Tuesday, February 21, 2012

Complete DHS Daily Report for February 21, 2012

Daily Report

Top Stories

 Italian prosecutors said they seized a record $6 trillion of allegedly fake U.S. Treasury bonds and arrested eight people in connection with an organized crime probe. – Bloomberg (See item 10)

10. February 17, Bloomberg – (International) Record $6 trillion of fake U.S. bonds seized. Italian anti-mafia prosecutors said they seized a record $6 trillion of allegedly fake U.S. Treasury bonds, an amount that is almost half of the U.S.’s public debt, Bloomberg reported February 17. The bonds were found hidden in makeshift compartments of three safety deposit boxes in Zurich, Switzerland, prosecutors from the southern city of Potenza said in an e-mailed statement. The Italian authorities arrested eight people in connection with the probe. The U.S. embassy in Rome examined the securities dated 1934, which had a nominal value of $1 billion a piece, they said in the statement. The financial fraud uncovered by the Italian prosecutors in Potenza includes two checks issued through HSBC Holdings Plc in London for 205,000 pounds ($325,000), checks that were not backed by available funds, the prosecutors said. As part of the probe, fake bonds for $2 billion were also seized in Rome. The individuals involved were planning to buy plutonium from Nigerian sources, according to phone conversations monitored by the police. The fraud posed “severe threats” to international financial stability, the prosecutors said in the statement. Phony U.S. securities have been seized in Italy before and there were at least three cases in 2009. Italian police seized phony U.S. Treasury bonds with a face value of $116 billion in August of 2009 and $134 billion of similar securities in June of that year. Source: http://www.bloomberg.com/news/2012-02-17/italy-police-seize-6-trillion-of-fake-u-s-treasury-bonds-in-switzerland.html

 A terrorism suspect was arrested in an FBI sting operation near the U.S. Capitol while planning to detonate what he thought were explosives in Washington D.C. – Associated Press (See item 31)

31. February 17, Associated Press – (Washington D.C.) Terror suspect arrested near Capitol in FBI sting. Police said a terrorism suspect has been arrested in an FBI sting operation near the U.S. Capitol while planning to detonate what he thought were explosives in Washington, D.C. U.S. Capitol Police said their officers and FBI officials arrested the man February 17 in a sting operation. A Justice Department spokesman said the suspect was closely monitored by law enforcement, and the purported explosives were deactivated, so the public was not in danger. Two people briefed on the matter told the Associated Press he was not arrested on the Capitol grounds, and the FBI has had him under surveillance around the clock for several weeks. A U.S. law enforcement official said the person arrested was canvassing the U.S. Capitol with violent intentions. He was not believed to have any known connections to al Qai’da. It was not immediately clear whether he was a U.S. citizen. Source: http://www.ajc.com/news/nation-world/terror-suspect-arrested-near-1353002.html

Details

Banking and Finance Sector

9. February 17, Bloomberg – (Texas; National) D.R. Horton says loan applicants’ personal data was compromised. D.R. Horton Inc. (DHI), the largest U.S. homebuilder by volume, said it is notifying mortgage applicants that their personal data may have been compromised by a software security infringement, Bloomberg reported February 17. The breach was caused by “unknown external sources,” the Fort Worth, Texas-based company said in a statement February 16. It was discovered February 10 at the builder’s Internet Loan Prequalification System, according to a message being sent to customers. “DHI Mortgage has already contacted law enforcement and implemented revised online security measures as we continue to investigate the matter,” D.R. Horton said in the message. The homebuilder did not say in its statement how many people were affected by the security breach. Information that applicants submitted to D.R. Horton may include birth dates, Social Security numbers, and such financial data as income, assets and liabilities, the company said. D.R. Horton sold 17,176 homes in 25 states in 2011 at prices ranging from $90,000 to more than $600,000. Its in-house mortgage company handled the financing for 60 percent of homebuyers in the quarter that ended December 31, 2011. Source: http://www.businessweek.com/news/2012-02-17/d-r-horton-says-loan-applicants-personal-data-was-compromised.html

10. February 17, Bloomberg – (International) Record $6 trillion of fake U.S. bonds seized. Italian anti-mafia prosecutors said they seized a record $6 trillion of allegedly fake U.S. Treasury bonds, an amount that is almost half of the U.S.’s public debt, Bloomberg reported February 17. The bonds were found hidden in makeshift compartments of three safety deposit boxes in Zurich, Switzerland, prosecutors from the southern city of Potenza said in an e-mailed statement. The Italian authorities arrested eight people in connection with the probe. The U.S. embassy in Rome examined the securities dated 1934, which had a nominal value of $1 billion a piece, they said in the statement. The financial fraud uncovered by the Italian prosecutors in Potenza includes two checks issued through HSBC Holdings Plc in London for 205,000 pounds ($325,000), checks that were not backed by available funds, the prosecutors said. As part of the probe, fake bonds for $2 billion were also seized in Rome. The individuals involved were planning to buy plutonium from Nigerian sources, according to phone conversations monitored by the police. The fraud posed “severe threats” to international financial stability, the prosecutors said in the statement. Phony U.S. securities have been seized in Italy before and there were at least three cases in 2009. Italian police seized phony U.S. Treasury bonds with a face value of $116 billion in August of 2009 and $134 billion of similar securities in June of that year. Source: http://www.bloomberg.com/news/2012-02-17/italy-police-seize-6-trillion-of-fake-u-s-treasury-bonds-in-switzerland.html

11. February 17, Bloomberg – (New York; Florida) Three insurance agents charged in $100 million fraud scheme. Three insurance agents based in New York and Florida were charged February 16 with using straw buyers to obtain more than $100 million in life insurance policies they resold to third-party investors. The three agents were charged with conspiracy, fraud, and obstruction of justice, the U.S. attorney in Manhattan said in a statement. They each face as long as 80 years in prison if convicted, he said. The three recruited elderly clients of “modest means” to apply for life insurance policies without disclosing to the insurance companies that they intended to sell the policies to investors, according to prosecutors. They earned millions of dollars in commission and purchased some of the policies from the straw buyers for themselves, prosecutors said. Source: http://www.businessweek.com/news/2012-02-17/three-insurance-agents-charged-in-100-million-fraud-scheme.html

12. February 17, U.S. Securities and Exchange Commission – (National) SEC charges Oregon-based expert consulting firm and owner with insider trading in technology sector. The Securities and Exchange Commission (SEC) February 17 charged a man and his Portland, Oregon-based expert consulting firm Broadband Research Corporation with insider trading. The charges stem from the SEC’s ongoing investigation of insider trading involving expert networks. The SEC alleges that the owner and Broadband claimed to be in the business of providing clients with legitimate research about publicly-traded technology companies but instead typically tipped clients with material nonpublic information that the owner obtained from prohibited sources inside the companies. Clients then traded on the inside information. Portfolio managers and analysts at prominent hedge funds and investment advisers paid the owner and Broadband significant consulting fees for the information they provided. The owner in turn compensated his sources with cash, meals, ski trips, and other vacations, and even befriended some sources to gain access to confidential information. In a parallel criminal case, the owner has been arrested and charged with one count of securities fraud and one count of wire fraud. The SEC charged 22 defendants in enforcement actions arising out of its expert networks investigation, which uncovered widespread insider trading at several hedge funds and other investment advisory firms. The insider trading occurred in the securities of 12 technology companies — including Apple, Dell, Fairchild Semiconductor, Marvell Technology, and Western Digital — for illicit gains totaling nearly $110 million. Source: http://www.sec.gov/news/press/2012/2012-30.htm

13. February 16, U.S. Commodity Futures Trading Commission – (Texas; International) Federal court orders Texas resident to pay $31 million for defrauding customers, misappropriating millions of dollars, and providing fictitious records in forex scheme. The U.S. Commodity Futures Trading Commission (CFTC) February 16 announced that it obtained federal court consent orders resolving its remaining claims against two Houston men, PrivateFX Global One Ltd., SA, and 36 Holdings Ltd. Global One, a corporation formed in Panama, and 36 Holdings are under the control of a court-appointed receiver. The consent orders stem from a CFTC complaint filed in May 2009, charging the defendants with operating a multi-million dollar fraudulent off-exchange foreign currency (forex) scheme. One consent order requires one of the men, Global One, and 36 Holdings jointly and severally to pay $21 million in disgorgement, and orders the man to pay a $10 million civil monetary penalty. The other consent order requires the second man to pay $414,723 in disgorgement and a $140,000 civil monetary penalty. An earlier order found that on or about July 1, 2006, defendants began soliciting investors to purchase shares of Global One, whose purported objective was to speculate in the forex markets. Global One’s offering raised approximately $21 million from at least 80 investors by touting Global One’s purportedly successful forex trading performance, according to the order. From April 2006 through April 2009, the defendants reported monthly returns, purportedly generated through forex trading, however the defendants’ representations to investors regarding Global One’s extraordinary forex trading profits and returns were false. The earlier consent order also found that the defendants provided the CFTC with fictitious third-party bank and forex trading records to conceal the fraud. In a related criminal matter, one of the men previously pleaded guilty to one count of securities fraud and was sentenced to 20 years in prison. Source: http://www.cftc.gov/PressRoom/PressReleases/pr6181-12

14. February 16, U.S. Department of Treasury – (International) Treasury designates Iranian Ministry of Intelligence and Security for human rights abuses and support for terrorism. The U.S. Department of the Treasury February 16 announced the designation of the Iranian Ministry of Intelligence and Security (MOIS), Iran’s primary intelligence organization, for its support to terrorist groups as well as its central role in perpetrating human rights abuses against the citizens of Iran and its role in supporting the Syrian regime as it continues to commit human rights abuses against the people of Syria. The February 16 actions were taken in consultation with the Department of State and other agencies, as applicable, pursuant to Executive Orders (E.O.) 13224, 13553, and 13572, which target terrorists and their supporters and those responsible for human rights abuses in Iran and Syria, respectively. Any property or property interests in the United States or in the possession or control of U.S. persons in which the MOIS has an interest are blocked, and U.S. persons are prohibited from engaging in transactions with it. Source: http://www.treasury.gov/press-center/press-releases/Pages/tg1424.aspx

15. February 16, Associated Press – (Idaho; Utah) Former Idaho couple indicted for mortgage fraud. A federal grand jury in Boise, Idaho, indicted two former Idaho residents on 17-counts of financial fraud and making false statements on mortgage applications, the Associated Press reported February 16. Federal prosecutors also accused the couple of wire fraud and bankruptcy fraud. The charges stem from an investigation into Crestwood Construction and Crestwood Inc., companies engaged in remodeling and reselling homes in Utah and Idaho. The indictment alleges that between February 2005 and March 2007 the couple made false statements on 30 mortgage loans worth $8 million. Prosecutors claim the couple inflated their monthly income, and that those fraudulent documents caused significant losses for banks. Nine people were sentenced in separate cases related to the investigation. Source: http://www.kivitv.com/news/local/139453608.html

16. February 16, Dallas Morning News – (Texas) Four more convicted in former Dallas Cowboy’s massive mortgage fraud scheme. Four more people have been convicted in a multimillion-dollar mortgage fraud scheme involving a former Dallas Cowboys linebacker. After the former Cowboys player and other defendants pleaded guilty in 2011, the February 16 convictions bring the number of people found guilty of conspiring to trick lenders into issuing risky mortgages to 10. The four face maximum sentences from 20 to 30 years on various counts of wire fraud, bank fraud, or conspiracy. Using business names like Cowboys Mortgage, prosecutors said, the group recruited “straw borrowers,” inflated house prices, and falsified information on dozens of north Texas mortgage applications between 2002 and 2005 — netting about $20.5 million in fraudulent loans. Source: http://crimeblog.dallasnews.com/archives/2012/02/four-more-convicted-in-former.html

Information Technology

41. February 17, Help Net Security – (International) Fake Facebook notification delivers keylogger. Fake Facebook notifications about changes in users’ account information have been hitting inboxes and delivering malware to unwary users, warn Barracuda Labs researchers. The e-mail address of the sender is spoofed to make it look like it has been sent by the social network, and the message contains only an image implying that the recipient needs to install Silverlight in order to view the content. Hovering with mouse over the image shows that the offered file is a Windows PIF file, and that is hosted on an IP address in Malaysia. The file is actually a keylogger, the Jorik Trojan. Once the keylogger is installed, it starts recording every keystroke and Web page title into a disk file, which is ultimately sent to a C&C server operated by cyber criminals. Source: http://www.net-security.org/malware_news.php?id=2002

42. February 17, Help Net Security – (International) New powerful bot spreads by e-mail. PandaLabs reported the presence of a powerful new bot called Ainslot.L. This malware is designed to log user activities, download additional malware, and take control of users’ systems. Additionally, it acts as a banker Trojan, stealing log-in information related to online banking and financial transactions. Ainslot.L also performs scans on the computer to seek and remove other bots, becoming the only bot on one’s system. “What makes this bot different is that it eliminates all competition, leaving the computer at its mercy,” explained the technical director of PandaLabs. Ainslot.L spreads via a fake e-mail purporting to come from a UK clothing company called CULT. The message informs users that they have placed an order in the amount of 200 pounds on CULT’s online store and the invoice amount will be charged to their credit card. The text includes a link to view the order which actually downloads the bot onto the computer. Source: http://www.net-security.org/malware_news.php?id=2001

43. February 16, Government Computer News – (International) Android suddenly the top target as mobile malware rises sharply, study finds. The amount of malicious code written for mobile devices, such as smart phones and tablets, jumped by 155 percent in 2011 and has grown more sophisticated, according to a new report from Juniper Networks’ Mobile Threat Center. The magnitude of the growth is surprising, said Juniper’s vice president of government affairs and critical infrastructure protection. “It’s a direct result of consumer demand.” Spyware makes up the bulk of identified mobile malware, accounting for 63 percent. The SMS trojan accounts for 36 percent of mobile malware. The amount of malware written for Android increased exponentially in 2011, going from 400 identified samples in June to more than 13,000 in December. In 2010, more than 70 percent of identified malware was written for Java ME, with another 27 percent for Symbian. BlackBerry, Android, and Windows Mobile accounted for no more than”other.” In 2011, Android was the top target, with nearly 47 percent of identified malware, and Java ME had dropped to a still respectable 41 percent. Symbian accounted for 11.5 percent. Source: http://gcn.com/Articles/2012/02/16/Mobile-malware-Android-top-target.aspx?Page=1

44. February 16, The Register – (International) DNS flaw reanimates revoked sites as ghost domains. Cyber crooks may be able to keep malicious domains operating for longer — even after they are revoked — by manipulating the Web’s Domain Name System (DNS). A weakness in the cache update logic of many widely used DNS servers creates the potential to establish so-called ghost domains, according to a recent joint study by a team of researchers from universities in China and the United States. In their paper Ghost Domain Names: Revoked Yet Still Resolvable, the researchers explain that deleting the malicious domain from the upper level DNS servers is insufficient. Their experiments with 19,045 open DNS servers show that even one week after a domain name has been revoked and its TTL expired, more than 70 percent of the servers will still resolve it. The researchers found that DNS server implementations by BIND, Microsoft, Google, and OpenDNS are all potentially vulnerable. Source: http://www.theregister.co.uk/2012/02/16/ghost_domains_dns_vuln/

45. February 15, Network Computing – (International) Cybercriminals building intricate, multiuse malnets. Cybercriminals have gotten so sophisticated that they can build an intricate network infrastructure and use it repeatedly for the distribution of malware, according to a new study from Blue Coat Systems. These malware networks, or malnets, lure targets through trusted Web sites, then route them to malware through relay, exploit, and payload servers to deliver the malware payload. While malnets are becoming increasingly sophisticated, Blue Coat said these assets can be identified and the malware attacks blocked. However, the Blue Coat Systems 2012 Security Report notes that these malnets are constantly on the move, making them hard to pin down. In one case, in early February, a malware payload changed locations more than 1,500 times in a single day. Source: http://www.networkcomputing.com/security/232600910

For another story, see item 9 above in the Banking and Finance Sector

Communications Sector

46. February 16, University of Minnesota – (International) University of Minnesota researchers discover that cell phone hackers can track your physical location without your knowledge. Cellular networks leak the locations of cell phone users, allowing a third party to easily track the location of the cell phone user without the user’s knowledge, according a February 16 press release announcing the findings of new research by computer scientists in the University of Minnesota’s College of Science and Engineering. Using an inexpensive phone and open source software, the researchers were able to track the location of cell phone users without their knowledge on the Global System for Mobile Communications (GSM) network, the predominant worldwide network. In a field test, the research group was able to track the location of a test subject within a 10-block area as the subject traveled across an area of Minneapolis at a walking pace. The researchers used readily available equipment and no direct help from the service provider. The researchers have contacted AT&T and Nokia with low-cost techniques that could be implemented without changing the hardware, and are in the process of drafting responsible disclosure statements for cellular service providers. Source: http://www1.umn.edu/news/news-releases/2012/UR_CONTENT_374462.html

47. February 16, Columbia Missourian – (Missouri) KMIZ signal goes down Thursday afternoon. KMIZ 17 in Columbia, Missouri, went down February 16 after experiencing problems with the station’s transmitters. The station cut its signal to all providers in the televising area, except to Mediacom and CenturyLink. The engineers working identified the issue as a malfunction with the “exciter” in the transmitter, which is not a piece of equipment the station keeps readily on hand, KMIZ’s general manager said. The part was being shipped overnight, and they hoped to fix the problem first thing the morning of February 17. Source: http://www.columbiamissourian.com/stories/2012/02/16/kmiz-goes-down-thursday-afternoon/

48. February 16, SecurityNewsDaily – (International) Anonymous vows to shut down the Internet. Anonymous has threatened to launch Operation Global Blackout (OpGlobalBlackout), which calls for supporters to download a denial-of-service launching tool, called “Ramp,” which will flood the 13 root Domain Name Servers (DNS) of the Internet with more requests than they can process, SecurityNewsDaily reported February 16. February 12, an announcement appeared on the file-hosting site Pastebin declaring March 31 as the day “anonymous will shut the Internet down.” The manager for Root Zone Services at the Internet Corporation for Assigned Names and Numbers said, “There are not 13 root servers. There are many hundreds of root servers at over 130 physical locations in many different countries.” This discrepancy is critical, said a consultant from Errata Security. “The Anonymous hackers can certain(ly) cause local pockets of disruption, but these disruptions are going to be localized to networks where their attack machines are located,” he wrote. “They might affect a few of the root DNS servers, but it’s unlikely they could take all of them down, at least for any period of time. On the day of their planned Global Blackout, it’s doubtful many people would notice.” Source: http://www.msnbc.msn.com/id/46420147/ns/technology_and_science-security/#.Tz57CYGLcdU

For another story, see item 44 above in the Information Technology Sector