Wednesday, May 30, 2012

Complete DHS Daily Report for May 30, 2012

Daily Report

Top Stories

• A business owner in Anderson, California, reported a trailer full of thousands of dollars worth of toxic chemicals was stolen May 26. – KRCR 7 Redding

3. May 28, KRCR 7 Redding – (California) Lethal chemicals stolen, owners offer reward. A business owner in the Happy Valley section of Anderson, California, reported a trailer full of thousands of dollars worth of toxic chemicals was stolen May 26. The man who has used the chemicals for more than 25 years to clean sewage systems said that if they get in the wrong hands they could be deadly. He said the chemicals contain Metam Sodium, which is strong enough to kill wildlife and melt tree roots. The trailer had more than $12,000 worth of chemicals inside, the owner said. It also contained other supplies and the thieves got away with more than $20,000 worth of tools and belongings, he added. The trailer is white and has a decal of a sun with trees and a flock of geese flying across it. The owner is offering a $500 reward for the recovery of the chemicals. Anyone with information should contact the California Highway Patrol. Source:

• A backdoor was “deliberately” inserted into a microchip used by the U.S. military, according to a draft report by security researchers. The backdoor can allow attackers to gain unauthorized access and reprogram the chip’s memory. – Nextgov

7. May 29, Nextgov – (National) UK researchers discover backdoor in American military chip. United Kingdom (U.K.)-based security researchers found a backdoor “deliberately” inserted into an American military chip to help attackers gain unauthorized access and reprogram its memory, according to a draft research paper. A researcher at Cambridge University discovered a military-grade silicon device made by California-based Microsemi Corp., the ProASIC3 A3P250, contained a glitch that would allow individuals to remotely tweak its functions. He collaborated with a researcher at U.K.-based Quo Vadis Labs, which researches sensor technology, and found “proof that the backdoor was deliberately inserted and even used as a part of the overall security scheme.” The duo did not disclose details, citing a “confidentiality agreement.” The backdoor is “close to impossible to fix on chips already deployed” because software patches cannot fix the bugs. The holes can only be removed by removing all such chips installed in systems, the duo said. Microsemi’s aggregate net sales to defense and security users represented about 29 percent of total net sales in 2012, according to its most recent quarterly regulatory filing. The device in question is “heavily marketed to the military and industry,” the draft report states. Source:

• Authorities in Pullman, Washington, were searching for an arsonist they said caused three fires in a week at Washington State University. – Associated Press

31. May 29, Associated Press – (Washington) 3rd arson reported at Washington State University. Residents in Pullman, Washington, were on edge after authorities said an arsonist was responsible for three fires in a week at Washington State University, the Associated Press reported May 29. The latest fire was reported just after midnight May 29 in a veterinary school building on campus, said a fire official. Someone apparently broke in through a window and set multiple fires in the building. A fire May 26 also burned a 2-story community building at the Chief Joseph apartment complex, and an arson the week of May 21 burned a community building at the Nez Perce apartment complex. Both are university housing. Source:

• A new, sophisticated malware threat predominantly used in cyberespionage attacks against targets in the Middle East was identified and analyzed by researchers from several security groups. – IDG News Service See item 39 below in the Information Technology Sector

• The U.S. Forest Service said a fire in New Mexico’s Gila National Forest grew to 152,000 acres — just 5,000 acres from breaking the State’s record. – Associated Press

48. May 29, Associated Press – (New Mexico) Gila blaze close to being largest in NM. The U.S. Forest Service said the erratic fire in Gila National Forest grew to about 152,000 acres by May 29 — just 5,000 acres from breaking the State’s record. It is about 15 miles east of Glenwood, New Mexico, a small town with a few hundred residents. The fire was sparked by lightning the week of May 14. More than 1,100 firefighters and 9 helicopters were fighting the fire. Source:


Banking and Finance Sector

8. May 29, U.S. Securities and Exchange Commission – (Florida) Miami hedge fund adviser charged for misleading investors about ‘Skin in the Game’ and related-party deals. The U.S. Securities and Exchange Commission (SEC) May 29 charged a Miami-based hedge fund adviser for deceiving investors about whether its executives had personally invested in a Latin America-focused hedge fund. The SEC’s investigation found that Quantek Asset Management LLC made various misrepresentations about fund managers having “skin in the game” along with investors in the $1 billion Quantek Opportunity Fund. In fact, Quantek’s executives never invested their own money in the fund. The SEC’s investigation also found Quantek misled investors about the investment process of the funds it managed as well as certain related-party transactions involving its lead executive and its former parent company Bulltick Capital Markets Holdings LP. Bulltick, the executive, and former Quantek operations director were charged along with Quantek in the SEC’s enforcement action. They agreed to pay more than $3.1 million in total disgorgement and penalties to settle the charges, and the executive and director agreed to securities industry bars. Source:

9. May 29, Reuters – (New York) Chinese man pleads guilty to NY Fed cyber theft. A Chinese computer programmer May 29 pleaded guilty to stealing software code from the Federal Reserve Bank of New York. The programmer was accused of illegally copying the software code to an external hard drive, according to a criminal complaint. Authorities said the software, owned by the U.S. Department of the Treasury, cost about $9.5 million to develop. The code, called the Government-wide Accounting and Reporting Program, was developed to help track the billions the U.S. government transfers daily. The program provides federal agencies with a statement of their account balance, the court documents said. The programmer was hired as a contract employee in May 2011 by an unnamed technology consulting company used by the Federal Reserve Bank of New York to work on its computers, court documents said. Source:,0,1335941.story

10. May 27, KABC 7 Los Angeles – (California) ‘Snowboarder Bandit’ arrested again on new charges. The so-called “Snowboarder Bandit” was taken into custody again and charged with more bank robberies in southern California, KABC 7 Los Angeles reported May 27. Deputies said the suspect was re-arrested on charges of robbing two Coachella Valley banks — one in Palm Desert and the other in Rancho Mirage. He had already been arrested in connection with bank robberies in Orange County. He was then freed on bail. Source:

11. May 25, U.S. Commodity Futures Trading Commission – (California; National) CFTC charges CTI Group, LLC and Cooper Trading with an $11 million fraud in the sale of automated trading systems. The U.S. Commodity Futures Trading Commission (CFTC) May 25 announced the filing of a federal court action against defendants CTI Group, LLC, Cooper Trading, and two individuals, charging them with fraudulent sales practices in connection with the sale of two automated trading systems, known as the Boomer and Victory Trading Systems. According to the CFTC complaint, since at least August 2009, CTI Group, LLC and Cooper Trading, by and through the two men and others, fraudulently solicited clients to subscribe to the systems, used by clients to trade E-mini Standard and Poor’s 500 Stock Index futures contracts in managed accounts. To carry out the fraud, CTI and one of the men allegedly engaged in a systematic pattern of material false statements and omissions in connection with the marketing of CTI’s Trading Systems. CTI sells subscriptions to its Trading Systems for $5,000 to $6,000 and has sold subscriptions to well over 1,000 clients, receiving at least $11 million, the complaint said. Source:

12. May 25, WCBS 2 New York – (New York; International) Customs agents seize more than $200,000 in counterfeit money at JFK. U.S. Customs and Border Protection officers at John F. Kennedy International Airport (JFK) in the Queens borough of New York City said they seized more than $200,000 in counterfeit $100s, WCBS 2 New York reported May 25. The bogus bucks were rounded up in two separate incidents. May 6, authorities said they found $68,000 in counterfeit $100 bills concealed in file folders and children’s books. The counterfeit cash was found at JFK’s International Mail facility, and were sent from Peru. May 8, officials said they stopped a woman who had arrived at JFK from Cali, Colombia. They discovered $141,200 of counterfeit money hidden in a false lining of her luggage and arrested her. Source:

Information Technology

38. May 29, Homeland Security News Wire – (International) Malware intelligence system allow organizations to share threat information. As malware threats expand into new domains and increasingly focus on industrial espionage, Georgia Tech researchers are launching a new tool to help battle the threats: a malware intelligence system that will help corporate and government security officials share information about the attacks they are fighting. A Georgia Tech news release reports the system, known as Titan, will be at the center of a security community which will help create safety in numbers as companies large and small add their threat data to a knowledge base that will be shared with all participants. Operated by security specialists at the Georgia Tech Research Institute, the system builds on a threat analysis foundation — including a malware repository that analyzes and classifies an average of 100,000 pieces of malicious code each day. Source:

39. May 28, IDG News Service – (International) Researchers identify Stuxnet-like malware called ‘Flame’. A new, highly sophisticated malware threat predominantly used in cyberespionage attacks against targets in the Middle East was identified and analyzed by researchers from several security companies and organizations. According to the Iranian Computer Emergency Response Team, the new piece of malware might be responsible for recent data loss incidents in Iran. Flame, as the Kaspersky researchers call it, is a very large attack toolkit with many individual modules. It can perform a variety of malicious actions, most of which are related to data theft and cyberespionage. Among other things, it can use a computer’s microphone to record conversations, take screenshots of particular applications when in use, record keystrokes, sniff network traffic, and communicate with nearby Bluetooth devices. One of the toolkit’s first versions was likely created in 2010 and its functionality was later extended by leveraging its modular architecture, said a chief malware expert at Kaspersky Lab. Flame spreads to other computers by copying itself to portable USB devices and also by exploiting a now-patched Microsoft Windows printer vulnerability that was also leveraged by Stuxnet. Source:

40. May 28, H Security – (International) Critical hole in Seagate BlackArmor NAS. Seagate’s BlackArmor NAS server is vulnerable to having its administrative password reset by anyone with access to it and a particular URL. The BlackArmor range of network-attached storage devices is aimed at small businesses and offers storage and backup options from Windows PCs and Mac OS X systems, ranging from 1TB to 12TB of hard disk media. The problem, documented by the U.S. Computer Emergency Readiness Team, involves an unauthenticated attack directly accessing an address where they will be given the opportunity to reset the device’s administrator password. There is no current solution to the problem. Source:

For more stories, see items 7 above in Top Stories and 9 above in the Banking and Finance Sector

Communications Sector

41. May 28, KXLH 9 Helena – (Montana) KXLH knocked off the air possibly until Tuesday. KXLH 9 Helena, Montana, learned May 28 that a May 27 winter storm did not just knock the KXLH signal off the air — it destroyed a transmitter. The facility is located near the Great Divide ski area northwest of Helena. A KXLH engineer got through the 2 feet of snow blocking access to the site May 28 and discovered that the large microwave dish was destroyed by ice. KXLH anticipated being back on the air sometime May 29. Source: