosecutors in the Washington counties of Clark, King, and Pierce are expected to accept guilty pleas from the bandit, and allow him to serve those sentences concurrently with his federal term. Source:

14. September 14, Miami Herald – (Florida) 12 charged with mortgage fraud. A dozen people — all with South Florida or Latin American ties — have been charged in connection with a $16 million mortgage fraud scheme, according to the Florida attorney general’s office, which announced their arrests September 14. Officials claim those involved submitted fraudulent loan documents to mortgage companies throughout the South Florida area, receiving funding for 10 of those applications. Authorities charged two of the defendants with racketeering, conspiracy, organized fraud, and money laundering. One of those defendants was also charged with grand theft. The remaining suspects face either grand theft or organized fraud counts. Source:

Information Technology Sector

38. September 15, H Security – (International) Cisco patches critical vulnerabilities. Cisco published two advisories September 14 related to a flaw that allows remote code execution on systems where its Unified Service Monitor (USM), Unified Operations Manager (UOM), and LAN Management Solution (LMS) software packages are in use. The flaw allows an unauthenticated remote attacker to execute code on servers running the packages, and is exposed by sending crafted packets to the server over port 9002. Cisco said it is unaware of any exploitation of the vulnerability in the wild. All versions of USM and UOM prior to version 8.6 are vulnerable. LMS versions 3.1, 3.2, and 4.0 are also affected by the vulnerability, although 3.1 and 3.2 are only vulnerable when the Device Fault Management component is installed. All installations of 4.0 are vulnerable. Source:

39. September 15, threatpost – (International) Dutch regulator bars DigiNotar from issuing qualified certificates. A Dutch agency that regulates the actions of telecommunications providers revoked DigiNotar's ability to issue certificates for digital signatures September 14. The agency said that because of the way that DigiNotar behaved during the attack on its certificate authority infrastructure, the company no longer has the authority to issue so-called qualified certificates. In a report released September 14, the board of the independent post and telecommunications authority said that because there was evidence of an attacker having compromised the server that was used to issue qualified certificates, the agency could not allow DigiNotar to continue issuing those certificates. Source:

40. September 14, threatpost – (International) Trojan makes child-porn accusation, locks computer, requests $17. A new ransomware scam locks down its victims' computers, attempting to convince them that child pornography has been found therein, and informs users that their machine will be unlocked only after paying a $17 fine, according to a BitDefender analysis reported by MalwareCity September 5. The trojan, Trojan.Agent.ARVP, is currently targeting users in Russia, but a quick translation could change that, according to the report. The malware is currently spreading through malicious links on social networking sites. Source:

For more stories, see items 11 above in the Banking and Finance Sector and 42 below in the Communications Sector

Communications Sector

41. September 15, Wichita Falls Times Record News – (Texas) Radio, TV gear burns. A wildfire in a brushy canyon off Seymour Highway near Wichita Falls, Texas, damaged or destroyed some broadcast equipment about 6 p.m. September 13. The fire started in an open area west of KAUZ 22 Wichita Falls. The assistant fire chief said a dozen units from the Wichita Falls Fire Department (WFFD) responded, and called in additional brush trucks from nearby communities. Firefighters used a ladder truck for aerial surveillance and brought in a former military vehicle. A dozen WFFD units and 24 firefighters answered the alarm and battled the fire in 100-degree heat. The assistant chief said the fire was under control in about an hour, but some units stayed through the evening to mop up hot spots. He said the fire scorched 20 to 25 acres. The flames reached a structure that contained the transmitter for KWFS 102.3 Wichita Falls radio station. The station manager said the fire destroyed the transmitter, but the station is on the air from an alternate transmitter site. KFDX 3 Wichita Falls reported its KJBO 35 analog signal also was disrupted, leaving some over-the-air viewers unable to receive the signal. But flames did not reach a communications tower on the property. Source:

42. September 14, CNET News – (International) Internet outage or no outage? That is the question. Twitter users tweeted September 14 about a "rather large Internet outage" affecting access to the site, but an Internet traffic expert said he did not see major problems. The Internet Traffic Report showed problems for a period of time for some routers serving North America. Specifically, three routers in Canada were registering zero response time and 100 percent packet loss, as were one in Mexico, New Hampshire, Texas, and Wisconsin. Routers in Nevada and Iowa appeared to be having less severe problems. A research director of the Packet Clearing House told CNET he was not aware of major performance problems. "I know that there was an outage on Level 3's network in Phoenix between noon and 1 p.m. [PT]," he said. "There was certainly no general widespread outage." Level 3 provided this statement: "At approximately noon PT, Level 3 experienced an isolated network issue that resulted in temporary voice and IP traffic disruptions for customers in the Phoenix area for approximately 1 hour. The company acted quickly to resolve the issue and service is now restored for those customers." Meanwhile, at about 3:30 p.m. PT, Twitter's Support account said it was investigating "site availability issues some folks are experiencing." Widely retweeted was a post from the Twitter API account that said, "If you can't access Twitter right now, it might be due to a rather large internet outage," and included the Internet Traffic Report Web link. That post was later removed. Source:

43. September 14, Charleston Daily Mail – (West Virginia) AT&T service restored in Charleston area. A lightning strike is being blamed for a service outage for AT&T customers September 14 in the greater Charleston, West Virginia area. Voice and text messaging services were out for customers between Charleston and Huntington and in Roane County for about an hour. A spokeswoman for AT&T said early reports indicated a lightning strike coincided with the start of the outage. She said the issue was resolved by the evening of September 14, and calls and texts were processing normally by 7:30 p.m. Source:

44. September 14, Evansville Courier & Press – (Illinois; Indiana) Power outage disrupts WSIU radio signal. Engineers at WSIU 88.9 FM Carbondale were scrambling September 14 to get the public broadcasting station on the Southern Illinois University campus at Carbondale back on the air. A news release from the radio station September 14 said the station was temporarily off the air because of a power outage to its transmitter in Mount Vernon, Indiana. Listeners could still hear WSIU-FM onilne at Source:

For more stories, see items 11 above in the Banking and Finance Sector & 39 and 40 above in the Information Technology Sector