Wednesday, March 7, 2012

Complete DHS Daily Report for March 7, 2012

Daily Report

Top Stories

Federal inspectors missed problems or failed to inspect areas at a West Virginia mine in the 18 months before a deadly 2010 explosion, a report found. – Associated Press

1. March 6, Associated Press – (West Virginia) Report: MSHA missed problems at doomed W.Va. mine. Federal inspectors either missed problems at the Upper Big Branch mine in Montcoal, West Virginia, or failed to inspect the areas where they existed in the 18 months before a deadly 2010 explosion, but an internal review posted March 6 concluded there was no evidence those failures caused the disaster. The Mine Safety and Health Administration (MSHA) posted the report online after a private briefing with relatives of the 29 miners killed in the nation’s worst coal mining disaster in four decades. It acknowledged multiple failures by field staff in MSHA’s largest region, southern West Virginia’s District 4. It also said their effectiveness was compromised by internal communication problems and by budget cuts that created staffing shortages, inexperience, and a lack of sufficient training and managerial oversight. While the agency has made significant improvements in the past 2 years, the report said it was not enough and contained about 20 pages of detailed, technical recommendations for regulatory and administrative changes. Four investigations concluded the blast was sparked by worn and broken equipment, fueled by a deadly buildup of methane and coal dust, and allowed to spread because of clogged and broken water sprayers. MSHA investigators found Massey made “systematic, intentional, and aggressive efforts” to hide problems and throw off inspectors, even falsifying safety records. Managers also alerted miners when inspectors arrived, allowing time to disguise or temporarily fix dangerous conditions. Source:

A retired U.S. Marine was arrested and arraigned March 4 on four counts of attempting to sell sensitive military laser light filters on eBay and ship them overseas. – Los Angeles Times

7. March 5, Los Angeles Times – (International) Ex-Marine accused of selling sensitive military equipment on eBay. A retired U.S. Marine was arrested and arraigned March 4 on four counts of attempting to sell sensitive military laser light filters on eBay and ship them overseas, authorities said. He pleaded not guilty. The man, from Rosamond, California, is charged with 4 counts of making false statements on customs forms in his attempts to ship more than 100 laser light interference filters abroad between December 2009 and February 2010. A U.S. attorney spokesman said an undercover investigation led authorities to the man. He worked in the Marine Aviation Supply Office as a staff sergeant at Edwards Air Force Base in California until his retirement in December 2011. An assistant U.S. attorney confirmed the alleged wrongdoing occurred during his time in uniform. Authorities opened a probe after receiving a tip about the sale of the filters on eBay. The indictment said the man falsely stated his packages contained camera lenses, filters, and other equipment, when in reality they contained the laser light filters. Officials said the sophisticated lights cannot legally be exported without a license from the State Department. The filters, which protect optics inside night vision goggles from being damaged by lasers, are considered so sensitive the military requires they be destroyed after use. The man faces a maximum sentence of 20 years in prison, as well as a maximum $1 million fine. He is due back in court March 26. Source:

A Texas tycoon was convicted on all but 1 of the 14 counts he faced for bilking investors out of more than $7 billion in a massive Ponzi scheme he operated for 20 years. – Associated Press. See item 10 below in the Banking and Finance Sector.

• A new report says the Department of Energy has not fully implemented controls for access to buildings, computers, and equipment for tens of thousands of contractors as required by a Presidential directive. – Federal Computer Week

27. March 5, Federal Computer Week – (National) IG faults Energy Department for not fully implementing HSPD-12. Despite 7 years of effort and $15 million spent, the Department of Energy (DOE) has not fully implemented the physical and logical access controls required under Homeland Security Presidential Directive-12 (HSPD-12), according to a new report from the DOE inspector general (IG), Federal Computer Week reported March 5. The agency has also not issued HSPD-12 credentials to many of the 40,000 contractor personnel at its 5 field sites, the report said. Two of the field sites, Oak Ridge National Laboratory and the East Tennessee Technology Park, were partially done, and three others had not started yet. Under HSPD-12, federal agencies were required to establish credentialing systems for workers and contractors for access to buildings, computers and equipment. The IG also said four of the field sites failed to provide credentials to contractors who do not hold security clearances, which is contrary to the directive. All together, about 11,000 individuals without security clearances who require routine access to work sites for at least 6 months had not been issued credentials as required, the IG wrote in the report. He faulted the department for not providing effective guidance. Source:

Pittsburgh police are searching for an armored car guard wanted for stealing $2.3 million dollars, shooting his partner, and leaving his body in their work vehicle under a bridge. – WTAE 4 Pittsburgh

