Wednesday, October 12, 2011

Complete DHS Daily Report for October 12, 2011

Daily Report

Top Stories

• Police broke up the biggest identity theft ring in U.S. history after arresting 111 people who made bogus credit-cards in a New-York based scam that cost banks, retailers, and consumers $13 million. – New York Post See item 23 below in the Banking and Finance Sector

• Two men allegedly working for “factions of the Iranian government” were charged with plotting to assassinate the Saudi ambassador to the United States, and to attack the Saudi and Israeli embassies in Washington D.C. –; Reuters; Associated Press (See item 44)

44. October 11,; Reuters; Associated Press – (International) US: Iran faction plotted to kill Saudi ambassador. Two men allegedly working for “factions of the Iranian government” were charged with plotting to assassinate the Saudi ambassador to the United States, and to attack the Saudi and Israeli embassies in Washington D.C., the U.S. Attorney General (AG) said October 11. The criminal complaint was unsealed October 11 in federal court in New York City. The AG said one of the suspects, who was arrested September 29 in New York, was working for the Iranian Islamic Revolutionary Guard and had confessed to a plot. The other suspect is based in Iran and remains at large, the AG said. He allegedly is a member of Iran’s Quds Force, a special unit of the Revolutionary Guard. Both are originally from Iran and the suspect who was arrested is a naturalized U.S. citizen, the complaint said. Shortly after the announcement, the Treasury Department announced that U.S. citizens are barred from any financial dealings with the two suspects and three others, all Revolutionary Guard officials. The indictment is the result of a sting operation conducted by the FBI. The case started when the arrested suspect, who lived in Texas, allegedly made contact with an undercover DEA informant in Mexico and asked for assistance from a major drug cartel to assassinate the ambassador at a restaurant that he frequented. Sources told NBC News the group being recruited was the Zetas cartel. No assassination attempt was ever made, and no one was ever in any danger, officials said. A Justice Department statement said the suspect claimed he was being directed by his cousin in Iran, described as a “big general” in the Iranian military and within the Quds Force. He allegedly wired $100,000 to the informant as a down payment on a $1.5 million assassination fee. The suspect was scheduled to make a first court appearance October 7. He could face a maximum sentence of life in prison. Source:


Banking and Finance Sector

16. October 11, WNYW Fox 5 – (New York) Cops hunt bleach robbers. New York City cops have been hunting for a crew of burglars with a trademark move — they break into stores, loot their ATMs, then cover their tracks with a splash of bleach. There have been more than 50 “cash-and-splash” burglaries since last summer in Brooklyn neighborhoods, investigators said October 11. The thieves occasionally took cash from store registers, but their top prize is always the ATMs, which they bust open with tools. So far, the operation has netted the thieves $250,000. Surveillance video has caught the bandits in action, but sources said the recordings show nothing more than men in gloves with their faces covered. Source:

17. October 11, U.S. Securities and Exchange Commission – (California) SEC charges bank executives with hiding millions of dollars in losses during 2008 financial crisis. The Securities and Exchange Commission October 11 charged former bank executives with misleading investors about mounting loan losses at San Francisco, California-based United Commercial Bank during the height of the financial crisis in 2008 and 2009. The SEC alleged the bank’s former chief executive officer (CEO), chief operating officer (COO), and a senior officer concealed losses on loans and other assets from the bank’s auditors, causing the bank’s public holding company UCBH Holdings Inc. (UCBH) to understate 2008 operating losses by at least $65 million. A few months later, continued declines in the value of the bank’s loans led the bank to fail, and the California Department of Financial Institutions closed the bank and appointed the Federal Deposit Insurance Corporation (FDIC) as receiver. United Commercial Bank was one of the 10 largest bank failures of the recent financial crisis, causing a loss of $2.5 billion to the FDIC’s insurance fund. The SEC alleges the CEO, COO, and senior officer deliberately delayed the proper recording of loan losses, and each committed securities fraud by making false and misleading statements to investors and UCBH’s independent auditors. During December 2008 and the first 3 months of 2009, the three were aware of significant losses on several large loans. They allegedly learned about dramatically reduced property appraisals and worthless collateral securing the loans, yet repeatedly hid this data from UCBH auditors and investors. The SEC’s complaint also alleges he bank’s former chief financial officer (CFO) acted negligently by misleading the company’s outside auditors, and aiding the filing of false financial statements. The CFO agreed to settle the SEC charges without admitting or denying the allegations. He will be permanently enjoined from violating certain antifraud, reporting, record-keeping, and internal controls provisions of federal securities laws, and will pay a $150,000 penalty. He also consented to an administrative order suspending him from appearing or practicing before the SEC as an accountant, with a right to apply for reinstatement after 5 years. Source:

18. October 11, Reuters – (New York) NYSE Web site inaccessible for 30 minutes Monday: monitor. The New York Stock Exchange (NYSE) Web site was inaccessible for 30 minutes October 10, according to an Internet-monitoring company, but the exchange said there was no interruption of service. On October 10, the day hackers said they would attack the site, the NYSE site was unavailable from 5:30 p.m. EDT to 6 p.m. EDT and there was also an incident at 3:30 p.m. that lasted for about 1 minute, according to California-based Keynote System. A NYSE spokesperson said there was no interruption to Web traffic, and no sign of a hacker attack. A person familiar with the matter said October 11 internal monitoring systems indicated the site had not experienced service issues, and that the NYSE servers were not compromised. The source said there may have been some slowness during the day originating from the external Internet service provider. A video posted on YouTube, which claimed to be from the activist hacker group Anonymous, said the site would be “erased from the Internet” October 10. The video said the move was in sympathy with the ongoing “Occupy Wall Street” protests in Lower Manhattan. The threat was made against the site not the trading platform, which is used to process billions of share transactions each day. It was not possible to verify the origin of the threat. Source:

19. October 10, SC Magazine – (California) TD Ameritrade settles lawsuit over major breach. A federal judge approved a settlement stemming from the 2007 TD Ameritrade breach that exposed the personal information of 6.3 million customers, 2 years after a deal was shot down because it did not benefit the plaintiffs enough. The settlement, which recently received a final sign-off after being approved by a California federal judge, allows individuals who fell victim to identity theft to collect between $50 and $2,500, according to an Associated Press report. TD Ameritrade will pay between $2.5 million and $6.5 million under the agreement. The brokerage revealed in September 2007 the names and contact details of its customers were exposed when hackers infiltrated a database. No Social Security numbers, account information, or other sensitive data was hijacked in the attack, and the company maintains no identity theft resulted. But the company decided to revise the settlement to compensate its clients, even though the brokerage believes the incident is not responsible for any accounts that may have been compromised due to identity theft, a spokeswoman said. The 2009 proposed deal would have provided 1 year of free anti-spam services to victims, and forced TD Ameritrade to implement better security, as well as pay $1.9 million in legal fees. Some individuals complained they received pump-and-dump stock spam after the breach, though there appeared to be no instances of identity fraud. But a federal judge in San Francisco ruled at the time the proposal did not provide “discernible” benefit to the plaintiffs. Source:

20. October 10, IDG News Service – (New York; New Jersey) Fire disrupts NYSE data center. An electrical fire October 9 at a data center of the New York Stock Exchange in Mahwah, New Jersey, affected communications connectivity to 58 trading firms, but the exchange expects “completely normal operations” for the October 10 market open. The electrical fire was in a single computer cabinet at the Mahwah data center, and was quickly extinguished, said a spokesman for NYSE Euronext, which owns the exchange. NYSE Euronext owns and operates the data center, he said. The traders whose communications were affected have been notified that all systems were being tested, and that normal operations were expected for the open October 9, the spokesman said. Source:

21. October 8, Assoicated Press – (Georgia) FDIC sues failed Alpharetta bank seeking nearly $24 million in damages. Federal regulators October 7 sued 11 insiders at a failed Georgia bank, accusing them of gross negligence. The Federal Deposit Insurance Corp. (FDIC) accused the executives and directors of Alpha Bank & Trust, in Alpharetta, of sloppy lending practices. The Atlanta Journal-Constitution reported the lawsuit seeks $23.9 million in damages. Alpha Bank failed in October 2008, roughly 30 months after it opened. The suit filed in U.S. district court in Atlanta said the bank’s strategy focused on “growth above all else, including safety and soundness.” The FDIC estimated in the suit that Alpha Bank’s collapse cost $214.5 million. Source:

22. October 8, KSEE 24 Fresno – (California) Counterfeit check scam uses fake Fresno County Federal Credit Union checks. The Better Business Bureau has learned that Fresno County Federal Credit Union (FCFCU) has been a victim of a serious counterfeit check scam. FCFCU Official Bank checks were sent out with a scam letter encouraging recipients to cash the checks. FCFCU was initially notified of the scam by an officer from the U.S. Customs & Border Patrol division of John F. Kennedy International Airport in New York. He indicated they had confiscated one box of checks coming out of Africa and being shipped to an individual in Los Angeles. The box contained 250 FCFCU official checks. The checks were in various dollar increments ($40,000, $15,000, $7,500, $3,500, and $2,500). Each check showed the same REF name. The pay to the order and date were blank. The amount of potential loss in this box was over $2 million. This was the only box the US Customs officer found but, the credit union has begun receiving calls from various banks and individuals indicating they were in possession of bank checks. Source:

