Friday, March 2, 2012

Complete DHS Daily Report for March 2, 2012

Daily Report

Top Stories

• An Australian man and his company were charged in a scheme to export components for drones, torpedoes, missiles, and other military technology from the United States to Iran February 29. – Associated Press (See item 7)

7. February 29, Associated Press – (International) Man charged in plot to export military technology. An Australian man and his company were charged February 29 in a scheme to export to Iran components for drones, torpedoes, missiles, and other military technology. A five-count indictment returned in Washington, D.C., accuses the man of knowingly skirting a federal trade embargo with Iran and plotting to export the technology without the required authorization. Prosecutors said the man and his company, ICM Components, Inc., ordered aircraft parts and other goods from U.S. companies on behalf of a representative of an Iranian trade company. The man concealed the fact the goods were intended for shipment to Iran, sometimes placing orders through a Florida-based broker, and duped manufacturers, shippers, and distributors about their intended end-use, the indictment alleges. The man, identified by prosecutors as the general manager of ICM, remains at large and is believed to be living in Australia. The company is also named in the indictment. The company representative who worked with the man, identified in court papers only as “Iranian A,” would not have been able to directly purchase the goods from the United States on his own, prosecutors said. The alleged export scheme spanned about 2 years starting around March 2007. The indictment charges the ICM general manager with four separate exports or attempted exports, including two separate shipments of mounted light assemblies for use on helicopters and fixed-wing aircraft; a shipment of precision pressure inducers that can measure altitude and record barometric pressure; and a shipment of emergency flotation kits, which can help a helicopter landing in water or on soft desert terrain. The indictment charges the man and the company with conspiracy, and with four counts of illegally exporting goods to an embargoed nation. Source:

• A federal grand jury in California indicted a woman on charges of bilking investors out of $75 million while running a nationwide $129 million Ponzi scheme. – San Francisco Chronicle (See item 8 below in the Banking and Finance Sector.

• Written Congressional testimony from the Inspector General at NASA indicated hackers — ranging from organized crimals to foreign governments — hit the agency more than 5,000 times the past 2 years. – Softpedia (See item 30)

30. March 1, Softpedia – (National) NASA: Hackers targeted us 5,408 times in 2010 and 2011. Written testimony the Inspector General (IG) at NASA submitted to a Congressional committee said the agency suffered more than 5,000 security incidents in 2010 and 2011, Softpedia reported March 1. They “spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries’ objectives,” the IG wrote. The intrusions apparently damaged thousands of computing devices, with the total estimated cost to NASA being more than $7 million. The IG admitted the organization is far behind other agencies when it comes to protecting the laptops utilized by personnel. In the time frame between April 2009 and April 2011, 48 laptops and other mobile devices were stolen. As a result of these incidents, not only was personally identifiable information leaked, but also more important data, such as algorithms used to control the International Space Station, and secret data on NASA’s Constellation and Orion projects. The biggest issue is not that the devices were stolen, instead the problem is that most of them had no form of encryption implemented. Advanced persistent attacks also targeted NASA. In the fiscal year 2011, 47 such attacks were reported, 13 of which were successful. Source:

• Microsoft’s Azure cloud infrastructure and development service experienced a worldwide outage with performance problems likely to continue, the company said February 29. – IDG News (See item 37 below in the Communications Sector.


Banking and Finance Sector

8. March 1, San Francisco Chronicle – (National) American Canyon woman indicted in Ponzi scheme. A federal grand jury in California indicted a woman on charges of bilking investors out of $75 million while running a nationwide $129 million Ponzi scheme. The woman and an accomplice were indicted February 21 on charges of conspiracy, mail fraud, and wire fraud, a U.S. attorney said February 29. The pair promised investors a 16 percent return on their investment, but did not invest the money overseas as promised, the attorney said. Instead, they used new investments for their own gain and to make interest payments to earlier investors. As of March 2009 when the U.S. Securities and Exchange Commission (SEC) shut down the scheme, investors had lost more than $75 million. The woman, who ran the pair’s investment office in Napa, has been arrested while her partner, who controlled the three dummy investment funds, has fled to Canada, where he is a citizen. They could each face 30 years in prison and a fine of $1 million for each count of conspiracy, mail fraud, and wire fraud. The woman was also charged with filing a false tax return, making false statements, and obstructing justice. Source:

9. March 1, The Register – (International) Tick-like banking trojan drills into Firefox, sucks out info. A new banking trojan, called Neloweg, is spreading in the United Kingdom and the Netherlands, Symantec has warned. The trojan operates much like its more famous cybercrime toolkit predecessor ZeuS, but with a couple of subtle twists. “Like Zeus, Neloweg can detect which site it is on and add custom JavaScript. But while Zeus uses an included configuration file, Neloweg stores this on a malicious Web server,” a Symantec analyst explained. The malware is designed to snatch online log-in credentials, primarily (but not exclusively) those for online banking sites. It infects machines by tricking Microsoft Windows users into installing it via a drive-by-download, spam or targeted e-mail, or with the help of other malware. Neloweg also targets browsers that utilize the Trident (Internet Explorer), Gecko (Firefox), and WebKit (Chrome/Safari) browser engines. Source:

10. February 29, Portland Oregonian – (Oregon; Washington; Wisconsin) Feds turn up nearly $2 million in cash in Portland family’s plot to knock off armored car. A man accused of plotting with his parents to commit a series of thefts — most notably staging a $3 million armored car hijacking in Portland, Oregon — told federal investigators the week of February 21 where to find nearly $2 million that he had stashed in a safe deposit box in Bellevue, Washington. He pleaded guilty February 29, admitting he had conspired to commit bank larceny and launder money. On December 6, 2005, the father, a driver for Oregon Armored Services, let his son take two sealed bags from his armored car, each containing $1.5 million in $100 bills. Then, the father reported he was the victim of a gunpoint robbery. The family is accused of retrieving the money carefully over the years and hiding it through a series of transactions involving phony identities, money orders, and credit cards. Government prosecutors have also accused the three of playing roles in two similar acts in Milwaukee, Wisconsin: the 1995 theft of $150,000 from an armored car driven by the father, and a 1998 theft of more than $700,000 from a vault at American Security Corp., where the son worked. Source:

11. February 29, San Diego Union-Tribune – (California) FBI: ‘Insistent Bandit’ strikes again. FBI officials said February 29 that the bank robber dubbed the “Insistent Bandit,” apparently has struck again. The robbery of a Wells Fargo bank in Rolando, California, February 28 is believed to have been the sixth in a series committed by the man since January 17, a FBI special agent said. The thief walks into the bank, displays a handgun, and demands cash. He got his name due to the way he asks the tellers to hand over the money, the special agent said. Source:

12. February 28, Associated Press – (New York; International) Online poker middleman pleads guilty in NYC. A Canadian citizen pleaded guilty to U.S. conspiracy charges in a U.S. district court in Manhattan, New York, February 28 in connection with an investigation of Internet poker gambling that shut down the three largest online poker companies in the United States. He admitted to serving as a middleman between poker companies and brokers who tricked banks into processing money for the gambling businesses. From 2007 to mid-2010, he said, he helped poker companies circumvent U.S. laws meant to prevent banks from processing online gambling proceeds. He said he operated from Canada as he helped financial brokers who used fake companies and made false statements to the banks to trick them into processing payments. He pleaded guilty to conspiracy to commit tax fraud and violation of the Unlawful Internet Gambling Enforcement Act, accepting funds in connection with Internet gambling, and conspiracy to commit money laundering. The charges carry a potential penalty of up to 30 years in prison. They stem from a prosecution that shut down the U.S. operations of Absolute Poker, Full Tilt Poker, and PokerStars in the spring of 2011. Source:

13. February 28, KXII 12 Sherman – (Oklahoma) Employee pleads guilty to Ada bank robbery. An Ada, Oklahoma bank employee who helped her boyfriend rob her employer pleaded guilty, KXII 12 Sherman reported February 28. The U.S. attorney’s office in Muskogee said the former employee pleaded guilty in federal court for the October 21, 2011 robbery of the Citizens Bank in Ada. The employee and her boyfriend were arrested October 21 when police found $78,000 in cash in the attic of the couple’s home, but a federal indictment states they stole more than $150,000. A third man has also been charged with robbery. The employee and her boyfriend face up to 20 years in prison and up to $250,000 in fines. Source:

14. February 27, Forbes – (California; New York; International) Wells Fargo Bank gives scammer three tries. December 2011, an unidentified scammer tricked Wells Fargo into wiring $2.1 million to a bogus bank account in Hong Kong, Forbes reported February 27. He sent Wells Fargo’s Corporate Trust Services department in San Francisco two faxes asking that money be wired from an escrow account, maintained for California’s largest hospital chain, Catholic Healthcare West (CHW), to two banks in New York and Hong Kong. After those banks rejected the transfers on the grounds the recipient accounts did not exist, the scammer sent a third fax asking Wells to transfer money from the same escrow account to a third bank in Hong Kong. Wells complied and the money was moved. CHW wanted to move its escrow account from WestAmerica Bank to Wells Fargo and needed the approval of the Merced County Board of Supervisors. The board put the item on its official agenda for February 15, 2011, posting a partial copy of the escrow agreement on the county Web site, including the signatures of the Merced County director of public health and CHW’s chief financial officer (CFO). The scammer’s faxes included what appeared to be written authorizations from the health director and CFO, however their signatures were copied and pasted from the contract the county had posted. Source:

Information Technology

35. February 29, Softpedia – (International) Multiple vulnerabilities found in Pinterest. Pinterest, a pinboard social media Web site, was found to contain many vulnerabilities that could allow an attacker to cause serious damage. A security researcher found the site, which has more than 10 million active users, has extremely poor security. He identified a cross-site scripting vulnerability and an iframe injection issue that could allow hackers to hijack user accounts and perform other malicious operations. With the aid of another security researcher, he found a URL redirection flaw that could be leveraged to redirect the site’s visitors to other potentially malicious domains. Source:

36. February 29, IDG News Service – (Texas) Texas man gets prison time for software copyright infringement. A Texas man who sold supposed backup copies of Adobe Systems, Microsoft, and Autodesk software through multiple Web sites was sentenced to nearly 5 years in prison and ordered to pay more than $402,000 in restitution, the U.S. Department of Justice and U.S. Immigration and Customs Enforcement (ICE) announced. The man, from Wichita Falls, was sentenced February 28 to 57 months in prison. The man offered copies of Adobe software for sale in the mid-2000s, the ICE said. ICE investigators were contacted in May 2007 by Adobe investigators, who said they purchased and downloaded software from, the agency said. Also in 2007, the FBI received a separate lead from the Wichita Falls Police Department regarding the man’s involvement in selling pirated software, the ICE said. The police department warned the man in 2004 about selling pirated software while investigating him for credit card abuse. It searched his home in 2007 and seized computers and storage media. Law enforcement officials found he operated many Web sites. On them, he offered “backup” software of titles marketed by Adobe, Microsoft, and Autodesk for about one-fifth of the retail price. The man also provided counterfeit product registration codes. Between June 2006 and April 2007, he sold more than 90 infringing copies of Adobe software for more than $66,000. Between 2004 and 2007, he sold more than $384,000 worth of software, in more than 3,000 transactions through 17 businesses he set up, according to ICE. Source:

For more stories, see items 9 above in the Banking and Finance Sector, 37 and 38 below in the Communications Sector.

Communications Sector

37. February 29, IDG News – (International) Microsoft’s Azure cloud suffers serious outage. Microsoft’s Azure cloud infrastructure and development service experienced a serious outage February 29, with the system’s service management component going down worldwide. “We are experiencing an issue with Windows Azure ... Customers will not be able to carry out service management operations,” Microsoft said in an initial message on the outage on its Azure service dashboard. The issue has been “mitigated and service management is restored for the majority of customers,” Microsoft said in a message. The incident’s root cause was traced back to a cert issue. Microsoft said less than 3.8 percent of hosted services had been affected, and measures had been taken to stop the problem “from spreading across the production environment.” In addition, Azure customers in the north and south central United States as well as northern Europe may experience performance problems, according to a message on the dashboard. “Deployed applications will continue to run. There is no impact to storage accounts either,” it stated. The SQL Azure Data Sync service was unavailable in six regions around the United States., Europe, and Asia, and various problems were listed for some regions regarding Access Control 2.0, Azure Reporting, Azure Marketplace, and Azure Service Bus. The notifications promised regular updates on the work being done to fix the issues, but no concrete timetables. Source:

38. February 29, Fairbanks Daily News-Miner – (Alaska) GCI fiber-optic line problem disrupts cell phone service in Alaska. A problem with a GCI communications line February 29 was affecting cell phone service throughout Alaska, including parts of Fairbanks. A GCI spokesman said a technician in mid-town Anchorage accidentally severed a fiber-optic line February 29, resulting in lost service to a still-undetermined service area. He said it was unclear whether Fairbanks had been directly affected, or whether local service was only being disrupted when it involved Anchorage-based communications servers. He said some service had been restored, and that the rest would gradually return as hundreds of tiny fiber-sized lines are spliced together. An Alaska Communications spokeswoman said some of its customers were affected, specifically those using 2G wireless data. She said Alaska Communications smartphone users had intermittent Internet service for a few hours. Source:

For another story, see item 35 above in the Information Technology Sector