Wednesday, March 21, 2012
• Taylor, Bean & Whitaker Mortgage Corp.’s former chief financial officer admitted to helping his boss commit a $3 billion fraud that caused one of the country's largest banks to collapse. – Bloomberg See item 11 below in the Banking and Finance Sector.
• Three people were convicted on federal bank fraud charges in connection with an identity-theft scheme where bank insiders helped them steal millions from dozens of victims in four states. – Orange County Register See item 12 below in the Banking and Finance Sector.
• More than two dozen students were recovering at a local hospital March 19 after three school buses crashed in Upper Marlboro, Maryland. – WJLA 7 Arlington
15. March 19, WJLA 7 Arlington – (Maryland) Kids hospitalized in Upper Marlboro crash. More than two dozen students were recovering at a local hospital March 19 after three school buses crashed in Upper Marlboro, Maryland. The buses had just departed Fredrick Douglas High School and were loaded with students going home when the crash occurred near Route 301. Paramedics treated 75 students at the scene. Thirty-four others were transported to the hospital where the triage extended to the outside while parents waited in a separate area. Officials said all the students were treated for only minor injuries. Source: http://www.wjla.com/articles/2012/03/kids-hospitalized-in-upper-marlboro-crash-73951.html
• A tornado and strong storms in the Houston area hurt several workers at a chemical plant and damaged a bank and electric utility station. – KTRK 13 Houston
50. March 20, KTRK 13 Houston – (Texas) Strong storms cause damage across Houston
area. The National Weather Service investigated the possibility that at least one tornado caused damage as a line of strong storms moved through the Houston area March 20. Some workers with Lyondell-Basell suffered injuries when high winds toppled a tent. It was not clear how many workers were inside the reinforced, industrial-sized tent of about 50 feet by 100 feet. The workers were in the process of being moved, according to a company spokesman, when the tent became unstable and flipped over. Four workers were checked out at a hospital. The storms are also blamed for a fire at the San Jacinto Steam Electric Station NRG facility in La Porte. A spokesman said it appeared lightning struck the switch yard causing a fire. High winds broke some windows at the Bank of America building on I-10 near Federal. A light pole was knocked down, and some vehicles in the parking lot suffered broken windows and wind damage. An official with Harris County Flood Control District reported several trees and fence lines down. Winds in that area were estimated by radar to be between 55 to 60 mph. Source: http://abclocal.go.com/ktrk/story?section=news/local&id=8586817
13. March 20, KTRK 13 Houston – (Texas) Storms strand passengers at Houston
airports. A combination of bad weather in north and central Texas, and storms in
Houston March 20 led to significant delays at Bush Intercontinental Airport, KTRK 13
Houston reported. Delays for travelers were up to 3 hours in many cases. The night of March 19, about 300 people spent the night sleeping on cots in the baggage claim area. The majority of them were supposed to fly to Dallas-Fort Worth International Airport, but the severe weather in north Texas forced those flights to land in Houston. Hotels in the area were all booked and no rental cars were available. Passengers described the scene as chaotic. At one point, a ground stop had been issued for both airports in the Houston area, meaning flights could take off, but could not land at the local airports. Source: http://abclocal.go.com/ktrk/story?section=news/local&id=8587981
Banking and Finance Sector
10. March 20, WFMZ 69 Allentown – (Pennsylvania) Police: Bank robber ID'd. A bank robber, acting as if he had an explosive device, was shot by a police detective in Berks County, Pennsylvania, March 19. The detective was at the M&T Bank by coincidence. He told investigators the suspect walked into the bank and ordered everyone to put their hands up. Police said the man appeared to have something strapped on him that had wires sticking out of it. When the detective approached the man and ordered him to get on the ground, the police chief said he had to act quickly. "The suspect said, 'You want everybody to be blown up?' And at that point, somewhere in between there, as they grappled, [the detective] pulled out his service revolver and shot the suspect," the chief said. The suspect was shot in the stomach. When authorities arrived, they also called the Reading Bomb Squad and the FBI. "The device the suspect used is a fake, it's a hoax," the police chief said. Source: http://www.wfmz.com/news/news-regional-berks/Police-Bank-robber-ID-d-as-Dragos-Ungurean/-/121418/9524554/-/12mfwbs/-/index.html
11. March 20, Bloomberg – (National) Ex-Taylor Bean finance chief admits role in $3 billion fraud. Taylor, Bean & Whitaker Mortgage Corp.’s former chief financial officer (CFO) admitted to helping his boss commit what prosecutors say was one of the largest bank frauds in U.S. history. He pleaded guilty March 20 in federal court in Alexandria, Virginia, to one count of conspiracy to commit bank and wire fraud and one count of false statements in a scheme that contributed to the failures of Montgomery, Alabama-based Colonial Bank and its parent, Colonial BancGroup, once among the nation’s 25 biggest depository banks. He faces as much as 10 years in prison. From 2005 through August 2009, the CFO helped Taylor Bean's ex-chairman and other conspirators misappropriate more than $1.5 billion from Ocala Funding LLC, a financing vehicle used and controlled by Taylor Bean, said a statement of facts filed by prosecutors. The CFO issued false financial reports that masked shortfalls to keep auditors at bay and investors on board, the document states. Taylor Bean was servicing more than 500,000 mortgages, including $51 billion of Freddie Mac loans, when it collapsed in August 2009, according to court records. The CFO admitted to falsifying mortgage loan data so Taylor Bean would meet collateral thresholds set by its lenders, and inflated the assets Taylor Bean supposedly owned, according to the statement of facts. False financial statements were given to Ginnie Mae and Freddie Mac so that Taylor Bean’s authority to sell and service mortgage securities guaranteed by the government-sponsored entities would be renewed, according to the court filing. Source: http://www.businessweek.com/news/2012-03-20/ex-taylor-bean-finance-chief-admits-role-in-3-billion-fraud
12. March 17, Orange County Register – (California; Southwest) 3 convicted in large ID theft ring. An Orange County, California jury found one man guilty and a judge convicted two others on federal bank fraud charges March 16 in connection with one of the largest identity theft schemes in southern California with dozens of victims and millions of dollars in losses. The three defendants faced several counts of attempted bank fraud, conspiracy to commit bank fraud, and aggravated identity theft. For the approximately 6-year duration of the scheme, defendants conspired to cause at least $8 million in losses, with victims in California, Arizona, Texas, and Nevada, prosecutors said. The defendants did everything they could to bypass bank security systems to drain the accounts of victims, many of them unsuspecting seniors, an attorney said in a statement. According to the government, as early as 2005, the defendants and co-conspirators used bank insiders to execute a sophisticated fraud scheme targeting individual bank accounts by obtaining confidential information. Prosecutors said the leader coordinated the scheme from behind state prison doors in partnership with gang members. After obtaining account data, the participants cashed fraudulent checks, prosecutors alleged. When banks called to check on the pending withdrawals, the calls were routed to co-conspirators who previously set up call forwarding with the victims' telephone companies, the attorney said. Source: http://www.ocregister.com/news/fraud-345082-bank-defendants.html
For another story, see item 44 below in the Information Technology Sector.
42. March 20, Threatpost – (International) Newly compiled driver shows Duqu authors still at work. One of the unique things about Duqu is the malware appears to be specifically tailored to each new victim. Rather than writing one piece of malware and spreading it out to a large potential victim base, the crew behind Duqu had a small, specially selected group of targets, each of which got its own specifically crafted components and drivers. Researchers say the number of known victims of Duqu is small, perhaps fewer than 50. In the last several days, researchers at Symantec found a newly compiled driver for Duqu, leading to speculation the attackers are still tweaking and modifying their original work. March 20, one of the researchers who did the initial analysis of Duqu at Kaspersky Lab said while the new driver did not have any new functionality, there are indications it is not just new, but it is also aimed at evading existing detection techniques for Duqu. Source: http://threatpost.com/en_us/blogs/newly-compiled-driver-shows-duqu-authors-still-work-032012
43. March 20, The Register – (International) Facebook 'cloaking' flaw allows unexpected snooping. A University College London research student and the chair of information communication technology told a conference of what they call a "zero day privacy loophole" in Facebook. Facebook users are not told when friends de-activate or re-activate accounts. That means trouble if the account is re-activated, as the newly re-activated friend regains access to anything their connections posted. Once they elicit information, they can de-activate the account again and their friends will almost certainly not know what happened or that they shared information. Source: http://www.theregister.co.uk/2012/03/20/facebook_deactivated_friend_zero_day/
44. March 20, The Register – (International) Trial finds eight ways to defeat Google, PayPal and other SSOs. U.S. security researchers unearthed flaws in the single sign-on (SSO) services operated by a number of portals, including Google and PayPal. Idiosyncratic methods of integrating the APIs, SDKs, and sample code supplied by identity providers are creating exploitable security shortcomings, according to a study by two researchers at Indiana University and one Microsoft researcher. In particular, the researchers said, the process of token exchange is often mangled, which creates the possibility for attackers to sign into targeted accounts without having to crack an intended victim's password. The study — touted as the first field trial of popular Web SSO systems — focused on implementation problems rather than fundamental flaws in the cryptographic techniques at play, which are fundamentally fine. The exercise uncovered eight serious logic flaws in high-profile ID providers and relying party Web sites (which rely on authentication cookies to establish a user session). ID providers affected included OpenID (including Google ID and PayPal Access); Facebook; the JanRain platform; Freelancer; FarmVille; and Sears.com. Every one of the eight flaws allows an attacker to sign in as a targeted user. The researchers contacted the sites involved, which have largely deployed a fix. Source: http://www.theregister.co.uk/2012/03/20/sso_security_shortcomings/
45. March 20, Help Net Security – (International) Beware of fake Google AV. According to GFI researchers, a number of pages offering "Google antivirus" software and threatening to block the users' access to Google services because of an infection have recently appeared, and they are listed among Google and Bing search results. The offered software is actually a rogue AV solution that has nothing to do with Google, and will likely try to bilk money from the victims. Currently, very few AV solutions detect the variant in question. Source: http://www.net-security.org/malware_news.php?id=2040&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader
46. March 19, Dark Reading – (International) Duqu code written by seasoned programmers, researchers find. March 19, Kaspersky Lab researchers announced that, with the help of the security community, they were able to unravel the origins of a well-masked programming language used to write the communications module in Duqu, the information-stealing malware that researchers at Kaspersky and other firms say is connected to Stuxnet. They also said that the same group of actors is behind both malware attacks. It turns out the attackers used object-oriented C language compiled with Microsoft Visual Studio 2008 — which indicates it was not a typical malware writer behind it, but more of an "old school" programmer, according to Kaspersky researchers. "This is not common for malware writers, that's for sure," Kapersky's chief malware analyst said. "This looks like a normal style for coding enterprise-wide applications." He said the language used is commonly a tool for professional software developers, which suggests the Duqu writers were not a typical cybercriminal outfit. Earlier in March, Kaspersky asked the security community for assistance in identifying the programming language, which did not appear to be one they ever saw before. Source: http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/232602839/duqu-code-written-by-seasoned-programmers-researchers-find.html
47. March 20, WDIO 10 Duluth – (Minnesota) Power outage knocks out Duluth media. WDIO 10 Duluth and other TV and FM stations in Duluth, Minnesota, were knocked off the air March 20 by a power outage. A cause was not immediately known, nor did officials provide an exact number of customers affected. Eleven of the 16 FM radio stations which transmit from the hillside were off the air. AM stations were unaffected because their transmitters are in different parts of the city. Source: http://www.wdio.com/article/stories/S2545096.shtml?cat=10335
48. March 20, WDSU 6 New Orleans – (Louisiana) Slidell phone systems down after main break. Slidell, Louisiana leaders said the city was experiencing a telephone outage March 19 after an underground main line broke. The city said it was working with AT&T to repair the lines and anticipated that service would be restored within 24 hours. City leaders said that city departments could be reached via e-mail while crews were working to restore the service. Source: http://www.wdsu.com/r/30711868/detail.html
49. March 19, Springfield State Journal-Register – (Illinois) Lincoln radio station will be off the air another 2-4 weeks. WLLM 1370 AM radio in Lincoln, Illinois, will be off the air another 2 to 4 weeks as the result of a March 12 electrical fire, the station's general manager said March 19. The offices have moved temporarily to another location while repairs are made to the station building. The general manager said damage to equipment was minimal and the fire did not reach the transmitter. Cornerstone Community Radio owns the not-for-profit station, which broadcasts at 1370 AM and 105.3 FM. Source: http://www.sj-r.com/breaking/x872948758/Lincoln-radio-station-will-be-off-the-air-another-2-4-weeks
For more stories, see items 43 and 44 above in the Information Technology Sector.