23. October 7, New York Post – (International) Biggest ID scam in US history results in 111 arrests. Police broke up the biggest ID theft in American history after arresting 111 people who allegedly made bogus credit cards as part of a Queens, New York-based scam that cost consumers, banks, and retailers $13 million, authorities said October 7. The alleged scammers — members of five organized forged credit card and identity theft rings — had ties to Europe, Asia, Africa, and the Middle East, the New York City Police Department and Queens district attorney’s (DA) office said. The people arrested were charged in 10 indictments with stealing personal credit data of thousands of American and European consumers over a 16-month period. Some 86 defendants are in custody, while 25 others are wanted, authorities said. Cops said nearly two dozen people were charged in six indictments with participating in burglaries and robberies throughout Queens. The Queens DA’s office said four defendants were charged with conspiring to commit a bank robbery in Forest Hills. Five are charged with stealing more than $95,000 worth of cargo from John F. Kennedy International Airport, and seven are accused of stealing about $850,000 worth of computer equipment from the Citigroup Building in Long Island City, the DA said. He said more than 90 people connected to the scam have been charged in five indictments charging 784 pattern acts with, among other crimes, enterprise corruption under New York’s Organized Crime Control Act. He said they are also accused of allegedly being members and associates of organized criminal enterprises that operated between May 2010 and September 2011, scheming to defraud thousands of American Express, Visa, MasterCard, and Discover Card customers. According to the indictments, the defendants fraudulently obtained credit card account numbers and then used the data to make forged credit and ID cards. Once the counterfeit cards were created, according to the indictments, they were ultimately given to teams of “shoppers” who were sent out on shopping expeditions in New York, Florida, Massachusetts, California, and other states. Source:

For more stories, see item 44, above in Top Stories and 53 and 55 below in the Communications Sector

Information Technology Sector

49. October 11, IDG News Service – (International) RSA chief says two groups for SecurID breach. October 11, at RSA’s security conference in London, England, the RSA president revealed more details about the March 2011 attack that compromised SecurID, an authentication system used by 40 million people in at least 30,000 organizations worldwide to securely access IT systems. RSA insists the attack did not undermine the integrity of the entire system. RSA, which has worked with the FBI, DHS, British law enforcement and other agencies, believes that two groups were responsible for the attack. The EMC executive chairman declined to identify the groups, but said that due to the sophistication of the intrusion “we can only conclude it was a nation-state sponsored attack.” The RSA president said both groups had been known to authorities before, although they were not known to work together. RSA spotted the attack as it was using technology from NetWitness, a company it acquired in April, the president said. It is now believed hackers gained access to RSA’s systems by sending certain employees in EMC’s human resources department an Excel spreadsheet rigged to exploit an Adobe Flash vulnerability, although RSA has not confirmed this. Additionally, the hackers had knowledge about RSA’s internal naming conventions used for hosts on its network as well as Active Directory — a Microsoft product used for managing authentication of users on corporate networks — which made their movements inside the system appear to be more legitimate. The president said the attacks were sophisticated: they used advanced techniques to connect to RSA’s systems and used different malware, some of which was compiled just hours before an attack. The data stolen was compressed and encrypted before it was exfiltrated, making it more difficult to identify. Source:

50. October 11, The H Security – (National) VLC Media Player 1.1.12 closes security hole. The VideoLAN project development team announced the release of version 1.1.12 of the VLC Media Player. The maintenance and security update addresses a NULL dereference vulnerability in the HTTP and RTSP server component used by VLC that could be exploited by an attacker to crash the server. For an attack to be successful, a victim must have started VLC server and manually started the HTTP Web interface, HTTP output, RTSP output or RTSP VoD functions. Versions up to and including 1.1.11 are affected. According to the developers, the issue “does not affect standard usage of the player”. The thirteenth release of the 1.1.x branch of VLC also brings improvements for audio output: it adds support for AC-3 and DTS passthrough included in version 1.0 of PulseAudio, has fixes for PulseAudio synchronization, and better support for Mac OS X 10.7 Lion. Other changes include Unix port compatibility updates, translation updates, and fixes for bugs that cause VLC to crash on Japanese locale Mac OS X systems.


51. October 10, Computerworld – (International) Zero-day flaws found in SCADA systems. An Italian security researcher recently disclosed details about several zero-day vulnerabilities in supervisory control and data acquisition (SCADA) systems from several vendors. The discovery — the second such disclosure by this researcher this year — is likely to reinforce concerns about weaknesses in the nation’s critical infrastructure. The most recent vulnerabilities affect SCADA products from Rockwell Automation, Cogent DataHub, Measuresoft, and Progea, among other vendors. Most of the vulnerabilities are remote code execution flaws that allow attackers to run code on the systems, and some of the flaws are easy to exploit, the researcher said. At least three of the vendors have already issued fixes, and Rockwell is working on one, he said. SCADA systems are used to control critical equipment at power plants, manufacturing facilities, water treatment plants, and elsewhere. Security analysts fear attacks against such systems could cripple critical infrastructure, including the electric grid, and water supplies. Source:

For more stories, see items 18, 19, 20 and 23 above in the Banking and Finance Sector and 52, 54, and 55 below in the Communications Sector

Communications Sector

52. October 11, Associated Press – (International) BlackBerry services hit in Latin America, India. BlackBerry’s woes spread October 11 as the smartphone’s maker reported service disruptions for a second straight day in Europe, the Middle East, and Africa, and fresh problems in Latin America, and India. Research in Motion Ltd., which makes BlackBerry devices, acknowledged there were ongoing problems October 9, hours after it said services were operating normally and the cause of delays in subscriber services a day earlier had been resolved. “Some users in Europe, the Middle East and Africa, India, Brazil, Chile, and Argentina are experiencing messaging and browsing delays,” the company said in a statement, adding it was “working to restore normal service as quickly as possible.” In Britain, Vodafone UK told customers via Twitter that service was not fully restored. Rival T-Mobile UK blamed “a European-wide outage on the BlackBerry network” which it said was affecting all mobile operators. There were also reports of problems elsewhere in Europe, such as Spain. There were no reports of any problems in the United States. Source:

53. October 10, San Bruno Patch – (California) 300 AT&T customers still without service after outage. About 300 AT&T customers have been left without service since the week of October 3 after a heavy storm caused water damage to several cable lines in San Bruno, California, near San Mateo and San Bruno avenues, the San Bruno Patch reported October 10. Initially, about 400 residential and commercial customers were without service. But AT&T crews were able to restore service to 100 of those customers. Still, many residents and business owners said they have been left in the dark about when their service would be fully restored. The service outage was caused some time October 5 when a manhole at the intersection flooded, and several underground copper cables were damaged with water, said an AT&T spokesman. Crews were able to dry out some of the cables, but not others, and they have begun replacing the damaged lines with new ones, a spokesman said. One cable was expected to be put back in service by 7 a.m. October 11 and another restored by October 12, he said. It is not clear what caused the flooding, but the spokesman said the company will conduct an investigation into what happened after service has been fully restored. Many businesses along San Mateo Avenue have not been able to take credit cards. Source:

54. October 7, Space News – (International) Telesat broadband satellite back in service after glitch. Satellite fleet operator Telesat October 7 said its Anik F2 satellite, which delivers service to Canadian and American subscribers including the WildBlue broadband service, returned to service after being shut down most of October 6. Anik F2 had gone into automatic emergency sun acquisition mode October 6 following what Telesat described as “a routine maneuver.” The maneuver “triggered the satellite to place itself into a safe mode, shutting itself down and pointing itself at the sun to ensure it remained powered,” Telesat said. “The software error that led to the anomaly appears to have been caused by a software update that was recently provided by the satellite manufacturer. That particular software update was not re-loaded onto the satellite.” A Boeing spokesman said October 7, “The investigation of this technical anomaly is underway, but we believe that the cause of the interruption may be due to a software error.” Source:

55. October 6, – (New York) Verizon outages hurt Little Italy businesses. Merchants on a tourist-heavy stretch of Little Italy in New York City said they have lost thousands of dollars in revenue due to phone and Internet outages on the block. The outages hit Verizon customers along a busy strip of Grand Street for the past 3 weeks and counting, reported October 6. It has prevented many businesses from performing range of basic operations, including credit card transactions and taking phone calls. Merchants have been given no timetable for the when the problem will be fixed or a full explanation on what caused it. A Verizon spokesman blamed the outage on an underground fire at the corner of Grand and Baxter streets, which Verizon said burned cables connected to multiple buildings on the block. A ConEd spokeswoman said utility crews have been working on underground steam pipes in advance of the upcoming installation of a new water main on Grand Street. She added that a September 29 report of a smoking manhole at Grand and Baxter streets, where work was being done by an outside contractor not affiliated with ConEd, forced the company to come make repairs. A Verizon spokesman said the company had to relocate certain fiber cables away from the steam to prevent further damage, affecting customers’ service. The Verizon outages were followed by Time Warner outages October 6, as about 20,000 customers downtown lost their cable and Internet services, a spokesman said. A Time Warner spokesman confirmed its outages were caused by a fire at Grand and Baxter streets that melted its fiber cable. He said power companies tend to activate more of their infrastructure in the fall, creating steam that can lead to fires. Source:

For another story, see item 20 above in the Banking and Finance Sector