Wednesday, October 31, 2012
Daily Report
Top Stories
• Millions of people
from Maine to the Carolinas awoke October 30 without electricity, and New York
City was all but closed off by car, train, and air as superstorm Sandy steamed
inland, still delivering punishing wind and rain. The U.S. death toll climbed
to 39, many of the victims killed by falling trees. – Associated Press
1.
October 30, Associated Press –
(National) At least 39 dead, millions without power in Sandy’s aftermath. Millions
of people from Maine to the Carolinas awoke October 30 without electricity, and
New York City was all but closed off by car, train, and air as superstorm Sandy
steamed inland, still delivering punishing wind and rain. The U.S. death toll
climbed to 39, many of the victims killed by falling trees. The full extent of
the damage in New Jersey, where the storm roared ashore October 29 with
hurricane-force winds of 80 mph, was unclear. Police and fire officials, some
with their own departments flooded, fanned out to rescue hundreds. More than
8.2 million people across the east were without power. Airlines canceled more
than 15,000 flights around the world. The storm also disrupted the presidential
campaign with just a week to go before Election Day. Lower Manhattan, which
includes Wall Street, was among the hardest-hit areas after the storm sent a
nearly 14-foot surge of seawater, a record, coursing over its seawalls and
highways. The New York Stock Exchange was closed for a second day, and said it
will reopen October 31. A huge fire destroyed as many as 100 houses in a
flooded beachfront neighborhood October 30, an incident in which 3 people were
injured. A huge swell of water swept over the small New Jersey town of
Moonachie, near the Hackensack River, and authorities struggled to rescue about
800 people. Source: http://www.foxnews.com/weather/2012/10/30/at-least-17-dead-millions-without-power-in-sandy-aftermath/
• High winds and heavy rain prompted the
closing of the New Jersey Turnpike’s Hudson County Extension between Exit 14
and the Holland Tunnel, the closing of the major toll road between Exit 8 and
Exit 7, and speed restrictions of 45 mph for the nearly 100 miles below Exit
12, the Newark Star-Ledger reported October 30. – Newark Star-Ledger
12.
October 30, Newark Star-Ledger – (New
Jersey) Hurricane Sandy wreaks continued havoc on N.J. roads, public
transit. High winds and heavy rain prompted the closing of the New Jersey
Turnpike’s Hudson County Extension between Exit 14 (Newark Airport/I-78/Routes
1&9) and the Holland Tunnel, the closing of the major toll road between
Exit 8 (Route 33/Hightstown/Freehold) and Exit 7 (Route
206/Bordentown/Trenton), and speed restrictions of 45 mph for the nearly 100
miles below Exit 12 (Carteret/Rahway), the Newark Star-Ledger reported October
30. A travel ban remained in effect in Atlantic County, and personal vehicles
were barred from Jersey City and Hoboken. New Jersey Transit train and bus
service remained suspended, and Port Authority Trans-Hudson trains were still
not running. The New Jersey governor said October 29 that transportation
officials would have to assess the flooding before making a decision on when
commuters could again take trains and buses to work. The Bayonne and Goethals
bridges and the Outerbridge Crossing — the three spans from New Jersey to
Staten Island — were closed. The Interstate 95/Scudder Falls Bridge above
Trenton was closed the overnight October 29 because of downed wires across the
roadway, while Philadelphia area crossings over the Delaware River were
restricted to emergency vehicles and essential personnel, officials said. Source:
http://www.nj.com/news/index.ssf/2012/10/hurricane_sandy_wreaks_continu.html#incart_river
• Verizon Communications said October 30 that
its wireline service was suffering as flooding in its central offices in lower
Manhattan affected its back-up generators and batteries. – Reuters See item 35
below in the Communications Sector
• A witness heard an explosion near his home
in Pacific, Washington, October 28 that turned out be some kind of homemade
explosive that destroyed an important U.S. Geological Survey (USGS) flood
monitoring device on the flood prone White River. – Northwest Cable News
42.
October 29, Northwest Cable News – (Washington)
Bomb destroys flood gauge on eve of storm. A witness heard an explosion
near his home in Pacific, Washington, October 28 that turned out be some kind
of homemade explosive that destroyed an important U.S. Geological Survey (USGS)
flood monitoring device on the flood prone White River. The device uplinks
critical river flow information to the Web for flood managers from several
agencies. The U.S. Army Corps of Engineers used it for the operation of the
Howard Hanson Dam upstream. The agencies were expecting to use it during the
upcoming rain storms forecasted for October 30 and the rest of the week. The
box is so vital for flood protection that USGS technicians replaced it in a
matter of a few hours. Pacific police were not commenting on the case, but did
say they have not arrested anyone and have no suspects at this time. The boxes
provide a network that give agencies an overall flood picture so they can
evacuate homes and close streets if necessary hours before the flood waters
arrive. Source: http://www.nwcn.com/home/?fId=176356601&fPath=/news/local&fDomain=10212
Details
Banking and Finance Sector
5. October
30, Techworld – (International) Bank phishing gang arrested after hotel
swoop. U.K. police arrested three men accused of being involved in
large-scale Trojan phishing attacks against a range of banks, Techworld
reported October 30. Picked up in a London hotel after an operation described
as ―intelligence-led‖, the two unnamed Romanians and a Nigerian were arrested
October 29 on suspicion of money laundering and conspiracy to defraud, police
said. The men are alleged to be behind the appearance of 2,000 bogus bank login
pages that had been part of a campaign to steal account details. The police
press release did not go into much detail beyond confirming that the attacks
had hit a sizable number of bank users, leading to the theft of money.
Computers were seized while further searches are being carried out in London
and the Midlands. Source: http://news.techworld.com/security/3408031/bank-phishing-gang-arrested-after-hotel-swoop/
6. October
29, Ventura County Star – (California) Ventura police identify
‘wigout bandit’ suspect in recent bank robberies. Ventura, California
police and the FBI October 29, identified a man dubbed the ―wigout bandit,‖ a
suspect in recent bank robberies and other crimes. The suspect is wanted on
suspicion of three robberies since August and got his nickname because he wore
a different wig every time he robbed a bank, authorities said. The robberies
occurred August 1 at a U.S. Bank, and August 23 at a Chase Bank, as well as at
a Rabobank. The suspect is known to frequent hotels in Ventura, Oxnard, and
Santa Barbara and is considered armed and dangerous, authorities said. Source: http://www.vcstar.com/news/2012/oct/29/ventura-police-identify-man-allegedly-for-recent/
7. October
29, Chicago Tribune – (Illinois) Elmer Fudd Bandit’ hits 5th bank on northwest
side. A robber dubbed the ―Elmer Fudd Bandit‖ — because of his cap and
plaid flannel shirt — is suspected of hitting his fifth bank in the Chicago
area since mid-October, authorities said. In the most recent heist, the robber
implied he had a gun when he entered a bank in the Oriole Park neighborhood
October 29, according to a police official. The man approached a teller and
presented a note demanding cash, according to a FBI spokeswoman. After
receiving an undisclosed amount of money, the robber fled on foot, she said.
The robber then got into a mid-sized car that sped away. The FBI said the same
robber is believed to have struck four other times: a robbery October 13 at a
TCF Bank in Chicago; an attempted robbery October 14 at a TCF Bank in Des
Plaines; a robbery October 15 at a Charter One branch in Norridge; and the
October 24 robbery of a TCF Bank branch in Stickney. Source: http://www.chicagotribune.com/news/local/breaking/chi-police-report-northwest-side-bank-robbed-20121029,0,4144488.story
For more
stories, see item 1 above in Top Stories and 32 below in the Information Technology Sector
Information Technology Sector
29. October
30, SC Magazine UK – (International) Hurricane Sandy could cause problems in cyber
space. With Hurricane Sandy colliding with the East Coast, cyber criminals
are likely to take advantage of the historic storm to make money or steal
personal information from the unsuspecting. Like with most major news events,
users should be on the lookout for legitimate-looking scams that will use the
hurricane’s mainstream allure to dupe them. ―If the past repeats itself,
Facebook postings, tweets, emails and websites claiming to have exclusive video
or pleading for donations for disaster relief efforts will appear shortly after
the storm hits,‖ security company Avast warned October 29. ―These messages
often include malicious code that attempt to infect computers with viruses,
spyware or Trojan horses.‖ Online vandals have also been known to bait users
through a technique known as black-hat search engine optimization (SEO), in
which search results are poisoned so the attackers’ sites appear near the top
of rankings. Natural disasters lend a particularly lucrative hand to cyber
criminals because many users want to make donations to victims. As such, they
can be easily tricked into giving their money away to bogus sites that appear
to be charities, such as the American Red Cross. Source: http://www.scmagazineuk.com/hurricane-sandy-could-cause-problems-in-cyber-space/article/265955/
30. October
30, Threatpost – (International) EFF raises questions on privacy leaks in
Ubuntu. The Elonic Frontier Foundation (EFF) is warning users of Ubuntu’s
latest release that the open-source operating system sends their search queries
to third parties, including Amazon, by default, and that some of their search
results may be viewable by other users on the same network. The privacy leaks
are present in Ubuntu 12.10 and the group says that Canonical, which runs the
Ubuntu project, should disable the inclusion of online search results by
default and make it clearer to users what is being done with their search
queries and IP addresses. The issues that the EFF is raising are related to a
feature called Dash in the Ubuntu Unity desktop that is designed to be a
central search mechanism for documents, files, and other information both on
the local machine and online. When a user searches for a given term, the query
is sent to a Ubuntu server, and the query also includes his/her IP address. The
search results, depending upon the query, may include products from Amazon
related to the search term. Source: http://threatpost.com/en_us/blogs/eff-raises-questions-privacy-leaks-ubuntu-103012
31. October 30, The H – (International) ICS-CERT
warns of increasing threat to industrial control systems. The Industrial
Control Systems Cyber Emergency Response Team (ICS-CERT) issued a warning about
special tools and search engines that make attacks on systems and devices in
infrastructures simple even for inexperienced attackers. Tools aimed at
cracking digital control systems from companies such as GE, Rockwell
Automation, Schneider Electric, and Koyo were released earlier in 2012. Tools
for CoDeSys software from 3S Software also recently appeared. These tools lower
the barriers for attackers by removing the need for specialist knowledge in
order to carry out an attack. Special search engines such as the Shodan
Computer Location Service and the Every Routable IP Project (ERIPP) are also
making attacks simpler for attackers. One team of researchers told ICS-CERT
that they used Shodan to discover more than 500,000 unsecured devices which use
supervisory control and data acquisition (SCADA) and other industrial control
systems (ICS). Source: http://www.h-online.com/security/news/item/ICS-CERT-warns-of-increasing-threat-to-industrial-control-systems-1739808.html
32. October 30, Wired – (International) Oops, e-mail
marketer left Walmart, Capital One and others open to easy spoofing. Following
a recent story about a widespread email vulnerability involving weak
cryptographic keys, system administrators at many companies around the world
began to check their DNS records to make sure that the DKIM keys they were
using to authenticate their email were at least 1,024 bits in length — the
recommended standard for secure authentication of email. No doubt, if they
found they were using substandard keys, they replaced those keys with stronger
ones to secure their corporate business email. However, according to one
researcher, these companies may be overlooking third-party emailers who are
responsible for sending out marketing newsletters and other communication to
customers on their behalf. In fact, email marketing company Epsilon
Interactive, which thought it fixed the problem a year ago, left Walmart, TD Ameritrade,
TiVo, and others open to easy spoofing. Source: http://www.wired.com/threatlevel/2012/10/dkim-third-party-emailers/
33. October 30, Help Net Security – (International) Facebook
investigates data leak from 1 million accounts. Facebook will be launching
an internal investigation following the revelation by Czech blogger that data
belonging to over 1 million Facebook users was offered for sale for $5. The
blogger bought the data, which contained full names, email addresses and
Facebook profile URLs, examined it, and discovered that some of the data is
accurate. After making the discovery public on his blog, the blogger said he
was contacted by Facebook. The company asked the blogger to forward them the
data, then delete the file in his possession, name the Web site from which he
bought it, remove some details from his blog, and keep any correspondence
between them a secret. ―Facebook is vigilant about protecting our users from
those who would try to expose any form of user information. In this case, it appears
someone has attempted to scrape information from our site and combine the
information with data publicly available elsewhere on the web,‖ Facebook
commented the situation for Ars Technica. Source: http://www.net-security.org/secworld.php?id=13870
Communications Sector
34.
October 30, ZDNet – (New York;
National) Hurricane Sandy knocks out NYC data centers: Websites, services
down. Hurricane Sandy-caused power outages have knocked much of the East
Coast offline, but also preemptive substation shutdowns to prevent damage to
electricity infrastructure substation equipment is affecting data centers and
online services around the world, ZDNet reported October 30. New York City’s
Consolidated Edison shut down large portions of the power grid in lower
Manhattan to prevent damage to underground equipment, leaving more than an
estimated 1 million without power. Within minutes, Gawker.com and technology
Web site Gizmodo.com crumbled, saying a data center battery failure forced the
sites to fall down at their lower Manhattan data center. Also affected was
Buzzfeed.com citing similar problems, and LiveStream.com said it was
experiencing a ―major outage.‖ In spite of being on the other side of the
Atlantic, many are affected by the outages. HuffingtonPost.com remains down for
many, after the publication said it was experiencing ―technical difficulties.‖
Source: http://www.zdnet.com/hurricane-sandy-knocks-out-nyc-data-centers-websites-services-down-7000006588/
35.
October 30, Reuters – (National) Hurricane
Sandy disrupts Northeast US telecom networks. Verizon Communications said
October 30 that its wireline service was suffering as flooding in its central
offices in lower Manhattan affected its back-up generators and batteries. The
company said that its engineers were on site October 29 and were beginning to
assess damage. Sprint Nextel said it was seeing outages at some cell sites
because of the power outages across all the States in Sandy’s path including
New York, New Jersey, Connecticut, Pennsylvania, Washington D.C., Maryland,
northern Virginia, and New England. People complained of outages to their cable
telephone, Internet, and television services from providers ranging from
Comcast Corp, Cablevision Systems Corp, and Verizon in New Jersey, Connecticut,
and New York. Cablevision said it was experiencing widespread service
interruptions primarily related to loss of power. Cell phone service also
appeared to be spotty for other top providers AT&T Inc and T-Mobile USA, a
unit of Deutsche Telekom, according to some customers. Source: http://www.reuters.com/article/2012/10/30/uk-storm-sandy-telecommunications-idUSLNE89T02220121030
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.
No comments:
Post a Comment