Friday, April 20, 2012

Complete DHS Daily Report for April 20, 2012

Daily Report

Top Stories

Federal regulators issued first-ever air pollution rules for fracking wells April 18, requiring drillers burn or capture natural gas and its smog-producing compounds that are released when the wells are first tapped.USA Today

2. April 19, USA Today – (National) EPA issues air pollution rules for fracking wells. Federal regulators issued first-ever air pollution rules for “fracking” wells April 18, requiring that drillers burn or capture the gas and its smog-producing compounds released when the wells are first tapped. An Environmental Protection Agency official announced the rules, the first to cover some of the 13,000 wells drilled yearly nationwide that use hydraulic fracturing, or fracking, to collect natural gas and oil from deep shale layers. Going into effect in 60 days, they cover the period when a well is first drilled when natural gas is still venting but before it begins actual production. In a compromise with the industry, regulators said the drillers can flare, or burn off, the gas for now, a process that can last for weeks. However, starting in 2015 they would lose that option. Instead, they will be required to collect it — so-called green completion of new fracking wells. Half of all new wells already collect gases from the initial drilling of the well, but only Colorado and Wyoming explicitly require such green completions. Source:

Three men were charged April 18 with bilking $15 million from hundreds of individuals who thought they were investing in lawsuit settlements.Reuters See item 11 below in the Banking and Finance Sector

• A 60-mile stretch of Highway 20E east of Brothers, Oregon, was shut down after a tanker carrying 46,000 gallons of fertilizer overturned and leaked. – KTVZ 21 Bend

12. April 19, KTVZ 21 Bend – (Oregon) Tanker truck crash, small spill still limits Hwy. 20E. Highway 20E east of Brothers, Oregon was reduced to one lane the morning of April 19, 12 hours after a tanker truck carrying about 46,000 gallons of liquid fertilizer crashed, overturned and began to leak its cargo, shutting 60 miles of the highway for several hours, the Oregon State Police (OSP) reported. A trooper said the evening of April 18, the truck was eastbound on 20E near milepost 50 (about 8 miles east of Brothers, 50 miles east of Bend) when it drifted onto the shoulder. The truck and trail rolled at least once before coming to rest on the shoulder. Emergency responders from several police, fire, and transportation agencies responded, as well as an environmental HAZMAT firm. Officials said a small amount of fertilizer leaked. The truck driver, working for Sherman Bros. based in Harrisburg, Oregon, was cited for failure to maintain a lane of travel. After a complete, 2-hour closure, one lane was open for traffic, flagged through in alternating directions. Troopers said the truck would be removed April 19. For a time, a more than 60-mile stretch of 20E east of Brothers was shut as authorities worked to determine the nature of the chemical with the trucking firm and Chemtrec, a national firm that tracks hazardous materials. The tanker reportedly had no warning placard on it, but the driver provided a manifest. Source:

• The personal information, including Social Security numbers, of more than 228,000 Medicaid recipients was stolen by a former South Carolina Department of Health and Human Services employee, police officials said.WBTV 3 Charlotte

23. April 19, WBTV 3 Charlotte – (South Carolina) SLED arrests DHHS employee in connection with data breach. The personal information of more than 228,000 Medicaid recipients was stolen by a former South Carolina Department of Health and Human Services (DHHS) employee, according to DHHS and the State Law Enforcement Division (SLED), WBTV 3 Charlotte reported April 19. SLED officials said the former employee was able to make off with 228,435 Medicaid recipients’ personal data by e-mailing the information to his personal Yahoo e-mail account. The information contained names, addresses, and Social Security numbers. Most of the people impacted by the breach live in Richland, Lexington, Barnwell, Orangeburg, Allendale, and Bamberg counties. He has been charged with five counts of Medically Indigent Act Confidentiality violations and one count of disclosure of confidential information. The DHHS director said the theft started in January and ended in April. They found out about the scheme after conducting employee performance reviews. SLED authorities have the employee’s home computer and are working to track down where the data went and why the employee wanted it. Source:

• The University of Pittsburgh cleared 5 buildings after a bomb threat April 19, the latest in a string of 110 evacuations of campus buildings due to threats since February 13.Associated Press

31. April 19, Associated Press – (Pennsylvania) Pitt clears five buildings after bomb threat. The University of Pittsburgh cleared five buildings after a bomb threat April 19, according to an emergency notification. Pitt emptied Litchfield Towers, and Sutherland, Bruce, Lothrop, and Pennsylvania halls. An ongoing series of threats were delivered by e-mail or in handwritten messages at various campus locations since February 13, and have led to more than 110 evacuations of campus buildings. Authorities have not found explosives. Source:


Banking and Finance Sector

7. April 19, Softpedia – (International) Ransomware uses Reveton to phish Ukash and Paysafecard credentials. Softpedia reported April 19 that experts from Microsoft’s Malware Protection Center (MMPC) have warned users to be on the lookout for schemes that rely on ransomware to steal log-in credentials for online payment services such as Ukash and Paysafecard. Similar to previously seen ransomware schemes, the victims’ computers become locked, displaying a screen that accuses users, on behalf of law enforcement agencies, of accessing illegal content. To user is requested to pay a so-called fine via Ukash or Paysafecard to unlock the device. When the user clicks on the link associated with the payment method, he/she is taken to a site designed to phish account credentials and send them back to a remote server in Russia. Microsoft has identified the pieces of malware that fuel this scheme as Trojan:HTML/Ransom.A and Trojan:Win32/Reveton.A. In many cases, these malicious elements are served via adult sites. Source: (_

8. April 18, New York 1 – (New York) FBI, NYPD arrest alleged ‘White Glove Bandit’. The FBI and the New York City Police Department (NYPD) arrested a suspect April 18 in the East Village who is thought to be the “White Glove Bandit” who has robbed four Manhattan banks. Officials said NYPD detectives and FBI agents arrested the suspect around while conducting surveillance near Tompkins Square Park. The suspect allegedly robbed an HSBC Bank April 17. Investigators say he showed a gun to the teller and demanded cash. They also believe he robbed the same branch January 26 and also hit a Citibank branch on LaGuardia Place twice. Source:

9. April 18, Chicago Sun-Times – (Illinois; Indiana; Minnesota) 15 people charged in scheme to get fake unemployment benefits. A woman from south suburban Country Club Hills was charged along with 14 others in a scheme that defrauded state unemployment insurance agencies in Illinois and 2 other states of more than $8.7 million, the U.S. attorney’s office in Chicago said April 18. The woman, who owned tax preparation businesses on Chicago’s south side, was charged with 14 counts of mail and wire fraud, 6 counts of filing false claims for tax refunds, and 1 count of aggravated identity theft, the U.S. attorney’s office said in a news release. She and the other defendants registered about 80 fictitious employers with unemployment insurance agencies in Illinois, Indiana, and Minnesota, and used the shell companies to collect unemployment insurance benefits, authorities said. The Illinois Department of Employment Security was defrauded of about $6 million, authorities said. It was also alleged the woman was involved in a scheme to falsely claim more than $1 million in federal tax refunds, using her tax preparation companies. Information from clients of the woman’s tax preparation firms, including Social Security numbers, was used to file unemployment benefits claims, the government alleges. Source:

10. April 18, Los Angeles Times – (California) Mother and son convicted in federal court of mortgage fraud. A mother and son were convicted in a San Diego federal court April 18 for what prosecutors called an $8 million mortgage fraud involving 16 homes in San Diego and Riverside counties. A jury convicted the real estate agent and her son, an attorney, on multiple counts of wire fraud for allegedly submitting phony documents in support of false loan applications for unqualified buyers. The 2 face 20 years in prison on each of 5 counts. Source:

11. April 18, Reuters – (New York; National; International) Litigation-funding firms were $15 mln fraud: U.S. Three men were charged April 18 with bilking $15 million from hundreds of individuals who thought they were investing in lawsuit settlements, federal prosecutors said. The men collaborated on three different fraudulent investment schemes between December 2008 and April 2012, according to a complaint filed in a New York federal court. One man was charged with wire fraud, a second with money laundering, and a third with conspiracy to commit wire fraud and money laundering. Between December 2008 and November 2009, the defendants ran a company called the Rockford Group, which marketed itself as a “leading private equity firm” that would invest money in personal-injury and other litigation, prosecutors said. Investors were promised 15 percent of money the plaintiffs recovered from lawsuits, prosecutors said. But the Rockford Group never invested in any litigation and instead wired investors’ money to overseas bank accounts. As a result, roughly 200 U.S. and Canadian investors lost about $11 million. In March 2011, the defendants embarked on a scheme soliciting investments in litigation funding, through a company called Grayson Hewitt. Instead of using the money as purported, the defendants spent it on gold and personal expenses. The Grayson Hewitt scheme cost investors about $5 million. Source:$15_mln_fraud__U_S_/

Information Technology

39. April 19, H Security – (International) Mozilla blocklists Java on older Mac OS X systems. Mozilla blocked the Java plugin in Firefox running on versions 10.5 and earlier of Mac OS X, as these versions of Apple’s operating system will not be receiving an update to the installed Java on their systems. The move comes 2 weeks after Mozilla blocklisted older versions of Java on Windows that had the flaw that was being exploited by the Flashback trojan and other malware. Mac OS X systems 10.5 and older will not be getting a Java update from Apple. This means Mozilla is now comfortable adding all Java versions on those OS versions to the blocklist. However, for 10.6 and later, the situation is different: Apple released updates that remove the vulnerability for those systems, but there is a bug in Firefox 11 that causes it to ignore updates such as that one and keep reporting an old version is installed. This would, in turn, mean that if the blocklist was updated for 10.6 and later, it would most likely block the Java plugin on non-vulnerable systems. The bug in Firefox is due to be fixed in Firefox 12, which will be released April 24. Users can expect the blocklist to be updated sometime shortly after that. Source:

40. April 19, Softpedia – (International) 5,000 malicious Android apps identified in Q1, 2012. Trend Micro released its quarterly report for the first part of 2012 and, so far, it appears cybercriminals focused their efforts mostly on schemes that target mobile device owners, particularly Android users. While 2011 was considered the year of the hacktivists, 2012 may be the year of mobile malware. At the end of 2011, many security experts said mobile threats would increase in 2012 and those predictions seem to be coming true. Trend Micro already identified 5,000 malicious Android apps, one-click billing fraud schemes, and fake applications that hide malicious elements being the most prevalent. Advanced persistent threats also left their mark on the first quarter. In these types of attacks, cybercriminals take their time to go deep into the targeted network and cause damage. Hoaxes and scams that circulate via e-mail and social networking sites were also prevalent. The large number of individuals that utilize Facebook, Twitter, and more recently, Pinterest, are all tempting targets for scammers and cybercrooks who use the data from social media sites to launch social engineering attacks. Source:

41. April 18, Bloomberg – (International) Chinese nationals charged by U.S. with software piracy. Two Chinese nationals were charged with illegally exporting technology to their home country and pirating software from U.S. companies including Agilent Technologies, federal officials said. The married couple, from Chengdu, China, were indicted by a federal grand jury in Wilmington, Delaware, according to a statement April 18 by the U.S. Immigration and Customs Enforcement agency. “Counterfeiting and intellectual-property theft are seriously undermining U.S. business and innovation — more than $100 million in lost revenue in this one case alone,” the agency’s director said in the statement. The couple are accused of running a Web site called “Crack 99” that sold copies of software the “access-control mechanisms” of which had been circumvented, he said. The pair is charged with distributing more than 500 pirated copyrighted works to more than 300 purchasers in the United States and overseas from April 2008 to June 2011. The case was unsealed April 18. The software includes programs made by Santa Clara, California-based Agilent and Canonsburg, Pennsylvania-based Ansys, according to the indictment. The husband was arrested by federal agents in June 2011 on an earlier indictment in the case. The wife “remains an at- large fugitive in Chengdu,” according to the statement. Source:

For more stories, see items 23 above in Top Stories and 42 below in the Communications Sector

Communications Sector

42. April 19, – (New York) Verizon phone outage has UWS customers dialing M for Mad. Hundreds of Verizon customers on the Upper West Side neighborhood of New York’s Manhattan borough are mad because their phone lines have been down for almost a week — and the company has told them they will not be fixed until April 26. The massive service outage is affecting land lines and some Internet connections in multiple buildings. Residents and office workers in the area say their phones suddenly went dead April 12. It is not known exactly how many customers are without phone service. A Verizon spokesman said the company has received “less than 300” calls from customers reporting their lines were dead. Some customers reported static, “limited service,” or other problems. The spokesman said the telephonic troubles started with a malfunctioning pressurization system. The system usually pumps air into underground cables but instead it pumped water. Now Verizon is drying out cables and replacing some that were damaged with new ones, the spokesman said. Most of that work should be completed by the end of this weekend, he said, but there could be “lingering issues” into the week of April 23. The outage affected traditional copper cables for land-line phones and some Internet connections. The fiber-optic FiOS network that provides TV, Internet, and voice service wasn’t affected, the spokesman said. Source:

43. April 19, Associated Press – (Michigan) Cut cable shuts phone service in 2 Mich. counties. Authorities in Michigan’s Upper Peninsula are trying to figure out who cut a fiber optic cable, shutting down phone service in parts of Delta and Schoolcraft counties April 18. The Mining Journal of Marquette reports outages were first reported the afternoon of April 18, with people in most parts of Schoolcraft County unable to make or receive phone calls via landlines or cellphones. Callers in parts of Delta County were also experiencing problems with cellphone service. The outage also affected 9-1-1 cellphone calls. Michigan State Police say the cable was cut near Cooks in Schoolcraft County. The line was repaired by the morning of April 19. Source:

44. April 18, Houston Chronicle – (Texas) KPFT back on the air after two-day outage. KPFT 90.1 FM Houston returned to the air April 18 after an outage of more than 2 days that the station’s manager said was related to storm damage at the transmitter site in northwest Harris County. He said the station’s primary signal was knocked off the air April 16 during storms that rolled through the Houston area. KPFT continued to broadcast through its Web site and through “repeater” towers at 89.5 FM in Galveston, 89.7 FM in Huntsville, and 90.3 FM in Goodrich. Repair crews were able to return the station to the air with limited power April 18, but the manager said the station likely would have to replace its antenna. He said it could cost up to $300,000 to get the station back on the air at full power. Source:

For another story, see item 40 above in the Information Technology Sector