Tuesday, June 5, 2012

Complete DHS Daily Report for June 5, 2012

Daily Report

Top Stories

• The contractor at the Y-12 nuclear weapons plant in Oak Ridge, Tennessee, indefinitely suspended many maintenance activities because of poor performance in certain safety-related procedures. – Knoxville News Sentinel

15. June 1, Knoxville News Sentinel – (Tennessee) Y-12 suspends some work because of safety concerns. The Government’s contractor at the Y-12 nuclear weapons plant in Oak Ridge, Tennessee, May 31 indefinitely suspended a number of maintenance activities at the plant because of poor performance in certain safety-related procedures. B&W Y-12, a partnership of Babcock & Wilcox and Bechtel National, halted all “lock out/tag out” activities at the Oak Ridge plant, where nuclear warhead parts are manufactured and dismantled. The suspension of lock out/tag out activities was ordered after three recent incidents, according to a Y-12 spokeswoman. She said the events prompted the contractor to take additional steps to correct the problem. As corrective actions are taken, the Y-12 contractor will gradually restart the maintenance activities that have been suspended, she said. Source: http://www.knoxnews.com/news/2012/jun/01/y-12-suspends-some-work-because-of-safety/

• Prosecutors indicted two former executives at Sentinel Management Group Inc. on fraud charges for swindling more than $500 million. – Dow Jones Newswires See item 20 below in the Banking and Finance Sector

• Michigan’s governor said he asked for federal disaster aid to help with crop losses caused by erratic weather that are estimated at $223.5 million. – Detroit News

32. June 2, Detroit News – (Michigan) Michigan governor seeks federal disaster aid for crop losses. Michigan’s governor said June 1 he asked for federal disaster aid to help with crop losses estimated at $223.5 million, caused by erratic weather, but an agriculture expert said Michigan farmers may not get a chance to apply for the assistance until fall. Summer-like temperatures in March, followed by frosts and freezes, led to some of the State’s biggest losses in decades of cherries and other fruits. Usually, one fruit crop might be devastated, said a Michigan Farm Bureau Commodity and Marketing Department manager. However, the spring of 2012 all fruit crops were damaged except blueberries. Michigan’s fruit industry is valued at more than $190 million a year. The State will lose about 90 to 97 percent of its tart cherry crop, according to a letter the U.S. Senate Agriculture Committee chairwoman sent the week of May 28 to the Agriculture Secretary. Michigan produces three-fourths of the nation’s tart cherries, used primarily in pies and other food products, and 20 percent of its sweet cherries. Source: http://www.detroitnews.com/article/20120602/BIZ/206020326#ixzz1wpKHIEOx

• An air tanker dropping retardant on a remote wildfire along the Utah-Nevada line crashed June 3, killing both crew members. Another air tanker had to make an emergency landing the same day. – Associated Press

51. June 4, Associated Press – (Utah; Nevada) Air tanker crash kills 2 at Utah wildfire site. An air tanker dropping retardant on a remote wildfire along the Utah-Nevada line crashed June 3, killing both crew members. The pilots were fighting the 5,000-acre White Rock Fire, which began burning June 1 after a lightning strike in eastern Nevada. The cause of the crash in the Hamblin Valley area of Western Utah was unknown, Bureau of Land Management (BLM) officials said. BLM ground crews and helicopter crew members worked to hold the fire back from the wreckage. The fire later overwhelmed the crash site. The pilots were flying a P-2V air tanker owned by Neptune Aviation Services of Missoula, Montana. Also June 3, the crew of another firefighting P-2V air tanker reported it was unable to lower all of its landing gear and land at Minden-Tahoe Airport in Western Nevada. Crew members flew the plane for another 90 minutes to burn off fuel before making an emergency landing on a cleared runway, a Douglas County sheriff’s spokesman said. The aircraft sustained significant damage after it slid off the runway, but both crew members escaped injury. The incidents come several months after a group of Western Senators questioned whether the U.S. Forest Service was moving quickly enough to build up and replace the fleet of aging planes that drop fire retardant on wildfires. Source: http://www.google.com/hostednews/ap/article/ALeqM5he0eLSe4lmG7vT0z_7EuYVNSyY0Q?docId=12d244f0b03c401291134c2b9355791e

• High winds, heavy rains, and several tornadoes caused millions in damage to homes, businesses, and boats. The storms also flooded roads and caused power outages across the mid-Atlantic region. – Reuters

