Thursday, October 27, 2011

Complete DHS Daily Report for October 27, 2011

Daily Report

Top Stories

• A federal audit released October 24 found 32 computer network vulnerabilities at Department of Energy facilities, and that security problems had increased by 60 percent in 2011. – eWeek.com (See item 33)

33. October 26, eWeek.com – (National) U.S. Energy Department networks' weak security invite cyber-attacks: audit. According to an inspector general report released October 24, the U.S. Department of Energy (DoE) continued to have serious network security issues for the second year in a row and is regularly hit by cyber-attackers, costing the federal government over $2 million. An annual review of the Department of Energy's unclassified networks revealed a number of security issues, including weak access controls, improper patching strategy, and poor employee training, according to a report from the department's inspector general. Tests at 25 DoE facilities, including headquarters, revealed 32 previously unidentified vulnerabilities. The audit also found that security problems had increased by 60 percent in 2011 on DoE computer networks, compared to the number found during the 2010 audit. Only 11 out of the 35 issues identified in the 2010 report had been addressed, the report found. Source: http://www.eweek.com/c/a/Security/US-Energy-Department-Networks-Weak-Security-Invite-CyberAttacks-Audit-358273/?kc=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+RSS/eweeksecurity+(eWEEK+Security)&utm_content=Google+Reader

• Five active and three retired officers of the New York City Police Department were charged October 25 with conspiring to transport and distribute firearms and other stolen and counterfeit goods, according to federal authorities. – CNN (See item 40)

40. October 25, CNN – (New York) Feds: Current, former NYPD officers among 12 charged in criminal conspiracy. Five active and three retired officers of the New York City Police Department (NYPD) were among 12 people charged October 25 with conspiring to transport and distribute firearms and stolen goods, according to federal authorities. The defendants were charged in an alleged conspiracy to transport and distribute untraceable firearms across state lines and conspiracy to transport supposedly stolen and counterfeit goods, including cigarettes from Virginia and slot machines from Atlantic City, New Jersey. The criminal complaint accuses the defendants of participating in the illegal transportation of goods with a street value estimated at more than $1 million. The charges stem from an extensive undercover investigation that began in 2009, conducted by FBI and investigators from the NYPD's internal affairs bureau, a U.S. attorney said October 25. The investigation included a confidential informant, undercover law enforcement officers, surveillance, and telephone taps, according to court documents. The criminal complaint alleges the lead defendant met the confidential informant in 2009 and brought several of his fellow officers into the conspiracy to pull off various illegal schemes. According to the charges filed October 25, the defendants were engaged in the theft and transport of more than 200 cases of cigarettes from tractor-trailers in Virginia. The cigarettes were valued at over $500,000. Some defendants, authorities allege, helped undercover agents break into the trailers, some transported the illegal goods, and some helped sell them in New York. Authorities said undercover agents contacted the lead defendant on two separate occasions about the transport of purportedly stolen slot machines from Atlantic City to Port Chester, New York. Defendants traveled to pick up the stolen goods and drove the vans carrying the slot machines or acted as a security entourage. In the case of the firearms, court documents say defendants drove the guns, and cigarettes, in rented vans and personal vehicles into New York form New Jersey. Many oeapons had the serial numbers altered or scraped off, rendering them untraceable. According to the complaint, as the lead defendant drove his personal vehicle into New York with two bags full of firearms, his NYPD jacket was displayed in the window of his vehicle. Source: http://www.cnn.com/2011/10/25/justice/new-york-cops-charged/index.html?hpt=ju_c2

Details

Banking and Finance Sector

13. October 26, Washington Post – (International) U.S. trying to seize more than $70M from dictator’s son over alleged corruption. U.S. Department of Justice (DOJ) officials announced October 25 they are trying to seize more than $70 million in assets — including a Malibu, California mansion — owned by the playboy son of the dictator of Equatorial Guinea. Prosecutors filed civil forfeiture complaints and moved to seize valuables, including a 2011 Ferrari 599 GTO worth $533,000, collectibles and clothing valued at $1.8 million, a $38.5 million Gulfstream G-V business jet, and a house purchased for $30 million on 12 acres of property. In complaints filed or unsealed October 25, prosecutors alleged the dictator's son used his position as a government minister to plunder more than $100 million from the African nation through “extortion, misappropriation, embezzlement, or theft of public funds.” The action is the largest effort to date by the DOJ’s Kleptocracy Asset Recovery Initiative, created this year to target and recover the proceeds of foreign corruption laundered through the United States. The Equatorial Guinea matter was exposed by the U.S. Senate Permanent Subcommittee on Investigations, which in 2004 found Riggs Bank in Washington D.C. held millions of dollars in laundered Equatorial Guinea assets. Riggs pleaded guilty in 2005 to failing to report suspicious transactions and was fined $16 million. Source: http://www.washingtonpost.com/politics/us-trying-to-seize-more-than-70m-from-dictators-son-over-alleged-corruption/2011/10/25/gIQAYknmIM_story.html

