Monday, January 23, 2012

Complete DHS Daily Report for January 23, 2012

Daily Report

Top Stories

• A monster Pacific Northwest storm brought much of Washington state to a standstill January 19, shutting down roads, railways, and airports, and knocking out power to hundreds of thousands. – Associated Press (See item 22)

22. January 20, Associated Press – (Washington; Oregon) Deadly storm grips Northwest in ice, snow. A monster Pacific Northwest storm coated the Seattle area in a thick layer of ice January 19 and brought much of the state to a standstill, sending hundreds of cars spinning out of control, temporarily shutting down the airport and knocking down so many trees that members of the Washington State Patrol brought chain saws to work. Amtrak suspended train service January 19 between Seattle and Portland, Oregon. Officials in Spokane declared a snow emergency, banning parking along arterials and bus routes beginning that evening. Freezing rain and ice pellets caused numerous accidents in the Seattle area. The state patrol said it had responded to about 2,300 accidents in a 24-hour period ending at 9 a.m. January 19. The state transportation department closed one highway because of falling trees that also took out power lines. Ice closed Sea-Tac Airport completely in the early morning before one runway was reopened. Washington’s governor declared a state of emergency, authorizing the use of National Guard troops if necessary. Authorities also worried about flooding in the coming days as temperatures warm up. Source:

• A group of researchers found serious security holes in six top industrial control systems used in critical infrastructure and released exploit modules in the hopes they would be patched before they are attacked. – Wired. See item 44 below in the Information Technology Sector.


Banking and Finance Sector

15. January 20, Associated Press – (Texas) Dallas: conviction over $14M investment scheme. A federal jury in Dallas has convicted a man of deceiving more than 200 people in a $14 million investment scheme, federal prosecutors announced January 19. He was convicted of seven counts of wire fraud and one count of securities fraud. Prosecutors said the man tricked investors into putting money into a company he created called Sardaukar Holdings. Investigators said he then squandered most of the money on cars, entertainment, and jewelry. Each count of wire fraud carries a maximum sentence of 20 years in prison and a $250,000 fine. The securities fraud count carries a maximum sentence of 5 years in prison and a $250,000 fine. Source:

16. January 20, Fort Collins Coloradoan – (Colorado) Windsor man guilty of securities fraud. A jury January 19 convicted a former Windsor, Colorado investment adviser on securities fraud and theft charges in connection with what prosecutors said was a $5.7 million scam with dozens of Fort Collins-area victims. He was convicted on six of the seven felony counts he faced. He remains free on bond pending his sentencing in a case that prosecutors said victimized more than 70 people. He was convicted on four counts of securities fraud, one count of securities fraud as a course of business, and one count of theft. He was acquitted on one count of securities fraud. The U.S. Securities and Exchange Commission, also is seeking a $10 million fine on behalf of 64 investors, many of whom lost their life savings. An assistant attorney general said in trial the adviser told investors their money would remain safe, but instead it was used either to fund risky schemes or pay back earlier investors. Each charge against the adviser is a Class 3 felony punishable by 4 to 12 years in prison and fines up to $750,000. The adviser’s two former co-defendants each pleaded guilty to securities fraud in March and received 1-year deferred sentences. As part of the sentences, they agreed to pay about $1.2 million in restitution. Source:|newswell|text|News|s

17. January 20, Associated Press – (International) Feds shut down popular file-sharing website Megaupload. One of the world’s most popular file-sharing sites was shut down January 19, and its founder and several company officials were accused of facilitating millions of illegal downloads of films, music, and other content. A federal indictment accused of costing copyright holders at least $500 million in lost revenue. Megaupload is based in Hong Kong, but some of the alleged pirated content was hosted on leased servers in Ashburn, Virginia, which gave federal authorities jurisdiction, the indictment said. The Justice Department said in a statement that Megaupload’s founder and three other employees were arrested January 19 in New Zealand at the request of U.S. officials. Three other defendants are at large. The indictment said Megaupload was estimated at one point to be the 13th most frequently visited Web site on the Internet. Current estimates by companies that monitor Web traffic place it in the top 100. The five-count indictment, which alleges copyright infringement, as well as conspiracy to commit money laundering and racketeering, described a site designed to reward users who uploaded pirated content for sharing, and turned a blind eye to requests from copyright holders to remove copyright-protected files. For instance, users received cash bonuses if they uploaded content popular enough to generate massive numbers of downloads, the indictment said. Such content was almost always copyright protected. The site boasted 150 million registered users and about 50 million hits daily. Megaupload is considered a “cyberlocker,” in which users can upload and transfer files too large to send by e-mail. The Web site allowed users to download content for free, but made money by charging subscriptions to people who wanted access to faster download speeds or extra content. The Web site also sold advertising. Several sister sites were also shut down, including one dedicated to sharing pornography files. Source:

18. January 19, Orange County Register – (California) Another ‘Market Duo Bandit’ arrested, police say. A man suspected of being one of the “Market Duo Bandits” was arrested in California January 18, nearly 2 weeks after another suspected member of the robbery team was shot by a deputy at the end of a high-speed pursuit. The suspect was arrested in a traffic stop near his La Mirada home after La Habra detectives and FBI Robbery Task Force members identified him as a suspected member of a group believed to be tied to at least five Orange County bank robberies, a police spokeswoman said. The “Market Duo Bandits,” believed to have struck in La Habra, Seal Beach, Lake Forest, and Placentia, earned their nickname for targeting bank branches in supermarkets. The last holdup took place January 5, when the two returned to a Wells Fargo in a Stater Bros. market on Imperial Highway that police say they had previously robbed. A Brea police officer saw the robbers leaving the scene and a freeway chase ensued. The two fled from the vehicle in Paramount. A deputy confronted and shot one of the men. FBI officials say a third suspect was arrested several days after the shooting. Source:

19. January 19, Minneapolis Star Tribune – (Minnesota) More plead guilty to Cloud 9 fraud scheme. Two real estate professionals have pleaded guilty in connection with kickbacks at the troubled Cloud 9 Sky Flats development in Minnetonka, Minnesota, a scheme prosecutors say defrauded lenders out of $7 million to $20 million. The pair pleaded guilty in federal court January 18 to conspiracy to commit mail and wire fraud. They face a maximum of 20 years in prison. One defendant was the owner and loan officer of the mortgage brokerage company Team Access. The other defendant owned the business Trend Title and closed residential real estate transactions. The pair admitted that from 2007 to 2008, they obtained mortgage loan proceeds under false pretenses on behalf of home buyers associated with an unnamed investment group. The owner of Team Access admitted he lied on those applications, including inflating incomes of buyers and failing to disclose that buyers would receive cash kickbacks from mortgage loan proceeds. He secured loans for the purchase of about 108 properties in all. The owner of Trend Title admitted she closed about 88 fraudulent transactions for the investment group, concealing from mortgage lenders that the purchasers got kickbacks from mortgage loan proceeds and that the buyers were often not the source of the “cash to close.” The kickbacks were disguised as prepaid management fees and facilitator fees. She also closed eight to 10 transactions involving undisclosed Cloud 9 buyers. Four others have already pleaded guilty in the scheme. The number of condo units involved in the overall kickback arrangement has topped 100 at Cloud 9 and elsewhere. Kickbacks from the loan proceeds exceeded $8 million, according to federal prosecutors. Source:

20. January 19, Berkshire Eagle – (Massachusetts; National; International) Fraudulent buys made with stolen debit, credit card info. Fraudulent purchases have been made with dozens of people’s debit and credit card information because sales records were stolen from a local retail business in the Pittsfield, Massachusetts area, the Berkshire Eagle reported January 19. Because the breach sprang from a retailer, it is impacting a host of local and regional banks whose customers shopped at the store over the last 2 months. Information from hundreds of debit and credit cards may have been obtained by those who stole the retailer’s records, though the number of customers whose data was used to make purchases is much less. At Greylock Federal Credit Union, purchases were made with information from 19 cards. The data obtained from the retailer was used to make impostor credit or debit cards, according to bank officials. Great Barrington police are investigating. The vice president of retail banking and marketing for the Pittsfield Cooperative Bank said his office became aware of the problem late the week of January 9 with fraudulent purchases being made in Canada, specifically at pharmacies and gas stations. It later spread to the United States, in places such as New Jersey and Florida. Berkshire Bank and Greylock have not sent out blanket notifications to customers, but they are working with individuals directly affected. Information from as many as 70 cards from Pittsfield Cooperative may have been compromised. Source:

21. January 19, PC Magazine – (International) Israeli hackers target UAE, Arab Bank sites. In the wake of recent hacks that targeted Israeli Web sites, a group known as IDF Team January 19 went after the Web sites for two major Arab banks. As of 1:30 p.m. Eastern Time, the Web sites for the Central Bank of the United Arab Emirates and Arab Bank were both offline. In a note posted to Pastebin, IDF Team said its attacks were in retaliation for a January 18 hack of Israel’s Anti-Drug Authority Web site, which IDF called terrorist activity and “attempts to disrupt the normal course of life in Israel.” If the attacks on Israeli sites don’t stop, IDF Team pledged to also target stock market and government Web sites, such as the Arab Emirates Web portal at, as well as “sites related to the country’s economy and even security.” According to the Financial Times, the January 19 bank attacks were likely distributed denial of service (DDoS) attacks. Source:,2817,2399095,00.asp

Information Technology

44. January 19, Wired – (International) Hoping to teach a lesson, researchers release exploits for critical infrastructure software. A group of researchers discovered serious security holes in six top industrial control systems used in critical infrastructure and manufacturing facilities and, thanks to exploit modules they released January 19, have also made it easy for hackers to attack the systems before they are patched or taken offline. The vulnerabilities were found in widely used programmable logic controllers (PLCs) made by General Electric, Rockwell Automation, Schneider Modicon, Koyo Electronics, and Schweitzer Engineering Laboratories. PLCs are used in industrial control systems to control functions in critical infrastructure such as water, power, and chemical plants; gas pipelines and nuclear facilities; as well as in manufacturing facilities such as food processing plants and automobile and aircraft assembly lines. The vulnerabilities, which vary among the products examined, include backdoors, lack of authentication and encryption, and weak password storage that would allow attackers to gain access to the systems. The security weaknesses also make it possible to send malicious commands to the devices to crash or halt them, and to interfere with specific critical processes controlled by them, such as the opening and closing of valves. As part of the project, the researchers worked with Rapid7 to release Metasploit exploit modules to attack some of the vulnerabilities. Metasploit is a tool used by computer security professionals to test if their networks contain specific vulnerabilities. Hackers also use the same exploit tool to find and gain access to vulnerable systems. Source:

45. January 19, H Security – (International) OpenSSL fixes DoS bug in recent bug fix. The OpenSSL developers have released versions 1.0.0g and 0.9.8t to address a denial of service (DoS) issue introduced by one of the six fixes included in the version they released earlier in January. The problem was created by the fix for a critical vulnerability in the CBC (“Cipher block chaining”) encryption mode which enabled plaintext recovery of OpenSSL’s implementation of DTLS (Datagram TLS). Accordingly, the advisory notes the DoS flaw only affects users using DTLS applications that use OpenSSL 1.0.0f and 0.9.8s. The developers credit a researcher from Cisco Systems for discovering the bug and preparing the fix for it. Source:

For more stories, see items 17 and 21 above in the Banking and Finance Sector and item 46 below in the Communications Sector.

Communications Sector

46. January 19, KVOA 4 Tuscon – (Arizona) Copper thieves target Century Link. A $1,000 reward is being offered for information leading to an arrest in the case of copper theft from Century Link, KVOA 4 Tucson reported January 19. The phone, Internet, and TV company said copper was stolen from more than 80 sites in Pima County, Arizona, and the Phoenix area. Forty-three of those sites are in Tucson alone. The vice president and general manager of Century Link said the theft has cost the company hundreds of thousands of dollars, but has really impacted its customers. “[W]e’re most concerned about the outages this causes for people that rely on the service day in and day out.” Each theft causes hours of service outage for thousands of customers and takes crews several hours to repair. Authorities from throughout Pima County are investigating. A deputy said the Pima County’s Sheriff’s Office is looking at 11 cases from Century Link alone. Century Link believes citizens may not contact authorities because, in some instances, the thieves are driving utility type trucks posing as landscapers. “The thieves typically target areas that are a little bit more rural. Where they probably stand a better chance of doing this and some of the theft has actually taken place in the middle of the day,” the vice president said. Source: