Friday, June 22, 2012

Complete DHS Daily Report for June 22, 2012

Daily Report

Top Stories

• An Indianapolis businessman accused of looting an Ohio-based finance company after buying it and bilking about 5,000 mostly elderly investors out of more than $200 million was convicted June 20 on all counts. – Associated Press See item 9 below in the Banking and Finance Sector

• Flooding caused by torrential rains caused $50-$80 million in damage to roads and other public infrastructure in Duluth, Minnesota, damaged homes and other buildings. It also shut down many government facilities, including several State parks. – Minneapolis Star Tribune

15. June 21, Minneapolis Star Tribune – (Minnesota) Minnesota’s governor surveys damage in Duluth. Officials continude to assess the extent of damage caused by the raging waters, which were fueled by up to 10 inches of rain that fell overnight June 19 in Duluth, Minnesota, and surrounding areas. Minnesota’s governor issued an executive order June 20 declaring a state of emergency for the popular tourist region and three other counties hit hard by recent storms. Duluth’s mayor also declared a state of emergency for the city. At a news conference with other public officials, the mayor estimated the storm caused about $50 million to $80 million in damage to Duluth’s public infrastructure and more than $100 million in total damage when private property is included. Other cities were hit hard too. The city of Moose Lake declared a state of emergency June 21 and is now an island, officials said. About 200 residents from the Fond du Lac neighborhood in far-west Duluth and 40 residents of the town of Thomson who evacuated June 20 remained displaced June 21. More than 60 roads were closed throughout the day June 20 in and around Duluth. Seven campers at Savanna Portage State Park were stranded, but they had food, and had been in contact with authorities. That park was closed, along with Jay Cooke State Park, and the campground at Moose Lake. The State Department of Natural Resources said the parks and campground would remain closed through the weekend of June 23. Interstate Hwy. 35 was mostly reopened June 21, except for the southbound stretch between Hwy. 210 and Mahtowa. Other portions of Hwys. 2, 23, 61, 73, and 210 were closed. Source:

• Cedar Key, Florida officials were scrambling to find ways to provide fresh water for about 700 customers it asked to stop drinking tap water after drought-inducted, salt-water intrusion damaged the city’s well field. – Gainesville Sun

27. June 20, Gainesville Sun – (Florida)Drought has Cedar Key scrambling to provide fresh water. Cedar Key, Florida officials asked residents June 19 to stop drinking water from the tap in the city until further notice. The Cedar Key Water and Sewer District announced that, due to the drought and low groundwater levels plaguing north-central Florida, the Cedar Key district’s well field was suffering from salt-water intrusion. Officials said the water remained safe for bathing and other household purposes. Beginning June 20, free bottled water was available for nearly 700 district customers at the Cedar Key Community Center. The district’s staff was scrambling to get a temporary fix in place while trying to determine how to implement and pay for along-term solution. They said that most likely water trucks would be used for residents to fill up jugs while they explored the possibility of bringing in a portable desalination unit to remove salt from the water before sending it to households and businesses. Source:

• Federal officials arrested an Ohio man accused of threatening to release confidential data stolen from University of Pittsburgh computers. They said the suspect made the threats because college officials failed to safeguard students when hundreds of bomb threats were made over a 6-week period. – Pittsburgh Tribune-Review

35. June 21, Pittsburgh Tribune-Review – (Pennsylvania) Man accused of threatening Pitt administrators denies charges. The man accused of threatening administrators at the University of Pittsburgh (Pitt) in Pennsylvania with releasing confidential data denied the charges June 21, and said the federal investigation has cost him his job and will likely cost him his apartment. The Loveland, Ohio resident claimed he had no connection to Pitt. The FBI accused the suspect of posting a YouTube video that threatened Pitt officials with releasing personal data stolen from the school unless a chancellor apologized for failing to safeguard students during the spring semester when hundreds of bomb threats were made against the institution. The video was posted 5 days after the last bomb threat against Pitt, which denied personal information had been compromised through hacking. The suspect appeared in Cincinnati federal court June 20, and was released on his own recognizance on charges of making interstate threats and using a computer to make the threats. He faces a June 27 hearing in Pittsburgh. Prosecutors would not say whether they think the suspect was involved in the bomb threats, which threw student and academic life into turmoil for 6 weeks. The FBI said the suspect erased the hard drive of his desktop computer but left evidence on two other computers and two smart phones to connect him to the video, posted April 26. Source:


Banking and Finance Sector

9. June 21, Associated Press – (Indiana; Ohio) Jury convicts Ind. financier in $200M fraud scheme. An Indianapolis businessman accused of looting an Ohio-based finance company after buying it and bilking about 5,000 mostly elderly investors out of more than $200 million was convicted June 20 on all counts. A federal jury found the man guilty of securities fraud, conspiracy, and 10 counts of wire fraud. His business partners also were convicted of conspiracy and securities fraud, and some wire fraud counts. Prosecutors claimed that after buying Akron, Ohio-based Fair Finance in 2002, the man and his partners stripped it of its assets and tapped it to buy luxury items. The men also were accused of funneling funds from Fair Finance to the man’s Indianapolis-based holding company, Obsidian Enterprises, to keep its failing subsidiaries intact. Prosecutors claimed the men operated an elaborate Ponzi scheme to hide Fair Finance’s depleted condition from investors and regulators until the FBI raided their office in November 2009. By then, the consumer finance company was $200 million in debt. Source:

10. June 21, New York Post – (New York) TLC inspector busted in string of bank jobs. An inspector with New York City’s Taxi and Limousine Commission was arrested for holding up a Yonkers, New York bank while he was out on disability, the New York Post reported June 21. The man was also suspected of planning and driving the getaway car in six other bank jobs that he allegedly pulled off with his cousin, according to papers filed in Manhattan federal court. The cousins allegedly used two-way radios during the heists and split the proceeds 50-50. The man was arrested June 13 and charged with robbing a Key Bank in Yonkers October 7, 2011. The man brandished a pellet gun at tellers and forced them to hand over $100,000, authorities charged. His cousin was also arrested and implicated his relative, court documents said. The suspect’s cousin also allegedly confessed to robbing seven other banks in the area, saying six of the heists were carried out with the help of his cousin. Source:

11. June 20, Reuters – (International) London trader and wife jailed for insider dealing. A British trader and his wife who helped fund a lavish lifestyle from illegal share dealing, were jailed June 20 in a landmark case pursued by prosecutors on both sides of the Atlantic Ocean. The husband, who owned and was a director of now-defunct brokerage Blue Index, his wife, and a Blue Index co-director had pleaded guilty in May to a combined 18 counts of insider dealing between October 2006 and February 2008. The husband was jailed for a record 4 years. The wife — who was tipped off about imminent U.S. takeovers by her sister in America — was jailed for 10 months, as was the co-director. The Financial Services Authority (FSA), which brought the U.K. prosecution, said the three made about $3.1 million in profits from illegal share dealings, while Blue Index clients made around $15.9 million — a precursor to the couple selling the business for around $12.5 million. The FSA called upon the U.S. Securities and Exchange Commission in its effort to link the three individuals to the scheme. The wife’s U.S. relative were already jailed after being pursued by the SEC, Department of Justice, and FBI. Source:

12. June 20, Miami Herald – (Florida) Eight Miami-Dade residents charged in multi-million dollar mortgage fraud scheme at Jade condo. Federal prosecutors charged eight Miami-Dade residents in a multi-million dollar mortgage fraud scheme that spanned November 2004 to September 2009 at a luxury downtown Miami condominium, the Miami Herald reported June 20. Charged in a federal indictment with conspiracy to commit mail fraud were individuals including an attorney, a former real estate broker, and a mortgage broker. The indictment seeks forfeiture of ill-gotten gains, including $5.7 million. Charged separately by a criminal information was a title agent, who faces charges of conspiracy to commit mail fraud and money laundering for her alleged role in creating false paperwork in return for kickbacks. According to court papers, the defendants used straw buyers to buy units at the Jade condominium, submitting false information to lenders to get loans in excess of the actual sales price on the units. Two sets of loan papers were used: One provided to the sellers that showed the actual sales price and another provided to lenders showing inflated sales prices, the prosecution alleged. Source:

Information Technology Sector

40. June 21, H Security – (International) Cisco closes holes in its VPN client and security appliances. Network equipment manufacturer Cisco warned its customers of multiple security vulnerabilities in its next-generation VPN client that can be exploited by an attacker to inject and execute malicious code. Affected products include the AnyConnect Secure Mobility Client, along with Cisco Secure Desktop HostScan for Windows, Mac OS X, and Linux. Details on these, including which versions are vulnerable, workarounds, and patch information, can be found in the company’s security advisory. In a separate advisory, Cisco said it addressed a denial-of-service vulnerability in its ASA 5500 Series Adaptive Security Appliances (ASA) and Catalyst 6500 Series ASA Services Module that could allow a remote, unauthenticated attacker to trigger a restart on an affected device. Additionally, the firm closed a hole in its Cisco Application Control Engine software: When running in multicontext mode, users could inadvertently log into an unintended context as the administrator, allowing them to view and change configurations. Source:

41. June 20, SecurityWeek – (International) Fujitsu Labs and NICT break 278-digit pairing-based cryptography. June 18, Fujitsu Laboratories, the National Institute of Information and Communications Technology (NICT), and Kyushu University announced they successfully performed a full cryptanalysis of a 278-digit (923-bit)-long pairing-based cryptography. Up to this point, cryptanalysis of pairing-based cryptography of such a length was thought to be impossible. It was assumed that to do so would require massive effort and several hundred thousand years. After some work, Fujitsu and NICT proved it could actually be broken in 148.2 days. “This result is used as the basis of selecting secure encryption technology, and is proving useful in the standardization of next-generation cryptography in electronic government systems in Japan and international standardization organizations,” an announcement explained. Source:

42. June 20, Government Computer News – (International) Internet blackout looms for 300K DNSChanger-infected computers. Less than 3 weeks before the deadline for taking clean DNSChanger servers permanently offline, hundreds of thousands of computers still are using the servers for DNS queries and face the risk of being cut off from the Internet July 9. The situation is the result of a click-jack scheme to redirect Web traffic that was shut down by the FBI in November 2011. To allow time for the clean-up of infected computers, the FBI obtained court orders allowing the temporary operation of clean DNS servers using the ring’s IP addresses by Internet Systems Consortium. The second of those orders expires July 9, and when the servers are shut down, DNS queries sent to them will go nowhere. According to the DNSChanger Working Group, more than 300,000 unique IP addresses still were communicating with the stopgap servers as of June 11. The number of affected users could be much higher. Source:

Communications Sector

43. June 20, South Jersey Media Group – (New Jersey) Quinn Broadcasting fined $16K by Federal Communications Commission. The Federal Communications Commission (FCC) issued a notice of violation to Quinn Broadcasting, Inc. in Millville, New Jersey, for reportedly not following monitoring operations of the Emergency Alert System (EAS), equipment performance measurements, and wattage output. In addition, the FCC is holding the station liable for $16,000, which breaks down into $10,000 for violation of public file rule, and $6,000 for failing to file required forms and information. In June 2011, FCC officials from the Philadelphia office inspected Quinn Broadcasting radio station and found seven violations. The first two dealt with the monitoring of the EAS system, which is broadcast to the county in the event of an emergency or during a test. At the time of the inspection, FCC agents observed WMVB 1440 AMwas not monitoring the Primary Entry Point Station. Also, it was discovered that the EAS system at the station did not properly record EAS test information, according to the notice. Source:

For another story, see item 42 above in the Information Technology Sector