14. October 26, Sacramento Bee – (California) Prosecutors target dozens in Sacramento-area mortgage fraud probe. Federal law enforcement officials are conducting a wide-ranging mortgage fraud investigation targeting dozens of members of the local Russian-American community in the Sacramento, California area. Since May, federal grand juries have charged 19 Sacramento-area residents in three separate indictments for allegedly defrauding lenders of more than $12 million. The latest round of indictments was unsealed October 25, and federal prosecutors said they expect to seek many more in the coming months. The U.S. attorney's office has been working with the FBI and the Internal Revenue Service's criminal division for more than a year. One of the targets has been indicted twice since May 2011. In a seven-count indictment unsealed October 25, a federal grand jury charged that woman, a 41-year-old of Rancho Cordova, a 40-year-old of Sacramento, and a 32-year-old of Sacramento on mail fraud and bank fraud charges. All four pleaded not guilty. The indictment alleges one of the defendants, a loan officer with a local mortgage lender, recruited one of the co-defendants to purchase two homes in Antelope in 2006 by using false information about the co-defendant's occupation and income. Another of the co-defendants, meanwhile, received $100,000 to pay off a phony second mortgage on one of the Antelope homes, the indictment said. If convicted, the defendants face up to 20 years in prison for each mail fraud charge and 30 years for each bank fraud charge. One of the defendants faces similar fraud charges stemming from a May federal grand jury indictment that alleged his sisters were part of a mortgage fraud ring that obtained more than $16.3 million to purchase 14 properties in the Sacramento area between 2006 and 2007. The homes later went into foreclosure, resulting in losses of about $9.6 million by several lenders, the grand jury said. Source: http://www.sacbee.com/2011/10/26/4006938/hed-here.html

15. October 26, U.S. Securities and Exchange Commission – (National) SEC files insider trading charges against Rajat Gupta. The Securities and Exchange Commission (SEC) October 26 charged the former McKinsey & Co. global head with insider trading for illegally tipping a convicted hedge fund manager while serving on the boards of Goldman Sachs and Procter & Gamble (P&G). The SEC first charging the hedge fund manager with insider trading in October 2009. According to the SEC’s complaint filed in federal court in Manhattan, the defendant illegally tipped the hedge fund manager with insider information about the quarterly earnings of Goldman Sachs and P&G as well as an impending $5 billion investment in Goldman by Berkshire Hathaway at the height of the financial crisis. The hedge fund manager, the founder of Galleon Management who was recently convicted of multiple counts of insider trading in other securities stemming from unrelated insider trading schemes, allegedly caused various Galleon funds to trade based on the inside information, generating illicit profits or loss avoidance of more than $23 million. The SEC’s complaint alleges the defendant provided his friend and business associate with confidential information learned during board calls and in other communications and meetings relating to his official duties as a director of Goldman and P&G. The hedge fund manager used the inside data to trade on behalf of certain Galleon funds, or shared the information with others at his firm who caused other Galleon funds to trade on it ahead of public announcements by the firms. The SEC had instituted an administrative proceeding against the defendant for the conduct alleged in the October 26 enforcement action, but later dismissed those proceedings while reserving the right to file an action against him in federal court. The SEC has now charged 29 defendants in its Galleon-related enforcement actions, which have alleged widespread and repeated insider trading at numerous hedge funds, including Galleon, and by other professional traders and corporate insiders in the securities of more than 15 companies. The insider trading generated illicit profits totaling more than $90 million. Source: http://www.sec.gov/news/press/2011/2011-223.htm

16. October 25, The Guardian – (International) Real IRA admits bomb attacks on Northern Ireland banks. The Real IRA has admitted bombing two banks in Northern Ireland as well as the UK City of Culture office in Derry, and has warned that it will continue to target economic interests. In a statement sent October 25 to the Guardian and laced with anti-capitalist rhetoric, the Real IRA said the bombings and future targeting of the banking system were its response to bankers' "greed" and were meant "to send out the message that while the Irish national and class struggles are distinct, they are not separate". The attacks and the language used to justify them appeared designed to tap into the widespread public loathing of banks on both sides of the Irish border. The republican dissident group was unapologetic about bombing the office of the UK City of Culture 2013 in Derry the week of October 17. In its most bellicose warning yet, the Real IRA said: "The IRA has recently carried out a number of bomb attacks on the banking establishment. Such attacks are an integral part of our strategy of targeting the financial infrastructure that supports the British government's capitalist colonial system in Ireland. The impetus to carry out this type of attack is directly linked to pressure from working-class communities in Ireland as a whole." In May 2011, masked men threw a bag containing a device into Santander's branch in Derry. In August 2011, a bomb was thrown into a Santander branch in Hill Street, Newry. A Real IRA bomb caused major damage to a branch of the Ulster Bank in Derry in 2010. The terror group attempted to link the banks to the Police Service of Northern Ireland. In September 2010, the Real IRA had issued a warning that banks and bankers could be targeted. Source: http://www.guardian.co.uk/uk/2011/oct/25/real-ira-admits-attacks-banks

17. October 25, United Nations Office on Drugs and Crime – (International) Illicit money: how much is out there. Criminals, especially drug traffickers, may have laundered around $1.6 trillion, or 2.7 percent of global gross domestic product, in 2009, according to a new report by the United Nations Office on Drugs and Crime. This figure is consistent with the 2 to 5 percent range previously established by the International Monetary Fund to estimate the scale of money-laundering. Source: http://www.unodc.org/unodc/en/frontpage/2011/October/illicit-money_-how-much-is-out-there.html?ref=fs1

18. October 25, Champaign-Urbana News-Gazette – (Illinois) Ex-financial adviser pleads guilty to mail fraud, money laundering. A former Urbana, Illinois investment adviser pleaded guilty October 25 to mail fraud and money laundering in connection with a fraud scheme that cost clients about $16 million. Appearing before a U.S. district judge in Peoria, the defendant admitted defrauding 11 victims, including companies and individuals, of about $16 million. Mail fraud carries a maximum penalty of 20 years in prison, while money laundering carries a maximum penalty of 10 years in prison. He could also be ordered to pay restitution to the victims. According to court documents and statements during the October 25 hearing, the defendant admitted he fraudulently transferred, liquidated, and removed mutual fund shares from clients' accounts for his own business and personal use. The actions took place between August 2006 and March 2011, when a telephone inquiry from an investment advisory company to the Champaign Police Department triggered an investigation. That investigation ended up involving the FBI, the Internal Revenue Service, the U.S. Postal Inspection Service, the Securities Department of the Illinois secretary of state's office, and the Champaign Police Department. The U.S. Securities and Exchange Commission filed civil charges against the former investment adviser in federal court earlier in 2011. Source: http://www.news-gazette.com/news/courts-police-and-fire/2011-10-25/ex-financial-adviser-pleads-guilty-mail-fraud-money-launderin

Information Technology Sector

43. October 26, Softpedia – (International) Report: spammers utilize more public URL shortening sites. The use of public URL shortening services makes it more difficult for anti-spam countermeasures to detect and block malicious messages sent by cyber masterminds in their effort to take over digital assets, according to a Symantec Intelligence Report cited by Softpedia October 26. Even though the report's figures show a decrease in spam, the messages are more sophisticated because of spammers use of shortened URLs. “Spammers are using a free, open source URL shortening scripts to operate these sites," the report stated. "After creating many shortened URLs with their own service, the spammers then send spam including these URLs. These particular spammers use subjects designed to attract attention, like 'It's a long time since I saw you last!', 'It's a good thing you came' and so on." Source: http://news.softpedia.com/news/Report-Spammers-Utilize-More-Public-URL-Shortening-Sites-230074.shtml

44. October 26, The Register – (International) Worm wriggles through year-old flaw, builds zombie-net. A new worm is turning servers running older versions of the JBoss Application Server into botnet drones, The Register reported October 26. The malware behind the attack is significant because it targets servers rather than PCs, and because it relies on exploiting a vulnerability that is more than a year old – a flaw in JBoss Application Server patched by Red Hat in April 2010 –- to attack new machines. The worm's payload includes a variety of Perl scripts, including one that builds a back door on compromised machines. Source: http://www.theregister.co.uk/2011/10/26/jboss_worm/

45. October 26, Softpedia – (International) Andromeda bot hides behind Facebook comments. A code fragment of a threat discovered as starting its mission on social media networks is suspected to be a new bot called Andromeda that is very similar to ZeuS and SpyEye, Softpedia reported October 26. The infection process begins where an innocent looking comment hides a page that urges the user to click on another link. Once the second link is clicked, the victim is directed to malicious content that loads an iframe that references a server that hosts a variant of the BlackHole exploit kit. The exploit server then probes the browser for vulnerabilities until it can find a way to get in. The final payload is represented by a worm known as Worm:Win32/Gamarue.A that is suspected to be part of Andromeda. Gamarue.A is known to easily spread by copying itself to removable or network drives. Source: http://news.softpedia.com/news/Andromeda-Bot-Hides-Behind-Facebook-Comments-230195.shtml

46. October 25, IDG News Service – (International) Exploit-powered Android Trojan uses update attack. IDG News Service reported October 25 a new variant of the DroidKungFu Android Trojan is posing as a legitimate application update to infect handsets, according to security researchers from F-Secure. Distributing Android malware as updates is a new tactic first seen in July. The primary method of infecting handsets continues to be bundling of Trojans with legitimate applications; however, the resulting apps are easy to spot because of the extensive permissions they request at installation time. According to security researchers, the new update-based attacks can have a higher success rate than "Trojanizing" apps, because users don't tend to question the legitimacy of updates for already-installed software. Source: http://www.networkworld.com/news/2011/102511-exploit-powered-android-trojan-uses-update-252374.html?source=nww_rss

47. October 24, Help Net Security – (International) New mass SQL injection attack making rounds. Help Net Security reported October 24 there is another mass SQL injection attack making its rounds on the Web called "jjghui", referring to the Web site it redirects traffic to. The latest attack is yet another play on using SQL injection to inject malicious JavaScript in ASP.NET Web sites. So far, a Google search shows 180,000 pages have already been infiltrated. The attack appears to be targeting smaller sites that lack personnel with the skills and security awareness of larger and more well-known sites. The attack methodology is the same type that has been used many times before on a massive scale, according to researchers. Legitimate Web sites execute malicious script code from jjghui.com and infect a user's machine with malware that recruits it into a botnet. Attackers can also load payloads such as keyloggers and trojans onto compromised computers. Source: http://www.net-security.org/article.php?id=1641&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader

For more stories, see items 33 above in the Top Stories and 48 & 49 below in the Communications Sector

Communications Sector

48. October 26, Bangor Daily News – (Northeast) Time Warner service restored after outages hit New England. An outage October 26 disrupted Time Warner’s high-speed Internet and digital telephone service throughout the Northeast during the morning, but service was restored in an hour. A Time Warner spokesman said the outage, which occurred at 8:40 a.m., affected service in the Northeast, including all phone and Internet customers in New England. He said service was restored at 9:40 a.m. Time Warner engineers were investigating the cause of the outage. Source: http://bangordailynews.com/2011/10/26/business/time-warner-customers-seeing-outages-throughout-new-england/

49. October 26, CNET – (National) Anonymous threatens Fox News Web site over Occupy coverage. Anonymous plans to take down the Fox News Web site on November 5, according to a new video apparently released by the hacker group. The group said it is targeting the network for what it called biased news coverage of the Occupy Wall Street protests occurring in cities across the country. The group had earlier vowed to take down Facebook November 5 as well, although there was some question about the credibility of that threat within Anonymous. Hackers aligned with the group have succeeded in releasing personal information about a former Citigroup and Goldman Sachs executive, as well as the CEOs of Citigroup, JP Morgan Chase, and Goldman Sachs. They also released information on a New York police officer accused of unprovoked and excessive use of pepper spray on people at the protests, which began September 17 in New York. Source: http://news.cnet.com/8301-1009_3-20125628-83/anonymous-threatens-fox-news-web-site-over-occupy-coverage/?part=rss&subj=news&tag=2547-1_3-0-20

50. October 25, Charleston Gazette – (West Virginia) Six arrested in Logan County copper thefts. West Virginia State Police arrested six people October 25 after an investigation found they allegedly stole copper from Frontier Communications in Logan County, West Virginia. They were each charged with 14 counts of grand larceny, 14 counts of transferring and receiving stolen property, 14 counts of destruction of property, 14 counts of destruction of public utility property, and 14 counts of conspiracy. Police are looking for two other people in connection with the thefts, a news release said. The thefts caused more than $100,000 worth of damage and outages for Frontier customers, police said. Source: http://wvgazette.com/News/201110250224

51. October 25, Radio World – (Florida) Two alleged pirates in Florida are fined. The Federal Communications Commission (FCC) announced two fines October 25 in cases involving illegal radio operators in Florida. It issued a $10,000 notice of apparent liability (NAL) to a man for running a transmitter on 90.7 MHz in Miami. Agents detected signals on three separate occasions this winter and spring. In April, it inspected the station after Miami police executed a search warrant and secured the residence. The commission said the man was actively marketing “Lady Luck Radio,” using it to cross-promote other businesses including a club called the ”Lady Luck Social Club” and providing commercial spots under the guise of a legitimate commercial radio station. In a separate case, the FCC issued a NAL for $15,000 to another man for allegedly running an unlicensed transmitter on 95.1 MHz in Lake Park, Florida. In that case, the commission sourced signals in December 2010 and July 2011 to his residence. It said that when agents visited in July, he admitted to operating the station. The commission increased the usual fine here, it said, because its Miami office had hand-delivered a Notice of Unlicensed Operation to him for operation on the same frequency in the spring of 2007. Source: http://www.rwonline.com/article/two-alleged-pirates-in-florida-are-fined/24669

For another story, see item 46 above in the Information Technology Sector

ober 27, 2011

Daily Report

Top Stories

• A federal audit released October 24 found 32 computer network vulnerabilities at Department of Energy facilities, and that security problems had increased by 60 percent in 2011. – eWeek.com (See item 33)

33. October 26, eWeek.com – (National) U.S. Energy Department networks' weak security invite cyber-attacks: audit. According to an inspector general report released October 24, the U.S. Department of Energy (DoE) continued to have serious network security issues for the second year in a row and is regularly hit by cyber-attackers, costing the federal government over $2 million. An annual review of the Department of Energy's unclassified networks revealed a number of security issues, including weak access controls, improper patching strategy, and poor employee training, according to a report from the department's inspector general. Tests at 25 DoE facilities, including headquarters, revealed 32 previously unidentified vulnerabilities. The audit also found that security problems had increased by 60 percent in 2011 on DoE computer networks, compared to the number found during the 2010 audit. Only 11 out of the 35 issues identified in the 2010 report had been addressed, the report found. Source: http://www.eweek.com/c/a/Security/US-Energy-Department-Networks-Weak-Security-Invite-CyberAttacks-Audit-358273/?kc=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+RSS/eweeksecurity+(eWEEK+Security)&utm_content=Google+Reader

• Five active and three retired officers of the New York City Police Department were charged October 25 with conspiring to transport and distribute firearms and other stolen and counterfeit goods, according to federal authorities. – CNN (See item 40)

40. October 25, CNN – (New York) Feds: Current, former NYPD officers among 12 charged in criminal conspiracy. Five active and three retired officers of the New York City Police Department (NYPD) were among 12 people charged October 25 with conspiring to transport and distribute firearms and stolen goods, according to federal authorities. The defendants were charged in an alleged conspiracy to transport and distribute untraceable firearms across state lines and conspiracy to transport supposedly stolen and counterfeit goods, including cigarettes from Virginia and slot machines from Atlantic City, New Jersey. The criminal complaint accuses the defendants of participating in the illegal transportation of goods with a street value estimated at more than $1 million. The charges stem from an extensive undercover investigation that began in 2009, conducted by FBI and investigators from the NYPD's internal affairs bureau, a U.S. attorney said October 25. The investigation included a confidential informant, undercover law enforcement officers, surveillance, and telephone taps, according to court documents. The criminal complaint alleges the lead defendant met the confidential informant in 2009 and brought several of his fellow officers into the conspiracy to pull off various illegal schemes. According to the charges filed October 25, the defendants were engaged in the theft and transport of more than 200 cases of cigarettes from tractor-trailers in Virginia. The cigarettes were valued at over $500,000. Some defendants, authorities allege, helped undercover agents break into the trailers, some transported the illegal goods, and some helped sell them in New York. Authorities said undercover agents contacted the lead defendant on two separate occasions about the transport of purportedly stolen slot machines from Atlantic City to Port Chester, New York. Defendants traveled to pick up the stolen goods and drove the vans carrying the slot machines or acted as a security entourage. In the case of the firearms, court documents say defendants drove the guns, and cigarettes, in rented vans and personal vehicles into New York form New Jersey. Many oeapons had the serial numbers altered or scraped off, rendering them untraceable. According to the complaint, as the lead defendant drove his personal vehicle into New York with two bags full of firearms, his NYPD jacket was displayed in the window of his vehicle. Source: http://www.cnn.com/2011/10/25/justice/new-york-cops-charged/index.html?hpt=ju_c2

Details

Banking and Finance Sector

13. October 26, Washington Post – (International) U.S. trying to seize more than $70M from dictator’s son over alleged corruption. U.S. Department of Justice (DOJ) officials announced October 25 they are trying to seize more than $70 million in assets — including a Malibu, California mansion — owned by the playboy son of the dictator of Equatorial Guinea. Prosecutors filed civil forfeiture complaints and moved to seize valuables, including a 2011 Ferrari 599 GTO worth $533,000, collectibles and clothing valued at $1.8 million, a $38.5 million Gulfstream G-V business jet, and a house purchased for $30 million on 12 acres of property. In complaints filed or unsealed October 25, prosecutors alleged the dictator's son used his position as a government minister to plunder more than $100 million from the African nation through “extortion, misappropriation, embezzlement, or theft of public funds.” The action is the largest effort to date by the DOJ’s Kleptocracy Asset Recovery Initiative, created this year to target and recover the proceeds of foreign corruption laundered through the United States. The Equatorial Guinea matter was exposed by the U.S. Senate Permanent Subcommittee on Investigations, which in 2004 found Riggs Bank in Washington D.C. held millions of dollars in laundered Equatorial Guinea assets. Riggs pleaded guilty in 2005 to failing to report suspicious transactions and was fined $16 million. Source: http://www.washingtonpost.com/politics/us-trying-to-seize-more-than-70m-from-dictators-son-over-alleged-corruption/2011/10/25/gIQAYknmIM_story.html

14. October 26, Sacramento Bee – (California) Prosecutors target dozens in Sacramento-area mortgage fraud probe. Federal law enforcement officials are conducting a wide-ranging mortgage fraud investigation targeting dozens of members of the local Russian-American community in the Sacramento, California area. Since May, federal grand juries have charged 19 Sacramento-area residents in three separate indictments for allegedly defrauding lenders of more than $12 million. The latest round of indictments was unsealed October 25, and federal prosecutors said they expect to seek many more in the coming months. The U.S. attorney's office has been working with the FBI and the Internal Revenue Service's criminal division for more than a year. One of the targets has been indicted twice since May 2011. In a seven-count indictment unsealed October 25, a federal grand jury charged that woman, a 41-year-old of Rancho Cordova, a 40-year-old of Sacramento, and a 32-year-old of Sacramento on mail fraud and bank fraud charges. All four pleaded not guilty. The indictment alleges one of the defendants, a loan officer with a local mortgage lender, recruited one of the co-defendants to purchase two homes in Antelope in 2006 by using false information about the co-defendant's occupation and income. Another of the co-defendants, meanwhile, received $100,000 to pay off a phony second mortgage on one of the Antelope homes, the indictment said. If convicted, the defendants face up to 20 years in prison for each mail fraud charge and 30 years for each bank fraud charge. One of the defendants faces similar fraud charges stemming from a May federal grand jury indictment that alleged his sisters were part of a mortgage fraud ring that obtained more than $16.3 million to purchase 14 properties in the Sacramento area between 2006 and 2007. The homes later went into foreclosure, resulting in losses of about $9.6 million by several lenders, the grand jury said. Source: http://www.sacbee.com/2011/10/26/4006938/hed-here.html

15. October 26, U.S. Securities and Exchange Commission – (National) SEC files insider trading charges against Rajat Gupta. The Securities and Exchange Commission (SEC) October 26 charged the former McKinsey & Co. global head with insider trading for illegally tipping a convicted hedge fund manager while serving on the boards of Goldman Sachs and Procter & Gamble (P&G). The SEC first charging the hedge fund manager with insider trading in October 2009. According to the SEC’s complaint filed in federal court in Manhattan, the defendant illegally tipped the hedge fund manager with insider information about the quarterly earnings of Goldman Sachs and P&G as well as an impending $5 billion investment in Goldman by Berkshire Hathaway at the height of the financial crisis. The hedge fund manager, the founder of Galleon Management who was recently convicted of multiple counts of insider trading in other securities stemming from unrelated insider trading schemes, allegedly caused various Galleon funds to trade based on the inside information, generating illicit profits or loss avoidance of more than $23 million. The SEC’s complaint alleges the defendant provided his friend and business associate with confidential information learned during board calls and in other communications and meetings relating to his official duties as a director of Goldman and P&G. The hedge fund manager used the inside data to trade on behalf of certain Galleon funds, or shared the information with others at his firm who caused other Galleon funds to trade on it ahead of public announcements by the firms. The SEC had instituted an administrative proceeding against the defendant for the conduct alleged in the October 26 enforcement action, but later dismissed those proceedings while reserving the right to file an action against him in federal court. The SEC has now charged 29 defendants in its Galleon-related enforcement actions, which have alleged widespread and repeated insider trading at numerous hedge funds, including Galleon, and by other professional traders and corporate insiders in the securities of more than 15 companies. The insider trading generated illicit profits totaling more than $90 million. Source: http://www.sec.gov/news/press/2011/2011-223.htm

16. October 25, The Guardian – (International) Real IRA admits bomb attacks on Northern Ireland banks. The Real IRA has admitted bombing two banks in Northern Ireland as well as the UK City of Culture office in Derry, and has warned that it will continue to target economic interests. In a statement sent October 25 to the Guardian and laced with anti-capitalist rhetoric, the Real IRA said the bombings and future targeting of the banking system were its response to bankers' "greed" and were meant "to send out the message that while the Irish national and class struggles are distinct, they are not separate". The attacks and the language used to justify them appeared designed to tap into the widespread public loathing of banks on both sides of the Irish border. The republican dissident group was unapologetic about bombing the office of the UK City of Culture 2013 in Derry the week of October 17. In its most bellicose warning yet, the Real IRA said: "The IRA has recently carried out a number of bomb attacks on the banking establishment. Such attacks are an integral part of our strategy of targeting the financial infrastructure that supports the British government's capitalist colonial system in Ireland. The impetus to carry out this type of attack is directly linked to pressure from working-class communities in Ireland as a whole." In May 2011, masked men threw a bag containing a device into Santander's branch in Derry. In August 2011, a bomb was thrown into a Santander branch in Hill Street, Newry. A Real IRA bomb caused major damage to a branch of the Ulster Bank in Derry in 2010. The terror group attempted to link the banks to the Police Service of Northern Ireland. In September 2010, the Real IRA had issued a warning that banks and bankers could be targeted. Source: http://www.guardian.co.uk/uk/2011/oct/25/real-ira-admits-attacks-banks

17. October 25, United Nations Office on Drugs and Crime – (International) Illicit money: how much is out there. Criminals, especially drug traffickers, may have laundered around $1.6 trillion, or 2.7 percent of global gross domestic product, in 2009, according to a new report by the United Nations Office on Drugs and Crime. This figure is consistent with the 2 to 5 percent range previously established by the International Monetary Fund to estimate the scale of money-laundering. Source: http://www.unodc.org/unodc/en/frontpage/2011/October/illicit-money_-how-much-is-out-there.html?ref=fs1

18. October 25, Champaign-Urbana News-Gazette – (Illinois) Ex-financial adviser pleads guilty to mail fraud, money laundering. A former Urbana, Illinois investment adviser pleaded guilty October 25 to mail fraud and money laundering in connection with a fraud scheme that cost clients about $16 million. Appearing before a U.S. district judge in Peoria, the defendant admitted defrauding 11 victims, including companies and individuals, of about $16 million. Mail fraud carries a maximum penalty of 20 years in prison, while money laundering carries a maximum penalty of 10 years in prison. He could also be ordered to pay restitution to the victims. According to court documents and statements during the October 25 hearing, the defendant admitted he fraudulently transferred, liquidated, and removed mutual fund shares from clients' accounts for his own business and personal use. The actions took place between August 2006 and March 2011, when a telephone inquiry from an investment advisory company to the Champaign Police Department triggered an investigation. That investigation ended up involving the FBI, the Internal Revenue Service, the U.S. Postal Inspection Service, the Securities Department of the Illinois secretary of state's office, and the Champaign Police Department. The U.S. Securities and Exchange Commission filed civil charges against the former investment adviser in federal court earlier in 2011. Source: http://www.news-gazette.com/news/courts-police-and-fire/2011-10-25/ex-financial-adviser-pleads-guilty-mail-fraud-money-launderin

Information Technology Sector

43. October 26, Softpedia – (International) Report: spammers utilize more public URL shortening sites. The use of public URL shortening services makes it more difficult for anti-spam countermeasures to detect and block malicious messages sent by cyber masterminds in their effort to take over digital assets, according to a Symantec Intelligence Report cited by Softpedia October 26. Even though the report's figures show a decrease in spam, the messages are more sophisticated because of spammers use of shortened URLs. “Spammers are using a free, open source URL shortening scripts to operate these sites," the report stated. "After creating many shortened URLs with their own service, the spammers then send spam including these URLs. These particular spammers use subjects designed to attract attention, like 'It's a long time since I saw you last!', 'It's a good thing you came' and so on." Source: http://news.softpedia.com/news/Report-Spammers-Utilize-More-Public-URL-Shortening-Sites-230074.shtml

44. October 26, The Register – (International) Worm wriggles through year-old flaw, builds zombie-net. A new worm is turning servers running older versions of the JBoss Application Server into botnet drones, The Register reported October 26. The malware behind the attack is significant because it targets servers rather than PCs, and because it relies on exploiting a vulnerability that is more than a year old – a flaw in JBoss Application Server patched by Red Hat in April 2010 –- to attack new machines. The worm's payload includes a variety of Perl scripts, including one that builds a back door on compromised machines. Source: http://www.theregister.co.uk/2011/10/26/jboss_worm/

45. October 26, Softpedia – (International) Andromeda bot hides behind Facebook comments. A code fragment of a threat discovered as starting its mission on social media networks is suspected to be a new bot called Andromeda that is very similar to ZeuS and SpyEye, Softpedia reported October 26. The infection process begins where an innocent looking comment hides a page that urges the user to click on another link. Once the second link is clicked, the victim is directed to malicious content that loads an iframe that references a server that hosts a variant of the BlackHole exploit kit. The exploit server then probes the browser for vulnerabilities until it can find a way to get in. The final payload is represented by a worm known as Worm:Win32/Gamarue.A that is suspected to be part of Andromeda. Gamarue.A is known to easily spread by copying itself to removable or network drives. Source: http://news.softpedia.com/news/Andromeda-Bot-Hides-Behind-Facebook-Comments-230195.shtml

46. October 25, IDG News Service – (International) Exploit-powered Android Trojan uses update attack. IDG News Service reported October 25 a new variant of the DroidKungFu Android Trojan is posing as a legitimate application update to infect handsets, according to security researchers from F-Secure. Distributing Android malware as updates is a new tactic first seen in July. The primary method of infecting handsets continues to be bundling of Trojans with legitimate applications; however, the resulting apps are easy to spot because of the extensive permissions they request at installation time. According to security researchers, the new update-based attacks can have a higher success rate than "Trojanizing" apps, because users don't tend to question the legitimacy of updates for already-installed software. Source: http://www.networkworld.com/news/2011/102511-exploit-powered-android-trojan-uses-update-252374.html?source=nww_rss

47. October 24, Help Net Security – (International) New mass SQL injection attack making rounds. Help Net Security reported October 24 there is another mass SQL injection attack making its rounds on the Web called "jjghui", referring to the Web site it redirects traffic to. The latest attack is yet another play on using SQL injection to inject malicious JavaScript in ASP.NET Web sites. So far, a Google search shows 180,000 pages have already been infiltrated. The attack appears to be targeting smaller sites that lack personnel with the skills and security awareness of larger and more well-known sites. The attack methodology is the same type that has been used many times before on a massive scale, according to researchers. Legitimate Web sites execute malicious script code from jjghui.com and infect a user's machine with malware that recruits it into a botnet. Attackers can also load payloads such as keyloggers and trojans onto compromised computers. Source: http://www.net-security.org/article.php?id=1641&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader

For more stories, see items 33 above in the Top Stories and 48 & 49 below in the Communications Sector

Communications Sector

48. October 26, Bangor Daily News – (Northeast) Time Warner service restored after outages hit New England. An outage October 26 disrupted Time Warner’s high-speed Internet and digital telephone service throughout the Northeast during the morning, but service was restored in an hour. A Time Warner spokesman said the outage, which occurred at 8:40 a.m., affected service in the Northeast, including all phone and Internet customers in New England. He said service was restored at 9:40 a.m. Time Warner engineers were investigating the cause of the outage. Source: http://bangordailynews.com/2011/10/26/business/time-warner-customers-seeing-outages-throughout-new-england/

49. October 26, CNET – (National) Anonymous threatens Fox News Web site over Occupy coverage. Anonymous plans to take down the Fox News Web site on November 5, according to a new video apparently released by the hacker group. The group said it is targeting the network for what it called biased news coverage of the Occupy Wall Street protests occurring in cities across the country. The group had earlier vowed to take down Facebook November 5 as well, although there was some question about the credibility of that threat within Anonymous. Hackers aligned with the group have succeeded in releasing personal information about a former Citigroup and Goldman Sachs executive, as well as the CEOs of Citigroup, JP Morgan Chase, and Goldman Sachs. They also released information on a New York police officer accused of unprovoked and excessive use of pepper spray on people at the protests, which began September 17 in New York. Source: http://news.cnet.com/8301-1009_3-20125628-83/anonymous-threatens-fox-news-web-site-over-occupy-coverage/?part=rss&subj=news&tag=2547-1_3-0-20

50. October 25, Charleston Gazette – (West Virginia) Six arrested in Logan County copper thefts. West Virginia State Police arrested six people October 25 after an investigation found they allegedly stole copper from Frontier Communications in Logan County, West Virginia. They were each charged with 14 counts of grand larceny, 14 counts of transferring and receiving stolen property, 14 counts of destruction of property, 14 counts of destruction of public utility property, and 14 counts of conspiracy. Police are looking for two other people in connection with the thefts, a news release said. The thefts caused more than $100,000 worth of damage and outages for Frontier customers, police said. Source: http://wvgazette.com/News/201110250224

51. October 25, Radio World – (Florida) Two alleged pirates in Florida are fined. The Federal Communications Commission (FCC) announced two fines October 25 in cases involving illegal radio operators in Florida. It issued a $10,000 notice of apparent liability (NAL) to a man for running a transmitter on 90.7 MHz in Miami. Agents detected signals on three separate occasions this winter and spring. In April, it inspected the station after Miami police executed a search warrant and secured the residence. The commission said the man was actively marketing “Lady Luck Radio,” using it to cross-promote other businesses including a club called the ”Lady Luck Social Club” and providing commercial spots under the guise of a legitimate commercial radio station. In a separate case, the FCC issued a NAL for $15,000 to another man for allegedly running an unlicensed transmitter on 95.1 MHz in Lake Park, Florida. In that case, the commission sourced signals in December 2010 and July 2011 to his residence. It said that when agents visited in July, he admitted to operating the station. The commission increased the usual fine here, it said, because its Miami office had hand-delivered a Notice of Unlicensed Operation to him for operation on the same frequency in the spring of 2007. Source: http://www.rwonline.com/article/two-alleged-pirates-in-florida-are-fined/24669

For another story, see item 46 above in the Information Technology Sector