Thursday, January 12, 2012

Complete DHS Daily Report for January 12, 2012

Daily Report

Top Stories

• A Congressional committee's probe of a deadly Listeria outbreak in cantaloupe that killed 31 people blames Jensen Farms and a third-party audit system riddled by inherent conflicts of interest. – Denver Post (See item 17)

17. January 11, Denver Post – (Colorado; National) Report on Listeria outbreak blames Jensen Farms and third-party auditors. A Congressional committee's probe of the deadly Colorado Listeria outbreak in cantaloupe blames Jensen Farms and a third-party audit system riddled by inherent conflicts of interest, the Denver Post reported January 11. Democrats on the House Committee on Energy and Commerce urged the U.S. Food and Drug Administration (FDA) to begin overseeing private auditors with new powers granted in 2011, and said the private audit firms "represent a significant gap in the food safety system." The report goes beyond blaming Jensen and auditors Primus Labs and Bio Food Safety for conflicts rising when a food company pays auditors while seeking high marks. It also blasts Bio Food Safety for allegedly recommending some of the changes to Jensen's melon-packing system that led to 30 deaths and one miscarriage nationwide. An FDA official who briefed the committee "stated that it was an inherent conflict of interest" for an auditor to provide that kind of advice, which should come from independent consultants, according to the committee report. The report also notes that distributor Frontera Produce, and Jensen had ample notice of the private auditors' visits and discussed how to handle them. The auditor ended up giving Jensen a 96 percent positive score, just before the contaminated melons were shipped. When FDA and state investigators searched and swabbed the packing shed in September, they found numerous safety problems, cited in an official warning letter. Source:

• A synagogue firebombed January 11 in a targeted attack against a rabbi and his family, is the latest in a series of crimes targeting Jewish temples in Bergen County, New Jersey. – WABC 7 New York City (See item 37)

37. January 11, WABC 7 New York City – (New Jersey) NJ synagogue firebombed; rabbi, family targeted. A New Jersey synagogue was firebombed January 11, and investigators believe the rabbi and his family were the targets. It is the latest in a series of crimes targeting Jewish temples in Bergen County. The attack happened in Rutherford. The rabbi, his wife, and five children were sleeping in the residence portion of Temple Beth El. The incendiary device was tossed through a second-floor master bedroom window, igniting a fire that was quickly extinguished. The rabbi suffered minor burns on his hands putting out the fire. The incident launched a major investigation. Detectives canvassed the area, walking on the roof of the building. Several other explosive devices, including Molotov cocktails and aerosol cans, were discovered, but did not ignite. "You can't just look at this as an arson," a Bergen County prosecutor said. "You look at this now as an attempted murder." There have been several bias incidents in Bergen County recently, including one in Paramus and one in Hackensack. At this point, police have not said the firebombing is related. Source:


Banking and Finance Sector

8. January 11, Associated Press – (California) 'Puffy Coat Bandit' arrested for bank heists. A parolee dubbed the "Puffy Coat Bandit" was arrested January 10 for seven bank heists in southern California in the past 3 weeks, a FBI spokeswoman said. He got his nickname because of a puffy ski parka he wore in at least one of the robberies. An Upland police detective spotted a vehicle matching the description of the bank robber's car, and the suspect was arrested. The spokeswoman said he is being held on a parole violation, and he was expected to be charged sometime January 11 for a string of heists that began December 20 in Chino. The man is also suspected of bank robberies in Corona, Lake Elsinore, Glendora, Cerritos, and Rancho Cucamonga. Source:

9. January 11, Tampa Bay Business Journal – (National) Former WellCare executives face SEC charges. The U.S. Securities and Exchange Commission (SEC) filed a civil injunctive action in a Tampa, Florida, district court against three former executives of WellCare Health Plans Inc., the Tampa Business Journal reported January 11. Named in the complaint are the company's former chief executive officer (CEO), its former chief financial officer (CFO), and its former general counsel, a statement from the SEC said. According to the complaint, the three former executives devised and carried out a scheme that deceived the Florida Agency for Health Care Administration and Florida Healthy Kids Corp. by improperly retaining more than $40 million in health care premiums the company was obligated to spend on health services or reimburse to the state agencies. As a result of the scheme, WellCare recorded the retained amount as revenue, materially inflating its net income and earnings in its public financial statements, the SEC said. The complaint also said the former executives sold about 1.6 million WellCare shares into the public market for gross proceeds of about $91 million, on the basis of material, nonpublic information they were conducting a fraudulent scheme that impacted WellCare’s financial results. The SEC is seeking permanent injunctions and reimbursements against all three, and wants the CEO and CFO also to pay back incentive-based and equity-based compensation. The three men, and two other former WellCare executives were indicted by a federal grand jury in March 2011 on Medicaid fraud charges. Source:

10. January 10, Ohio State Lantern – (Ohio) 'Church Lady Bandit' convicted of 12 robberies. After a string of a dozen robberies over an almost 5-year period, a woman otherwise known as the "Church Lady Bandit" was found guilty of all 12 robberies in a Franklin County, Ohio, court January 10. She began her spree in January 2006, robbing 11 banks and 1 motel before police apprehended her December 23, 2011. Police arrested the woman, who picked up the "Church Lady Bandit" moniker for her nice clothing, following her robbery of a Fifth Third Bank. Officials found her hiding in a nearby building after a dye pack exploded and prompted her to drop the stolen money and run. Authorities would not release the amount of money she had taken throughout her spree. She was indicted on 24 counts related to the robberies. Source:

11. January 10, Associated Press – (California) California suspect guilty in $19M mortgage fraud. A northern California man who was caught hiding $70,000 in his cowboy boots pleaded guilty to federal charges in a $19 million mortgage fraud scheme, the Associated Press reported January 10. The man was caught carrying the cash, $1 million in Swiss bank certificates, and 4 ounces of platinum as he entered the United States from Canada in 2009. He flew to Lebanon on a chartered jet a week earlier as investigators closed in. The U.S. attorney's office in Sacramento, California, said the suspect pleaded guilty January 10 to wire fraud and aggravated identity theft. The charges carry a maximum penalty of 20 years in federal prison. Prosecutors said the man stole $7 million from a Sacramento mortgage lender, and another $12 million while working at a Roseville firm in 2007 and 2008. Source:

12. January 10, New York Times – (New York) Man called 'Dapper Bandit' is arrested, police say. The FBI called him the "Dapper Bandit" because he dressed nicely for bank robberies, often wearing a suit or a sport coat. On January 10, after eluding the authorities for more than 3 months, the suspect was arrested in a relative’s closet in Brooklyn, New York, officials said. Investigators believe he is responsible for 10 bank robberies in the Midtown and Lower Manhattan sections of New York City, the first September 21, and the last December 27, according to a wanted poster from the FBI. "He typically use[d] a demand note in the robberies and has displayed a black handgun," the FBI poster said. A criminal complaint filed in November charging the suspect in three of the bank robberies said that in one instance he told a teller that he would shoot a bank manager if the teller did not comply with his demands. All told, the suspect took more than $30,000 in the robberies, authorities said. Source:

Information Technology

30. January 11, Help Net Security – (International) Phishing emails from spoofed US-CERT addresses. The U.S. Computer Emergency Readiness Team (US-CERT) has issued a public warning about a phishing e-mail campaign using spoofed US-CERT e-mail addresses. "The subject of the phishing email is: 'Phishing incident report call number: PH000000XXXXXXX' containing an attachment titled 'US-CERT Operation Center Report', with the 'X' possibly indicting a random value or string," US-CERT explained on its site. "The zip attachment contains an executable file with the name 'US-CERT Operation CENTER Reports.eml.exe'. Reports indicate that SOC@US-CERT(dot)GOV is the primary email address being spoofed but other invalid email addresses are being used." According to the organization, the e-mail was sent to employees of many private sector organizations and of federal, state, and local governments during the last few days. The attached executable is a yet unspecified type of malware. US-CERT advises users not to download and run the attachment or even open the e-mail in question, but to delete it. Source:

31. January 11, H Security – (International) Latest Snort provides alarm for industrial control systems. Version 2.9.2 of open source network intrusion detection system Snort has been released with new preprocessors that add support for protocols used in industrial control systems. The additional functionality should allow Snort to detect targeted attacks on networked supervisory control and data acquisition (SCADA) systems. The two protocols implemented to date, DNP3 and Modbus, are industry standards. The addition of SCADA protocols to Snort is in part due to the presence of significant vulnerabilities in such systems. The development team is looking to implement further SCADA protocols is seeking development and testing support. Exploit framework Metasploit added SCADA vulnerability detection in August 2011. Source:

32. January 11, H Security – (International) Security updates from Microsoft and Adobe. Microsoft and Adobe each released a series of security patches for their products January 10. Microsoft released seven bulletins to close eight security holes in its products. These include vulnerabilities — in Windows Media, Windows Packager, and Windows Object Manager — which the company rates as critical. The bugs could be exploited by attackers to inject and execute malicious code on a victim's system via a specially crafted file. However, Windows 7 is not affected by the problem in Windows Media. The company finally released an update for Internet Explorer to fix the vulnerability in the SSL3.0/TLS1.0 protocol that has been known about since September. The related attack, known as BEAST (Browser Exploit Against SSL/TLS), allows attackers to, for example, decrypt cookies that are transmitted in encrypted form and use them for unauthorized Web page logins. Microsoft planned to publish this update in December but later delayed the release due to compatibility issues with third party products. Adobe published versions 10.1.2 and 9.5 of its Acrobat and Reader products for Windows and Mac OS X. The updates fix critical vulnerabilities that could be used by an attacker to cause the application to crash and potentially take control of an affected system. Versions 10.1.1 and 9.4.7 and earlier of Acrobat and Reader are affected; all users are advised to upgrade. Source:

33. January 11, H Security – (International) PHP 5.3.9 released with hash DoS fix. The developers of PHP announced the release of PHP 5.3.9, which includes the ability to limit the number of input parameters in HTTP requests. The fix addresses the denial of service attack issue that was presented at the 28th Chaos Communication Congress and led to fixes being applied to many Web servers, frameworks, and languages. The underlying flaw — that it is possible to make hashes collide and force a system to spend much more CPU time reordering hashed data structures — still persists, but by setting the max_input_vars directive to a suitably low value, it makes it impossible to send sufficient parameters to trigger that problem. Another denial of service fix in 5.3.9 addresses an integer overflow when processing EXIF headers in JPEG files. Source:

34. January 10, SecurityNewsDaily – (International) New Android trojan poses as detection tool. A new Android trojan masquerading as a tool to detect Carrier IQ software is covertly running up the phone bills of unsuspecting smartphone users. Dubbed Android.Qicsomos by Symantec researchers, the trojan is a version of an open source project designed to detect Carrier IQ, a diagnostic tool built into a host of smartphones from all different carriers. Carrier IQ sent the security world into an uproar when, in late November, a researcher discovered that the software, designed to enhance consumers' mobile experience, actually logs keystrokes, text messages, and encrypted Web searches. Carrier IQ reps refuted the original claims the software harvests users' personal data. The drama, however, was enough to make Carrier IQ — and smartphone privacy — a hot-button issue, and it is by leveraging that concern that crooks are keeping the new Qicsomos trojan alive and spreading. According to researchers, Qicsomos, which is currently affecting French Android customers, hides in an app called "Detecteur de Carrier IQ" and appears on devices with an icon similar to Orange, a major European telecom operator. When the user notices the icon and presses "Desinstaller" (to uninstall Carrier IQ ), the trojan goes to work: it sends four premium rate text messages, which the smartphone owner is then billed for, then erases itself. Symantec researchers said there is no trace of the phony app, "Detecteur de Carrier IQ 2.0.4," in Google's official Android App Market. They believe the app may be spreading through social engineering or phishing campaigns pretending to be from an official mobile carrier. While Qicsomos is affecting French Android users, it is possible the attackers could target the United States. Source:

Communications Sector

35. January 10, Mashable – (International) Reddit going dark to protest SOPA. Reddit, in protest of the proposed Stop Online Piracy Act (SOPA), will be shutting down normal operations January 18 from 8 a.m. to 8 p.m. Eastern Time. During that window, visitors to the site will find a message about the SOPA and its sister bill in the U.S. Senate, the Protect IP Act (PIPA). There will also be links that will provide more information about the two bills and suggestions on how to take action against SOPA and PIPA. The Reddit community has been very active and outspoken in its opposition to SOPA. Redditors have created anti-SOPA Web sites and mobile apps, campaigned against elected officials they perceived to be pro-SOPA, and they posted and discussed any article related to SOPA they could find. The Reddit team, invited all users to leave suggestions on what to do with the site during the SOPA blackout. Source:

For another story, see item 34 above in the Information Technology Sector