Wednesday, January 11, 2012

Complete DHS Daily Report for January 11, 2012

Daily Report

Top Stories

• A Palisades Park, New Jersey man admitted January 9 he ran an identity-theft ring that peddled Social Security cards to scores of Korean clients who used them to steal millions from lenders, banks, and credit card companies. – Hackensack Record. See item 11 in the Banking and Finance Sector

• Heavy rains in the Houston-area January 9 flooded highways and curtailed public transit, knocked out power to thousands, and caused a shopping mall roof to collapse. – Houston Chronicle (See items 2, 16, 39)

2. January 9, Associated Press – (Texas) Houston flooding leaves thousands without power, stranded. Thousands of people and at least five schools lost power in Houston, Texas, January 9, after powerful thunderstorms prompted tornado warnings, dropped hail, and left several inches of rain. Centerpoint Energy reported outages affected about 19,600 customers. The Houston Independent School District said five of its campuses lost power. Source:

16. January 9, Houston Chronicle – (Texas) Flash flooding plagues Houston after heavy storms. A strong storm front with heavy rain raced through Houston, January 9, leaving behind so much water, it completely shut down Texas 288 at the South Loop. One tornado reportedly touched down near FM 1093 at FM 723, near the Grand Parkway and Mason Road earlier in the morning. Nickel-sized hail was reported at Highway 99 and Fry Road, and bigger hail was seen in Wharton County early in the day. More than a dozen freeway intersections were flooded. People in cars stalled in high water on roadways called 911 for rescue, said a Houston Fire Department assistant chief. Firefighters helped people get out of their cars and take them to safer areas. Flooded streets forced Metro to reroute some buses and the Metro Rail service in downtown was limited because of water on the tracks. Light rail service was limited to the downtown transit center and the Preston Station on Main Street. Several parking garages in the Texas Medical Center (TMC) in Houston were closed because of high water. and the loading docks and the valet parking at the neurosensory center of TMC’s Methodist Hospital were closed. Source:

39. January 10, Galveston Daily News – (Texas) Officials: None injured in mall roof collapse. A roof collapse from tornado and water damage forced the evacuation and closure January 9 of the Mall of the Mainland in Texas City, Texas. The president of Boxer Retail, which manages the mall, said the company was assessing the damage caused by a strong thunderstorm that rolled through Texas City. If all repairs went as planned, the mall might reopen January 10. An official with the city’s inspection department, surveyed the damage along a north wall that lines the entrance near the theater. “The wall’s tilting out about a foot,” he said. “By the looks of it so far, and I’m not a structural engineer, it looks like the scuppers for some reason or another got stopped up.” Scuppers are openings that allow water to drain from flat roofs. “The eating area and the movie theaters are all flooded in there,” he said. The depth of the water was as much as 1.5 inches, depending on the proximity to the roof collapse. Source:


Banking and Finance Sector

10. January 10, Bloomberg – (National) Ex-CDR Financial executives plead guilty in fraud case. The former chief financial officer (CFO) of CDR Financial Products Inc. and its vice president (VP) pleaded guilty January 9 in a multimillion dollar scheme to rig municipal bond investments. The pleas in federal court in New York came a week before opening arguments were scheduled to be heard in a trial over alleged bid- and auction-rigging in the municipal bond market. The CDR founder and former chief executive officer (CEO) and his Beverly Hills, California-based firm pleaded guilty December 30. The CFO admitted in court to manipulating bids during his tenure at CDR from 1998 to November 2006. CDR was hired by public entities that issue municipal bonds to act as their broker and conduct what were to be competitive bidding processes for contracts for the investment of municipal bond proceeds, prosecutors said. Instead, CDR employees allegedly took kickbacks for running sham auctions. The CFO and VP each pleaded guilty to two counts of conspiracy and one count of wire fraud. They face as long as 35 years in prison on all counts, the judge said. The VP told the judge that soon after he joined CDR in April 2000, he became involved in the conspiracy. “Through corruption and bid rigging, [the defendants] reaped profits for their company by defrauding municipalities and denying them the competition they deserved,” the acting assistant attorney general in charge of the Justice Department’s Antitrust Division said. Both men face at least $1.5 million in fines. The CEO and CDR both pleaded guilty to two counts of conspiracy and one count of wire fraud, the government said. CDR faces fines of as much as $101 million. Source:

11. January 9, Hackensack Record – (New Jersey; International) Palisades Park man admits running ID-theft and bank-fraud ring that netted $4 million. A Palisades Park, New Jersey man admitted January 9 he ran an identity-theft ring that peddled Social Security cards to scores of Korean clients who used them to steal millions through fraudulent bank loans, credit card “bust-outs,” and other schemes. The defendant confessed he directed frauds out of Bergen County storefronts and advertised his illegal services in Korean-language newspapers. He pleaded guilty to five felony counts, including three counts of conspiracy, aggravated identity theft, and money laundering. Also pleading guilty was an accomplice who admitted his role in three conspiracies that caused more than $2.5 million in losses to lenders. He admitted he fraudulently established credit scores for customers and obtained hundreds of thousands of dollars in commercial and personal loans for unqualified borrowers. He pleaded guilty to three counts of conspiracy to commit wire fraud and faces about 3 years in prison. Both men face deportation once their sentences are served. The men were among 54 people arrested in September 2010. About half of the defendants have pleaded guilty. The scheme centered on legitimate Social Security cards, issued in the 1990s to Chinese nationals who came to work in American territories in the Pacific. The defendant admitted he purchased the cards from black-market brokers and sold them to customers in Bergen County. He said ring members escorted more than 100 customers to various states so they could fraudulently obtain ID cards and driver’s licenses using the Social Security cards and other documents, such as counterfeit Chinese passports. The ring “built up” credit scores by adding the Chinese identities as authorized users to the accounts of co-conspirators, who received a fee for the service. Once they had obtained scores of 700 to 800, the customers were coached to open bank and retail credit card accounts and take out lines of credit and loans –- including loans guaranteed by the Small Business Administration — using the fraudulent identities. The ring “busted out” the credit cards by buying expensive liquor, designer clothes, and other high-end goods they resold for cash. They also had a network of “collusive merchants” who rang up sham charges. Other schemes included check kiting, leasing luxury cars and selling them, and filing fake tax returns. In total, the scheme defrauded various credit card companies, banks, and lenders out of about $4 million. Source:

12. January 9, City News Service – (California) Guilty plea entered in Penasquitos bank skimming case. A San Diego man who placed a debit card skimming device on a Rancho Penasquitos, California, bank security door and trained hidden cameras on ATMs so he could steal the PIN numbers of thousands of customers pleaded guilty January 9 to identity theft, burglary, and grand theft charges. The defendant — who was charged with 25 counts — faces a maximum 2 years in state prison. He is believed to have obtained the security codes for more than 970 ATM/debit cards, resulting in estimated losses of $300,000, said a deputy district attorney. Bank customers had no idea their personal information was compromised. The attorney said the defendant used reconfigured debit cards from the stolen personal information and withdrew money from the victims’ accounts between January and July 2011, mostly in $500 increments. One victim had to get a new debit cards three times, the prosecutor said. Chase Bank notified the San Diego Regional Fraud Task Force of the series of crimes occurring at its branch on Black Mountain Road. Prosecutors said a Chase investigator determined someone had been placing the debit card skimming device on the security door accessing the lobby of the Black Mountain bank and ATM machines. The bank investigator reviewed surveillance videos from the branch and determined the same suspect had installed the skimmer and cameras on five previous weekends. Source:

13. January 9, Associated Press – (Arkansas) Police: Ark. woman, 73, held hostage with husband, sent into bank with possible bomb on leg. Authorities searched January 9 for a man suspected of holding a woman and her husband hostage at their home in Fayetteville, Arkansas, then forcing her to try to rob a bank with what she thought was a bomb strapped to her ankle. The woman told employees at the bank about the device and authorities were able to safely evacuate the building before a bomb squad could remove it from the woman’s leg, police said. Authorities were testing the device to see if it really was dangerous. The woman told police a man had been holding her and her husband captive in their Washington County home, and sheriff’s deputies dispatched there found her husband tied up but unharmed. The couple’s pickup truck was missing, and KHOG 29 Fayetteville reported sheriff’s deputies found an abandoned truck believed to belong to the couple. A Washington County sheriff’s lieutenant said investigators believe the couple’s story. Source:

14. January 9, WFLD 32 Chicago – (Illinois) Gold Coast bandit robs 7th bank. Authorities in Chicago are looking for a serial bank robber who struck his seventh bank January 9 in the Gold Coast neighborhood. Police said the man robbed a Chase Bank. He passed a teller a note and did not display a weapon. Police said he fled with an unknown amount of cash. The man last robbed two North Community Bank branches January 6. He is also suspected of robbing a Chase Bank December 30; a PNC Bank December 22; a North Community Bank December 20; and a Chase Bank December 13. He has not shown a weapon in any of the robberies. Source:

Information Technology

34. January 10, Help Net Security – (International) Android trojan masquerades as phone optimizer app. F-Secure researchers recently spotted ads for third-party Android markets being served on an Android-related site and discovered it hosts a number of malicious sites that push bogus/malicious apps, Help Net Security reported January 10. One of those poses as a “Phone Optimizer” app that supposedly reveals hidden functions. “The idea is that the manufacturers would then earn money through an OS update that unlocks the hidden features,” explain the researchers. “This site claims to check your phone for such hidden features and unlock them.” Once the device is “analyzed,” the user is offered an update module that supposedly does exactly that. But the offered download link leads to an app that sends text messages to a premium-rate number based in the country in which the user is located. If the user visits the site through the link in the “Phone Optimizer” app, she will be served with a .apk file, while other visitor may be presented with a .jar version of the same file. Source:

35. January 10, Help Net Security – (International) Spam emails link to QR codes. The Websense ThreatSeeker Network reported it has started spotting spam messages leading to URLs that use embedded QR codes, according to Help Net Security January 10. The discovery indicated a clear movement and evolution of traditional spammers towards targeting mobile technology. The spam e-mail messages look like traditional pharmaceutical spam e-mails and contain a link to the Web site This is a legitimate Web service that allows users to create QR codes for URLs. Once the URL from the mail message is loaded in the browser, a QR code is displayed, along with the full URL the QR code resolves to on the right. When the QR code is read by a QR reader, it automatically loads the spam URL (or asks before loading, depending on which QR reader the user has installed). Source:

36. January 10, – (International) Schnakule discovery highlights growing sophistication in cyber crime. The discovery of a highly sophisticated malware network is leading some security firms to reshape their view of cyber crime operations, V3 reported January 10. Known as Shnakule, the operation employs a massive network of servers to attack sites as well as compromised pages to exploit vulnerabilities and infect users’ computers. Shnakule spans many attack vectors and is believed to have been used for multiple attacks, with active servers ranging from hundreds to thousands of systems at a time. The vice president of product management and product marketing at Blue Coat told V3 his firm has been tracking the Shnakule operation for months through its WebPlus security networks. He said the firm’s findings defy conventional knowledge of how malware and cyber crime operations work. Attacks that previously appeared to be isolated events are now believed to be the work of various systems operating within the cyber crime network. Blue Coat estimates such networks will be responsible for as much as two-thirds of all attacks in 2012. “Shnakule is an organization of servers, it is an infrastructure more than anything,” the vice president explained. “They may be doing the same attacks, but they have a well-built infrastructure to obfuscate it.” To combat such large-scale operations, Blue Coat believes vendors must take a wider approach to analyzing attacks. Rather than looking to block attacks based on the individual activity of a site or domain, the company believes firms will need to single out servers and domains that have been connected with malicious networks in the past. Source:

37. January 9, Threatpost – (International) Gamers seek beta versions, download malware instead. Tracking the increasingly common use of PC games as an infection vector, researchers at the Microsoft Malware Protection Center discovered several malicious programs making the rounds on torrent and file sharing sites, Threatpost reported January 9. Social engineers are disguising their malware by labeling it as the beta-versions of unreleased games or upgrades to popular ones. With the following files, “dota 2 Betakeys.txt.exe” and “diablo3-crack.exe,” attackers prey on gamers anxious to test out Defense of the Ancients 2 (a custom scenario map for Warcraft III) and Diablo III, respectively, which are not slated for release until later in 2012. Source:

Communications Sector

38. January 9, Portland Oregonian – (Oregon) More than 900 without phone service, after outage at Frontier Communications’ Aloha office. More than 900 Frontier Communications customers in Oregon were without phone service January 9, after an outage at the company’s central office in Aloha, according to Tualatin Valley Fire & Rescue (TVF&R). The exact area affected by the outage was unknown, TVF&R said. Frontier reportedly believed that up to 938 people were without service. Technicians were working to fix the problem, TVF&R said. Source:

For another story, see item 34 above in the Information Technology Sector