Friday, December 16, 2011

Complete DHS Daily Report for December 16, 2011

Daily Report

Top Stories

• A Security Metrics study of computer storage systems used by 2,736 merchants found they stored unencrypted data on more than 378 million credit cards. – Softpedia See item 12 below in the Banking and Finance Sector

• Two doctors who own a mental health clinic in Houston were charged for trying to bilk Medicare out of more than $90 million for treatments that were unnecessary, and in some cases, never provided. – Houston Chronicle (See item 28)

28. December 14, Houston Chronicle – (Texas) 3 arrested in $90 million Medicare fraud scheme. Two physicians and owners of Spectrum Care, a Houston mental health program, were arrested December 14, charged with trying to bilk Medicare out of $90.4 million for treatments from 2006 that “were not medically necessary, and in some cases, never provided,” federal authorities contend. Both physician were charged in the alleged phony treatment scheme, which involved kickbacks to the owner of an assisted living facility in exchange for finding and funneling patients to the clinic. The assisted living facility owner was also arrested December 14. All three are charged with conspiracy to commit health care fraud and conspiracy to pay and receive illegal health care kickbacks. Since 2006, the doctors had been submitting bills to Medicare for supposed treatment at their “partial hospitalization program,” known as a PHP. The arrests come just 2 months after a Houston Chronicle investigation uncovered hundreds of millions in Medicare dollars spent to shepherd mentally fragile Texans by ambulance to mental health clinics and PHPs where patients claimed they watched TV and ate junk food. The indictment accused all three defendants of paying Medicare beneficiaries cash and cigarettes if they came to Spectrum. Spectrum is one of nearly two dozen community mental health centers and PHPs in Harris County that have collected millions in Medicare dollars, but require no license to operate in Texas, the Chronicle’s investigation in October found. The patients are mostly poor, and live in personal care homes, assisted living facilities or apartments arranged by caretakers and caseworkers. The arrests were part of a larger operation involving many agencies, including the FBI, U.S. Health and Human Services’ Office of Inspector General, the Texas Attorney General’s Medicaid Fraud Unit, and the U.S. Attorney’s Office for the Southern District of Texas. Source:


Banking and Finance Sector

12. December 15, Softpedia – (International) Hackers feast on unencrypted credit card data stored by merchants. A report released by Security Metrics December 15 states the number of merchants that store customer credit card data in an unencrypted form is higher than ever. The latest Merchant Data Security Report reveals that 71 percent of the businesses that participated in the study stored unencrypted credit card data, and many were highly vulnerable to SQL injection attacks. With the use of a tool called PANscan, Security Metrics scanned the systems of 2,736 merchants, including hard drives, networks, and attached storage devices in search of unencrypted primary account numbers (PAN) and magnetic stripe track data. The scan found a total of 378,748,700 cards, which translates into an 8 percent increase when compared to 2010. Old, non-PCI compliant, payment applications are problematic and easy to hack, but new payment systems can turn out to be just as insecure if they are not configured correctly. Other problems emerge from the improper removal of payment-information-containing files. Many believe if they delete a file, it is as good as gone, but this is not the case. Even if the information is not available for the user, hackers can easily recover it from the device’s unassigned storage space. While a large part of the sensitive data is stored unknowingly by employees who are just not trained to handle sensitive data, in many situations merchants do not bother to make sure the data is safely tucked away from malicious cybercriminal operations. Source:

13. December 15, NewsCore – (International) Parcel bomb intercepted at public office in Rome. Authorities intercepted a parcel bomb December 15 at a branch of Italy’s tax-collecting organization Equitalia, almost a week after another parcel bomb exploded at a separate branch in Rome. The device was handed over to police for further investigation, the ANSA news agency reported. Experts examining the package had found a “dark powder inside [the parcel],” a police spokesman told Agence France-Presse The parcel bomb discovery follows two recent similar incidents, one at another Equitalia branch in Rome. The Italian far-left group Federazione Anarchia Informale (Informal Anarchist Federation), also known as FAI, claimed responsibility for sending a bubble-wrapped parcel bomb to an Equitalia branch December 9. The director who opened the parcel bomb suffered burns to his right hand. The group also claimed responsibility for sending a parcel bomb addressed to the CEO of Deutsche Bank in Frankfurt on December 7. That bomb was intercepted by authorities, who confirmed it contained explosives and shrapnel. In claiming responsibility for the Frankfurt attack, the FAI said it would target “banks, bankers, ticks and bloodsuckers” with three attacks. Source:

14. December 14, Washington Post – (District of Columbia.; New Jersey) D.C. lawyer pleads guilty to securities fraud. A Washington, D.C. lawyer who was recorded plotting to cover up an insider trading scheme, pleaded guilty December 14 to securities fraud, obstruction of justice, and other charges. He was charged with stealing and passing to co-conspirators inside information from some of the nation’s most prominent corporate law firms, where he was employed — Cravath Swaine & Moore, Skadden Arps, Fried Frank, and Wilson Sonsini. The scheme lasted 17 years and netted more than $37 million in illicit profits, the U.S. attorney’s office in Newark, New Jersey, said. The man’s lawyer said his client received less than $2 million, but thought he was being given roughly a third of the proceeds. Two co-conspirators previously pleaded guilty. In a recorded phone call in March, when investigators were closing in, the defendant told the middleman to get rid of a phone he had used. According to a court filing, he was also recorded saying he got rid of his computer and an iPhone he had used to look up stock quotes. The man has given the government information about others he had reason to believe may have engaged in insider trading, including a lawyer, his attorney said. He has agreed to forfeit $415,000. Source:

15. December 14, Des Moines Register – (Iowa) Two metro developers indicted for bank fraud. Two prominent Des Moines, Iowa developers were indicted December 14 for bank and wire fraud by a federal grand jury. The men were each accused of two counts of bank fraud, and seven counts of wire fraud, prosecutors said during a hearing. They noted a federal grand jury indicted the two men in November. The men were arraigned December 14 in federal court, where they entered not guilty pleas, and were released on the own recognizance. The two men were partners in the Oaks Development Co., which once was one of the largest development companies in the state. If convicted, they face a maximum penalty of 30 years in prison, and a $1 million fine on each of the nine counts. The Des Moines Register reported in 2009 that one of the men and other area developers were under investigation for fraud related to bank loans for various commercial and residential real estate projects during the boom in home and commercial construction. He filed for bankruptcy in 2009, but then asserted his right against self-incrimination 73 times with no explanation in a court hearing. After that, a judge dismissed his bankruptcy petition, citing a federal law forbidding a debtor from unreasonable delays in providing financial information to creditors as well as the bankruptcy trustee. In 2008, at least a dozen banks filed lawsuits seeking payment and property from Oaks Development. Lenders claimed they were owed about $21 million and sought foreclosure on at least 70 pieces of property, which included three large pieces of undeveloped land, three condominium projects, about 20 homes, 17 lots, and other commercial properties in the Des Moines metro area. Source:|head

Information Technology

31. December 15, Help Net Security – (International) Silent updating for Internet Explorer. Microsoft announced that in 2012 Internet Explorer will be updated “silently” to its newest possible version. This new silent update will eliminate the pop-up window that currently allows users to opt-out or postpone the update. Silent updating is generally seen as a big improvement to security on the Internet. Being on the newest possible Internet Explorer brings a significant increase in security and robustness to malware infections due to better architecture, sandboxing, and the included URL filtering feature. Source:

32. December 15, Information Age – (International) Japanese game developer Square Enix hacked. Japanese video game developer Square Enix said servers holding 1.8 million customers’ details were accessed the week of December 12. The compromised server related to the ‘Square Enix Members’ service, and held details of users in North America and Japan. In a statement, Square Enix said it reported the breach to the Japanese government and informed all Square Enix members. Its own investigation found no credit card details or user logins were taken, but Square Enix said it would be conducting a broader investigation over the coming days. The affected service will remain unavailable as a result. A spokeswoman told Agence France-Presse the affected servers stored the customers’ names and e-mail addresses, and many members also registered their postal addresses and phone numbers. Source:

33. December 15, Softpedia – (International) Cybercriminals steal more than $1 million from Android users in 2011. A recent study by Lookout Mobile Security reveals mobile malware has become a reality as cyber criminals managed to illegally earn more than $1 million from Android users alone. Experts estimate that in 2012 things will worsen. The figures show the likelihood for an Android user to encounter a malicious element has risen from 1 percent to 4 percent from the beginning of 2011. Reportedly, Android customers worldwide have a 36 percent chance of clicking on a link that will eventually point to a malware-filled Web site. When it comes to monetization trends, experts believe malevolent software that sends SMS messages to premium rate numbers will represent the favorite method utilized by crooks to fill their pockets. Even though many believed botnet networks will be used at a larger scale, so far they have not made their presence felt. Source:

34. December 15, Softpedia – (International) GlobalSign certificate authority details ComodoHacker security incident. After temporarily shutting down their certificate issuance services in September, GlobalSign released a report with conclusions on the events that took place after they learned ComodoHacker breached their systems. The company stated no rogue certificates were issued and no customer data was exposed. The evidence indicates no root certificate keys and associated Hardware Security Modules (HSM), Issuing Authorities and associated HSMs, or Registration Authority services were compromised. The certificate authority’s infrastructure was left undamaged by the cybercriminal operation. The company reports only a peripheral Web server on which the public Web site was hosted was compromised, but the server was not part of the certificate issuance infrastructure. GlobalSign claimed only HTML pages, publicly available PDF documents, and the key and certificates assigned to were exposed to the hacker, but both the key and the certificate were revoked. Customers were impacted only between September 6 and 15 when the issuance was temporarily halted. During that period, third party security solutions providers such as Fox-IT and Cyber Security Japan were contacted for the purpose of analyzing and reinforcing the breached infrastructure. GlobalSign continues to collaborate with authorities while they gather more evidence on ComodoHacker, and the other actors involved. Source:

35. December 14, The Register – (International) Newfangled graphics engine for browsers fosters data theft. Software developers at Google, Apple, Adobe, and elsewhere are grappling with the security risks posed by an emerging graphics technology, which in its current form could expose millions of Web users’ sensitive data to attackers. The technology, known as CSS shaders, is designed to render a variety of distortion effects, such as wobbles, curling, and folding. It works by providing programming interfaces Web developers can call to invoke powerful functions from an end user’s graphics card. However, it could also be exploited by malicious Web site operators to steal Web-browsing history, Facebook identities, and other private information from unsuspecting users, a security researcher on Google’s Chrome browser warned recently. Source:

36. December 14, Computerworld – (International) Google ships Chrome 16, patches 15 vulnerabilities. Google patched 15 vulnerabilities in Chrome December 13, and updated the browser to version 16. Six of the 15 vulnerabilities patched were rated “high,” while 7 were labeled “medium” and another 2 were tagged as “low.” Several of the bugs, including a pair attributed to an independent researcher, were found using Google’s memory error detection tool, AddressSanitizer. Four of the flaws were related to Google’s parsing of PDF documents — the browser includes a built-in PDF viewer, eliminating the need to launch Adobe’s free Reader application — while two others were found in Chrome’s processing of scalar vector graphics images. Source:

For another story see item 12 above in the Banking and Finance Sector

Communications Sector

37. December 14, South Florida Sun-Sentinel – (Florida) T-Mobile outage, service woes hit South Florida. T-Mobile customers in some parts of South Florida reported service outages and problems December 14. The cellphone company confirmed “a network issue in parts of Miami.” It said most service has been restored and vowed to “keep everyone posted,” according to a brief statement. Some customers reported difficulty completing calls in Broward and Palm Beach counties starting December 13. A posting on the unoffficial T-Mobile blog linked the woes to a fiber optic cable being accidentally cut. Source:

For another story, see item 33 above in the Information Technology Sector