DHS Daily Open Source Infrastructure Report

Thursday, May 23, 2013

Complete DHS Daily Report for May 23, 2013

Daily Report

Top Stories

• Large turbine blades fell in separate events in southern California and Iowa, prompting operators to slow operations at hundreds of wind farms worldwide that are equipped with turbines mounting Siemens B53 blades. – Associated Press; U-T San Diego

2. May 21, Associated Press; U-T San Diego – (International) Huge wind turbine blade falls in So. Cal. Large turbine blades fell in separate events in southern California and Iowa, prompting operators to slow operations at hundreds of wind farms worldwide that are equipped with turbines mounting Siemens B53 blades. The estimated 700 turbines will likely continue operations at slower speeds, while the Ocotillo, California unit was completely shut down. Source: http://www.kusi.com/story/22307994/huge-wind-turbine-blade-falls-in-so-cal

• A New York City grocery wholesaler pleaded guilty to running an $82 million check kiting scheme. – New York Times See item 6 below in the Banking and Finance Sector

• A New York Police Department (NYPD) detective was charged with allegedly hiring an email hacking service to purchase access to at least 43 personal email accounts and one cellular phone belonging to more than 30 different people, including 21 associated with the NYPD. – Help Net Security

32. May 21, Associated Press – (Virginia) FBI: Agents fell to deaths during training. The FBI announced the two agents who died while training along the Virginia coastline fell from a helicopter that had trouble during a maritime training exercise. Authorities are still investigating but believe the agents fell while in the process of fast-roping from a helicopter onto a ship and sustained severe injuries. Source: http://www.officer.com/news/10946547/fbi-agents-fell-to-deaths-during-training

• Residents of Cavalier, North Dakota, were placed under mandatory evacuation as rain and runoff threatened the capacity of the Renwick Dam, with authorities expecting a breach. – WDAZ 8 Grand Forks

42. May 21, WDAZ 8 Grand Forks – (North Dakota) Mandatory evacuation order issued as Cavalier, ND prepares for Renwick Dam failure. Residents of Cavalier, North Dakota, were placed under mandatory evacuation May 21 as falling rain and runoff threaten the capacity of the Renwick Dam. Makeshift levees were built to prevent spillover from the dam, however officials expected a breach within 12 hours. Source: http://www.wdaz.com/event/article/id/17983/

Details

Banking and Finance Sector

6. May 21, New York Times – (New York) Staten Island wholesale king pleads guilty to bank fraud. A New York City grocery wholesaler pleaded guilty to running an $82 million check kiting scheme. Source: http://www.nytimes.com/2013/05/22/nyregion/saquib-khan-staten-island-wholesaler-pleads-guilty-to-bank-fraud.html

7. May 21, Louisville Courier-Journal – (National) Cattle brokerage officials sentenced in fraud. The former owner and chief operating officer of Eastern Livestock Co. were both sentenced for running a check kiting scheme that induced a bank to provide them to release funds from a $32 million line of credit. The fraud processed cattle sales in 11 States before it collapsed in 2010. Source: http://www.courier-journal.com/article/20130521/NEWS01/305210094/Cattle-brokerage-officials-sentenced-fraud

8. May 21, Threatpost – (International) New Citadel malware strain targeting Payza service. Researchers at Trusteer discovered a new variant of the Citadel banking malware targeting users of the Payza money transfer service. The malware uses a man-in-the-browser technique to obtain users’ login information and PIN. Source: http://threatpost.com/new-citadel-malware-strain-targeting-payza-service/

Information Technology Sector

33. May 22, V3.co.uk – (International) Apache Darkleech PDF and JavaScript attacks infect hundreds more websites. Researchers at Zscaler discovered a marked increase in the number of Web sites being infected by Darkleech (a.k.a. Linux Cdorked) JavaScript attacks. The exploit injects malicious redirections that lead to a page hosting the Blackhole exploit kit. Source: http://www.v3.co.uk/v3-uk/news/2269775/apache-darkleech-pdf-and-javascript-attacks-infect-hundreds-more-websites

34. May 22, V3.co.uk – (International) Apple OS X Oslo malware linked to sophisticated ‘Operation Hangover’ gang in India. Researchers at security firm Norman discovered a large malware and cyber-espionage campaign involving OS X malware recently uncovered at a conference in Norway. The campaign appears related to a non-state group in India. Source: http://www.v3.co.uk/v3-uk/news/2269659/researchers-connect-oslo-os-x-malware-to-india-hangover-gang

35. May 21, IDG News Service – (International) Researchers find critical vulnerabilities in popular game engines. Researchers at ReVuln found memory corruption and buffer-overflow issues in four computer game engines that could allow attackers to launch remote code execution or denial of service attacks against clients and servers. Source: http://www.networkworld.com/news/2013/052113-researchers-find-critical-vulnerabilities-in-270012.html

36. May 21, Threatpost – (International) IE 8 zero day pops up in targeted attacks against Korean military sites. A malware campaign targeting South Korean military and political Web sites dubbed the Sunshop Campaign was found to be using two Java exploits and the same Internet Explorer (IE) 8 exploit used recently against the U.S. Department of Labor. Source: http://threatpost.com/ie-8-zero-day-pops-up-in-targeted-attacks-against-korean-military-sites/

37. May 21, Threatpost – (International) Google fixes more than a dozen flaws in Chrome 27. Google released the newest version of its Chrome browser, addressing 16 vulnerabilities ranging in severity. Source: http://threatpost.com/google-fixes-more-than-a-dozen-flaws-in-chrome-27/

Communications Sector

40. May 21, St. Louis Post Dispatch – (Illinois; Missouri) Tornado destroys part of Mount Olive business district. Hail, high winds, and an EF 2 tornado destroyed four commercial buildings in Mount Olive, Illinois, and caused damage to several other commercial, residential, and communications structures in the town and in Hannibal, Missouri. Source: http://www.firehouse.com/news/10946512/winds-destroy-ill-fire-department-storage-building-businesses

Department of Homeland Security (DHS)

DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List: Send mail to support@govdelivery.com.

Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure

Coordinating Center at nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or visit their Web page at www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.

Wednesday, May 22, 2013

Complete DHS Daily Report for May 22, 2013

Daily Report

Top Stories

• North Carolina authorities apprehended 5 individuals in connection with the theft of hundreds of thousands of dollars’ worth of copper throughout the State. – Laurinburg Exchange

5. May 19, Laurinburg Exchange – (North Carolina) Deputies: Copper theft ring busted. North Carolina authorities apprehended 5 individuals in connection with the theft of hundreds of thousands of dollars’ worth of copper throughout the State. The group mostly targeted power companies and were active several times per week. Source: http://www.laurinburgexchange.com/view/full_story/22614230/article-Deputies--Copper-theft-ring-busted?instance=popular

• Moore Medical Center in Moore, Oklahoma, suffered extensive damage after a tornado May 20. – Associated Press

22. May 20, Associated Press – (Oklahoma) Tornado damages small suburban Oklahoma City hospital, but all patients survive. Moore Medical Center in Moore, Oklahoma, suffered extensive damage after a tornado May 20. All 30 patients survived and 13 were transferred to other facilities. Source: http://www.greenfieldreporter.com/view/story/a9faf1eaef7b4ad6a5cd5050bfe22a34/US--Severe-Weather-Medical-Center

• Over 100 people were injured and 24 were confirmed dead as a tornado ripped through Moore, Oklahoma, May 20, leveling Plaza Towers Elementary School and several homes and businesses. – MSN News; Associated Press; Reuters

23. May 21, MSN News; Associated Press; Reuters – (Oklahoma) Tornado hits Oklahoma; death toll revised down to 24. Over 100 people were injured and 24 were confirmed dead as a tornado ripped through Moore, Oklahoma, May 20 leveling Plaza Towers Elementary School and several homes and businesses. Crews were still searching through the rubble for victims and clearing debris, as well as dealing with downed power lines, open gas lines, and a lack of running water. Source: http://news.msn.com/us/tornado-hits-oklahoma-death-toll-revised-down-to-24-1

• Researchers reported that a Chinese military cyberespionage unit previously identified in attacks against U.S. government and industry targets resumed operations. – New York Times

31. May 19, New York Times – (International) Hackers from China resume attacks on U.S. targets. Researchers at Mandiant and Crowdstrike reported that a Chinese military cyberespionage unit previously identified in attacks against U.S. government and industry targets resumed operations after a pause following reports of their prior operations. Source: http://www.nytimes.com/2013/05/20/world/asia/chinese-hackers-resume-attacks-on-us-targets.html

Details

Banking and Finance Sector

7. May 21, Los Angeles Times – (National) Guilty plea in KPMG insider-trading case. A California jeweler pleaded guilty to involvement in an insider trading scheme that used tips from an auditor at accounting firm KPMG to receive $1.27 million in illicit gains. Source: http://www.latimes.com/business/la-fi-shaw-hearing-20130521,0,3315815.story

8. May 20, ABC News – (California) Three men arrested and charged in California fake bomb bank heist. Three men were arrested and charged with a $565,500 Los Angeles bank robbery that involved a bank managed being strapped with a fake bomb and told to retrieve cash from the bank’s vault. Source: http://abcnews.go.com/US/men-arrested-charged-california-fake-bomb-bank-heist/story?id=19218100

9. May 20, Help Net Security – (International) Jailed hacker designs device to thwart ATM card skimming. A Romanian hacker imprisoned for creating ATM skimming devices has invented a device that aims to prevent skimming by inserting the card lengthwise and then turning the card inside the machine. Source: http://www.net-security.org/secworld.php?id=14931

Information Technology Sector

29. May 21, The Register – (International) Syrian hacktivists hijack Telegraphy’s Facebook, Twitter accounts. Several Twitter accounts and the Facebook page of U.K. newspaper The Telegraph were briefly taken over by the Syrian Electronic Army hacktivist group and used to post pro-Syrian government messages. Source: http://www.theregister.co.uk/2013/05/21/sea_hijacks_telegraph_twitter_feeds/

30. May 20, Threatpost – (International) Remote code injection vulnerabilities discovered in iOS apps. Researchers from Vulnerability Laboratory discovered vulnerabilities in the File Lite and File Lite Pro apps available in Apple’s App Store. The vulnerabilities allow code injection and unauthorized file uploads. Source: http://threatpost.com/remote-code-injection-vulnerabilities-discovered-in-ios-apps/

Communications Sector

32. May 20, High Plains Public Radio – (Oklahoma; Kansas) 91.3 KGUY Guymon: Off the air; 90.5 KZNA Hill City: problems. Severe storms in parts of Oklahoma and Kansas led to problems at radio station transmitter sites causing an outage for 91.3 FM KGUY Guymon and intermittent issues for 90.5 FM KZNA Hill City. Source: http://www.hppr.org/post/913-kguy-guymon-air-905-kzna-hill-city-problems

33. May 20, Oregonian – (Oregon) North plains phone outage expected to be fixed in coming hours. A fiber-optic cable was cut May 20 affecting North Plains CenturyLink phone service customers for several hours, but was expected to be repaired late that day. Source: http://www.oregonlive.com/north-of-26/index.ssf/2013/05/north_plains_phone_outage_expe.html

Department of Homeland Security (DHS)

DHS Daily Open Source Infrastructure Report Contact Information

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List: Send mail to support@govdelivery.com.

Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure

Coordinating Center at nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or visit their Web page at www.us-cert.go v.

Department of Homeland Security Disclaimer

Blog Archive

Links

About Me