Monday, April 23, 2012

Complete DHS Daily Report for April 23, 2012

Daily Report

Top Stories

The California Public Utilities Commission said Pacific Gas and Electric will be fined nearly $17 million for irregularities in its gas pipeline safety testing in Contra Costa County.Bay City News Service

4. April 19, Bay City News Service – (California) PG&E to pay $17 million for safety violations. The California Public Utilities Commission (CPUC) confirmed April 19 Pacific Gas and Electric (PG&E) will be fined nearly $17 million for irregularities in the utility’s gas pipeline safety testing in Contra Costa County. In January, the CPUC issued a $16.76 million citation for the utility’s failure to conduct gas safety tests on more than 13 miles of gas distribution pipelines in several cities in Contra Costa County, including Danville, Antioch, Pittsburg, and Concord. Some stretches of pipeline had not been tested for leaks since 1993, a violation of federal and state pipeline safety regulations, according to the CPUC. PG&E appealed the citation in February. The appeal was denied by a CPUC administrative law judge, and the panel re-ordered the utility to pay the citation. Source: http://pinole.patch.com/articles/pge-to-pay-17-million-for-safety-violations

A court issued $14 million in fines against a Chicago trading firm, two Dutch companies, and three officers for manipulating the price of oil on the New York Mercantile Exchange.U.S. Commodity Futures Trading Commission See item 13 below in the Banking and Finance Sector

A Connecticut farm business where a fire had burned for 9 days as of April 20 was cited by state regulators for illegal construction of a solid wood waste facility.New Haven Register

23. April 20, New Haven Register – (Connecticut) Connecticut DEEP slaps violation notice on North Haven/North Branford farm business where fire has burned for 9 days. The Connecticut Department of Energy and Environmental Protection (DEEP) issued a notice of violation to a farm business where a fire had been burning on the North Haven-North Branford line for 9 days April 20. DEEP mailed the notice to the business April 18, saying it appears as if the farm built or created a solid waste facility where more than 10 cubic yards of wood waste — which includes tree limbs, trunks, branches, and other vegetative matter — was disposed of without a plan or permit issued by DEEP. Meanwhile, North Haven and North Branford officials, including those from the Quinnipiack Valley and East Shore District health departments, received air quality complaints from residents who were bothered by the smoke. Also, Eight-Mile Brook which runs through Rimmon Road in North Haven, was darkened as a result of the fire. Berms must be built so there will be no more runoff, the North Branford fire chief said. He said the DEEP took samples of water from a North Haven watercourse. There were dead fish in a pond, and the fire is being blamed for that. Source: http://www.nhregister.com/articles/2012/04/20/news/doc4f91431b7ba43305912353.txt

Farmers, ranchers, and woodlands in the southwest, southeast, and California could face problems from worsening drought conditions through July, according to federal forecasters.MSNBC

24. April 19, MSNBC – (National) Drought forecast for southwest, California ‘not optimistic’. Most of the southwestern region of the United States as well as parts of California and the southeast can expect drought conditions to worsen through July, federal forecasters said April 19. “Overall, the current Drought Outlook is not optimistic,” the National Weather Service said in summarizing its forecast. Besides affecting farmers and ranchers, drought means a greater risk of wildfires, especially in areas expecting a warmer than average spring. “May – July is expected to be warmer than normal” in the southwest and west, the service added in a more detailed report. “For most of the southwestern and western part of the country, drought is expected to persist in most locations and expand into the central Rockies,” it added. “In addition, mountain snowpack, the source of a lot of the region’s moisture, is starting off below normal, and as a result, summer streamflows are expected to be abnormally low,” forecasters noted. Most of California and Nevada, as well as parts of Colorado, Oregon, Texas, Utah, and Washington state, are also forecast to see drought persisting or intensifying. On the East Coast, most of Georgia and South Carolina, as well as parts of Alabama, Delaware, and Maryland, are expected to see continued or worse drought conditions. Source: http://usnews.msnbc.msn.com/_news/2012/04/19/11288192-drought-forecast-for-southwest-california-not-optimistic?lite

All Kansas prison inmates were moved back to a state facility after four escaped from a county jail, the department of corrections said April 19.Associated Press

38. April 19, Associated Press – (Kansas) Kansas removes all inmates from county jail after 4 escape; 2 remain at large. All Kansas prison inmates were moved back to a state facility after four escaped from a county jail, including a convicted murderer who remains at large, the department of corrections said April 19. The remaining 18 prison inmates who were being held in the Ottawa County Jail because of prison overcrowding were returned to the state prison in Ellsworth, a department spokesman told the Associated Press. Twenty-two inmates were transferred from Ellsworth in January to help alleviate overcrowding. Overcrowding in Kansas’ prisons has been exacerbated in recent years by closures and budget cuts. Inmate counts earlier in 2011 showed male prisons are housing 8,635 inmates, 266 over capacity. The spokesman also said the department had informal internal discussions about providing supplemental training to staffers at county jails that house state inmates. Source: http://www.foxnews.com/us/2012/04/19/2-kan-jail-inmates-at-large-1-in-custody-in-neb/?test=latestnews

The U.S. Cyber Emergency Response Team warned cyber criminals are attempting highly targeted social engineering attacks on operators of industrial control systems.Network World See item 42 below in the Information Technology Sector

Details

Banking and Finance Sector

10. April 20, Pocono Record – (Pennsylvania; New Jersey) Did Pocono Mountain cops catch ‘Silent Bandit’ bank robber? Police arrested a suspect in a Mount Pocono, Pennsylvania bank robbery April 19, and authorities are investigating whether he is the FBI’s “Silent Bandit,” suspected in a wave of robberies in eastern Pennsylvania and New Jersey. April 19, a man entered the ESSA Bank at Weis Markets in Mount Pocono, threatened tellers, and demanded money, but he did not display a weapon, Pocono Mountain Regional Police said. Minutes after the robbery, the suspect was spotted driving near the state police barracks in Swiftwater. He was stopped and arrested. The FBI has been investigating five bank robberies in the Lehigh Valley, Bucks County, and New Jersey since April 3. A sixth, unsuccessful, robbery reported April 18 at a PNC Bank branch in Flemington, New Jersey, was also believed to be linked to the “Silent Bandit.” All of the robberies occurred at banks inside grocery stores. Source: http://www.poconorecord.com/apps/pbcs.dll/article?AID=/20120420/NEWS/204200325/-1/news

11. April 20, International Business Times – (National; International) SEC accuses British twins of running ‘stock picking robot’ scam. The U.S. Securities and Exchange Commission (SEC) April 20 accused a pair of British twins of duping American investors into paying $1.2 million for subscription to a newsletter featuring a phony stock-picking robot. The two were hit with a SEC suit in a New York federal court accusing them of touting a sophisticated trading program dubbed “Marl” that could pick out penny stocks poised to jump in value. “The ‘stock picking robot’ was a work of fiction,” the SEC said. “The defendants’ story was persuasive. Approximately 75,000 investors, the vast majority of whom lived in the United States, paid ... for annual subscriptions to the Doubling Stocks newsletter and copies of the robot software.” The brothers’ tips actually came from stock promoters that paid them more than $1.8 million in fees, none of which was disclosed to investors, the SEC alleged. Investors would pay $47 for annual newsletter subscriptions, plus an additional $97 for a download version of the stock-picking robot, the complaint said. The software, however, was designed to take stocks from a database compiled by the brothers. The SEC said the cam was a pump-and-dump scheme to generate trading volume for thinly-traded stocks. Source: http://www.ibtimes.com/articles/331212/20120420/sec-investment-scheme-robot.htm

12. April 20, Boston Herald – (Massachusetts) SEC fines MIT prof and son $5M in hedge fund fraud. A Massachusetts Institute of Technology professor and his son must shell out nearly $5 million and have been barred from the securities industry in connection with U.S. Securities and Exchange Commission (SEC) fraud charges that claim the pair and their hedge fund firms mislead investors about their investment strategy and past performance, the Boston Herald reported April 20. An SEC investigation found that a Sloan School of Management professor and his son raised millions for their hedge funds through GMB Capital Management LLC and CMB Capital Partners LLC by falsely telling investors they had a lengthy track record of success based on actual trades using real money, when in reality, the pair knew the track record was based on back-tested hypothetical simulations. They also misled investors in certain funds to believe they used quantitative optimal pricing models devised by the professor to invest in exchange-traded funds and other liquid securities, the SEC said. Instead, they merely invested the money almost entirely in other hedge funds. GMB Capital Management later provided false statements to SEC staff examining the firm’s claims in marketing materials of a successful track record. The father and son agreed to be barred from the securities industry and pay $4.8 million. The SEC said that over 3 years they raised more than $500 million for eight hedge funds and various managed accounts while making representations to investors. Source: http://www.bostonherald.com/business/general/view.bg?articleid=1061125890&srvc=rss

13. April 19, U.S. Commodity Futures Trading Commission – (New York; Illinois; International) Federal court orders $14 million in fines and disgorgement stemming from CFTC charges against Optiver and others for manipulation of NYMEX crude oil, heating oil, and gasoline futures contracts and making false statements. The U.S. Commodity Futures Trading Commission (CFTC) April 19 announced it obtained $14 million in civil monetary penalties and disgorgement pursuant to a federal court consent order against defendants Optiver Holding BV, a global proprietary trading company headquartered in the Netherlands, and two subsidiaries — Optiver US, LLC (Optiver), a Chicago-based corporation, and Optiver VOF, a Dutch company, as well as against three former company officers responsible for the unlawful trading. The CFTC’s complaint charged the defendants with engaging in manipulation and attempted manipulation of New York Mercantile Exchange (NYMEX) Light Sweet Crude Oil, New York Harbor Heating Oil, and New York Harbor Gasoline futures contracts in March 2007. The complaint further charged Optiver and one of the individuals with concealing the manipulation by making false statements in response to an inquiry from NYMEX. The consent order requires the defendants to pay a $13 million civil monetary penalty and $1 million in disgorgement. The CFTC’s complaint alleged that in at least 19 instances in March 2007 the defendants attempted to manipulate prices, and in at least 5 instances were successful in causing artificial prices. In each instance, defendants intentionally accumulated a large position in Trading at Settlement (TAS) contracts. As alleged, the defendants offset their large TAS position by trading futures contracts shortly before and during the closing period in a manipulative manner. Source: http://www.cftc.gov/PressRoom/PressReleases/pr6239-12

14. April 19, Federal Bureau of Investigation – (Virginia) Hampton Roads businessman indicted for alleged $11 million historic tax credit fraud scheme. A Chesapeake, Virginia man was indicted by a federal grand jury accused of engaging in a 6-year historic tax credit fraud scheme that cost the United States and Virginia more than $11 million and enriched him and others by about $8 million, according to an April 19 FBI press release. The man “is accused of cheating taxpayers and investors out of millions intended to preserve historic properties in Virginia,” a U.S. attorney said. The man was charged in a 14-count indictment that included 1 count of conspiracy to commit wire fraud, 7 counts of wire fraud, and 6 counts of unlawful monetary transactions. According to the indictment, from January 2006 through March 2012, the man and his business partner allegedly borrowed funds from financial institutions to purchase and renovate properties that could qualify for historic rehabilitation tax credits. They had no personal use for the credits, but intended to sell them to investors in need of reducing their own tax liability. The man and his partner are accused of fraudulently increasing the federal and state historic tax credits for which they were eligible by inflating the amounts spent on renovating the properties, fabricating other necessary documents, and making other material misstatements. He and his business partner also allegedly sold these fraudulently obtained tax credits to corporate investors for millions of dollars by fabricating additional documents and representing that investor funds would be used to support the renovation projects. Source: http://www.fbi.gov/norfolk/press-releases/2012/hampton-roads-businessman-indicted-for-alleged-11-million-historic-tax-credit-fraud-scheme

15. April 18, U.S. Commodity Futures Trading Commission – (Colorado) Federal court orders Colorado defendants Flint-McClung Capital LLC to pay over $6 million in CFTC action charging them with running forex Ponzi scheme. The U.S. Commodity Futures Trading Commission (CFTC) April 18 announced a Colorado district court entered an order against defendants Flint-McClung Capital LLC (FMC) of Englewood, Colorado, and one individual requiring them jointly and severally to pay restitution of $1,701,250 and a $4.3 million civil monetary penalty. The order also imposes permanent trading and registration bans against the defendants. The court’s order of default judgment and permanent injunction stems from a June 2011 CFTC enforcement action that charged FMC and the individual with fraud and misappropriation in an off-exchange foreign currency (forex) Ponzi scheme. The order finds that, beginning around March 2010, the defendants fraudulently solicited and received at least $2.4 million from 20 customers by touting their success in trading forex. In their solicitations, the individual and FMC falsely represented FMC had about $300 million in pool participant funds, which were segregated and in reserve, and used about $500 million in FMC proprietary funds to trade forex. However, according to the order, the defendants engaged in little, if any, trading on behalf of pool participants. Of the funds solicited and received, the defendants misappropriated at least $1,701,250 for personal expenses. Source: http://www.cftc.gov/PressRoom/PressReleases/pr6236-12

Information Technology

39. April 20, Help Net Security – (International) Fake ‘Steam Cracker’ steals user credentials. Users of Valve’s Steam game sales and distribution platform are being targeted by malware peddlers; the lure is a “Steam Cracker.” It is being offered on YouTube and on many gamer forums, and it supposedly gives the users access to all games for free. The scammers offer simple instructions for installing the software: disable antivirus software and firewall, then replace the original steam.exe file with the downloaded, cracked one. “The file in question is a fake Steam client, which uses aspects of the real thing but just falls short of being 100 percent convincing (file size, file, and of course the fact that this file isn’t digitally signed unlike the real Steam executable),” a GFI researcher said. If the user runs Windows Vista or later versions of the platform, the file runs and shows the fake client that looks legitimate. The creators even included the legitimate store.steampowered(dot)com pages inside the user interface and links to the genuine Playstation Network ID log-in page, the researcher said, but he warned that even though the phishing of credentials is not obvious, it does not mean the users’ log-in credentials are safe. The fake Steam client looks for the serial codes of games along with more general programs such as design packages, movie players, system defraggers, code tweakers, and iPod converters, the researcher explained. The malware employs keylogging to accomplish this task. Source: http://www.net-security.org/malware_news.php?id=2079&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader

40. April 20, H Security – (International) Ruby 1.9.3 update fixes RubyGems security problem. The Ruby development team published an update to the 1.9.3 series of its open source programming language to fix a vulnerability found in the RubyGems package management framework. The maintenance release of the scripting language, labeled 1.9.3-p194, updates RubyGems to close a security hole that caused SSL server verification to fail for remote repositories. This was addressed by disallowing redirects from https to http connections and by enabling the verification of server SSL certificates in an updated version of RubyGems, 1.8.23; more details on these issues are provided in the latest RubyGems History file. The developers encouraged those who use https source in .gemrc or /etc/gemrc to upgrade as soon as possible. Source: http://www.h-online.com/security/news/item/Ruby-1-9-3-update-fixes-RubyGems-security-problem-1544248.html

41. April 20, H Security – (International) New version of OpenSSL closes security holes in ASN1 parser. A member of Google’s Security Team told the OpenSSL developers of a security hole in the current version of their open source library. The errors occur when parsing ASN1 data via the asn1_d2i_read_bio() function. According to the OpenSSL advisory and the member’s message, the issue affects applications that process external X.509 certificates or public RSA keys. The OpenSSL developers released versions 1.0.1a, 1.0.0i, and 0.9.8v to fix the “ASN1 BIO” problem but the advisories did not state whether the update was urgent. The OpenSSL team discussed a “potentially exploitable vulnerability” and the Google Security Team member provided further details by saying the issue “can cause memory corruption,” but neither spoke about potential consequences. The full scope of the problem will most likely only be revealed once a Metasploit module is released. However, the OpenSSH project’s own SSH server was unaffected. A researcher wrote that sshd verifies RSA keys with the custom openssh_RSA_verify() function which, he said, already helped avoid eight exploitable bugs in the ASN1 parser. Fixed OpenSSL packages for Ubuntu and OpenBSD were already released. Fixes for Red Hat Enterprise Linux and Fedora will be issued soon. Source: http://www.h-online.com/security/news/item/New-version-of-OpenSSL-closes-security-holes-in-ASN1-parser-1543932.html

42. April 19, Network World – (International) US-CERT: Social engineers target utilities with fake Microsoft support calls. The U.S. Cyber Emergency Response Team recently warned that cyber criminals are attempting highly targeted social engineering attacks on operators of industrial control systems. These utility companies are receiving phone calls warning of infected PCs. The utilities receive a call from a representative of a large software company — allegedly, the one that sold them the operating system on their computers — warning them their PCs have viruses and to take a series of steps so the caller can help the operator fix the problem. The calls purport to be from the “Microsoft Server Department” informing the utilities they have a virus. The caller tries to convince the utility operators to start certain services on their computer (likely, those services would allow unauthorized remote access). Source: http://www.networkworld.com/community/node/80337

43. April 19, Threatpost – (International) Analysis: Flashback spread via social engineering, then Java exploits. Kaspersky Lab’s latest analysis of the Mac OS X Flashback botnet revealed its malware was spread via drive-by downloads on hacked WordPress Web sites. From September 2011 until February 2012, the Flashback creators distributed the trojan through compromised WordPress sites that prompted users to download various iterations of a fake Adobe Flash Player update that was, in actuality, the Mac trojan. The attacks started using social engineering lures, and it was not until February that Flashback authors began using exploits to grow the botnet. They exploited known Java vulnerabilities, at least two of which date back as far as June 2009. More importantly, though, Flashback’s creators took advantage of the window of exposure between Oracle and Apple’s patch schedules. A Kaspersky researcher said Apple creates its own patches to fix Java vulnerabilities instead of using Oracle’s. So, the bugs were already patched by Oracle, but Apple had not yet deployed patches. The researcher noted that on average, historically speaking, there was a 2-month delay between Oracle’s fixes, which come first, and Apple’s. In March 2012, Flashback’s authors started making use of a Russian partner program that somehow injected redirect scripts into legitimate Web sites. The researcher said tens of thousands of WordPress sites were infected in late February and early March and notes that other estimates had the number as high as 100,000 infected sites. It was unclear how the sites became infected, but the researcher believed bloggers were either using vulnerable versions of WordPress or installed the ToolsPack plugin. Source: http://threatpost.com/en_us/blogs/analysis-flashback-spread-social-engineering-then-java-exploits-041912

44. April 19, Security News Daily – (International) New Android malware spreads by text message. Criminals targeting smartphones crafted a clever text-message-based attack that removes the middleman and delivers its malicious payload directly to its Android targets. The malware, identified by researchers at NQ Mobile as “UpdtBot,” disguises its malicious intentions by appearing as a text message telling recipients “their systems is at risk and they need to install the latest system upgrade.” It is a typical scareware tactic, tricking would-be victims into believing they need to fix their phone or computer to stave off imminent harm. However, UpdtBot takes the traditional scam a step further. While most Android malware uses text messages to communicate with an attack server or to sign the victim up for text-message subscription services, this text-based threat contains a link in the message; when the user clicks on the link contained in the text, he/she is taken to a site that automatically uploads the malware. From there, UpdtBot can make calls, send texts, download new apps, and install corrupt software onto infected Android phones. So far, the malware infected more than 160,000 Android devices, according to NQ Mobile. Source: http://www.securitynewsdaily.com/1754-android-malware-text-messages.html

Communications Sector

45. April 19, WLUC 6 Marquette – (Michigan) Cell service restored. The phone outage in Schoolcraft County, Michigan, and a portion of Delta County has been fixed, WLUC 6 Marquette reported April 19. The fiber optic cable was damaged near Cooks. The Michigan State Police were asked to investigate the area, as the damages to the line led the repair crews to believe the cable may have been intentionally tampered with. Source: http://www.uppermichiganssource.com/news/story.aspx?list=~\home\lists\search&id=744017#.T5FikdkwJI5

46. April 19, Cerritos-Artesia Patch – (California) Thieves targeting amplifiers and connectors inside Charter Communication cable boxes in Cerritos. A crime alert was issued April 19 in response to a spate of thefts targeting amplifiers and connectors found inside cable boxes belonging to Charter Communications in Cerritos, California, over the past few weeks. More than 1,000 of the gray or brown colored cable boxes, which are located along residential sidewalks and on arterial streets in parkways, are required to delivery digital cable signals to Charter customers. However, when the targeted parts are removed, cable service is interrupted. “We’ve had more than 20 stolen over the past 3 weeks,” a Cerritos Sheriff’s Station detective sergeant said. The thefts also appear to be occurring in close proximity to one another. Earlier the week of April 16, five cases were reported in residential neighborhoods. The detective sergeant said the amplifiers are worth between $300 to $600 a piece, and the connectors are valued at roughly $40. “Whoever is taking them knows exactly what they’re doing because they’re clean cut at the connector sites,” the sergeant said, adding that these items are being stolen within minutes. When one of these items is tampered with or taken, cable service is immediately disrupted and an alert is sent to Charter. Source: http://cerritos.patch.com/articles/cerritos-crime-alert-issued-for-flurry-of-charter-communication-cable-box-thefts-targeting-amplifiers-and-connectors

For another story, see item 44 above in the Information Technology Sector