Monday, December 19, 2011

Complete DHS Daily Report for December 19, 2011

Daily Report

Top Stories

• Three former mortgage and real estate brokers were found guilty December 15 of fraud for their scheme that recruited straw buyers to obtain hundreds of homes, swindling banks out of $24 million. – Las Vegas Review-Journal See item 15 below in the Banking and Finance Sector

• Several federal agencies confirmed in recent tests that transmitters a telecommunications firm wants to use to create a national, wireless broadband network caused "harmful interference to the majority" of GPS receivers as well as a flight-safety system. – See item 45 below in the Communications Sector


Banking and Finance Sector

12. December 16, WCBS 2 New York; Associated Press – (New York) DA: 55 indicted in NYC cyber crime ring. The Manhattan District Attorney’s office in New York indicted 55 people who are accused of running an identity theft and cyber crime ring, WCBS 2 New York and the Associated Press reported December 16. Prosecutors said in indictments that participants in the scheme had jobs that involved processing donor or customer checks. One worked at the UJA-Federation, a major Jewish charity. Prosecutors said she and other members of the ring harvested people’s personal information from the checks and provided it to accomplices. Then the accomplices would forge checks, deposit them in still other associates’ bank accounts, and withdraw the money as soon as it cleared. UJA-Federation issued a statement in response to the indictments, indicting it fired the employee. "The district attorney’s office has advised us that no donor suffered any financial losses, and that banks and credit card companies were targeted by and were the victims of this crime ring," it said. The 55 suspects are accused of stealing about $2 million from several different banks and companies, including TD Bank, Citibank, Chase, American Express, and Discover. Sources said several defendants are linked to a Brooklyn street gang called The Outlaws and at least one person in the case was killed during the 18-month investigation. The suspects were expected to be arraigned December 16. Source:

13. December 16,; Reuters; Associated Press – (National) SEC charges ex-Fannie, Freddie CEOs with fraud. Federal regulators charged six former executives — including former CEOs — at mortgage giants Fannie Mae and Freddie Mac with securities fraud December 16, alleging they misled investors about their exposure to risky subprime mortgage debt. The civil charges were filed in two separate lawsuits in federal court in New York City. "Fannie Mae and Freddie Mac executives told the world that their subprime exposure was substantially smaller than it really was," said the director of the Securities and Exchange Commission's (SEC) Enforcement Division. He added these misstatements "misled the market about the amount of risk on the company's books." The SEC said both firms agreed to cooperate with the agency and entered into non-prosecution agreements. Freddie Mac and Fannie Mae have been propped up by about $169 billion in federal aid since they were rescued by the government in 2008. Fannie and Freddie own or guarantee about half of U.S. mortgages, or nearly 31 million loans. Source:

14. December 15, Washington Examiner – (District of Columbia; Maryland; Virginia) Man convicted in credit card-skimming ring. A Laurel, Maryland man was convicted December 15 in a card-skimming ring that prosecutors said ripped off at least 780 people. A federal jury in Alexandria, Virginia, found the suspect guilty of conspiracy and aggravated identity theft charges. The defendant and four others led an identity-theft ring that stole credit card numbers from restaurant customers in the Washington, D.C. region. They recruited servers to swipe customers' credit card numbers, re-encoded those numbers on credit and gift cards, then used the cards to buy merchandise and additional gift cards at stores in Virginia, Maryland, and Pennsylvania, according to prosecutors and court documents. The ring operated from January 2010 to June 2011, and left at least 780 victims. The other four ring members pleaded guilty for their roles in the scheme. Source:

15. December 15, Las Vegas Review-Journal – (Nevada) Three found guilty in mortgage fraud case. Federal jurors who faulted the courtroom demeanor of one defendant and the competency of an expert witness returned guilty verdicts December 15 in Las Vegas, against three people in a lengthy trial involving multimillion-dollar mortgage fraud. The former mortgage broker and former real estate broker recruited straw buyers to secure 227 homes valued at more than $107 million, federal prosecutors said. Also found guilty was a former Las Vegas mortgage broker who was the former owner of Secured Mortgage Services. With the defendants' knowledge — and in many cases their help — most of the scores of straw buyers the pair recruited from 2003 to 2008 lied to lenders about their income and assets, their intent to live in the homes purchased, and their ability to afford the mortgages. The actual loss to banks is about $24 million. Jurors found the former mortgage broker guilty on 14 counts, including bank fraud, mail fraud, wire fraud, and conspiracy. The real estate broker was found guilty on 12 counts, including bank fraud, mail fraud, wire fraud, and conspiracy. The third defendant was found guilty of three mail fraud charges, one count of wire fraud, and one count of conspiracy. Source:

16. December 15, WDSU 6 New Orleans – (Louisiana) 'Paw-Paw Bandit' admits to string of bank heists. A Metairie, Louisiana man dubbed the "Paw-Paw Bandit" pleaded guilty in federal court December 15 to a single count of bank robbery. The man was charged in connection with the August 5 robbery of a Whitney National Bank in Metairie. In court, he also admitted to robbing four other banks over a 2-month span. He picked up his nickname following the release of bank surveillance photos that showed what appeared to be an older man as the robber of several area banks. When the suspect was caught, arresting officers found a stash of cash linking him to the robberies. He could be sentenced to as many as 20 years in prison, and a fine of up to $250,000. Source:

17. December 15, St. Louis Post-Dispatch – (Missouri) 'Logo Bandit' robs fifth St. Louis-area bank in three months. Police said a suspected serial bank robber struck a PNC Bank in St. Louis December 15. About 10:30 a.m., a man in a hooded Adidas coat handed a note demanding money to a teller, police said. The man did not show a weapon but implied he had one. He ran off with an undisclosed amount. Authorities believe the December 15 bank robbery is at least the man's fifth since September. Investigators labeled him the "Logo Bandit" because he wears hats and sweatshirts featuring brand-name or athletic logos. Investigators said the man robbed a US Bank in Kirkwood September 6, a Truman Bank in Clayton November 15, a US Bank in Des Peres November 21, and a Commerce Bank in Clayton December 1. Source:

18. December 15, Agence France-Presse – (Utah) U.S. Ponzi scheme targeted Mormons: SEC. U.S. financial regulators charged a father and son in Utah December 16 with operating a $220-million property investment Ponzi scheme that targeted fellow members of the Mormon church. The Securities and Exchange Commission (SEC) charged the pair with selling shares in their purported real estate business, and using the funds from some investors to pay returns promised to others. The SEC said that since 2008, the two solicited investments into their business of ostensibly buying, rehabilitating, and then renting out properties. The pair appeared to use the memberships in the Utah-based Church of Jesus Christ of Latter-Day Saints — the Mormon church — "to make connections and win over the trust of prospective investors," the SEC said. Securities were sold without registering with the SEC as required by law. Moreover, the funds raised were often not used for investing into properties, with some moved from one entity to another to keep investors happy while the entities lost money. "They have essentially been operating a shell game intended to raise additional funds from new or existing investors in order to meet the rapidly growing financial obligations of their operation," the SEC said. Source:

19. December 15, Associated Press – (International) U.S. government blames Hezbollah for role in $300 million money laundering scheme. Federal authorities blamed Lebanese financial institutions December 15 for wiring more than $300 million into the United States in a money-laundering scheme they said used the U.S. financial system to benefit the militant group Hezbollah. The U.S. government said in the lawsuit filed in a Manhattan, New York federal court it seeks nearly a half-billion dollars in money-laundering penalties from some Lebanese financial entities, 30 U.S. car buyers, and a U.S. shipping company. It also said it is entitled to claim their assets as forfeitable under U.S. money-laundering laws. Prosecutors said the $300 million was wired from Lebanon to the United States, and was used to buy used cars and ship them to West Africa. They said Hezbollah money-laundering channels were used to ship proceeds from the car sales and narcotics trafficking back to Lebanon. The accusations came 2 days after an indictment in federal court in Alexandria, Virginia, accused a fugitive of leading a drug conspiracy that provided income for Hezbollah, an Iranian-backed Lebanese militant group the U.S. has branded a terrorist organization. Source:

Information Technology

42. December 15, Computerworld – (International) Adobe promises Reader zero-day patch on Friday. Adobe said it would release a patch December 16 for an older version of the Reader PDF viewer to stymie attacks like those aimed at major defense contractors earlier in December. Nine days ago, the company confirmed a critical bug in Reader and promised to fix the flaw in Reader and Acrobat 9.x the week of December 12. The exploits uncovered by security researchers were aimed specifically at Reader 9.x using malformed PDF documents attached to bogus e-mails. A day after Adobe acknowledged the vulnerability, researchers at Symantec confirmed attacks targeted defense contractors, as well as individuals working in the telecommunications, manufacturing, computer hardware, and chemical sectors. The attacks spiked December 1, Symantec said. The attackers may have been hoping to steal confidential information from the targeted firms. If opened by the recipient, the malicious PDF hijacked the Windows PC, then infected those machines with "Sykipot," a general-purpose backdoor trojan that was first spotted being used in March 2010 as the payload in attacks exploiting a then-unpatched bug in Microsoft's Internet Explorer (IE) 6 and IE7. Later research by Symantec and others found hints of Chinese involvement: Code remnants were in the Simplified Chinese character set, and the malware's command-and-control server was traced to a Chinese IP address. Source:

43. December 15, The Register – (International) Stolen, remote-wiped iPhones still get owner's iMessages. Victims of iPhone theft have discovered that remotely wiping their device will not stop iMessage content being delivered to the thief, who can continue to respond under the owner's name. The flaw was spotted by a man whose wife had her iPhone stolen and promptly deactivated the mobile number, remotely wiped the data, and changed both Apple ID and password. However, despite all the action taken, the husband discovered messages sent using iMessage were being received by the buyer of the stolen handset, in addition to being delivered to his wife's new handset, and shared the experience with Ars Technica. Not only was the receiver-of-stolen-goods getting messages addressed to the man's wife, but the thief was able to respond to the messages. It appears the problem is not unique to the couple, but has hit many iPhone users, a problem which will presumably increase as iMessage gains ground. iMessage works by automatically turning SMS and MMS messages into Internet traffic when a data connection is available at both ends. It only operates where both parties have an iPhone, and are connected to the Internet, but when activated it does provide a free messaging service. Source:

44. December 15, Dark Reading – (International) Old smartphones leave tons of data for digital dumpster divers. A recent exploration made by a digital forensics company into a handful of phones found in the smartphone secondary market showed how easy it is to glean information from old or lost phones, even if a factory reset has been committed. An expert from Access Data gave Dark Reading information on his findings from his informal research and explained some of the repercussions for corporations and consumers who do not pick, manage, or dispose of their phones wisely. The director of mobile forensics for AccessData said, "I'd guess if you went and grabbed 10 phones [from recycling companies], 60 percent are going to contain data." He said at the behest of a customer interested in the data lingering on phones sold by used phone resellers and consumers using Craigslist and eBay, he used AccessData's tools to do an in-depth forensics dive into five handsets acquired from this market. The phones were the iPhone 3G, Sanyo 2300, HTC Wildfire, LG Optimus, and HTC Hero. Of those five, the iPhone and the old Sanyo had not been reset and contained what the director called logical data — active account sign-ons, contacts, and calendar information easily usable by any person who turns on the phone. Even though all of the Android phones had been wiped through a factory reset, four of the five phones also included data that would take someone with forensics tools and knowledge to extract from more hidden storage locations. Some of the details available within those phones included user account information, Social Security numbers, geo-location tags, deleted text messages, and a resume. Source:

For another story, see item 45 below in the Communications Sector

Communications Sector

45. December 15, – (National) It's official: LightSquared interferes with GPS. The U.S. defense and transportation departments, along with the multiagency positioning, navigation and timing executive committee confirmed December 15 in identical statements that transmitters that start-up cellular company LightSquared plans to use for a national wireless broadband network caused "harmful interference to the majority" of general purpose Global Positioning System receivers in recent tests. LightSquared's plans also hit another speed-bump when the House approved an amendment to the 2012 National Defense Authorization Act barring the Federal Communications Commission from giving LightSquared the green light for commercial operation until Defense Department concerns about GPS interference from the company's network are resolved. In addition, the statement said, "separate analysis by the Federal Aviation Administration also found interference with a flight safety system designed to warn pilots of approaching terrain," but did not specify the system. A federal source who declined to be identified said FAA determined the LightSquared network caused interference with the GPS-enabled Enhanced Ground Proximity Warning System, which alerts pilots if they are too close to the ground. Preliminary analysis of test data showed the LightSquared transmitters caused "no significant interference with cellular phones" equipped with GPS chips, the statement said. Source:

46. December 15, Fairbanks Daily News-Miner – (Alaska) Snow frozen fast to KUAC radio tower reduces broadcasting power. A recent blast of warm weather, freezing rain and snow has reduced the broadcast signal of KUAC 89.9, creating reception problems in the Fairbanks, Alaska, area, a KUAC general manager said December 15. The extreme temperature changes and the raincreated a thick layer of ice and snow that stuck hard to the antenna. It is not the normal dust-like winter snow, but something that is closer to an icy glue. When the ice and snow build up on the antenna in thick layers, the transmitter has to reduce power to prevent damage to the equipment, which leads to a weaker signal for listeners, he said. The general manager said he went to the tower December 14 and tried to knock some of the snow off with a rubber mallet. It is too dangerous to climb the tower now and remove the ice by hand. The antenna is about 16-17 years old and was ordered without plastic radomes, which would provide some protection. They are not available as an add-on for this antenna, he said. A new antenna is the only long-term solution to this problem, which has been made much worse by the unusual winter weather of recent years. Source: &id=16800739&instance=blogs_editors_desk

47. December 15, Hawaii 24/7 – (Hawaii) AT&T has major cellphone outage in Kona Thursday. AT&T Wireless confirmed to Hawaii 24/7 that a large area in Kailua-Kona was without cellphone service December 15. Hawaii 24/7 had reports of an outage since at least 2 p.m. AT&T Wireless reported that they were made aware of the outage at 4:05 p.m. The outage covers a large area of Kailua-Kona with an AT&T representative saying customers would have to travel 10 miles or more out of town for service. AT&T reports that engineers are working on the problem, but gave an estimated the time of repair of 10:53 a.m. December 16. AT&T services in other parts of the Big Island appeared to be unaffected by the outage. Source:

For more stories, see items 42, 43, and 44 above in the Information Technology Sector