Monday, May 14, 2012

Complete DHS Daily Report for May 14, 2012

Daily Report

Top Stories

• Two law enforcement officers were injured and a man died from a self-inflicted gunshot wound, after an incident that shut down 1 of south Florida’s busiest expressways for about 5 hours. – NewsCore

14. May 11, NewsCore – (Florida) Man dead, 2 officers wounded after Florida expressway shooting rampage. Two law enforcement officers were injured and a man died from a self-inflicted gunshot wound after an incident on one of south Florida’s busiest expressways May 10. The incident began when a man staged a carjacking in Miami, a FBI spokesman said. He then robbed a barber shop in Broward County, fired a weapon, and stole a second car that he crashed into another vehicle on Florida’s Turnpike. An off-duty Key Biscayne police officer stopped to give aid, but the man shot her in the face. She was taken to a hospital and was in stable but critical condition. The shooter then walked along the expressway armed with a gun, witnesses said. He was confronted by an agent from the U.S. Immigration and Customs Enforcement Agency (ICE), who was also shot. The agent’s injuries were reportedly not serious. The gunman then shot himself. With reports of a second suspect, traffic on the Turnpike was at a standstill for about 5 hours as police from four counties, the Broward Sheriff’s Office, and ICE searched the area. Source:

• An underground plume of toxic petrochemicals spreading from Suncor Energy’s oil refinery in Commerce City, Colorado, is complicating a $211 million upgrade at the adjacent Metro Wastewater Treatment Plant. – Denver Post

25. May 11, Denver Post – (Colorado) Colorado wastewater project at risk from Suncor refinery toxic plume. An underground plume of toxic petrochemicals spreading from Suncor Energy’s oil refinery in Commerce City, Colorado, is complicating a $211 million upgrade at the adjacent Metro Wastewater Treatment Plant. State authorities ordered Suncor the week of May 7 to do more to contain the plume as it approaches an excavated area at Metro Wastewater. A recent groundwater test detected cancer-causing benzene, raising concerns the plume could be moving in new directions and prolong one of the Rocky Mountain region’s longest-running industrial cleanups, and delay the wastewater upgrade. A letter from the Colorado Department of Public Health and Environment (CDPHE) to Suncor directed the firm to install more monitoring wells around what inspectors believe is the edge of the plume so it can be tracked more carefully. The Metro Wastewater project is designed to remove ammonia and nitrates from Denver’s treated wastewater before it is discharged back into the South Platte River — part of $1.2 billion in improvements. CDPHE’s water-quality division required the improvements to meet standards set by the federal government by 2015. The toxic plume appears to have approached the excavated area but has not entered it, a Metro Wastewater spokesman said. Suncor officials said May 10 they will comply. Source:

• A government building in Waterbury and two schools in Newington and Manchester, Connecticut, remained closed May 11 as authorities investigated suspicious white powders mailed with threatening letters. – Associated Press

33. May 11, Associated Press – (Connecticut) Powder scares prompt closure of 3 Conn. buildings. A government building in Waterbury and two schools in Newington and Manchester, Connecticut, remained closed as authorities investigated suspicious white powders discovered by workers May 10. The Rowland State Government Center in Waterbury and Ruth Chaffee Elementary School in Newington were evacuated, and the Keeney Street Elementary School in Manchester was locked down after workers found white powders. All three buildings were closed May 11. Authorities said the powder at the Manchester school was found in an envelope with a letter that referred to al-Qa’ida. Officials said the powders were being tested. Source:

• An apparent tornado hit Weimar, Texas, damaging a hospital, derailing 25 cars of a freight train, and injuring 8 people in a high school parking lot. – Associated Press

37. May 10, Associated Press – (Texas) Apparent tornado injures 8 in southeast Texas. An apparent tornado touched down May 10 in Weimar, Texas, damaging a hospital, derailing 25 cars of a freight train, and injuring 8 people in a high school parking lot. The city emergency management coordinator said the eight injured were working in a trailer preparing food for a fundraiser at Weimar High School. He said their injuries did not appear to be life-threatening. He said the school and a hospital suffered roof damage, forcing 10 patients to be moved to other hospitals. The storm winds also toppled 25 cars of a Union Pacific freight train. Source:

• The FBI was looking into 3 white powder scares in Portland, Oregon, with the substance and threats sent to a port, hotel, and shopping mall. – KPTV 12 Portland

52. May 10, KPTV 12 Portland – (Oregon) Envelope marked ‘anthrax’ sent to Port of Portland in another white powder scare. The FBI was looking into three white powder scares in a 2-day span in Portland, Oregon. May 9, Portland firefighters and HAZMAT crews responded to both ends of the city as two major landmarks reported receiving a letter with a mysterious substance inside. Crews arrived at the Hilton Hotel to isolate the office space and the worker who came in contact with the envelope. It remained open. Crews eventually determined the white powder in the envelope was not dangerous. It was a similar scene at the Port of Portland offices where the word “anthrax” was found on an envelope. At one point, all three floors were evacuated, but the terminals and travel were not affected. Again, tests on the envelope at the Port of Portland also came back negative. May 8, fire and HAZMAT crews responded to the Lloyd Center Mall for another white powder scare. The FBI began investigating the cases to see if they are related. Source:


Banking and Finance Sector

10. May 11, Orange County Register – (California; Arizona) SEC charges Irvine investment firm with fraud. Investors who lost $91.6 million betting on an apartment investment firm were outraged when its operators started a new venture along the same lines but failed to mention their prior company had gone bust. The U.S. Securities and Exchange Commission (SEC) said the second venture was “defrauding potential investors,” according to a suit the agency filed May 10 in Orange County, California, seeking financial penalties and repayment of any “ill-gotten gains.” The SEC case was filed against three individuals, who formed Apartments America in September 2009 to solicit backers to invest in apartment buildings in California and Arizona. Beforehand, two of the men were co-owners of the failed Pacific Property Assets (PPA), which had filed for bankruptcy 3 months prior to Apartments America’s formation. According to a SEC news release, the men misrepresented that they had created more than $100 million in net equity and falsely represented to potential investors that they were managing a portfolio valued at more than $200 million. Source:

11. May 11, Associated Press – (National) 2 Tenn. men charged in $45 mil mortgage scheme. Two Tennessee men were charged in a mortgage fraud scheme that prosecutors say totaled $45 million in losses and involved victims in five states. A report in the Chattanooga Times Free Press said the men were arraigned May 10. Both men were indicted on 12 counts, including conspiracy to commit wire fraud and money laundering and fraud against a financial institution. Court documents allege that fraudulent transactions took place in Tennessee, Georgia, Florida, Virginia, and California. Source:

12. May 10, Associated Press – (National) Deutsche Bank pays $202M in NY mortgage fraud deal. Deutsche Bank agreed to pay $202 million to settle civil fraud charges brought by the U.S. government over the practices of a subsidiary it acquired 5 years ago, authorities announced May 10. A federal judge in New York approved the deal. Under the agreement, Deutsche Bank AG admitted it did not follow all federal housing regulations when it made substantial profits between 2007 and 2009 from the resale of risky mortgages through its subsidiary MortgageIT. According to the agreement, Deutsche Bank admitted it was in a position to know MortgageIT’s operations did not conform fully to all of the government’s regulations, policies, and handbooks. MortgageIT was a Federal Housing Administration lender operating with government oversight for almost a decade. The lawsuit said Deutsche Bank and MortgageIT failed to comply with U.S. Department of Housing and Urban Development rules regarding required quality control procedures, and then lied about their purported compliance. Source:

13. May 10, Internet Crime Complaint Center – (National) IC3 2011 Internet Crime Report released. The Internet Crime Complaint Center (IC3) May 10 released its 2011 Internet Crime Report — an overview of the latest data and trends of online criminal activity. According to the report, 2011 marked the third year in a row the IC3 received more than 300,000 complaints. The 314,246 complaints represent a 3.4 percent increase over 2010. The reported dollar loss was $485.3 million. In 2011, IC3 received and processed, on average, more than 26,000 complaints per month. The most common complaints received in 2011 included FBI-related scams — schemes in which a criminal poses as the FBI to defraud victims — identity theft, and advance-fee fraud. The report also lists States with the top complaints and provides loss and complaint statistics organized by State. It describes complaints by type, demographics, and State. Source:

Information Technology

43. May 11, H Security – (International) Opera 11.64 closes critical code execution hole. Version 11.64 of the Opera Web browser was released, closing a critical hole that could have been exploited by attackers to inject malicious code into a victim’s system. According to the company, some undisclosed formulations of URLs caused the browser to allocate the incorrect amount of memory for storing the address. When the program attempted to store the address, unrelated memory could have been overwritten with an attacker’s data, resulting in a crash and the execution of arbitrary code. Source:

44. May 11, Help Net Security – (International) Cybersecurity model may benefit a new cloud-based network. In the online struggle for network security, Kansas State University cybersecurity experts are adding an ally to the security force: the computer network itself. Two professors of computing and information sciences are researching the feasibility of building a network that could protect itself against online attackers by automatically changing its setup and configuration. The two researchers were recently awarded a 5-year grant of more than $1 million from the Air Force Office of Scientific Research to fund the study “Understanding and quantifying the impact of moving target defenses on computer networks.” The study, which began in April, will be the first to document whether this type of adaptive cybersecurity, called moving-target defense, can be effective. If it can work, researchers will determine if the benefits of creating a moving-target defense system outweigh the overhead and resources needed to build it. Source:

45. May 11, Homeland Security Today – (National) Growth of counterfeit parts expected as semiconductor market grows, analysis finds. The number of counterfeit parts that are vital to the computer industry is expected to reach record high levels as the semiconductor industry enters “a phase of accelerating growth,” according to an analysis of trends conducted by information and analytics provider, IHS. “The semiconductor industry is exhibiting the classic signs of the start of a new growth cycle, with tightening supplies, broad-based price increases and a lengthening of lead times for the delivery of products,” said a principal analyst for semiconductors at IHS. “These are prime conditions for suppliers of counterfeit parts, which are eager to fill supply gaps with their fake goods. For semiconductor purchasers, the rise in counterfeits represents a major risk, bringing downsides in terms of financial losses, damage to company reputations and even safety concerns in some products.” And, security problems that could impact homeland security and national defense, authorities added, pointing to bogus computer chips, other parts and counterfeit products that were supplied to the Department of Defense, many of which were substandard and posed series safety and security risks for a wide variety of programs and operations. Source:

46. May 10, IDG News Service – (International) APT attackers are increasingly using booby-trapped RTF documents. Booby-trapped Rich Text Format (RTF) documents are one of the most common types of malicious Microsoft Office files that are used to infect computers with advanced persistent threats, according to security researchers from Trend Micro. The company’s statistics show that 63 percent of the malicious Microsoft Office documents intercepted in April exploited vulnerabilities in Microsoft Word. Out of those vulnerabilities, the most commonly targeted ones were CVE-2010-3333 and CVE-2012-0158, which stem from bugs in Microsoft Word’s code for parsing RTF content. This is troublesome because Microsoft just patched a new Microsoft Word RTF parsing vulnerability May 8 that could allow remote code execution. Source:

For more stories, see items 13 above in the Banking and Finance Sector and 47 below in the Communications Sector

Communications Sector

47. May 11, Associated Press – (Colorado) Cable cut interrupts Internet service in Vail. Most customers were back online May 11 after road workers cut a fiber optic cable, interrupting Internet service to Eagle and Summit counties in Colorado. A Comcast spokeswoman said customers were without service for several hours while a crew worked to fix the line. She told the Vail Daily the company tends to see more interruptions in spring at the start of the construction season. Source:

48. May 10, Buffalo News – (New York) Earth Link phone service out in Lockport. Earth Link, a major carrier for many telephone systems in Lockport, New York, reported an outage May 10 in the Lockport area which affected many businesses, including the Niagara County Sheriff’s Office, Lockport Police Department, and some Niagara County government offices. The outage affects only administration offices, not the sheriff’s emergency phone lines. The 9-1-1 lines remained fully operational. Sheriff’s officials said callers may hear the phones ring when calling Earth Link customers, but the calls were not being connected. Source: