Friday, May 25, 2012

Complete DHS Daily Report for May 25, 2012

Daily Report

Top Stories

• A Chinese national working for a company in Massachusetts was charged with illegally exporting to China U.S.-made sensors used to produce weapons-grade uranium, the U.S. Department of Justice said. – Reuters

7. May 23, Reuters – (Massachusetts; International) U.S. charges Chinese man with illegal nuclear-related exports. A Chinese national was charged with illegally exporting to China U.S.-made sensors used to produce weapons-grade uranium, the U.S. Department of Justice said May 23. The man, a sales manager for a Chinese subsidiary of MKS Instruments located in Andover, Massachusetts, was arrested at his hotel in North Andover, Massachusetts, and charged with conspiracy to violate U.S. export laws. He allegedly allowed thousands of pressure measuring sensors, known as pressure transducers, to be exported from the United States to unauthorized users in China, the department said. He was accused of co-conspiring with others since 2007 to export pressure transducers from the United States to unauthorized end-users by using export licenses issued to MKS customers and/or through export licenses obtained in the name of a front company. Source:

• Droughts withering wheat crops from the United States to Russia to Australia will probably spur the biggest reduction in global supply estimates since 2003 and drive prices to the highest in almost a year, experts said. – Bloomberg

23. May 24, Bloomberg – (National; International) Wheat fields parched by drought from U.S. to Russia: Commodities. Droughts withering wheat crops from the United States to Russia to Australia will probably spur the biggest reduction in global supply estimates since 2003 and drive prices to the highest in almost a year, Bloomberg reported May 24. Kansas, the top U.S. grower of winter wheat, is poised for its driest May on record, the State’s climatologist estimated. Ukraine and Russia, accounting for 11 percent of world output, have endured drought conditions for 3 months, University College London data show. The U.S. Department of Agriculture may cut its global crop estimate by 1.2 percent in June, the biggest drop in a June report since 2003, according to the average of 18 analyst estimates compiled by Bloomberg. Winter wheat accounted for about 75 percent of U.S. output in 2011 and is the main variety grown in the Black Sea region. Source:

• Federal authorities joined the investigation into two suspicious fires that sparked within a week at women’s clinics in metro Atlanta. – Associated Press

33. May 24, Associated Press – (Georgia) Police seek help from feds after 2 clinic fires. Federal authorities have been asked to help investigate after two fires in the past week at women’s clinics in metro Atlanta. Authorities said the latest fire happened May 23 at a Marietta obstetrics and gynecology office that advertises itself as an “abortion services” clinic. A Cobb County fire spokeswoman said it took more than 20 firefighters to put out the flames. There were about 20 employees and several patients inside when the fire started. Gwinnett County fire officials said a fire May 20 at the Atlanta Gynecology and Obstetrics Gwinnett office in Lilburn is suspicious. A Gwinnett police official said the Bureau of Alcohol, Tobacco, Firearms and Explosives has been asked to help investigate. Some women’s clinics have also been burglarized in recent months. Source:

• Sheriff’s officials in Houston County, Alabama, said investigators arrested a student May 22 after he compiled a “hit list” of students he planned to kill at an area high school. – Dothan Eagle

42. May 23, Dothan Eagle – (Alabama) Teen charged in Wicksburg shooting plot. Sheriff’s officials in Houston County, Alabama, said investigators arrested an eighth grade student May 22 after he compiled a “hit list” of students he planned to kill at Wicksburg High School in Newton. They charged him with felony making a terrorist threat. The teenager was taken to the Southeast Alabama Diversion Center. “He did have a list of students that he did not like and he actually admitted to us he wanted to kill them,” the sheriff said. Their investigation revealed the student had access to firearms at home and planned to act out the shooting at the high school. “We received some information he wanted to kill some other students and possibly commit suicide,” the sheriff said. The Houston County Schools superintendent said the administration found out about the hit list after the student apparently made several statements to other students about possibly bringing a gun to school and shooting someone. Source:

• PC malware grew by the largest amount in 4 years during the first quarter of 2012, according to a quarterly security report by McAfee. – IDG News Service See item 48 below in the Information Technology Sector


Banking and Finance Sector

10. May 24, Reuters – (Illinois) CFTC sues ex-Chicago broker, alleging Ponzi scheme. The U.S. Commodity Futures Trading Commission (CFTC) sued a former Chicago floor broker, claiming he ran a 4-year Ponzi scheme and fraudulently solicited at least $7.8 million to trade commodity futures contracts, Reuters reported May 24. In a civil lawsuit, the CFTC said the man ran the Ponzi scheme and promised investors annual returns of 13 percent or higher, but never delivered. The defendant lost $1.6 million of the money he collected through his trading, and used the remaining $6.2 million for his personal benefit and to repay two earlier investors, the CFTC said. The scheme ran from at least January 2008 to at least February 2012, it said. The man had been registered with the CFTC as a floor broker from 1996 to 2003, the agency said in a complaint filed May 24 in Chicago. The CFTC is seeking remedies, including full restitution and a civil fine. Source:,0,3974613.story

11. May 24, WLEX 18 Lexington – (Kentucky) Police arrest two in credit card scam. Lexington, Kentucky police arrested two men May 23 and charged them with running an elaborate credit card scam. According to court documents, police pulled over a car, arrested two men, and charged each of them with 133 counts of possession of a forged instrument. Police said officers found altered credit cards in their possession. They were re-encoded and altered to look like gift cards. Police said they also found more than $5,000 worth of gift cards purchased with the altered credit cards. Source:

12. May 24, WSMV 4 Nashville – (Tennessee) Secret Service finds ATM in man’s closet. The Secret Service found an ATM in a Nashville, Tennessee man’s closet and believed he was using it to perfect his mission to make fake credit cards, WSMV 4 Nashville reported May 24. The suspect will serve a 15-month sentence in a federal prison and must pay $275,000 for possession of device-making equipment and possessing counterfeit credit cards. A spokesman for the Secret Service said the man bought an ATM and was using it to make better fake credit cards and intended to set it up to steal other people’s credit card numbers. A Secret Service agent said he had tested hidden cameras and skimmer equipment. He said the hidden cameras were intended to catch customers’ fingers touching the keypad when they entered their PIN number, and the skimmer devices were intended to steal debit and credit card information. The suspect was previously convicted of making fake credit cards and in 2008, agents said he had more than 1,900 stolen credit card account numbers. Secret Service agents found the ATM in the man’s closet before it could be used. Source:

13. May 24, U.S. Securities and Exchange Commission – (California) SEC charges northern California fund manager in $60 million scheme. The U.S. Securities and Exchange Commission (SEC) May 24 charged an investment adviser in Scotts Valley, California, with running a $60 million investment fund like a Ponzi scheme and defrauding investors by touting imaginary trading profits instead of reporting actual trading losses. The SEC alleges the adviser who managed the GLR Growth Fund, used false and misleading marketing materials to lure investors into believing it was earning double-digit annual returns by investing 75 percent of its assets in investments tied to major stock indices. In reality, the adviser’s trading generated consistent losses and he eventually stopped trading entirely. To mask his fraud, he paid millions in “returns” to investors largely by using money received from newer investors. He also sent investors periodic account statements showing fictitious growth in investments. According to the SEC’s complaint, he raised more than $60 million since 2005, mostly from investors in the Santa Cruz area. Although the fund was started in 2003, marketing materials claimed 25 percent returns in 2001 and 2002 — before the fund even existed. The SEC alleges the adviser’s trading was unsuccessful, and by mid-2009 the fund did not invest in publicly traded securities at all. Instead, the fund invested heavily in illiquid investments in two private start-up technology companies. The rest of the money was paid to investors in Ponzi-like fashion and to three entities the adviser controlled that also are charged in the SEC’s complaint. Source:

14. May 23, WTVJ 6 Miami – (Florida; National) ‘Nike Hat Bandit’ indicted, charged with 3 counts of bank robbery in south Florida. Federal authorities announced May 23 they indicted a South Carolina man dubbed the “Nike Hat Bandit” on three counts of bank robbery tied to heists he committed or attempted in south Florida. He robbed a Wells Fargo in Palm Beach Gardens November 21, 2011, and attempted to rob another Wells Fargo branch in Dania Beach November 30, 2011, when he successfully robbed a BB&T Bank in Pompano Beach, a U.S. attorney and the FBI special agent in charge said. He allegedly robbed banks in Florida and six other states while wearing a Nike baseball hat. He usually approached tellers with a threatening note that said he had a gun and wanted money, authorities said. He was arrested December 29, 2011, in Georgetown, South Carolina, after robbing the South Carolina Bank and Trust. He was indicted and charged with four counts of bank robbery there, authorities said. He also held up banks in Georgia, Tennessee, Kentucky, West Virginia, and Pennsylvania, they said. Source:

Information Technology

45. May 24, H Security – (International) Google releases security update for Chrome 19. Google announced an update to the stable version of Chrome, which brings the browser version to 19.0.1084.52 on Windows, Mac OS X, and Linux. The update is a pure security update that does not include any new features — it closes nine vulnerabilities with a Common Vulnerability Scoring System rating of “High” and fixes two problems labeled “Critical” as well as two “Medium” level issues. Many of the vulnerabilities are due to bugs in Chrome’s memory handling, such as out-of-bounds reads and use-after-free conditions, and Google noted several were detected with their AddressSanitizer tool. Other bugs were fixed in Chrome’s PDF handling code and its V8 JavaScript rendering engine. Source:

46. May 24, The Register – (International) Yahoo! leaks! private! key! in! Axis! Chrome! debut! May 24, Yahoo released its Axis extension for Chrome and accidentally leaked its private security key that could allow anyone to create malicious plugins masquerading as official Yahoo software. An Australian researcher exposed the certificate mistake, and said users should not install the extension “until the issue is clarified.” He examined the extension’s source code and found the private certificate, which Yahoo uses to sign the application to prove it is genuine and unaltered. The result, he says, is that a miscreant could forge a malicious extension that would be verified by Google’s Web browser as coming from Yahoo. There are myriad attacks that could be executed with a spoofed extension; the most obvious of these would be to create and sign a traffic logger to capture a victim’s Web activity. The researcher also produced a proof-of-concept of a spoofing attack and written up instructions on how to remove the extension. Yahoo has since posted a replacement Web search extension that does not include the private half of the security certificate. Source:

47. May 24, IDG News Service – (International) Bounty hunters find 8 Google services bugs. Security researchers unveiled 8 vulnerabilities in Google services during the Hack in the Box conference in Amsterdam, Netherlands, May 24 — but they claim to have discovered more than 100 such bugs over the past few months. The bugs they revealed were found in Google’s blog platform Blogger, its Analytics service, and in Google Calendar, among other services. Cross-site-scripting (XSS) vulnerabilities are the most common bugs found in Google’s services, the researchers said during their presentation. XSS attacks — allowing the execution of malicious code from one Web site or file as if it belonged to another — are not just about stealing account data, but can also be used for hacking a victim’s computer, they said. Source:

48. May 23, IDG News Service – (International) McAfee reports big spike in malware. PC malware had its “busiest quarter in recent history,” according to McAfee’s quarterly security report released May 23. The security company registered the biggest increase in malware in 4 years during the first quarter of 2012, bringing the total number of samples to 83 million. Fake antivirus programs declined in popularity, but software with faked security signatures, rootkits, and password-stealing trojans rose. McAfee counted about 200,000 new examples of password-stealing trojans. Software is “signed” by the vendor to tell users it is safe to install. A user is more likely to trust Microsoft or McAfee, for example, than an unknown vendor. Scammers capitalize on that trust when they forge the digital signature of a trusted provider to boost the chances of having their malware successfully installed on the user’s computer. Security researchers began to warn that forged security signatures would increase after the success of the proliferation of the Stuxnet and Duqu malware programs that used that deception. Among botnets, Cutwail was most active during the quarter, recruiting more than a million new machines. Nearly half of all new botnet control servers were in the United States. The report also noted a dramatic increase in malware designed to attack mobile devices that run Android. It also found that most mobile malware originated in and targeted China and Russia. Malware targeting Apple computers also continued to rise steadily. Source:

49. May 23, Computerworld – (International) Pwnium hacking contest winners exploited 16 Chrome zero-days. May 22, Google revealed the two researchers who cracked Chrome in March at the company’s inaugural “Pwnium” hacking contest used 16 zero-day vulnerabilities. The number of bugs each researcher used — 6 in one case, “roughly” 10 in the other — was dramatically more than the average attack. The Stuxnet worm of 2010, called “groundbreaking” by some analysts, used just four bugs, only three of them previously unknown “zero-day” vulnerabilities. Google detailed only the half dozen deployed by the researcher known as “Pinkie Pie” in a post to the Chromium blog May 22. Details of the 10 used by the other researcher will not be disclosed until they are patched in other programs they afflict, said two Chrome security engineers. Source:

50. May 23, Threatpost – (International) Months after a patch, targeted attacks still using Adobe Flash bug. More than 3 months after it was patched, attackers are still using a vulnerability in Adobe’s Flash product in targeted, advanced persistent threat-style attacks. The vulnerability, identified as CVE-2012-0754 was patched in February and linked to targeted attacks weeks later. However, new attacks targeting unpatched systems are still circulating, according to a report from Xecure Lab, which reported that attackers are continuing to refine their technique even months after Adobe issued a patch for the hole. Xecure said it detected a variant of the “SB” family of trojan being installed in attacks that leverage the Flash bug. Independent analysis on the same PDF by a researcher revealed links to earlier targeted attacks dating both to March and a separate attack in late April. Source:

51. May 23, Threatpost – (International) DHS warns of potential scams and attack in run-up to London Olympics. Hacktivists, malware, scams, data theft, and distributed denial-of-service (DDoS) attacks are among DHS’s concerns regarding 2012’s summer’s Olympic Games set to take place in London, England, according to the DHS Cybersecurity and Communications Integration Center’s Strategic Outlook. The document focuses primarily on a disruption of operation caused by DoS or DDoS attacks. With an IT staff of more than 5,000 individuals for the Olympics, many of whom are volunteers, DHS is warning about the potential for inside jobs. However, citing a recent defacement of the Azerbaijani National Olympic Committee’s Web site by the Iranian hacker crew “Cocain Warriors,” DHS is equally worried that ideologically motivated hackers could organize DDoS attacks against or deface official Web sites. Source:

Communications Sector

52. May 23, Palm Springs Desert Sun; Associated Press – (California) Strong winds topple valley radio tower, rake region. A strong gust took down a Coachella Valley radio station tower May 23 as high winds wreaked havoc across much of California. The National Weather Service reported an 80 mph gust on Whitaker Peak in mountains near Interstate 5 north of Los Angeles. High wind warnings and advisories were in effect through May 23 across parts of southern California, including the mountains of Los Angeles, Ventura, and Santa Barbara counties, the weather service said. A host for KDES 98.5 FM Plam Springs said the station’s tower — atop Edom Hill between Cathedral City and Desert Hot Springs — was knocked out latte in the afternoon. “We have a gauge up there and the gusts were more than 70 mph,” he said. KDES FM could be off the air for a time. The host said a low-power transmitter might be put in place as soon as late May 23, however, restoring a signal for local listeners. Source:|topnews|text|Frontpage

For another story, see item 48 above in the Information Technology Sector