Thursday, October 13, 2011

Complete DHS Daily Report for October 13, 2011

Daily Report

Top Stories

• Authorities in western Oklahoma responded to a prison riot at the North Fork Correctional Facility that resulted in more than 20 injuries. – CNN (See item 40)

40. October 12, CNN – (Oklahoma) Injuries mount as inmates riot at Oklahoma prison. Authorities in western Oklahoma said October 11 they were responding to a prison riot at the North Fork Correctional Facility, where multiple injuries were reported. A morgue had been set up in a tent outside the prison, according to a witness, though there had been no reports of deaths. More than 20 people, all inmates, were injured in the riot, and at least five were flown to area hospitals, according to a spokeswoman for Air Evac Lifeteam. She said she had no information regarding their conditions. However, a Beckham County sheriff spokeswoman said that just eight inmates were injured. Aerial video of the scene from CNN affiliate KOCO 5 Oklahoma City showed armed officials holding prisoners at gunpoint. The riot started shortly before noon and it was not clear what motivated it, said the sheriff spokeswoman. She said the Oklahoma Highway Patrol had six crews on the scene, and Beckham County sheriff’s deputies were assisting. The prison is located in Sayre, about halfway between Oklahoma City and Amarillo, Texas. Sayre’s police chief said his department was providing security for the prison, which can house up to 2,400 inmates. ‘We are still at a standstill. The prison guards are doing their job inside, and we still have the perimeter secured,’ he said. Source:

• Researchers at a German university have published a paper detailing a security exploit that could affect more than 3 billion RFID smart card widely used for secure facility access, and transit passes. – Ars Technica See item 44 below in the Information Technology Sector


Banking and Finance Sector

12. October 12, Chicago Sun-Times – (Illinois) State says it was misled by banker, moves to strip his securities license. The Illinois Secretary of State’s Office has moved to strip a politically connected banker of his securities license, accusing him of improperly recommending that $12.8 million in prepaid college tuition funds be steered to a now-failed Chicago lender. The financial services adviser ‘breached his fiduciary duty’ to the Illinois Student Assistance Commission (ISAC) for urging that it invest in ShoreBank Corp. despite warning signs the bank was in dire fiscal straits, according to a complaint from the state’s securities department. The adviser, who until his September firing had been the Chicago-based managing director of Grigsby & Associates, also allegedly failed to divulge to the commission or its board an ongoing, undisclosed role in soliciting investors on behalf of ShoreBank. The complaint said that in August 2008, ShoreBank executives told the adviser the firm ‘missed its financial performance projections’, and he failed to advise ISAC of the significance of this setback by but rather stated it was ‘no big deal’ and that the bank could ‘weather any storm.’’ The Federal Deposit Insurance Corporation closed the lender in August 2010, which caused the ISAC’s College Illinois! program to lose its entire investment. Two months earlier, the College Illinois! program was running a $338 million deficit. The complaint alleged the adviser was attempting to line up commitments from other investors to put their money in ShoreBank. Those investments were ‘contingent upon the ISAC investment’ being secured, the complaint said. Source:

13. October 12, Oakland Tribune – (California) Occupy San Francisco protesters block Wells Fargo headquarters. Members of Occupy San Francisco were marching and demonstrating outside banks in the city’s financial district October 12. Protesters blocked entrances at Wells Fargo Corporate Headquarters on Montgomery Street, according to KTVU 2 Oakland. Police started to remove some protesters in handcuffs. Cable car service in the area was stalled. In addition, traffic was clogged in San Francisco’s financial district as about 200 Occupy San Francisco protesters took their message to the streets. The ‘Occupy Wall Street’ movement spread to San Francisco the week of October 3, and to Oakland, San Jose, and other Bay Area cities the week of October 10. Source:

14. October 11, U.S. Department of Treasury – (International) Treasury sanctions five individuals tied to Iranian plot to assassinate the Saudi Arabian ambassador to the United States. The U.S. Department of the Treasury October 11 announced the designation of five individuals, including four senior Islamic Revolutionary Guard Corps-Qods Force (IRGC-QF) officers connected to a plot to assassinate the Saudi Arabian ambassador to the United States, while he was in the United States and to carry out follow-on attacks against other countries’ interests inside the United States and in another country. As part of the action, Treasury also designated the individual responsible for arranging the assassination plot on behalf of the IRGC-QF. ‘The financial transactions at the heart of this plot lay bare the risk that banks and other institutions face in doing business with Iran,’ the Under Secretary for Terrorism and Financial Intelligence said. As a result of the designations, U.S. persons are prohibited from engaging in transactions with these individuals, and any assets they may hold in the United States are frozen. Source:

15. October 11, KPHO 5 Phoenix – (Arizona) FBI searches for ‘Can You Hear Me Now’ bandit. The FBI is looking for the so-called ‘Can You Hear Me Now’ bandit who is accused in 14 bank robberies in Arizona, the latest in Chandler October 7, according to authorities. FBI agents said almost every time he holds up a bank, he is on a cell phone. In the most recent incident, employees at U.S. Bank in Chandler recognized the suspect and activated the alarm, according to the FBI. The suspect left before officers arrived. Source:

16. October 11, Legal Newsline – (New Jersey) NJ mortgage broker admits fraud, U.S. attorney announces. A former mortgage broker admitted he participated in a scheme that defrauded lenders and generated millions of dollars in fraudulent mortgage loans, the U.S. attorney for the District of New Jersey announced the week of October 3. The broker pleaded guilty to one count of conspiracy to commit wire fraud. The man and an accomplice were arrested October 21, 2010, and charged with conspiring to defraud mortgage lenders of more than $7 million in more than 50 New Jersey residential real estate purchases. Another co-conspirator and former mortgage broker pleaded guilty July 28 to participating in the same conspiracy. According to the announcement, the former broker admitted he conspired to defraud mortgage lenders from January 2007 to December 2009. One co-conspirator, with the help of two attorneys, arranged to purchase properties owned by financial institutions — commonly referred to as real estate owned (REO) properties. The former broker recruited other individuals to purchase those same properties at or around the same time. The real estate fraud ring falsified financial documents, HUD-1 settlement statements, and residential loan applications. They also caused borrowers to apply and obtain loans on properties they did not own, and failed to record deeds with the county clerk. Source:

17. October 11, Chicago Tribune – (Illinois) SEC charges Elk Grove Village-based InfraAegis in $20M fraud. Federal securities regulators charged an Elk Grove Village, Illinois business that purportedly made homeland security products, as well as its chief executive, with defrauding investors in a $20 million stock offering. The Securities and Exchange Commission (SEC) October 11 filed suit against the chief executive and InfrAegis Inc. in federal court in Chicago. It alleges the executive conducted a fraudulent and unregistered securities offering that from January 2005 through June 2010 raised $20 million from at least 395 investors in 29 states, and Washington, D.C. ‘[The executive] and InfAegis fraudulently raised those funds from investors by falsely portraying InfrAegis as a successful company that had high-level connections in the homeland security market, and lucrative contracts for the sale of InfrAegis’ products,’ the lawsuit said. ‘In reality, InfrAegis was at all times a startup company that never sold any of the products.’ The company claimed the City of Chicago agreed to install one of InfrAegis’ products — a kiosk that purportedly can detect the presence of nuclear or biological weapons — throughout the city and that the agreement would result in profit of well over $80 million. It also claimed that InfrAegis had a contract with the Washington Metropolitan Transit Authority to install thousands of InfrAegis’ kiosks throughout the Metro train system in Washington, D.C., and that the contract was worth $20 billion over 20 years. The SEC said the executive and his company violated securities laws, and is seeking, among other things, a permanent injunction, civil penalties, and the disgorgement of ill-gotten gains. Source:

18. October 10, Reuters – (California; International) FINRA panel finds for Aurum against SocGen. An arbitration panel October 7 found Societe General SA (SocGen) liable for $153 million in damages and interest stemming from a dispute with a fund manager over how to value a derivative instrument that matured during the 2008 financial crisis. The ruling ranks as one of the largest ever awarded by a Financial Industry Regulatory Authority (FINRA) arbitration panel, securities lawyers said. SocGen and three units, which include Cowen Group Inc, will end up paying net damages of around $61 million, because of earlier payments made to the fund manager, Aurum STS Aggressive Trading LLC in Woodside, California, according to tjhe FINRA award. Aurum accused the French bank of breach of contract, unjust enrichment, and failure to honor a guarantee surrounding certain warrants issued by SocGen to Aurum, which is based in San Jose, California. Aurum said it was told by SocGen in October 2008, just weeks after Lehman Brothers collapsed and the U.S. government scrambled to bail out the nation’s largest financial institutions, that the French bank would not settle the warrants for cash. The value of the warrants was to be based on the net asset value of the Aurum Leveraged Fund S1, which was in turn linked to a basket of hedge funds. SocGen and Cowen were ordered to pay Aurum $125.9 million in general and compensatory damages, less previous payments of $91.9 million in payments. The bank and Cowen also must pay $27 million of interest on the total damages, as well as $40,650 in hearing fees. Aurum had requested at least $245 million in damages, according to the panel’s ruling. Source:

19. October 10, WHNT 19 Huntsville – (Alabama) Police search for ATM thief. In Florence, Alabama, police are looking for an ATM thief. The theft happened around 4 a.m. October 9. Florence police said the suspect first stole a pickup truck from a Shoals home and then drove the stolen truck to the SunTrust Bank, off Cox Creek Parkway. The crook then stole a forklift from a construction site, drove it to the bank — where authorities said it was used to lift the ATM into the bed of the stolen truck. Detectives said at least one person was caught on surveillance video wearing a Halloween mask and coveralls. Investigators believe a high-powered saw was used to access the ATM. The cash machine and the stolen truck were eventually ditched. Source:,0,4787287.story

Information Technology Sector

42. October 12, H Security – (International) New large-scale attack on Sony’s online services. Sony’s online services were the target of another large-scale attack between October 7 and 10. In a press release, the Japanese electronics corporation said that attackers made multiple attempts to intrude into users’ Sony online service accounts. Apparently, the attacks targeted the Playstation Network (PSN), the Sony Entertainment Network (SEN), and Sony Online Entertainment (SOE). Sony said that around 93,000 accounts were compromised and have temporarily been locked. Sony added that e-mail notifications will be sent to the affected account holders, and that secure password resets will be required to reactivate the accounts. However, Sony confirmed credit card details are not at risk, and that only a small fraction of the compromised accounts showed additional activity prior to being locked. First investigation results indicated the attacks involved password information that was obtained from other compromised lists. During the attacks, criminals apparently attempted to access legitimate accounts by trying out long lists of log-in IDs and passwords. Source:

43. October 11, Network World – (International) Cellphones will become a way to attack otherwise protected devices: report. Mobile phones will become an increasing menace to network security that could drop malware onto protected devices when they dock to sync or plug into USB ports to charge, security experts said in a Georgia Institute of Technology (Georgia Tech) report October 11. Compromised phones will infect computers they may plug into for otherwise legitimate reasons, much the same way malware such as Stuxnet found its way onto laptops via thumb drives, according to the ‘Emerging Cyber Threats Report 2012’ released at the Georgia Tech Cyber Security Summit 2011’. The report warned problems may arise from the differences between laptop browsers and those used on phones. The latter display address bars fleetingly, leaving little time to observe the safety status of sites being visited. Touch screens on smartphones may make users more susceptible to clicking on links that seem legitimate but mask malicious sites, which could lead to drive-by downloads of malware. Additionally, patches and updates for mobile phones are woefully infrequent, the report said. Meanwhile, the authors said bot masters will find more ways to make money off their zombie machines beyond using them as spam or DDoS engines. For example, a downloader controlled by a bot master could infect machines with reconnaissance malware that profiles the user of the machine for marketing purposes. Or the zombies could be queried for personal technical details as a way to design a long-term, stealthy attack to compromise data. Source:

44. October 11, Ars Technica – (International) Researchers hack crypto on RFID smart cards used for keyless entry and transit pass. Researchers at a German university have published a paper detailing a security exploit of the Mifare DESfire MF3ICD40, a RFID smart card widely used for secure facility access, and transit passes. The exploit, which uses an approach previously used to break other wireless crypto systems, demonstrates that even the relatively strong encryption algorithms used in ‘touchless’ smart cards can be broken with a small investment of time and equipment. The attack uses a templated ‘side-channel’ attack on the card’s crypto, an approach first described in a paper by researchers at IBM’s Watson Research Center in 2002. There are over 3 billion DESFire cards vulnerable to the exploit in circulation. The DESfire is widely used for transit passes, as well as for authentication and entry systems at thousands of companies. And cards based on the technology have also been widely used by government agencies trying to comply with Homeland Security Presidential Directive 12, which mandates the use of smart cards for access to secure facilities and sets a government standard for smart card interoperability. The DESfire RFID integrated circuit was the first to comply with that standard, and Philips sold the DESfire cards directly to NASA and the Department of the Interior. Other companies, such as HID Global, have resold the card technology to other agencies and contractors. Source:

For another story see item 45 below in the Communications Sector

Communications Sector

45. October 12, Reuters – (International) BlackBerry outages spread to North America. A 3-day disruption to BlackBerry services spread to North America October 12, frustrating users of the Research In Motion (RIM) devices. RIM advised clients of an outage in the Americas and said it was working to restore services as customers in Europe, the Middle East, Africa, and India continued to suffer patchy e-mail and no access to browsing and messaging. RIM, which had said October 11 services had returned to normal, said later it was still working to resolve the problem. ‘The messaging and browsing delays ... were caused by a core switch failure within RIM’s infrastructure,’ it said. ‘As a result, a large backlog of data was generated and we are now working to clear that backlog and restore normal service.’ RIM did not say how long it might take. The service disruptions are the worst since an outage swept North America 2 years ago. Source:

For another story, see item 43 above in the Information Technology Sector