62. June 2, Reuters – (National) Tornado, heavy rains leave U.S. mid-Atlantic battered. High winds, heavy rains, and several tornadoes damaged homes, businesses, and boats across the mid-Atlantic region, causing at least one serious injury, officials said June 2. The violent storms that struck Pennsylvania, Maryland, and Virginia collapsed a fabric dome near Pittsburgh, stranded motorists on flooded roads, and ruined homes and boats. One man in Bel Air, Maryland suffered broken bones when the concrete block wall of his automotive garage business collapsed on him during the storm. An alert employee evacuated 11 others from the fabric golf dome at Robert Morris University in Pennsylvania a minute before winds caused it to collapse June 1. Tens of thousands of people lost power in Washington, D.C. and its Maryland suburbs. The Baltimore Gas and Electric Company also had tens of thousands of customers lose power. Flash flooding along the Interstate 95 corridor inundated roads and stranded motorists, some of whom had to be rescued. Witnesses said a tornado struck Hampton, Virginia, where 100 homes, three businesses, and some yachts sustained damage. The damage in Hampton was estimated at $4.3 million. Source: http://www.reuters.com/article/2012/06/02/us-usa-weather-damage-idUSBRE8510GZ20120602


Banking and Finance Sector

16. June 3, Enumclaw Courier-Herald – (Washington) 4 indicted for mortgage fraud scheme. Four Seattle-area residents were arrested June 3 on a 21-count indictment charging them with conspiracy, bank fraud, wire fraud, and mail fraud, a U.S. attorney announced. The mortgage fraud scheme ran from 2006-2008 and defrauded more than 10 banks, financial institutions, and mortgage lenders, of more than $8.6 million. More than 50 mortgages were involved on properties in many communities around Puget Sound including Medina, Renton, South Seattle, Bellevue, Redmond, and Kirkland. According to the indictment, three defendants worked at Emerald City Escrow and at Nationwide Home Mortgage and conspired to use straw buyers to defraud banks. The fourth defendant worked at a tax preparation business and provided some false documentation submitted with the loan applications. The victim banks included Washington Mutual, Bank of America, American Sterling Bank, ING Bank, IndyMac Bank, and Merrill Lynch & Co., Inc., among others. In all, the defendants secured, or aided and abetted in securing, through unqualified buyers, at least 50 mortgage loans, representing approximately $22,396,660 in loan proceeds, based on false and fraudulent representations, resulting in a loss to financial institutions and mortgage lenders totaling approximately $8,672,330. Source: http://www.courierherald.com/news/156927525.html

17. June 3, Associated Press – (Illinois) Police: Bank robber had to be cut from air duct. A wig-wearing man broke into a suburban Chicago bank vault and nearly made off with $100,000 but got stuck in an air duct and had to be cut out hours later, authorities said June 3. The suspect was in an air duct in an office next to the bank, according to an Oak Lawn, Illinois police spokesman. The man had allegedly robbed the suburban bank June 2 and pointed a gun at bank employees who confronted him in the vault, according to the FBI. He allegedly stuffed $100,000 in a backpack and fled. Employees told authorities it appeared he escaped through the ceiling. Authorities spent hours searching for him and located him June 3. According to the criminal complaint, the suspect told investigators that he got into the vault through the ceiling. He was charged with one felony count of bank robbery. Source: http://www.sacbee.com/2012/06/03/4535263/police-bank-robber-had-to-be-cut.html

18. June 2, South Florida Sun-Sentinel – (Florida) Yoga instructor ordered to pay $5.6 million in alleged Plantation Ponzi scheme. A traveling yoga teacher must pay federal authorities almost $5.6 million for her role in an alleged Ponzi scheme out of Plantation, Florida, that raked in more than $30 million from investors, the South Florida Sun-Sentinel reported June 2. The instructor and her former fiance once ran a group of companies under the names MRT or Maximum Return Transactions that the U.S. Securities and Exchange Commission (SEC) alleged served as fronts for an investment fraud involving foreign currency trading. The pair were accused by SEC lawyers of moving about $3 million of investors’ money to their personal bank accounts and using another $3 million for travel, luxury items, and other expenses. They ran MRT from 2005 until the summer of 2007, first promising investors high returns from foreign currency trading and then saying the company was investing in high-yield overseas products, according to the SEC. Less than $3 million was used for currency trading, while old investors were paid with new investors’ money, federal authorities said. Besides the judgments in the SEC case, the pair were on the hook for a $50 million judgment entered in a class-action lawsuit filed by MRT investors. Source: http://articles.orlandosentinel.com/2012-06-02/news/fl-mrt-holdings-ponzi-scheme-20120602_1_nyra-horowitz-mrt-jeffrey-sonn

19. June 1, New York Post – (New York) Fast cash: Thief robs 3 B’klyn banks in 30 minutes. A brazen bandit robbed three Brooklyn, New York banks in fewer than 30 minutes June 1 — walking away with cash from two of the heists, police said. The thief’s first target was an Apple Bank in Flatlands. He passed a note to the teller and fled with an undisclosed amount of cash, cops said. Minutes later, he passed a note to a teller at a Capital One Bank. That time, he fled empty-handed, authorities said. He then ended his bank-robbing spree at an HSBC in Midwood, where he fled with an unknown amount of money, police said. Source: http://www.nypost.com/p/news/local/brooklyn/fast_cash_thief_robs_klyn_banks_a6OnzXGgomn2eMn08TtZtN?utm_medium=rss&utm_content=Brooklyn

20. June 1, Dow Jones Newswires – (Illinois) Sentinel Management executives indicted over alleged $500 million fraud. Prosecutors indicted two former executives at Sentinel Management Group Inc. June 1 on federal fraud charges, almost 5 years after the collapse of the small asset manager rattled Chicago futures markets. Sentinel’s former chief executive is alleged alongside the company’s head trader to have defrauded more than 70 clients of more than $500 million between 2003 and 2007. Sentinel’s clients included small brokers operating on exchanges run by CME Group Inc. and others, who found their funds frozen as the firm filed for bankruptcy in August 2007, limiting their ability to trade just as the global financial crisis entered its most critical phase. The 20-count federal indictment escalates a case that has already attracted civil lawsuits from the U.S. Commodity Futures Trading Commission and the U.S. Securities and Exchange Commission, as well as charges from Sentinel’s bankruptcy trustee. The pair are alleged to have used client funds to back a loan from Bank of New York Mellon Corp., which was then used to buy riskier securities for a private trading account used for the benefit of Sentinel executives and some members of the chief executive’s family, according to the indictment. Source: http://www.foxbusiness.com/news/2012/06/01/sentinel-management-executives-indicted-over-alleged-500-million-fraud/

21. June 1, Washington Post; Bloomberg – (National) Bank oversight office failed to spot foreclosure fraud, Treasury inspector general says. The Office of the Comptroller of the Currency (OCC) failed to spot widespread problems in the foreclosure practices of major banks from 2008-2010 because the agency’s examiners underestimated the mounting risks and were given outdated guidance that did not address how the industry had changed, according to a report issued June 1 by the U.S. Department of the Treasury’s inspector general. As foreclosures skyrocketed across the country in the wake of the financial crisis, banks routinely filed flawed and fraudulent legal documents in a rush to keep up with the wave of defaults. But officials at the OCC largely missed the fact the mortgage servicers were cutting legal corners on such a large scale, according to the report. “During this time OCC did not consider foreclosure documentation and processing to be an area of significant risk and, as a result, did not focus examination resources on this function,” the report stated. Rather, it said, the OCC relied too heavily on the banks’ internal auditing and quality-control reports. In addition, the report said the Mortgage Banking Comptroller’s Handbook used by bank examiners had not been updated since the late 1990s. The current comptroller told the inspector general in a May 15 letter that the OCC intends to update its manual by early 2013, but he noted that examiners had received supplemental guidance in 2006, 2007, and 2011. Source: http://www.washingtonpost.com/business/economy/bank-oversight-office-failed-to-spot-foreclosure-fraud-treasury-inspector-general-says/2012/06/01/gJQAnTiy7U_story.html

22. June 1, Panama City News Herald – (Ohio; Florida) Ohio man charged in $36 million WatersEdge fraud. An Ohio man was charged May 31 in Cleveland with conspiracy to commit bank fraud and making false statements to influence a bank to make a loan in connection with a $36 million mortgage fraud scheme involving property in the WatersEdge development near the Allanton area of Bay County, Florida. The defendant, a land developer, allegedly contacted dozens of Ohio residents regarding WatersEdge and encouraged them to invest in the property. He said investors would receive money upfront, make no payments out of pocket, and receive 50 percent of the profit from the sale at the end of the transaction, according to officials. Ultimately, he failed to make the mortgage payments on these loans, resulting in a loss of about $36 million. The property remains largely undeveloped. Through using interested investors as “straw buyers,” he essentially bought their good credit scores so he could secure loans for the WatersEdge lots. Lawsuits began in 2006 with Indymac Bank. Appraisals of the lots, the lawsuit says, were raised artificially. Source: http://www.loansafe.org/ohio-man-charged-in-36-million-watersedge-fraud

23. May 31, U.S. Commodity Futures Trading Commission – (Georgia; Alabama; Texas) Federal court in Georgia orders over $10 million in sanctions against a defendant in forex Ponzi scheme. The U.S. Commodity Futures Trading Commission (CFTC) obtained federal court summary judgment orders resolving against a defendant doing business as The Gresham Company in Peachtree City, Georgia, and a relief defendant and his company, Interveston Wines, LLC (Interveston), both of Calera, Alabama, the CFTC announced May 31. The claims arose from a complaint that charged the defendant with operating a multi-million dollar off-exchange foreign currency (forex) Ponzi scheme.The relief defendant and Interveston were named in the lawsuit as relief defendants because they allegedly received funds as a result of the defendant’s conduct to which they had no legitimate entitlement. The summary judgment entered against the defendant found that, from 2004 to 2009, the defendant solicited $15,900,245.97 from more than 100 customers for the purported purpose of trading forex. He lured customers and prospective customers with promises of extraordinary monthly returns ranging from 5 to 10 percent and perpetuated his scheme by falsely reporting substantial gains to customers. The court further found he engaged in only limited, unsuccessful forex trading and that he misappropriated the vast majority of customer funds to pay “returns” to other customers and for personal use. The defendant is also currently awaiting trial on mail fraud charges in a related criminal action filed in Texas. Source: http://www.cftc.gov/PressRoom/PressReleases/pr6268-12

24. May 31, Associated Press – (New York; New Jersey; Pennsylvania) NYC bank indicted on mortgage fraud charges. A New York City community bank and 19 ex-employees were criminally charged with issuing hundreds of millions of dollars in fraudulent mortgages that ended up in unwitting investors’ portfolios, prosecutors said May 31 in announcing the indictment. Abacus Federal Savings Bank was hit with mortgage fraud, grand larceny, and other charges in what a district attorney (DA) called “a systematic scheme to falsify and fabricate mortgage applications” so unqualified borrowers could get loans. The loans later were sold to mortgage giant Fannie Mae, which repackaged them into securities for investors. Abacus is a Chinatown-based bank with mainly immigrant customers and branches in New Jersey and Pennsylvania. Abacus agreed in February 2011 to enhance training, do a risk assessment, and take other steps as part of an agreement with the federal Office of Thrift Supervision, which said the bank’s loan underwriting and documentation practices were inadequate. At Abacus, managers created an environment of doctoring mortgage applications to match Fannie Mae criteria, prosecutors said. Loan officers coached borrowers on inflating their incomes and job titles and falsifying job-verification forms, prosecutors said. The bank made millions of dollars in fees off the more than 4,000 dubious loans. Eight ex-employees already have admitted guilt. Eleven others, including Abacus’ former chief credit officer and loan origination supervisor, pleaded not guilty to various charges. Source: http://www.businessweek.com/ap/2012-05/D9V3UV401.htm

25. May 31, Las Vegas Review-Journal – (Nevada; California) Fourteen more plead guilty in HOA fraud, corruption case. Fourteen more defendants pleaded guilty May 31 in Nevada in a sweeping investigation into fraud and corruption at Las Vegas Valley homeowners associations. It was one of the largest group plea deals ever engineered in Nevada by federal prosecutors. Prosecutors are looking to charge as many as a dozen more co-conspirators in the scheme to take control of nearly a dozen homeowners associations between 2003 and 2009. More than $8 million was funneled through secret bank accounts to fund the scheme, which allowed the conspirators to land lucrative legal, construction, and community management contracts at the associations, prosecutors revealed in court documents May 31. The defendants joined 11 other co-conspirators who previously pleaded guilty in the case. Another defendant pleaded guilty in a related bank fraud scheme, bringing the number of people convicted to 26. Source: http://www.lvrj.com/news/judge-begins-accepting-guilty-pleas-in-las-vegas-hoa-fraud-corruption-case-155958625.html

Information Technology Sector

55. June 4, PCWorld – (International) ‘Flame’ spread via rogue Microsoft security certificates. Analysis of the “Flame” code revealed rogue Microsoft security certificates were used to make the malware appear as if it was officially signed by Microsoft. Microsoft issued a security advisory June 3, revoked trust in the rogue certificates, and provided steps to help IT admins and users prevent attacks that rely on the spoofed Microsoft certificates. A post on the Microsoft Security Response Center blog stated, “We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft.” The Microsoft blog post explained that a vulnerability in an old cryptography algorithm is exploited by elements of Flame to make them appear as if they originated from Microsoft. Most systems around the world accept officially signed Microsoft code as safe by default, so the malware would enter unnoticed. Source: http://www.pcworld.com/businesscenter/article/256742/flame_spread_via_rogue_microsoft_security_certificates.html

56. June 4, Web Host Industry Review – (International) Hackers use social engineering to compromise CloudFlare CEO Gmail account. Hackers were able to infiltrate the personal Gmail account of CloudFlare’s CEO June 1, according to a post on the Web performance and security provider’s blog. CloudFlare said the attack appeared to have begun in mid-May when an account request was sent to Gmail for the CEO’s personal e-mail address. A week after it was initiated, the hacker convinced Google’s account recovery systems to add a fraudulent recovery e-mail address to his personal Gmail account, and once it was added, the hacker reset his personal e-mail password. The hacker targeted a CloudFlare customer via the CEO’s Google Apps administrative panel. The hacker was able to log into the customer’s CloudFlare account and change DNS settings to temporarily redirect the site. CloudFlare has reset all customer API keys. This incident also illustrates weakness with the two-factor authentication on Google Apps. Google said it discovered a subtle flaw affecting the account recovery flow for some accounts. It has blocked that attack vector to prevent further abuse. Source: http://www.thewhir.com/web-hosting-news/hackers-use-social-engineering-to-compromise-cloudflare-ceo-gmail-account

57. June 3, TrendLabs – (International) Malicious PowerPoint file contains exploit, drops backdoor. Trend Micro researchers have discovered a malicious MS PowerPoint document that arrives via a file attached to specific e-mail messages. The file contains an embedded Flash file, which exploits a software bug found in specific versions of Flash Player (CVE-2011-0611) to drop a backdoor onto users’ systems. Simultaneously, it also drops a non-malicious PowerPoint presentation file “Powerpoint.pps” tricking users into thinking that the malicious file is just an average presentation file. Trend Micro detects the malicious PowerPoint file as TROJ_PPDROP.EVL and the dropped backdoor file as BKDR_SIMBOT.EVL. Reports, as well as Trend Micro’s analysis, confirmed that this kind of malware has been used for targeted attacks in the past. Source: http://blog.trendmicro.com/malicious-powerpoint-file-contains-exploit-drops-backdoor/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Anti-MalwareBlog+(Trend+Micro+Malware+Blog)&utm_content=Google+Reader

58. June 1, KRQE 13 Albuquerque – (New Mexico) Feds: Schemers twisted lab connections. Federal agents said two Albuquerque men used their business connection with New Mexico’s national labs to steal nearly $2 million from computer-maker Dell Inc. The two men were each charged with 128 counts of fraud. One suspect used to work at Technology Integration Group, which buys and distributes computers and parts for Los Alamos and Sandia National Labs. “They were fraudulently using service tag numbers on Dell equipment to obtain Dell products without authorization to the tune of $1.8 million,” said a Secret Service agent. For years, the two men had Dell ship laptops and other equipment to a store in Nob Hill, investigators said. The feds said this may have been going on for a decade until Dell caught on in 2009. Both men are scheduled to appear in court in June. Source: http://www.krqe.com/dpp/news/crime/feds-schemers-twisted-lab-connections

Communications Sector

59. June 2, Space News – (International) Intelsat 19 satellite fails to deploy solar array. The Intelsat IS-19 satellite launched May 31 has failed to deploy one of its two solar arrays, Intelsat announced June 1 — an anomaly that has affected other Space Systems/Loral (SS/L)-built satellites and is likely to have ripple effects on two others preparing for launch in the coming weeks. Luxembourg- and Washington, D.C.-based Intelsat, in its statement, said only that there was a “delay” in the deployment of one of the arrays. IS-19 is scheduled to replace Intelsat’s IS-8 at 166 degrees east, where in addition to taking on IS-8 customers, it will play a key role in Intelsat’s planned global network providing broadband communications to aeronautical and maritime customers. IS-8 has sufficient fuel to continue operating until late 2019, Intelsat said. Source: http://www.spacenews.com/satellite_telecom/120602-intelsat-19-satellite-fails-deploy-solar-array.html

For another story, see item 56 above in the Information Technology Sector