28. March 6, WTAE 4 Pittsburgh – (Pennsylvania) Cops: Suspect in deadly armored car heist still in U.S. There is no indication the armored car guard who is wanted for the shooting death of his partner and theft of $2.3 million in the Strip District of Pittsburgh has left the country, WTAE 4 Pittsburgh reported March 6. A Pittsburgh police official said it does not appear the suspect has crossed a border or departed from an airport since his partner was killed and left inside a Garda Cash Logistics truck the week of February 27. The district attorney called the crime “pretty cold-blooded,” saying the suspect is accused of shooting his partner in the back of the head and ditching the body and the armored vehicle under a bridge. Some of the stolen cash came from Rivers Casino, where the armored car made a morning pickup that day. According to the criminal complaint, the suspect called his mother and friends after the killing — including one person whom he asked about extradition laws in Canada and Mexico. The suspect faces charges of homicide, robbery, and theft. Police said they believe him to be armed and dangerous with two guns and his dead partner’s duty weapon, a Glock 9mm. Source:

Six people associated with multiple computer hacking groups were arrested and charged with a series of attacks on computers used by banks, intelligence firms, and the entertainment industry. – Chicago Tribune. See item 36 below in the Information Technology Sector.


Banking and Finance Sector

8. March 6, KTLA 5 Los Angeles – (California) ‘Snowboarder Bandit’ strikes again at Anaheim Credit Union. Police said the so-called “Snowboarder Bandit” struck again March 5 in Anaheim, California, but he wore a new outfit this time around. The robber, who normally wears a beanie and sunglasses as he robs banks, instead wore a motorcycle helmet and black jacket as he robbed a Schools First Credit Union. Investigators think the robber is responsible for nine robberies in Orange County since December 20, 2011. He typically gives the teller a note implying he has a weapon and then demands cash. Source:,0,6407918.story?track=rss

9. March 6, U.S. Securities and Exchange Commission – (New York) SEC obtains asset freeze against Long Island investment adviser charged with defrauding investors. The U.S. Securities and Exchange Commission (SEC) announced March 6 charged a New York-based investment adviser with defrauding investors in five offshore funds and using some of their money to buy a multi-million dollar beach resort property on Long Island. The SEC alleges the man raised more than $74 million from at least two dozen investors since 2005, promising them their money would be invested in liquid assets. Instead, he diverted investor money to his brother-in-law’s beach resort project that was facing foreclosure, and in return received unsecured, illiquid promissory notes. According to the SEC complaint, he operated the five funds through his investment advisory firms Horizon Global Advisors Ltd. and Horizon Global Advisors LLC. He used the promissory notes to hide his misuse of investor funds. The notes overstated the amount of money diverted to the real estate project. In 2011, he received $14.5 million in promissory notes in exchange for only $3.3 million he provided to his brother-in-law. The inflated notes allowed him to overstate the amount of assets he managed and inflate his management fees by 800 percent or more. At the SEC’s request, the court granted a temporary restraining order freezing the assets of the man and his advisory firms. Source:

10. March 6, Associated Press – (Texas; International) Financier convicted in $7 billion fraud. A Texas tycoon whose financial empire once spanned the Americas was convicted March 6 on all but 1 of the 14 counts he faced for allegedly bilking investors out of more than $7 billion in a massive Ponzi scheme he operated for 20 years. Jurors found him guilty on all charges except a single count of wire fraud. Prosecutors called him a con artist who lined his pockets with investors’ money to fund a string of failed businesses, pay for a lavish lifestyle, and bribe regulators to help him hide his scheme. He faces up to 20 years for the most serious charges against him. With his conviction, a shorter, civil trial will be held with the same jury on prosecutors’ efforts to seize funds from more than 30 bank accounts held by the financier or his companies around the world, including in Switzerland, the United Kingdom, and Canada. During the trial, prosecutors presented evidence, including testimony from ex-employees, as well as e-mails and financial statements, they said showed he orchestrated a 20-year scheme that bilked billions from investors through the sale of certificates of deposit from his bank on the Caribbean island nation of Antigua. They said the financier, whose empire was headquartered in Houston, lied to depositors from more than 100 countries by telling them their funds were being safely invested in stocks, bonds, and other securities. The former chief financial officer for his companies told jurors he and the financier worked together to falsify bank records, annual reports, and other documents to conceal the fraud. Three other indicted former executives of the man’s companies are to be tried in September. A former Antiguan financial regulator accused of accepting bribes from the financier was also indicted and he awaits extradition to the United States. The financier and former executives are also fighting a U.S. Securities and Exchange Commission lawsuit that makes similar allegations. Source:

11. March 5, WKYC 3 Cleveland – (Ohio) Traffic stop leads to 84 felony charges. A traffic stop from early 2011 in Ohio led to 84 felony counts against one person, WKYC 3 Cleveland reported March 5. Montville police said it all stems from February 6, 2011, when authorities stopped a vehicle near Interstate 71 in which a passenger was with a juvenile driver apparently returning to Akron. Police said a search of the vehicle uncovered marijuana, drug paraphernalia, 45 pre-paid credit cards, and $1,200 in cash. Police indicated further investigation of the vehicle and pre-paid cards found the passenger and driver were allegedly involved in a large criminal ring originating in the Columbus area. The crime ring reportedly involves magnetic strips on pre-paid credit cards being re-programmed with actual stolen credit card numbers and then used to make purchases. Montville police also said receipts located in the vehicle, as well as records from two GPS units purchased with the stolen cards, enabled them to track the suspect’s activities, showing they made purchases in Akron, Cleveland, Sandusky, and Mansfield with the stolen cards. The passenger was indicted on 39 counts of complicity to commit receiving stolen property, 39 counts of complicity to commit identity fraud, and 6 counts of complicity to commit forgery. Police said similar charges are pending on the juvenile in this case. Source:

12. March 5, Orlando Sentinel – (Florida) Two suspects accused of ATM fraud in Plantation. Two men who went from ATM to ATM in Plantation, Florida, over the weekend of March 3 and 4 withdrew funds using stolen credit card information, authorities said. The transactions caught the attention of bank security officials, and police tracked the men to a Citibank ATM. The men were found with numerous credit and gift cards in their possession March 4 and were arrested on charges of trafficking in counterfeit credit cards. They are suspected of being part of a fraud ring that uses skimming devices to steal credit card data from victims, according to an arrest affidavit. Police found one of the men with more than 20 credit and gift cards and more than $1,000, and the other with 13 credit and gift cards and $1,100, a judge said. Both men were ordered held without bond because of pending immigration holds. Source:,0,5731603.story

For more stories, see items 36 below in the Information Technology Sector and 38 below in the Communications Sector

Information Technology Sector

32. March 6, Softpedia – (International) 200,000 webpages compromised to lead visitors to fake AV sites. In the past several months, mass infections were not uncommon, and now security experts believe they found another one. Websense found 30,000 unique Web sites are currently compromised to redirect visitors to sites that promote fake antivirus software. A total of 200,000 Web pages, part of the 30,000 sites, are compromised, with the campaign apparently designed to target mostly sites hosted by the WordPress content management system. After multiple redirects, victims are taken to a Web site that performs a fake scan, pointing out many infections and threats. The scan is designed to appear as if it takes place in a Windows Explorer window, but in reality it is simply a Web page designed to fool users. When the scan is complete, the user is urged to install an antivirus tool. However, the antivirus tool is a trojan that once installed provides complete control of the infected machine. More than 85 percent of the compromised sites are located in the United States. The injected code is usually placed before the tag. Web site administrators who suspect their sites may be compromised should check their code for the malicious script. According to researchers, if one of the Web pages displays the code, then most likely the entire site is compromised and each page should be thoroughly checked and cleaned. Source:

33. March 6, Infosecurity – (International) THOR: A new P2P botnet for sale. Now a new botnet, named THOR and coded by TheGrimReap3r, is nearing completion and being offered for sale at $8,000 on the criminal underground. THOR does not use a central command and control (C&C) server. It has a decentralized architecture based on peer-to-peer (P2P) technology. P2P botnets are the latest innovation in the battle between whitehat security researchers and law enforcement agencies and the blackhat criminal underground. The “weakness” in traditional centralized architecture, according to a PandaSecurity researcher, is it is possible to track down the C&C server, and “if you are able to shut it down you can kill the botnet (the bots will be there but the cybercriminal won’t be able to control them).” A RandomStorm researcher explained the methodology ofP2P botnets. They “let the controller inject commands into the network and have the bots disseminate the commands amongst each other. This removes the head and makes the network much harder to take down.” It also makes it harder to find the criminal behind the botnet, he added. With a traditional C&C botnet, “if defenders can gain control of the command server they can watch for connections and try to trace the bot herder back to his own machine. In the P2P model, the herder can simply connect to a single bot and inject commands, using a different bot each time, so that it becomes a lot harder to track him down.” Source:

34. March 6, H Security – (International) Adobe updates Flash Player closing more critical holes. Adobe issued a security bulletin for Flash Player on Windows, Macintosh, Linux, Solaris, and Android. Described as a priority 2 update, Adobe says the flaw has existed for some time but there are no known exploits and it expects that to stay that way in the immediate future. The critical flaws are reportedly a memory corruption vulnerability in Matrix3D that “could lead to code execution,” reported by a member of Google’s security team, and integer errors that “could lead to information disclosure,” reported by another fellow team member. This is the second update in less than a month for Flash Player, with seven critical flaws being fixed in an update February 16. The affected versions of Flash Player are the Windows, Mac, Linux, and Solaris versions and earlier, Android 4.x and earlier, and Android 3.x and 2.x versions and earlier. Fixes are available for Windows, Mac, Linux, and Solaris by downloading Flash Player or later from Adobe. For Android 2.x, 3.x and 4.x, updates can be applied by going to the Android Market Place on the device and downloading version for Android 4.x and for Android 3.x and 2.x. Source:

35. March 6, H Security – (International) Ruby on Rails updated to fix security flaws. The Web application framework Ruby on Rails was updated to version 3.2.2 to fix two important security issues, and several other bugs. Users are advised to upgrade installations as quickly as possible due to the serious nature of the fixed security flaws –- these fixes are unrelated to recent issues with GitHub and Rails. Users of Rails 3.0 and 3.1 will find new versions, 3.0.12 and 3.1.4, that also address the vulnerabilities. The two cross-site scripting vulnerabilities that were fixed allow attackers to take advantage of improperly sanitized options tag fields and direct manipulation of a safebuffer to execute arbitrary HTML in the browser of users visiting a Rails site. The Rails 3.2.2 update also includes fixes that ensure log files are always flushed and that failing tests will exit with non-zero status codes. It also removes calls to some deprecated methods and includes various Ruby 2.0 compatibility fixes. Source:

36. March 6, Chicago Tribune – (International) 6 charged with hacking; LulzSec founder reportedly helping Feds. Six computer hackers associated with groups including Anonymous, LulzSec, and AntiSec were arrested and charged in New York in connection with a series of attacks on computers used by the entertainment industry, credit card companies, intelligence firms, and an Irish political party, U.S. officials announced March 6. One of the six, known by his computer name of “Sabu,” pleaded guilty previously and was said by officials to be working with the government against his former colleagues. He was described by officials as one of the founders of LulzSec, an offshoot of the antigovernment hacking group Anonymous. LulzSec planned and executed attacks around the world against targets the group saw as favoring established business and government institutions. Sabu pleaded guilty August 15, 2011 to 12 counts connected to computer hacking and other crimes against Fox Broadcasting, Sony Pictures, and the Public Broadcasting Service, according to the FBI and the U.S. attorney’s office for the Southern District of New York. Source:,0,6670874.story

For another story, see item 38 below in the Communications Sector

Communications Sector

37. March 6, Brunswick News – (Georgia) Firefighters battle cell tower blaze. Glynn County, Georgia firefighters were concerned March 5 about the integrity of a cellular phone tower that caught fire on St. Simons Island. They were afraid the fire might have weakened the metal frame, which is now bent in the middle, due to extreme heat. Firefighters fought the fire, concentrated in the center core of the 150-foot tower, for just under an hour before getting it under control. A county fire official said the tower was red-hot from the base to about 75 feet up while cables and other electronic equipment burned in the middle. The tower is used by AT&T, Sprint, and Verizon for cellular phone service. It is unknown whether the fire disrupted service to any cell phone subscribers on St. Simons Island or the mainland. Tower technicians were expected to inspect the structure March 6 or 7. Source:

38. March 5, Morgan Hill Times – (California) Verizon fiberoptic cable cut causing phone, internet outage. Verizon land line services are down for parts of Morgan Hill, California. A construction crew cut a fiberoptic cable on the Butterfield Extension project March 5, according to South Valley Internet. This caused a service failure to land line, Internet, and cell phone services and some ATMs and debit card transactions in stores throughout the city. A representative from Verizon said crews were working to replace the cable that was damaged. Source:

39. March 5, WMAZ 13 Macon – (Georgia) Phone service out in North Macon. Several hundred customers and businesses of AT&T in the Macon, Georiga area were without service March 5. According to an AT&T communication manager, the disruption came as a result of road crews accidentally cutting a fiber cable during construction. The outage affected customers only in the north Macon area. The manager said crews were working to fix the problem and should have service restored by the evening of March 5. Source: