Friday, March 16, 2012

Complete DHS Daily Report for March 16, 2012

Daily Report

Top Stories

• Science Applications International Corp. (SAIC), the computer contractor hired to overhaul payroll systems for New York City agencies, agreed to pay $500.4 million to resolve claims it conspired to defraud the city. – Bloomberg See item 9 below in the Banking and Finance Sector

• Prosecutors in New York indicted two Swiss financial advisers on charges of conspiring to help wealthy Americans hide $267 million in secret bank accounts. – Reuters See item 12) below in the Banking and Finance Sector

• A tractor-trailer collided with a school bus March 14 in western Pennsylvania, killing the truck driver and injuring at least 21 people, most of them students, authorities said. – Associated Press

15. March 15, Associated Press – (Pennsylvania) 1 dead, others hurt in Pa. school bus, truck crash. A tractor-trailer collided with a school bus carrying about 2 dozen students and adults March 14 in western Pennsylvania, killing the truck driver and injuring at least 21 people, most of them students, authorities said. The crash occurred on Route 281 near Rockwood, state police said. The truck and a school bus taking Turkeyfoot Valley Area School District students back from a school in Somerset struck each other. The truck crossed over into southbound lanes and hit the bus almost head-on, said a trooper. Twenty-three people, including 2 adults and 21 high-school students, were on the bus. Two adults and three juveniles were flown to a hospital. A hospital official later said one adult was in critical condition and the other adult and two of the children were listed as fair; the third juvenile was treated and released. Another child was flown to a hospital in Pittsburgh was later listed in good condition, an official said. Source: http://www.google.com/hostednews/ap/article/ALeqM5hI5Dn-zb9a5vu-nG3JQHKPRyz39Q?docId=632e85a9aa454c879af9281e1ef25674

• A midwestern militia group whose members are accused of plotting to murder police had a “kill list” that included current and former U.S. presidents, government officials, and members of Congress, an FBI agent said March 13. – Reuters

36. March 13, Reuters – (National) FBI agent: Midwest militia group had ‘kill’ list. A midwestern militia group whose members are accused of plotting to murder police had a “kill list” that included current and former U.S. presidents, top government officials, and members of Congress, an FBI agent testified March 13 in a Detroit federal court. The list from members of the group called the Hutaree was titled “Established Elite Still in Control” and included military officers, reporters, and corporate executives, the FBI agent said. The agent, who had gained access to the group by posing as a truck driver, said the list was circulated during the wedding of a Hutaree leader. Seven members of the Hutaree face federal charges of sedition, the attempted use of weapons of mass destruction, and firearms offenses. Defense attorneys argued the group was merely engaging in angry expressions of free speech and did not intend to commit acts of terrorism. The trial is the latest in prosecutions aimed at what the government sees as a growing threat of violence from home-grown anti-government groups. Source: http://www.msnbc.msn.com/id/46722890/ns/us_news-crime_and_courts/#.T2H4ZnkehBm

• A new Ubuntu Linux distribution is being marketed as “Anonymous-OS” and comes pre-loaded with tools for cracking passwords, launching denial of service attacks, and protecting anonymity online. – Threatpost See item 44) below in the Information Technology Sector

Details

Banking and Finance Sector

7. March 14, U.S. Commodity Futures Trading Commission – (New York) CFTC charges former MF Global Broker, with attempted manipulation of palladium and platinum futures prices. The U.S. Commodity Futures Trading Commission (CFTC) announced March 14 it filed a federal court action in the Southern District of New York charging a broker with attempted manipulation of the prices of palladium and platinum futures contracts, including the settlement prices, traded on the New York Mercantile Exchange (NYMEX). The CFTC complaint alleged the broker engaged in this conduct from at least June 2006 through May 2008, and specifically on at least 12 separate occasions. The complaint also charges him with aiding and abetting the attempted manipulations of a former portfolio manager of Moore Capital Management, LLC. According to the complaint, while working as a broker at MF Global Inc., he employed a manipulative scheme commonly known as “banging the close.” He intentionally devised and implemented a trading strategy to attempt to maximize the price impact through trading during the 2-minute closing periods of the palladium and platinum futures contracts markets, the complaint charged. The CFTC complaint also stated that to push prices higher, he routinely withheld entering the market-on-close buy orders until only a few seconds remained in the closing periods and thereby caused the orders to be executed within seconds of the close of trading. The CFTC settled related actions against Moore Capital Management, LP, its affiliates, and the former portfolio manager. The CFTC’s order imposed a $25 million civil monetary penalty. Source: http://www.cftc.gov/PressRoom/PressReleases/pr6210-12

8. March 14, Los Angeles Times – (California) Suspected ‘Wrong Way Bandit’ is charged in O.C. bank robberies. Orange County, California prosecutors the week of March 12 charged a man suspected of being the so-called Wrong Way Bandit with committing a series of bank robberies. He faces 3 felony counts of attempted second-degree robbery and could be sentenced to more than 50 years in state prison if convicted. The charges were filed March 13. Prosecutors said he committed five robberies and one attempted robbery between August and December 2011 at banks in Garden Grove, Fountain Valley, Costa Mesa, and Tustin. He was arrested March 9. The robber got his moniker because he apparently changed his mind on which way to exit after one of the heists. Source: http://latimesblogs.latimes.com/lanow/2012/03/dont-post-yet-still-working.html

9. March 14, Bloomberg – (New York) SAIC to pay $500 million to settle New York City time fraud. Science Applications International Corp. (SAIC), the contractor hired to overhaul payroll systems for New York City agencies, agreed to pay $500.4 million under a deferred-prosecution agreement to resolve claims it conspired to defraud the city. SAIC admitted it failed to investigate claims a manager of the CityTime payroll project directed staffing tasks to a single subcontractor, Technodyne LLC, in exchange for kickbacks, according to documents unsealed March 14 by federal prosecutors. The $500 million represents the “largest by dollar amount arising out of any state or government contract fraud in history,” the Manhattan U.S. attorney said. The city was billed about $690 million for SAIC to create a now-operational Web-based, time-keeping payroll management system, according to a spokesman for the mayor. Payments to Technodyne ballooned to $325 million from $17 million, even as the contract was amended to transfer cost overruns to the city, said a statement of responsibility submitted by SAIC. The scheme “lasted more than 7 years,” the U.S. attorney said. Prosecutors charged 11 defendants plus Technodyne. SAIC agreed to the filing of one count of conspiracy to commit wire fraud and agreed to disgorge proceeds of the offense, including $370.4 million in restitution to the city and a $130 million penalty, the Justice Department said. The agreement also calls for SAIC to forgive $40 million more in invoiced billings. The U.S. attorney said his office has liens on $52 million more in illegal gains of individual defendants. Depending on the resolution of frozen assets, the project will have cost the city $134 million to $186 million of the $692 million billed, a spokesman for the mayor said in an e-mail. Source: http://www.bloomberg.com/news/2012-03-14/saic-to-pay-500-million-to-settle-new-york-city-time-fraud-case.html

10. March 14, KTVU 2 Oakland – (California) Vacaville bandit may be tied to Chino bank shooting. Police were searching for a masked man March 14 after he robbed a Bank of the West in Vacaville, California, armed with an AK-47 and wearing body armor. Investigators said they believe it may be the same man who shot and wounded a police officer in a recent bank robbery in Chino. A police sergeant said the man entered the bank in Vacaville and demanded money March 12. He then took some cash and fled. He was wearing a black ski mask and a green-colored tactical vest with the word “SHERIFF” in block letters on the back, the sergeant said. Detectives are investigating whether the robbery is related to similar robberies in Sacramento and Chino, he said. In the Chino robbery, which occurred at a California Bank and Trust February 29, the robber shot a responding police officer with an assault rifle. The officer drove himself to a hospital and was listed in stable condition. Source: http://www.ktvu.com/news/news/crime-law/vacaville-bandit-may-be-tied-chino-bank-shooting/nLStW/

11. March 14, Boulder Daily Camera – (Colorado) Officials nab suspected ‘Face Off Bandit,’ wanted in three Boulder bank robberies. A suspect who police believe used fake beards while robbing at least six banks, including three in Boulder, Colorado, has been caught, authorities said March 14. The suspect was arrested on a warrant by Boulder police as he was leaving a Walmart store in Thornton, according to Boulder authorities. Police said they think he is the “Face Off Bandit,” a name given by FBI agents because investigators believe he wore fake beards as disguises and left them behind as he fled. The first Boulder robbery took place December 16, 2011 at a Great Western Bank, the second robbery was at a First Bank January 19, and a Chase Bank was robbed February 15. He also is suspected of robbing a Wells Fargo Bank in Golden, a Key Bank in Thornton, and a First National Bank in Louisville. Those cases remain under investigation. Source: http://www.dailycamera.com/boulder-county-news/ci_20176096/boulder-officials-nab-suspected-face-off-bandit-wanted?IADID=Search-www.dailycamera.com-www.dailycamera.com

12. March 14, Reuters – (National; International) Two Swiss financial advisers indicted in U.S. Prosecutors in New York March 14 indicted two Swiss financial advisers, one a former private banker at financial giant UBS AG, on charges of conspiring to help wealthy Americans hide $267 million in secret bank accounts. Charges were brought against the men in separate indictments. Both live in Switzerland, but they worked separately from each other. In the latest development in a U.S. crackdown on Swiss banking, the indictment said one man was a client adviser at Swiss-based UBS from 1993 to around 2003, then later worked at a series of unnamed Swiss asset management firms. He helped U.S. clients hide money at UBS and other Swiss banks, including Wegelin, a small Swiss bank indicted in February by the Justice Department for selling tax evasion services to American clients. He handled about 32 accounts holding $138 million for U.S. clients of UBS, and helped about 13 transfer their accounts to Wegelin and other Swiss banks when UBS came under pressure from U.S. authorities around 2008. He also helped clients fleeing UBS transfer accounts to the Swiss branch of an unnamed Israeli bank, the indictment said. The other adviser worked at Beck Verwaltungen AG, an independent advisory firm in Zurich, from the late 1980s to 2010. He managed U.S. client accounts worth $129 million. The two were also charged with “operating unlicensed money transmitting businesses” that funneled client money between banks and clients.Source: http://www.reuters.com/article/2012/03/14/us-swiss-advisers-indictment-idUSBRE82D15Y20120314

13. March 14, Bloomberg – (National) BCI Aircraft Leasing owner guilty in $50 million fraud case. BCI Aircraft Leasing Inc. and its principal were found guilty by a federal court jury of engaging in a fraudulent $50 million financing scheme, a Chicago U.S. attorney said March 14. The principal and his business were found guilty of six wire fraud counts and one count of obstructing a U.S. Securities and Exchange Commission probe. “[The principal] and BCI raised or otherwise obtained more than $50 million, commingled those funds and misappropriated some of the funds for their own use,” the U.S. attorney said. They also provided false information in connection with a Securities and Exchange Commission (SEC) lawsuit, he said. BCI had been a provider of aircraft to U.S. Airways Group Inc. and Southwest Airlines Co. The SEC sued in 2007, alleging the business was a Ponzi scheme in which early investors were repaid with money taken from those who followed. The principal was indicted in March 2010. The company and other defendants were added in a revised charging document in September 2010. The principal faces as long as 30 years imprisonment on each wire-fraud count, plus a $1 million fine and as long as 20 years in prison for obstruction. Three co-defendants pleaded guilty, two of whom testified against the principal at trial, the U.S. attorney said. Source: http://www.businessweek.com/news/2012-03-14/bci-aircraft-leasing-owner-guilty-in-50-million-fraud-case

Information Technology

40. March 15, H Security – (International) Pidgin IM client 2.10.2 closes DoS holes. Version 2.10.2 of the open source Pidgin instant messaging program was released. According to its developers, the maintenance and security update brings a number of changes and addresses two denial-of-service vulnerabilities that could be exploited by an attacker to cause the application to be terminated. These remote crashes are caused when the MSN server sends messages that are not UTF-8 encoded and also when some types of nickname changes occur in chat rooms using the XMPP protocol. Versions up to and including 2.10.1 are affected. Pidgin 2.10.2 fixes these issues and all users are advised to upgrade. Source: http://www.h-online.com/security/news/item/Pidgin-IM-client-2-10-2-closes-DoS-holes-1472596.html

41. March 15, Krebs on Security – (International) Hackers offer bounty for Windows RDP exploit. A Web site that bills itself as a place where independent and open source software developers can hire each other has secured promises to award at least $1,435 to the first person who can develop a working exploit that takes advantage of a newly disclosed and dangerous security hole in all supported versions of Microsoft Windows., Krebs on Security reported March 15. That reward is offered to any developer who can devise an exploit for one of two critical vulnerabilities that Microsoft patched March 13 in its Remote Desktop Protocol (RDP is designed as a way to let administrators control and configure machines remotely over a network). The bounty comes courtesy of contributors to gun.io, a site that advances free and open software. The current bounty offered for the exploit is almost certainly far less than the price such a weapon could command on the underground market, or even what a legitimate vulnerability research company might pay for such research. Source: http://krebsonsecurity.com/2012/03/hackers-offer-bounty-for-windows-rdp-exploit/

42. March 14, H Security – (International) Firefox, Thunderbird and SeaMonkey updates fix critical vulnerabilities. In the latest round of updates of its suite of Internet applications, Mozilla detailed the security fixes in the Firefox 11 browser, Thunderbird 11 e-mail and news client, and SeaMonkey 2.8 “all-in-one internet application suite.” There are also fixes for the “enterprise” and legacy versions of Firefox and Thunderbird. These fixes include a correction to a memory error in Array.join() which was fixed in February, but was exploited during the recent Pwn2Own contest. According to the Security Advisories for Firefox page, the Firefox 11.0 update addresses eight vulnerabilities in the browser, five of which are rated as “Critical.” The same vulnerabilities were also fixed in Thunderbird 11 and SeaMonkey 2.8, as they are based on the same Gecko platform as Firefox 11. These critical issues include memory handling errors and a use-after-free problem that could lead to memory corruption, a crash when accessing keyframe cssText, and a privilege escalation issue when javascript is used as the home page URL. A critical use-after-free bug in SVG animation was also fixed. Some of these vulnerabilities, Mozilla said, could be exploited remotely by an attacker to, for example, execute arbitrary code on a victim’s system. Mozilla also corrected three moderate vulnerabilities, including two cross-site scripting holes, and an issue that could be used for UI spoofing. Source: http://www.h-online.com/security/news/item/Firefox-Thunderbird-and-SeaMonkey-updates-fix-critical-vulnerabilities-1471708.html

43. March 14, SecurityNewsDaily – (International) Hackers expose Ancestry.com security hole. A security bug may exist on Ancestry.com that could leave the personal information of its registered users exposed and vulnerable to theft. TeamHav0k, a network of “gray hat” hackers, found an SQL injection vulnerability in the genealogy-tracing Web site. To prove its point, the group copied the contents of a database belonging to the genealogical Web site and posted it online. In a Pastebin post, the TeamHav0k hackers preface the leak with a note explaining their exploit was not meant to do any damage to Ancestry.com’s registered users, but simply to highlight what the hackers believe is a major flaw for a high-profile site to have. Ancestry.com’s director of corporate communications said the vulnerability exposed by TeamHav0k “is on the company’s corporate website, which is a separate website housed by a third party vendor and is not connected to any Ancestry.com customer financial or personal tree information.” SecurityNewsDaily opened the leaked database contents, which amounted to only 35 kilobytes. No actual user information was included; rather, the data seemed to be mostly front-end forms a member would use to fill in family information when first signing up with Ancestry.com. Source: http://www.securitynewsdaily.com/1618-hackers-ancestry-security.html

44. March 14, Threatpost – (International) New Linux distro promoted as Anonymous-OS. A new Ubuntu Linux distribution is being marketed as “Anonymous-OS” and comes pre-loaded with tools for hacking and protecting anonymity online. However, it is unclear whether the new operating system was created by the hacking group, or even has its endorsement. Anonymous-OS Version 0.1 was released March 13 and is being offered from Sourceforge and as a bitTorrent download, according to a post on a Tumblr.com page for Anonymous-OS. The operating system is an Ubuntu-based Linux distribution created under Ubuntu version 11.10. It uses the Mate Desktop Environment. The operating system was created for “educational purposes” to “(check) the security of Web pages,” according to the Anonymous-OS Tumblr page. The new distribution comes loaded with tools useful to hackers, security researchers, and those interested in preserving their anonymity online. Among the applications bundled with Anonymous-OS are the anonymizing Tor client, Wireshark, a network protocol analyzer, password cracker John the Ripper, and Pyloris, a tool for launching denial of service attacks. Though the new Linux distribution makes use of Anonymous’s iconography, it is unclear whether any link exists between the group and those behind the new operating system. Twitter accounts associated with the group used to promote other Anonymous operations were silent on the new operating system, suggesting it was “inspired” by Anonymous more than it was made by the group. Source: http://threatpost.com/en_us/blogs/new-linux-distro-promoted-anonymous-os-031412

For more stories, see items 9 above in the Banking and Finance Sector and 47 below in the Communications Sector

Communications Sector

45. March 15, WDTN 2 Dayton – (Ohio) Downed wires cause a whole lot of mess. A truck tangled in wires caused problems on several levels along Interstate 675 in Beavercreek, Ohio March 15. Crews were working on the sound barriers near Indian Ripple Road when a dump truck with its bed raised up in the air got into some overhead lines. Fiber optic cables were pulled down, forcing police to block the northbound lanes at Indian Ripple Road for about 20 minutes. The downed fiber lines also killed cable TV service to three area communities, according to Beavercreek police. Dayton Power & Light told WDTN 2 Dayton the accident also caused a power outage affecting 2,579 customers. All of those customers have since had their power restored. Police said the driver of the dump truck could possibly be charged with failure to control his vehicle. Source: http://www.wdtn.com/dpp/news/local/greene_county/downed-wires-cause-a-whole-lot-of-mess

46. March 14, Bluffton Island Packet – (South Carolina) FCC levies $25K fine on Hilton Head radio station owner. The owner of a South Carolina radio station faces a $25,000 fine by the Federal Communications Commission (FCC), the Bluffton Island Packet reported March 14. Citing “willful and repeated” violations of its rules, the FCC recently levied the fine against the owner of WNFO 1430 AM Hilton Head. In a March 8 letter to the owner, the FCC said he failed to maintain an effective and secure fence around the base of the station’s radio tower, to install Emergency Alert System equipment, and make available a complete public inspection file. The FCC’s letter said its agents observed that a large section of the fence surrounding the tower had collapsed, and it appeared to have been in that condition for more than one day, a violation of agency code. The owner was fined $8,000 for an apparent failure to install and maintain equipment and broadcast logs for its use of an Emergency Alert System. He told the agents vandals had disconnected that equipment and removed the logs. Source: http://www.islandpacket.com/2012/03/14/2000105/fcc-levies-25k-fine-on-hilton.html

47. March 14, WXIA 11 Atlanta – (National) Verizon data and voice outages in parts of Georgia. Data and voice outages were reported on Verizon’s 3G network March 14, covering parts of Georgia, Alabama, Maryland, Delaware, New Jersey, and the Philadelphia area. According to a tweet from Verizon Support, “Our engineers are engaged in the Northeast to resolve report regarding iPhone data. We are working to restore it quickly.” A second tweet noted, “An alert was just released for the area of South Georgia and Alabama. We are working diligently to restore the connection.” According to a report from Wireless and Mobile News, systems provider Network Solutions indicated that data service was not expected to be restored until late March 14. Source: http://www.11alive.com/news/article/233074/3/Verizon-data-and-voice-outages-in-parts-of-Georgia

For another story, see item 40 above in the Information Technology Sector

No comments: