Friday, December 30, 2011

My apologies to all regarding the lateness of this post. The associated report from DHS was not available sooner than Noon today!

Complete DHS Daily Report for December 30, 2011

Daily Report

Top Stories

• One person died and at least four others were injured after an explosive crash shut down northbound Interstate 95 in Volusia County, Florida, sparked a fire, and sent toxic smoke into the air, officials said. – WKMG 6 Orlando (See item 13 )

13. December 29, WKMG 6 Orlando – (Florida) 1 dead in fiery I-95 crash near Port Orange. One person is dead and at least four others were injured after an explosive crash involving at least three semi tractor trailers shut down northbound Interstate 95 in Volusia County, Florida, sparked a fire, and sent toxic smoke into the air, officials said. The traffic crash happened about 3:30 a.m. December 29 in the northbound lane of Interstate 95 at mile marker 257. The northbound lane remained closed while the southbound lane of the interstate was open to traffic. The Florida Highway Patrol confirmed that one truck driver was pronounced dead at the scene. The northbound lanes will be closed indefinitely, officials said. The Volusia County Sheriff’s Office said four others were taken to Halifax Health Medical Center. One of the semis was a mail truck that may have been hauling hazardous materials and another semi was carrying logs, traffic authorities said. Volusia County firefighters advised residents in the area to stay inside due to toxic smoke that emanated from a massive fire caused by the crash, officials said. Source:|topnews|text|Local News

• Health officials said December 28 that an Oklahoma baby was the third infant recently sickened by a strain of bacteria sometimes associated with tainted infant formula. – Associated Press (See item 18)

18. December 28, Associated Press – (Oklahoma) 3rd baby ill with rare bacteria associated with formula. An Oklahoma baby is the third infant sickened by bacteria sometimes associated with tainted infant formula. The child was infected with Cronobacter sakazakii but fully recovered, health officials said December 28. An Illinois child also rebounded after being sickened by the bacteria. A Missouri infant who was 10 days old died. The Missouri child had consumed Enfamil Newborn powdered infant formula made by Illinois-based Mead Johnson. Powdered formula has been suspected in illnesses caused by the bacteria in years past. But health officials said the Oklahoma child had not consumed Enfamil. And Mead Johnson this week reported that its own testing found no bacteria in the product. U.S. officials are awaiting results from their own testing of powdered formula and distilled water — also known as ‘nursery water’ — used to prepare it. Source:


Banking and Finance Sector

8. December 29, U.S. Securities and Exchange Commission – (International) SEC charges Magyar Telekom and former executives with bribing officials in Macedonia and Montenegro. The Securities and Exchange Commission (SEC) December 29 charged the largest telecommunications provider in Hungary and three of its former top executives with bribing government and political party officials in Macedonia and Montenegro to win business and shut out competition in the telecommunications industry. The SEC alleges that three senior executives at Magyar Telekom Plc. orchestrated, approved, and executed a plan to bribe Macedonian officials in 2005 and 2006 to prevent the introduction of a new competitor and gain other regulatory benefits. Magyar Telekom’s subsidiaries in Macedonia made illegal payments of approximately $6 million under the guise of bogus consulting and marketing contracts. The same executives orchestrated a second scheme in 2005 in Montenegro related to Magyar Telekom’s acquisition of the state-owned telecommunications company there. Magyar Telekom paid approximately $9 million through four sham contracts to funnel money to government officials in Montenegro. Magyar Telekom’s parent company Deutsche Telekom AG also is charged with books and records and internal controls violations of the Foreign Corrupt Practices Act (FCPA). Magyar Telekom agreed to settle the SEC’s charges by paying more than $31.2 million in disgorgement and pre-judgment interest. Magyar Telekom also agreed to pay a $59.6 million criminal penalty as part of a deferred prosecution agreement announced December 29 by the U.S. Department of Justice. Deutsche Telekom settled the SEC’s charges, and as part of a non-prosecution agreement with the Department of Justice agreed to pay a penalty of $4.36 million. Source:

9. December 29, Courthouse News Service – (Texas) Judge stops $10 million Ponzi scheme. A federal judge granted the Security and Exchange Commission’s (SEC) request to stop a Ponzi scheme that took more than $10.1 million from 80 investors by falsely claiming it would put the money in “safe government guaranteed assets.” The SEC sued Evolution Capital Advisors, its subsidiary Evolution Investment Group I, and its owner in August on securities fraud charges. The judge did not buy Evolution’s argument that it was not running a Ponzi scheme because early investors have been paid. He pointed out that that is the very nature of a “quintessential Ponzi scheme. And it is of no moment that the investment strategy has not yet collapsed of its own accord.” The SEC claimed the defendants solicited investors for two “secured note offerings” by using confidential private placement memoranda. The SEC said the owner reeled in investors by falsely claiming he would use their money to buy a portfolio of Small Business Administration (SBA) loans “guaranteed by the full faith and credit of the United States.” However, “Instead of investing the funds as promised, defendants purchased Small Business Administration interest only strips (‘SBA IO Strips’), which entitle holders to only a portion of the interest paid on an SBA loan or groups of loans,” the SEC said in its complaint. “That is, the asset underlying the strips is interest paid on the loans, not the guaranteed principal. If the borrower prepays or defaults on the SBA loan underlying the strip, interest payments stop and the value of the strip in effect falls to zero. The SEC claimed: “Defendants further harmed investors by using offering proceeds to pay themselves more than $2.4 million in so-called management fees and expenses.” The judge also granted the SEC’s request to freeze assets and to permanently enjoin the defendants from violating the Securities and Exchange Acts. Source:

10. December 29, WVIT 30 New Britain – (Connecticut) Hundreds of potential debit card scam victims. Nearly 100 people in Wallingford, Connecticut, were affected after thieves stole their debit card information, WVIT 30 New Britain reported December 29. Originally, investigators thought the thefts were from a skimming device scam in which thieves use a card reading mechanism to steal personal information from the magnetic strip. However detectives said the fraud is so wide spread they believe a hacker got into a network and grabbed debit card pin numbers and are selling them on the black market. Cardholders reported fraudulent purchases in states like Louisiana, Florida, even the country of Malaysia. Police called it a large scale operation and said nothing of this magnitude has ever happened before in Wallingford. The information was stolen in recent months when the victims used their card to make legitimate purchases, but the bogus charges did not start popping up until days before December 24. Many of the victims shopped at the West Center Marketplace on South Turnpike Road. It’s one of the places police are looking into saying it too may be a victim of the scam. Police told at least one victim they could be dealing with an organized crime ring. They released three surveillance photos from a Walgreens in Greenwich where one of the fraudulent cards may have been used. A woman and two men were being called persons of interest. Source:

11. December 28, U.S. Department of Justice – (California) California federal court blocks bogus tax credit scheme. A federal court in Los Angeles has permanently barred a man from promoting a scheme involving sales of bogus federal tax credits, the Justice Department announced December 28. According to the government’s complaint, the man fraudulently claimed to have billions of dollars in federal research tax credits that the United States supposedly granted him for purported scientific breakthroughs. The suit alleged that he advertised the sale of these bogus credits on the Internet and issued phony documents to people purporting to give them credits that could reduce their tax obligations. The government also alleged that Ellis partnered with the Southwest Louisiana Business Development Center, a nonprofit organization in Jennings, Louisiana, to try to sell $24 billion of the fictitious credits. The civil injunction order entered against the man bars him from telling prospective customers that he can transfer tax credits to them. He is also required to give the government a list of the names, addresses, and social security or tax identification numbers of everyone to whom he purported to distribute tax credits. Source:

12. December 28, Lawrenceville Patch – (New Jersey) Lawrence man charged in alleged credit card fraud. An alleged credit card fraud ring was disrupted when Hightstown, New Jersey police made a routine traffic stop December 14. Hightstown officers initially pulled over a car for going speeding and then found the car was stolen, police said. A man was arrested in connection with the stolen car and was subsequently found to have nine Master Cards and five Visa cards in two different people’s names on him, which lead police to believe the cards could be fraudulent or stolen, a Hightstown Police detective said. Over the next few days the detective matched the names and numbers on the cards with the actual account numbers, and found that the cards had been compromised. One victim told the detective he received a letter from his credit card company saying there had been a security breach, and the company told him stolen account information had been pushed to Russia. The Secret Service used a machine to determine that on four of the cards found in Johnson’s possession, the numbers on the cards did not match the numbers read on the strips, the detective said. Based on all this information, Hightstown police obtained a search warrant for both the man’s home and the car, the detective said. An embossing machine used to imprint numbers on credit cards, a skimming machine used to copy information from credit card magnetic strips, 26 additional credit cards, gift cards, and two driver’s licenses with different names but the same photo were found at the house, the detective said. Two additional fraudulent credit cards and a credit card reader/writer were found in the car. Receipts for overseas money transfers were also found, and police are still trying to track down victims whose identities have been compromised, the detective said. The detective said the fraudulent cards were used in Middlesex and Mercer counties, and at least $10,000 was spent that has been identified. That number is expected to increase as more victims are found, the detective said. Hightstown Police charged the man with identify theft, forgery, credit card theft, and possession of stolen property. Police believe others are also involved with the scheme, but no one else had been charged as of the week of December 19. Source:

Information Technology

35. December 29, Help Net Security – (International) Beware of password-protected documents carrying malware. Symantec researchers have recently spotted malware masquerading as password-protected document files - Word documents, spreadsheets, Powerpoint presentations, and PDFs - being delivered as e-mail attachments, Help Net Security reported December 29. “Attackers are misusing the password feature to encrypt files, most likely to make it difficult for security products to detect them as malware,” said the researchers. “It also makes reverse-engineering the files difficult because they need to be decrypted before analysis can be performed.” As the contents of the files in question are encrypted, some antivirus solutions might not recognize them for what they are immediately but only after they are opened with the password. Source:

36. December 29, Help Net Security – (International) Data-stealing Android Trojan masquerades as greeting-sending app. F-Secure researchers recently spotted a trojan targeting Chinese Android users that masquerades as a pre-written text message app, signed with the same certificate as a Android trojan that sends SMS messages to premium-rate numbers, Help Net Security reported December 29. Dubbed AdBoo, the app seemingly lets users choose a message template (jokes, New Year wishes, and more), then asks them to choose the contact to whom it will be sent. But it doesn’t actually send the message - a dialog box notifying them of a “Sending Fail” pops up instead. In the background, the Trojan harvests information such as phone model and number, Android version, and IMEI number and sends it to a remote server. Source:

37. December 29, Dark Reading – (International) Most Facebook scams are designed to feed affiliate marketing programs. Affiliate marketing sites are the final destination in three-fourths of all Facebook deceptions, according to a Commtouch study released December 28. According to the Commtouch Internet Threats Trend Report, visitors to these fraudulent Facebook-promoted sites are induced to fill out surveys that generate affiliate payments for the scammers. Users are induced to click on the scams through a variety of social engineering tactics, such as free merchandise offers, celebrity news, new (fake) Facebook applications, or simply a trusted friend sending a message stating: “You have to see this!” the report stated. After users first click on the scams, malware or malicious scripts are to blame for the further spread of slightly more than half the analyzed scams, the study said. These exploits fall into three main categories: likejacking, rogue applications, and malware or “self-XSS,”. In 48 percent of the cases, unwitting users themselves are responsible for distributing the undesirable content by clicking on “like” or “share” buttons. Source:

38. December 29, Softpedia – (International) Hashes used by PHP, ASP.NET, Java, Python and Ruby vulnerable to DoS attacks. Researchers showed how a common flaw in the implementation of the most popular web programming languages and applications can be used to force servers to use their CPU at full capacity for several minutes, causing a denial-of-service (DoS) condition. Softpedia reported December 29 that two researchers made a presentation at the 28C3 Chaos Communication Congress in Berlin, Germany, showing that the way most popular programming languages such as PHP, Java, Apache Tomcat, ASP.NET, Phyton, Plone, Ruby, and V8, use hash tables make servers susceptible to DoS attacks. Any Web site that runs a technology that provides the option to perform a POST request is highly vulnerable to a DoS attack and since the attack is just a POST request, a Web site can be targeted by using an XSS flaw present on another popular site. Microsoft is expected to release a security update for ASP.NET later December 29, Ruby has provided an update to customers, and Apache Tomcat has also released workarounds for the vulnerability. Source:

Communications Sector

39. December 29, CNET News – (National) Verizon fixes latest network outage. Verizon confirmed December 29 via Twitter that it has resolved its latest outage, which hit many of its celluar data customers December 28. Verizon Wireless tweeted that the 4G LTE issue was resolved overnight but that 3G connectivity as well as calling and texting had been unaffected. This latest incident marked the third time this month that Verizon customers across the country have bumped into a network data outage. On December 7, many Verizon 4G LTE customers reported a loss of data service, though some 3G users also said they were affected. A second outage occurred the week of December 19, also hitting data customers across the United States. In all three circumstances, users reported issues connecting to both 4G and 3G networks, however Verizon has insisted that 3G data access has been unaffected. Other than acknowledging the incidents and their resolutions through brief statements, the company has been mum as to the cause of the persistent problem. The founder of the market research firm Recon Analytics, recently told CNET that some growing pains are to be expected as more people hop onto Verizon’s LTE network. But since most of the outages have started in the middle of the night, he believes they are being caused by upgrades and patches to the network. As such, one single glitch can cascade to affect multiple regions of the entire country. Source:

40. December 29, ABC News – (International) Sun storms may affect radios, cell phones. Intense solar activity may affect Earth December 29, potentially disrupting radio and cell phone frequencies. On December 26, the sun released a coronal mass ejection (CME), which is a “massive eruption of solar plasma,” according to The blast is expected to impact the Earth through December 31. “Coronal Mass Ejections from the last few days may cause isolated periods of G1 (Minor) Geomagnetic Storm Activity on December 28-29,” the National Oceanic and Atmospheric Administration’s (NOAA) Space Weather Prediction Center wrote in an update. “R1 (Minor) radio blackouts are expected until 31 December.” If the storms are powerful enough, they could temporarily interrupt radio frequencies, power grids, GPS signals, and cell phone communication. NOAA estimated that there was a 20-40 percent chance of these disruptive polar geomagnetic storms on December 28-29 in response to the impact of one or more CMEs. Experts said the sun’s increased activity is part of an 11-year cyclical pattern. NASA’s Solar Dynamics Observatory tweeted December 28 that two CMEs occurred within 24 hours earlier the week of December 26. Source: