Friday, March 16, 2012

Complete DHS Daily Report for March 16, 2012

Daily Report

Top Stories

• Science Applications International Corp. (SAIC), the computer contractor hired to overhaul payroll systems for New York City agencies, agreed to pay $500.4 million to resolve claims it conspired to defraud the city. – Bloomberg See item 9 below in the Banking and Finance Sector

• Prosecutors in New York indicted two Swiss financial advisers on charges of conspiring to help wealthy Americans hide $267 million in secret bank accounts. – Reuters See item 12) below in the Banking and Finance Sector

• A tractor-trailer collided with a school bus March 14 in western Pennsylvania, killing the truck driver and injuring at least 21 people, most of them students, authorities said. – Associated Press

15. March 15, Associated Press – (Pennsylvania) 1 dead, others hurt in Pa. school bus, truck crash. A tractor-trailer collided with a school bus carrying about 2 dozen students and adults March 14 in western Pennsylvania, killing the truck driver and injuring at least 21 people, most of them students, authorities said. The crash occurred on Route 281 near Rockwood, state police said. The truck and a school bus taking Turkeyfoot Valley Area School District students back from a school in Somerset struck each other. The truck crossed over into southbound lanes and hit the bus almost head-on, said a trooper. Twenty-three people, including 2 adults and 21 high-school students, were on the bus. Two adults and three juveniles were flown to a hospital. A hospital official later said one adult was in critical condition and the other adult and two of the children were listed as fair; the third juvenile was treated and released. Another child was flown to a hospital in Pittsburgh was later listed in good condition, an official said. Source:

• A midwestern militia group whose members are accused of plotting to murder police had a “kill list” that included current and former U.S. presidents, government officials, and members of Congress, an FBI agent said March 13. – Reuters

36. March 13, Reuters – (National) FBI agent: Midwest militia group had ‘kill’ list. A midwestern militia group whose members are accused of plotting to murder police had a “kill list” that included current and former U.S. presidents, top government officials, and members of Congress, an FBI agent testified March 13 in a Detroit federal court. The list from members of the group called the Hutaree was titled “Established Elite Still in Control” and included military officers, reporters, and corporate executives, the FBI agent said. The agent, who had gained access to the group by posing as a truck driver, said the list was circulated during the wedding of a Hutaree leader. Seven members of the Hutaree face federal charges of sedition, the attempted use of weapons of mass destruction, and firearms offenses. Defense attorneys argued the group was merely engaging in angry expressions of free speech and did not intend to commit acts of terrorism. The trial is the latest in prosecutions aimed at what the government sees as a growing threat of violence from home-grown anti-government groups. Source:

• A new Ubuntu Linux distribution is being marketed as “Anonymous-OS” and comes pre-loaded with tools for cracking passwords, launching denial of service attacks, and protecting anonymity online. – Threatpost See item 44) below in the Information Technology Sector


Banking and Finance Sector

7. March 14, U.S. Commodity Futures Trading Commission – (New York) CFTC charges former MF Global Broker, with attempted manipulation of palladium and platinum futures prices. The U.S. Commodity Futures Trading Commission (CFTC) announced March 14 it filed a federal court action in the Southern District of New York charging a broker with attempted manipulation of the prices of palladium and platinum futures contracts, including the settlement prices, traded on the New York Mercantile Exchange (NYMEX). The CFTC complaint alleged the broker engaged in this conduct from at least June 2006 through May 2008, and specifically on at least 12 separate occasions. The complaint also charges him with aiding and abetting the attempted manipulations of a former portfolio manager of Moore Capital Management, LLC. According to the complaint, while working as a broker at MF Global Inc., he employed a manipulative scheme commonly known as “banging the close.” He intentionally devised and implemented a trading strategy to attempt to maximize the price impact through trading during the 2-minute closing periods of the palladium and platinum futures contracts markets, the complaint charged. The CFTC complaint also stated that to push prices higher, he routinely withheld entering the market-on-close buy orders until only a few seconds remained in the closing periods and thereby caused the orders to be executed within seconds of the close of trading. The CFTC settled related actions against Moore Capital Management, LP, its affiliates, and the former portfolio manager. The CFTC’s order imposed a $25 million civil monetary penalty. Source:

8. March 14, Los Angeles Times – (California) Suspected ‘Wrong Way Bandit’ is charged in O.C. bank robberies. Orange County, California prosecutors the week of March 12 charged a man suspected of being the so-called Wrong Way Bandit with committing a series of bank robberies. He faces 3 felony counts of attempted second-degree robbery and could be sentenced to more than 50 years in state prison if convicted. The charges were filed March 13. Prosecutors said he committed five robberies and one attempted robbery between August and December 2011 at banks in Garden Grove, Fountain Valley, Costa Mesa, and Tustin. He was arrested March 9. The robber got his moniker because he apparently changed his mind on which way to exit after one of the heists. Source:

9. March 14, Bloomberg – (New York) SAIC to pay $500 million to settle New York City time fraud. Science Applications International Corp. (SAIC), the contractor hired to overhaul payroll systems for New York City agencies, agreed to pay $500.4 million under a deferred-prosecution agreement to resolve claims it conspired to defraud the city. SAIC admitted it failed to investigate claims a manager of the CityTime payroll project directed staffing tasks to a single subcontractor, Technodyne LLC, in exchange for kickbacks, according to documents unsealed March 14 by federal prosecutors. The $500 million represents the “largest by dollar amount arising out of any state or government contract fraud in history,” the Manhattan U.S. attorney said. The city was billed about $690 million for SAIC to create a now-operational Web-based, time-keeping payroll management system, according to a spokesman for the mayor. Payments to Technodyne ballooned to $325 million from $17 million, even as the contract was amended to transfer cost overruns to the city, said a statement of responsibility submitted by SAIC. The scheme “lasted more than 7 years,” the U.S. attorney said. Prosecutors charged 11 defendants plus Technodyne. SAIC agreed to the filing of one count of conspiracy to commit wire fraud and agreed to disgorge proceeds of the offense, including $370.4 million in restitution to the city and a $130 million penalty, the Justice Department said. The agreement also calls for SAIC to forgive $40 million more in invoiced billings. The U.S. attorney said his office has liens on $52 million more in illegal gains of individual defendants. Depending on the resolution of frozen assets, the project will have cost the city $134 million to $186 million of the $692 million billed, a spokesman for the mayor said in an e-mail. Source:

10. March 14, KTVU 2 Oakland – (California) Vacaville bandit may be tied to Chino bank shooting. Police were searching for a masked man March 14 after he robbed a Bank of the West in Vacaville, California, armed with an AK-47 and wearing body armor. Investigators said they believe it may be the same man who shot and wounded a police officer in a recent bank robbery in Chino. A police sergeant said the man entered the bank in Vacaville and demanded money March 12. He then took some cash and fled. He was wearing a black ski mask and a green-colored tactical vest with the word “SHERIFF” in block letters on the back, the sergeant said. Detectives are investigating whether the robbery is related to similar robberies in Sacramento and Chino, he said. In the Chino robbery, which occurred at a California Bank and Trust February 29, the robber shot a responding police officer with an assault rifle. The officer drove himself to a hospital and was listed in stable condition. Source:

11. March 14, Boulder Daily Camera – (Colorado) Officials nab suspected ‘Face Off Bandit,’ wanted in three Boulder bank robberies. A suspect who police believe used fake beards while robbing at least six banks, including three in Boulder, Colorado, has been caught, authorities said March 14. The suspect was arrested on a warrant by Boulder police as he was leaving a Walmart store in Thornton, according to Boulder authorities. Police said they think he is the “Face Off Bandit,” a name given by FBI agents because investigators believe he wore fake beards as disguises and left them behind as he fled. The first Boulder robbery took place December 16, 2011 at a Great Western Bank, the second robbery was at a First Bank January 19, and a Chase Bank was robbed February 15. He also is suspected of robbing a Wells Fargo Bank in Golden, a Key Bank in Thornton, and a First National Bank in Louisville. Those cases remain under investigation. Source:

12. March 14, Reuters – (National; International) Two Swiss financial advisers indicted in U.S. Prosecutors in New York March 14 indicted two Swiss financial advisers, one a former private banker at financial giant UBS AG, on charges of conspiring to help wealthy Americans hide $267 million in secret bank accounts. Charges were brought against the men in separate indictments. Both live in Switzerland, but they worked separately from each other. In the latest development in a U.S. crackdown on Swiss banking, the indictment said one man was a client adviser at Swiss-based UBS from 1993 to around 2003, then later worked at a series of unnamed Swiss asset management firms. He helped U.S. clients hide money at UBS and other Swiss banks, including Wegelin, a small Swiss bank indicted in February by the Justice Department for selling tax evasion services to American clients. He handled about 32 accounts holding $138 million for U.S. clients of UBS, and helped about 13 transfer their accounts to Wegelin and other Swiss banks when UBS came under pressure from U.S. authorities around 2008. He also helped clients fleeing UBS transfer accounts to the Swiss branch of an unnamed Israeli bank, the indictment said. The other adviser worked at Beck Verwaltungen AG, an independent advisory firm in Zurich, from the late 1980s to 2010. He managed U.S. client accounts worth $129 million. The two were also charged with “operating unlicensed money transmitting businesses” that funneled client money between banks and clients.Source:

13. March 14, Bloomberg – (National) BCI Aircraft Leasing owner guilty in $50 million fraud case. BCI Aircraft Leasing Inc. and its principal were found guilty by a federal court jury of engaging in a fraudulent $50 million financing scheme, a Chicago U.S. attorney said March 14. The principal and his business were found guilty of six wire fraud counts and one count of obstructing a U.S. Securities and Exchange Commission probe. “[The principal] and BCI raised or otherwise obtained more than $50 million, commingled those funds and misappropriated some of the funds for their own use,” the U.S. attorney said. They also provided false information in connection with a Securities and Exchange Commission (SEC) lawsuit, he said. BCI had been a provider of aircraft to U.S. Airways Group Inc. and Southwest Airlines Co. The SEC sued in 2007, alleging the business was a Ponzi scheme in which early investors were repaid with money taken from those who followed. The principal was indicted in March 2010. The company and other defendants were added in a revised charging document in September 2010. The principal faces as long as 30 years imprisonment on each wire-fraud count, plus a $1 million fine and as long as 20 years in prison for obstruction. Three co-defendants pleaded guilty, two of whom testified against the principal at trial, the U.S. attorney said. Source:

Information Technology

40. March 15, H Security – (International) Pidgin IM client 2.10.2 closes DoS holes. Version 2.10.2 of the open source Pidgin instant messaging program was released. According to its developers, the maintenance and security update brings a number of changes and addresses two denial-of-service vulnerabilities that could be exploited by an attacker to cause the application to be terminated. These remote crashes are caused when the MSN server sends messages that are not UTF-8 encoded and also when some types of nickname changes occur in chat rooms using the XMPP protocol. Versions up to and including 2.10.1 are affected. Pidgin 2.10.2 fixes these issues and all users are advised to upgrade. Source:

41. March 15, Krebs on Security – (International) Hackers offer bounty for Windows RDP exploit. A Web site that bills itself as a place where independent and open source software developers can hire each other has secured promises to award at least $1,435 to the first person who can develop a working exploit that takes advantage of a newly disclosed and dangerous security hole in all supported versions of Microsoft Windows., Krebs on Security reported March 15. That reward is offered to any developer who can devise an exploit for one of two critical vulnerabilities that Microsoft patched March 13 in its Remote Desktop Protocol (RDP is designed as a way to let administrators control and configure machines remotely over a network). The bounty comes courtesy of contributors to, a site that advances free and open software. The current bounty offered for the exploit is almost certainly far less than the price such a weapon could command on the underground market, or even what a legitimate vulnerability research company might pay for such research. Source:

42. March 14, H Security – (International) Firefox, Thunderbird and SeaMonkey updates fix critical vulnerabilities. In the latest round of updates of its suite of Internet applications, Mozilla detailed the security fixes in the Firefox 11 browser, Thunderbird 11 e-mail and news client, and SeaMonkey 2.8 “all-in-one internet application suite.” There are also fixes for the “enterprise” and legacy versions of Firefox and Thunderbird. These fixes include a correction to a memory error in Array.join() which was fixed in February, but was exploited during the recent Pwn2Own contest. According to the Security Advisories for Firefox page, the Firefox 11.0 update addresses eight vulnerabilities in the browser, five of which are rated as “Critical.” The same vulnerabilities were also fixed in Thunderbird 11 and SeaMonkey 2.8, as they are based on the same Gecko platform as Firefox 11. These critical issues include memory handling errors and a use-after-free problem that could lead to memory corruption, a crash when accessing keyframe cssText, and a privilege escalation issue when javascript is used as the home page URL. A critical use-after-free bug in SVG animation was also fixed. Some of these vulnerabilities, Mozilla said, could be exploited remotely by an attacker to, for example, execute arbitrary code on a victim’s system. Mozilla also corrected three moderate vulnerabilities, including two cross-site scripting holes, and an issue that could be used for UI spoofing. Source:

43. March 14, SecurityNewsDaily – (International) Hackers expose security hole. A security bug may exist on that could leave the personal information of its registered users exposed and vulnerable to theft. TeamHav0k, a network of “gray hat” hackers, found an SQL injection vulnerability in the genealogy-tracing Web site. To prove its point, the group copied the contents of a database belonging to the genealogical Web site and posted it online. In a Pastebin post, the TeamHav0k hackers preface the leak with a note explaining their exploit was not meant to do any damage to’s registered users, but simply to highlight what the hackers believe is a major flaw for a high-profile site to have.’s director of corporate communications said the vulnerability exposed by TeamHav0k “is on the company’s corporate website, which is a separate website housed by a third party vendor and is not connected to any customer financial or personal tree information.” SecurityNewsDaily opened the leaked database contents, which amounted to only 35 kilobytes. No actual user information was included; rather, the data seemed to be mostly front-end forms a member would use to fill in family information when first signing up with Source:

44. March 14, Threatpost – (International) New Linux distro promoted as Anonymous-OS. A new Ubuntu Linux distribution is being marketed as “Anonymous-OS” and comes pre-loaded with tools for hacking and protecting anonymity online. However, it is unclear whether the new operating system was created by the hacking group, or even has its endorsement. Anonymous-OS Version 0.1 was released March 13 and is being offered from Sourceforge and as a bitTorrent download, according to a post on a page for Anonymous-OS. The operating system is an Ubuntu-based Linux distribution created under Ubuntu version 11.10. It uses the Mate Desktop Environment. The operating system was created for “educational purposes” to “(check) the security of Web pages,” according to the Anonymous-OS Tumblr page. The new distribution comes loaded with tools useful to hackers, security researchers, and those interested in preserving their anonymity online. Among the applications bundled with Anonymous-OS are the anonymizing Tor client, Wireshark, a network protocol analyzer, password cracker John the Ripper, and Pyloris, a tool for launching denial of service attacks. Though the new Linux distribution makes use of Anonymous’s iconography, it is unclear whether any link exists between the group and those behind the new operating system. Twitter accounts associated with the group used to promote other Anonymous operations were silent on the new operating system, suggesting it was “inspired” by Anonymous more than it was made by the group. Source:

For more stories, see items 9 above in the Banking and Finance Sector and 47 below in the Communications Sector

Communications Sector

45. March 15, WDTN 2 Dayton – (Ohio) Downed wires cause a whole lot of mess. A truck tangled in wires caused problems on several levels along Interstate 675 in Beavercreek, Ohio March 15. Crews were working on the sound barriers near Indian Ripple Road when a dump truck with its bed raised up in the air got into some overhead lines. Fiber optic cables were pulled down, forcing police to block the northbound lanes at Indian Ripple Road for about 20 minutes. The downed fiber lines also killed cable TV service to three area communities, according to Beavercreek police. Dayton Power & Light told WDTN 2 Dayton the accident also caused a power outage affecting 2,579 customers. All of those customers have since had their power restored. Police said the driver of the dump truck could possibly be charged with failure to control his vehicle. Source:

46. March 14, Bluffton Island Packet – (South Carolina) FCC levies $25K fine on Hilton Head radio station owner. The owner of a South Carolina radio station faces a $25,000 fine by the Federal Communications Commission (FCC), the Bluffton Island Packet reported March 14. Citing “willful and repeated” violations of its rules, the FCC recently levied the fine against the owner of WNFO 1430 AM Hilton Head. In a March 8 letter to the owner, the FCC said he failed to maintain an effective and secure fence around the base of the station’s radio tower, to install Emergency Alert System equipment, and make available a complete public inspection file. The FCC’s letter said its agents observed that a large section of the fence surrounding the tower had collapsed, and it appeared to have been in that condition for more than one day, a violation of agency code. The owner was fined $8,000 for an apparent failure to install and maintain equipment and broadcast logs for its use of an Emergency Alert System. He told the agents vandals had disconnected that equipment and removed the logs. Source:

47. March 14, WXIA 11 Atlanta – (National) Verizon data and voice outages in parts of Georgia. Data and voice outages were reported on Verizon’s 3G network March 14, covering parts of Georgia, Alabama, Maryland, Delaware, New Jersey, and the Philadelphia area. According to a tweet from Verizon Support, “Our engineers are engaged in the Northeast to resolve report regarding iPhone data. We are working to restore it quickly.” A second tweet noted, “An alert was just released for the area of South Georgia and Alabama. We are working diligently to restore the connection.” According to a report from Wireless and Mobile News, systems provider Network Solutions indicated that data service was not expected to be restored until late March 14. Source:

For another story, see item 40 above in the Information Technology Sector

Thursday, March 15, 2012

Complete DHS Daily Report for March 15, 2012

Daily Report

Top Stories

• A transformer explosion and fire knocked out power to over 10,000 homes and businesses in downtown Boston March 13 and 14. The explosion caused many buildings to evacuate, and streets and transit stations to close. – WHDH 7 Boston

1. March 14, WHDH 7 Boston – (Massachusetts) Transformer fire causes Back Bay black out. About 12,000 people remained without power March 14 a day after a 3-alarm fire broke out in a Back Bay utility building where a115,000-volt transformer exploded in Boston. The early evening March 13 fire from a substation that housed two transformers created a power outage in Boston that officials of utility NSTAR said they had not seen before because of the concentration of homes and businesses affected. The lights went out on several major thoroughfares and in commercial areas such as the Back Bay, Chinatown, the Theater District, and Kenmore Square. About 100 generators were brought into the city early the afternoon of March 14 to help customers get back online. Due to the outages, several private colleges, businesses, transit stations, and a Boston Public Library location were closed. About 21,000 customers were without electricity at the height of the outage. The Boston Fire Department said the transformer that caught fire was in a utility building next to the Sheraton Back Bay and Hilton Back Bay hotels, which were evacuated due to the heavy smoke and power outages. Source:

• Congressional auditors found that despite vast government expenditures, many hospitals had lax or improper security of medical radioactive materials that could be used to make a “dirty bomb.” – New York Times

8. March 14, New York Times – (National) Hospital audit finds radioactive materials unsecured. Congressional auditors found many hospitals with lax or improper security of medical radioactive materials, the New York Times reported March 14. In testimony prepared for delivery to a Senate panel, a Government Accountability Office (GAO) official planned to say that people with responsibility for security told the auditors that they were trained as physicists or radiation health technicians and were being told to enforce rules “that they did not believe they were fully qualified to interpret.” The materials, such as cesium 137, could be included in a device with conventional explosives to make a “dirty bomb.” There are about 1,500 hospitals and medical buildings that use radioactive materials, according to the Energy Department, which has spent about $96 million to secure them. Source:

• A strange foam found in about 1 in 4 hog farms in the midwestern United States has led to at least 6 explosions since 2009. Experts said that there was little farmers could do about it. – Wired

22. March 13, Wired – (Midwest) Mysterious hog farm explosions stump scientists. A strange new growth has emerged from the manure pits of midwestern hog farms, and the results are literally explosive, Wired reported March 13. Since 2009, six farms have blown up after methane trapped in an unidentified, pit-topping foam caught a spark. In the afflicted region, the foam is found in roughly 1 in 4 hog farms. There is nothing farmers can do except be very careful. Researchers are not even sure what the foam is. “This has all started in the last 4 or 5 years. We don’t have any idea where it came from or how it got started,” said an agricultural engineer of the University of Minnesota. The pits are emptied each fall, after which waste builds up again. Methane is a natural byproduct, and is typically dispersed by fans before it reaches explosive levels. However, inside the foam’s bubbles, methane reaches levels of 60 to 70 percent, or more than 4 times what is considered dangerous. The foam can reach depths of more than 4 feet. Disturb the bubbles and enormous quantities of methane are released in a very short time. Add a spark — from, say, a bit of routine metal repair, as happened in a September 2011 accident that killed 1,500 hogs and injured a worker — and the barn will blow. The foam can appear in one barn but not another on a farm where every barn is operated identically. Once the foam is established, it keeps coming back, regardless of cleaning and decontamination efforts. However, though it is now common in southern Minnesota and northern Iowa, and in adjacent parts of northwestern Illinois and southwestern Wisconsin, the foam does not seem to be spreading outside that area. Source:

• A suspect surrendered to police after shooting four people, killing at least one, outside a county courthouse in Beaumont, Texas, March 14. – MSNBC

27. March 14, MSNBC – (Texas) Woman shot dead outside courthouse. At least one person was shot dead by a man outside a county courthouse in Beaumont, Texas, local media reported March 14. An elderly woman was killed and at least three others were shot, including two rushed to the hospital with several gunshot wounds, KFDM 6 Beaumont reported. The shootings took place outside the courthouse, in the basement of the county clerk’s office, and at a bus station. The suspect reportedly surrendered to police after barricading himself in a building two blocks from the courthouse. A judge told KBMT 12 Beaumont the suspect is a man facing charges of having sexually assaulted his young daughter, who reportedly is mentally handicapped. He had been expected at a hearing the afternoon of March 14, the judge said. Source:

• Police said a man was shot by a police officer after he stabbed four people — critically wounding three — in an attack near a Columbus, Ohio technical school. – Associated Press

28. March 14, Associated Press – (Ohio) Police: 4 stabbed at Ohio downtown office building. Police said a man stabbed four people in an attack that began near a Columbus, Ohio technical school and then was shot by a police officer as he left the downtown office building March 14. A Columbus police spokesman said the suspect confronted one victim inside the building near Miami-Jacobs Career College. He said other people inside intervened and took away one knife the suspect was using. The spokesman said those who intervened did not realize suspect had a second knife. Three male victims were in critical condition, while a fourth man has minor injuries. The suspect was in critical condition. A school spokesman said he did not know whether the victims were students or staff. Source:


Banking and Finance Sector

10. March 14, Reuters – (New York) Banks to pay $25 million to NY state over mortgage system. Five major U.S. banks have agreed to pay $25 million to New York State over their use of an electronic mortgage database the state said resulted in deceptive and illegal practices that led to more than 13,000 foreclosures, Reuters reported March 14. JPMorgan Chase & Co., Bank of America Corp., and Wells Fargo & Co. each agreed to pay $5.9 million in order to partially settle a lawsuit over their use of the Mortgage Electronic Registration System (MERS). Two other banks, Citigroup Inc. and Ally Financial, also agreed to pay $5.9 million and $1.25 million respectively, although they were not named in the February 3 lawsuit. All five banks in February reached a settlement with 49 states and federal agencies to pay $25 billion to resolve government lawsuits over faulty foreclosures and the handling of requests for loan modification. In the New York settlement in February, none of the banks admitted nor denied the MERS allegations, the agreement said, a copy of which was obtained by Reuters March 13. In exchange for the $25 million, New York State agreed to drop some specific MERS claims. The state will use the money to address housing issues, such as mortgage defaults and foreclosures, and for further investigation and prosecutions. Source:

11. March 14, Orlando Sentinel – (Florida) Kissimmee credit union evacuated for suspicious smell. A St. Cloud, Florida credit union was declared safe March 14, shortly after a sickening odor prompted an evacuation. Two workers were treated after they inhaled the smell at The CFE Federal Credit Union. A St. Cloud police sergeant indicated all air samples taken by fire rescue and HAZMAT personnel came back negative. She said the building was cleared and turned over to CFE staff, noting the odor was possibly related to sewer gas from a dried up floor drain. Source:,0,6633889.story

12. March 13, U.S. Securities and Exchange Commission – (National) SEC charges three mortgage executives with fraudulent accounting maneuvers in midst of financial crisis. The U.S. Securities and Exchange Commission (SEC) charged the senior-most executives at formerly one of the nation’s largest mortgage companies March 13 with hiding the company’s deteriorating financial condition at the onset of the financial crisis. The plan backfired and the company lost 90 percent of its value in 2 weeks. The SEC alleges that Thornburg Mortgage Inc.’s chief executive officer (CEO), chief financial officer (CFO), and chief accounting officer schemed to fraudulently overstate the company’s income by more than $400 million and falsely record a profit rather than an actual loss for the fourth quarter in its 2007 annual report. Behind the scenes, Thornburg was facing a severe liquidity crisis and was unable to make on-time payments for substantial margin calls it received from its lenders. When Thornburg began to default on this new round of margin calls, it was forced to disclose its problems in 8-K filings with the SEC. By the time the company filed an amended annual report March 11, 2008, its stock price had collapsed by more than 90 percent. Thornburg never fully recovered and filed for bankruptcy May 1, 2009. The SEC’s complaint charges the executives with violations of the antifraud, deceit of auditors, reporting, record keeping, and internal controls provisions of the federal securities laws. The complaint seeks officer and director bars, disgorgement, and financial penalties. Source:

13. March 13, U.S. Commodity Futures Trading Commission – (National) CFTC charges Arjent Capital Markets LLC, Chicago Trading Managers LLC with commodity pool fraud. The U.S. Commodity Futures Trading Commission (CFTC) filed an enforcement action March 13 charging Arjent Capital Markets LLC (Arjent), Chicago Trading Managers LLC (CT Managers), and two individuals with defrauding commodity pool investors by knowingly or recklessly issuing false account statements for three separate commodity pools. The complaint, filed in a New York district court, alleges that beginning around June 2008 through at least November 2009, participants in the three commodity pools invested about $10.5 million. The defendants allegedly aggregated investors’ funds into a single account in Arjent’s name, the Arjent Trading Account (ATA), held at and cleared by a futures commission merchant (FCM) in New York. The defendants then assigned subaccounts of the ATA to the pools so the value of each depended on the overall value of the ATA. Some subaccounts carried negative balances and by June 2009, some had losses of millions of dollars, the complaint said. A statement provided by Arjent to the FCM in December 2009 allegedly disclosed Arjent had carried negative balances of about $6.8 million since October 2009. However, account statements provided to investors did not disclose these critical facts. By not disclosing the negative balances, the defendants fraudulently overstated the value of the subaccounts, creating the false impression the individual accounts were worth more than they actually were. Source:

14. March 13, U.S. Securities and Exchange Commission – (National) Court orders two officers of United American Ventures to pay $1 million penalties and $8.5 million in disgorgement in SEC case. The U.S. Securities and Exchange Commission (SEC) announced March 13 that a federal judge has ordered two current and former officers of United American Ventures, LLC to pay $2 million in civil penalties and to disgorge more than $8.5 million in ill-gotten profits in a securities fraud case. The SEC litigated the case beginning in June 14, 2010 when the agency charged four individuals, United American Ventures, LLC (UAV), and Integra Investment Group, LLC (Integra) with securities fraud. The complaint alleged UAV raised $10 million from at least 100 investors through the unregistered and fraudulent sale of convertible bonds. According to the complaint, two of the defendants founded UAV, with one acting as the company’s president from 2006 until 2009, when the other defendant took over as president of the company. A judge in federal court in New Mexico granted judgment in favor of the SEC March 2, finding the men and UAV jointly liable for disgorgement of $8,652,942 and prejudgment interest of $426,430. The court also assessed civil penalties of $1 million each against the men. The court also granted judgment in favor of the SEC finding the third defendant and Integra jointly liable for $284,039 in disgorgement, and the fourth defendant liable for $54,381 in disgorgement. It assessed a $130,000 civil penalty against the third defendant, and a $54,381 penalty against the fourth. Source:

15. March 13, Reuters – (National) CIT Group offers to pay $75 million to end fraud lawsuit. CIT Group Inc. asked a federal judge March 13 to approve a $75 million settlement proposal with former CIT shareholders in a class-action securities fraud lawsuit over actions preceding the large commercial lender’s 2009 bankruptcy. The preliminary settlement, which was submitted to a Manhattan, New York federal court judge for approval, would put an end to a lawsuit brought on behalf of purchasers of CIT securities from December 12, 2006 to March 5, 2008. CIT once lent to 1 million small- and mid-sized businesses, but filed one of the five largest bankruptcies in U.S. history November 1, 2009, after loan losses surged. The deal calls for CIT to pay $75 million in cash to be distributed among class members. In refusing to dismiss the case 2 years ago, the judge said investors had sufficiently alleged they were misled. The plaintiffs accused CIT of failing to disclose a lowering of credit standards, misrepresenting the performance of subprime mortgage and student loan portfolios. CIT’s bankruptcy filing caused the government to lose the $2.3 billion in bailout money it had injected into CIT in December 2008. Source:

For another story, see item 35 below in the Information Technology Sector

Information Technology

35. March 14, Help Net Security – (International) Fake online streaming service phishes and robs users. BitDefender researchers recently spotted a bogus online video player by the name of Web Player being offered to users searching for media players through Google. The player appears legitimate at first glance. During the installation process, it presents a EULA and information about its supposed developer, but once installed, it asks users to log in with an e-mail address and a password. Even though users do not have to share that data with the software to be able to “connect” to the video, it is probable many inexperienced ones do, thus allowing crooks to access their e-mail accounts. According to the researchers, no matter what data the victims type in, they are redirected towards an HTML page that allegedly offers a free-of-charge movie online player for many classic movies and new releases. The pages to which the users are taken change constantly, as they often get blocked by antivirus vendors. However, all require users to “register” with credit card data to watch the movies they want. As such, not only do the users get scammed to share their e-mail credentials, but also their credit card data. Source:

36. March 14, H Security – (International) Microsoft closes critical RDP hole in Windows. Microsoft released six security bulletins to close seven holes. It said one of the bulletins (MS12-020), rated as critical, addresses two privately reported vulnerabilities in its implementation of the Remote Desktop Protocol (RDP). The first is a “critical-class” issue in RDP that could be exploited by an attacker to remotely execute arbitrary code. Although RDP is disabled by default, many users enable it so they can administer systems remotely within their organizations or over the Internet. All supported versions of Windows from Windows XP Service Pack 3 to Windows 7 Service Pack 1 and Windows Server 2008 R2 are affected. As the issue was reported by the Zero Day Initiative, Microsoft said it has yet to see any active attacks exploiting these in the wild, but warns, “due to the attractiveness of this vulnerability to attackers,” it anticipates “that an exploit for code execution will be developed in the next 30 days.” Because of this, the company said installing the updates should be a priority. However, as some customers “need time to evaluate and test all bulletins before applying them,” Microsoft also provided a workaround and a no-reboot “Fix it” tool that enables Network-Level Authentication to mitigate the problem. A second “moderate-class” denial-of-service that can cripple an RDP server was also fixed. Another vulnerability is fixed in bulletin MS12-018 which provides a patch for a privilege escalation issue in all versions of Windows that could allow a user with limited rights to run arbitrary code in kernel mode, that is, with system privileges. The vulnerability exists in the PostMessage function of the kernel-mode driver in win32k.sys. Microsoft’s bulletin MS12-019 addresses a denial of service vulnerability in DirectX’s DirectWrite where trying to render a particular sequence of Unicode characters can lock up an application; the bug affects Vista and later versions of Windows. Source:

37. March 13, Computerworld – (International) Mozilla nixes Firefox 11 delay, will launch upgrade today. March 12, Mozilla announced it was postponing the release of Firefox 11, but changed its mind March 13, saying the browser upgrade would go out on schedule. March 12, the senior director of Firefox engineering said Mozilla was delaying Firefox 11’s launch to examine a bug unveiled at the Pwn2Own hacking contest the week of March 5, and to give developers time to scrutinize Microsoft’s security updates, set to release March 13. Originally, he said the delay would be “a day or two.” March 13, he updated his post to a Mozilla blog confirming the upgrade would go out after all. As for Windows security updates released March 13 — which he acknowledged “interacted badly with [Mozilla’s] updates before” — the company was taking a different tack. “In order to understand the impacts of Microsoft’s ‘Patch Tuesday’ fixes, we will initially release Firefox for manual updates only,” he said March 13. “Once those impacts are understood, we’ll push automatic updates out to all of our users.” Firefox 11 will include the usual security patches. Source:

38. March 13, Infosecurity – (International) Adobe ships patch for ColdFusion flaw that could lead to DoS attacks. Adobe released a Priority 2 security update for ColdFusion that fixes a vulnerability that puts users at risk for denial-of-service attacks. The flaw, which is rated “important,” affects ColdFusion 9.0.1 and earlier version for Windows, Mac, and UNIX. “This vulnerability could lead to a denial of service attack using a hash algorithm collision,” Adobe said in its security bulletin. The Priority 2 rating, part of the new advisory system introduced by Adobe in February, means the “update resolves vulnerabilities in a product that has historically been at elevated risk. There are currently no known exploits.” The “important” rating indicates the vulnerability, if exploited, “would compromise data security, potentially allowing access to confidential data, or could compromise processing resources in a user’s computer.” Adobe provided a hotfix for the vulnerability and recommended that users of ColdFusion apply the patch within the next 30 days. Source:

39. March 13, Threatpost – (International) Microsoft adds new exploit mitigations to IE 10. Microsoft’s new version of Internet Explorer (IE) 10 includes major changes to the exploit mitigations. In addition to the existing implementations of address space layout randomization (ASLR), DEP, and other technologies in Windows and IE, Microsoft included many new ones designed to further inhibit memory attacks. The biggest change in IE 10 is a technology called ForceASLR meant to help compensate for the fact not every application on Windows is compiled with the flag that opts them into ASLR. One of the main exploit mitigations Microsoft added to Windows in recent years, ASLR basically turns memory modules into moving targets for attackers, making it more difficult for them to locate payloads where they want. This made browser-based exploits more complicated, but it only works if developers compile their applications with a specific flag, called /DYNAMICBASE, set. The new ForceASLR technology helps fix that shortcoming by allowing IE to tell Windows to load every module in a random location, regardless of whether it was compiled with the /DYNAMICBASE flag. Microsoft security officials said this is among the more important additions it has made to the security of its browser and Windows machines. Source:

40. March 13, Dark Reading – (International) Malicious proxies may become standard fare. A number of security-as-a-service applications — from Postini to OpenDNS to Zscaler — reroute domain-name system (DNS) requests through centralized servers or proxies to detect security threats and sanitize traffic before it reaches the client network. Yet proxies are not just used by security companies, but by criminals as well. DNSChanger, which authorities shut down November 2011, used just such a strategy to reroute victims to custom advertisements and malicious installers. When the program compromised a system, it would replace the list of valid DNS servers with entries that pointed to servers controlled by the criminal operators, allowing the botnet owners to reroute victims’ Internet requests to any site. While DNSChanger itself did little damage with Internet traffic under the control of malicious actors, compromised systems quickly became laden with secondary infections. Source:

Communications Sector

See item 35 above in the Information Technology Sector