Friday, November 30, 2012
Daily Report
Top Stories
• The federal government entered a record $497
million False Claims Act judgment against the now-defunct Westland/Hallmark
Meat Co., the company that sparked the largest-ever meat recall after
undercover abuse footage was made public in 2008. – Food Safety News
12. November
18, Food Safety News – (National) Landmark settlement reached in Westland-Hallmark
Meat case. The now defunct Westland/Hallmark Meat Co. sparked the
largest-ever meat recall after undercover abuse footage was made public in
2008, and now the company has sparked the largest-ever judgement for an animal
abuse case, Food Safety News reported November 18. The Humane Society of the
United States (HSUS) announced November 16 that it reached a partial settlement
with two of the nine defendants in its False Claims Act lawsuit and that the
federal government was entering a final judgement of $497 million against the
company. While the judgment is record-setting for an animal abuse case, the
company will not actually pay the full fine to the government. According to
HSUS, “The full judgment – which is the largest court judgment ever entered for
animal abuse – cannot be collected in light of Hallmark’s insolvency, and is
intended to deter future animal cruelty in the nation’s slaughterhouses.”
Westland/Hallmark went out of business after the abuse footage–which showed
“downer” cows (animals unable to walk) being dragged, violently prodded, and
forklifted–caused national outrage. As a supplier to the National School Lunch
Program NSLP, the company had agreed to follow strict animal welfare standards
in its contract with the U.S. Department of Agriculture. The litigation stems
from the company failing to live up to that contract. Downer cows are not
legally allowed to enter the food supply, in part because they are at increased
risk for BSE, otherwise known as mad cow disease. Non-ambulatory animals are
also more likely to be contaminated with fecal matter and disease-causing
bacteria. The undercover abuse footage prompted a 143 million pound ground beef
recall; the vast majority of the meat was already consumed by the time it was
recalled. Source: http://www.foodsafetynews.com/2012/11/landmark-settlement-reached-in-westlandhallmark-meat-case/
• Human waste has been pouring into New York
Harbor from the fifth largest sewage treatment plant in the country since it
was hit by Hurricane Sandy, and the operator of the plant cannot predict when
it will stop, WNBC 4 New York reported November 16. – WNBC 4 New York
21.
November 16, WNBC 4 New York – (New York;
New Jersey) Human waste continues to pour into NY harbor after Sandy. Human
waste has been pouring into New York Harbor from the fifth largest sewage
treatment plant in the country since it was hit by Hurricane Sandy, and the
operator of the plant cannot predict when it will stop, WNBC 4 New York
reported November 16. A 12-foot surge of water swamped the Newark, New Jersey
plant that serves some three million people when Sandy struck October 29. The
plant has pumped more than three billion gallons of untreated or partially
treated wastewater into local waterways since then. The executive director of
the Passaic Valley Sewerage Commission, only said “ASAP” when asked about when
repairs to the sprawling facility could be made. Until then, the main outfall
will continue dumping millions of gallons of partially treated human waste a
day. Pathogens in partially treated waste are a health hazard and public safety
threat, officials said. Fishing, crabbing, and shellfishing bans in the New
Jersey waters of the harbor will remain in effect, said a Department of
Environmental Protection spokesman. The New York City Department of
Environmental Protection also issued an advisory to residents to avoid contact
with the water. Source: http://www.nbcnewyork.com/news/local/Passaic-Valley-Sewerage-Commission-Newark-Plant-Human-Waste-179571291.html
• Police are searching for a gunman who they
say used the same weapon to kill three Brooklyn, New York shopkeepers since
July. All three victims were of Middle Eastern descent and their stores are
within a 5-mile radius. – CBS News; Associated Press
38.
November 19, CBS News; Associated Press –
(New York) Brooklyn serial killer: Gunman sought in three shopkeeper
slayings, NYPD says. Police are searching for a gunman who they say used
the same weapon to kill three Brooklyn, New York shopkeepers since July, CBS
News and the Associated Press reported November 19. All three victims were of
Middle Eastern descent. Their stores are within a 5-mile radius, and none of
them have surveillance cameras. The last victim was killed at his store, She
She, in Brooklyn’s Flatbush section November 16. Police said that ballistics
evidence connected the same gun to the shooting deaths of two other Brooklyn
shopkeepers over the summer of 2012. A clothing store owner was killed inside
Valentino Fashion in Bay Ridge July 6. Another victim was found dead August 2
at his Amazing 99 Cents Deal shop in Bensonhurst. Source: http://www.cbsnews.com/8301-504083_162-57551667-504083/brooklyn-serial-killer-gunman-sought-in-three-shopkeeper-slayings-nypd-says/
• A suspect in Bolivar, Missouri, was accused
of planning a movie theater massacre at a screening of the final “Twilight”
movie after police were alerted that he purchased 400 rounds of ammunition and
two assault rifles for the planned attack. – ABC News
42.
November 16, ABC News – (Missouri) Cops
stop alleged movie theater gun plot. A suspect in Bolivar, Missouri, was
accused of planning a movie theater massacre at a screening of the final
“Twilight” movie. He was charged November 16 with first-degree assault, making
a terroristic threat, and armed criminal action after his mother alerted police
that he had purchased 400 rounds of ammunition and two assault rifles “very
similar to the ones in Aurora, Colorado, movie theater shooting,” according to
probable cause statement issued by the Bolivar Police Department. The suspect
allegedly told the police that he had already purchased a ticket for the
November 18 screening of “The Twilight Saga: Breaking Dawn — Part 2.” He said he
also planned to shoot up a nearby Wal-Mart store, according to the statement.
He had previously threatened to stab a Wal-Mart employee in 2009. Police
characterized the suspect as “being off his medication,” but he was able to
purchase the rifles November 12 and November 13. Source: http://abcnews.go.com/US/cops-stop-alleged-movie-theater-gun-plot/story?id=17742369#.UKph_K7kGok
Details
Banking and Finance Sector
9. November 17, Bloomberg News – (New York) Ex-Refco
lawyer guilty of aiding $2.4 billion fraud. Refco Inc.’s former outside
lawyer whose 2009 fraud conviction was reversed in January was again found
guilty by a jury in federal court in New York City, Bloomberg News reported
November 17. Prosecutors claimed he helped Refco’s Chief Executive Officer and
other executives defraud investors of $2.4 billion. Jurors found the lawyer
guilty of one count of conspiracy and two counts each of securities fraud, wire
fraud, and filing false statements with the U.S. Securities and Exchange
Commission. The new trial had been granted by a U.S. appeals court, which ruled
that the judge in the first trial improperly instructed a deliberating juror
outside the presence of the accused’s lawyers. Prosecutors at the second trial
accused him of helping New York-based Refco’s management hide transactions that
concealed losses. ”Over and over and over again, [he] ignored his duties as an
officer of the court by actively participating in the crimes of his client —
telling blatant lies, falsifying important documents, and concealing others,” a
U.S. Attorney said in a statement. Source: http://www.businessweek.com/news/2012-11-16/ex-refco-lawyer-guilty-of-aiding-2-dot-4-billion-fraud
10. November 17, Orange County Register –
(California) FBI: ‘Don’t Even Bandit’ robs bank in Fullerton. A man
authorities believe to be the “Don’t Even Bandit” is suspected of robbing a
Chase bank branch in Fullerton, California, November 16. A man walked into the
bank branch, handed a teller a note demanding money, and left with an
undisclosed amount of cash, police said. The robber is suspected of being the
“Don’t Even Bandit,” a FBI special agent said. The “Don’t Even Bandit” is
believed to have carried out at least six bank robberies in California,
including a holdup at a Bank of America in Garden Grove in early October.
According to news reports, he got his name after his threats to witnesses of
earlier robberies included the words “don’t even.” Source: http://www.ocregister.com/news/bank-378024-don-bandit.html
Information Technology Sector
31. November
19, The H – (International) Trojan uses Google Docs to communicate with
its control server. IT security firm Symantec discovered a trojan called
Backdoor.Makadocs that hides in Rich Text Format (RTF) and Microsoft Word
documents and injects malicious code via Trojan.Dropper. It uses the Google
Docs service’s Viewer feature to communicate with its command-and-control
(C&C) server. Symantec currently rates the trojan’s threat level as “very
low”. In a post on its blog, the company says that the carrier document appears
to primarily target users in Brazil. The malware transfers information such as
the infected computer’s host name and operating system. Symantec says that it
has already been updated for Microsoft’s newly released Windows 8 and Windows
Server 2012 operating systems. The unusual characteristic of the trojan is the
use of Google Docs. Using the viewer to contact the trojan’s C&C server
prevents the data traffic between the infected system and the C&C server
from being discovered as Google Docs connections are encrypted using HTTPS.
However, the company added that Google could prevent the viewer from being
misused by implementing a firewall. Source: http://www.h-online.com/security/news/item/Trojan-uses-Google-Docs-to-communicate-with-its-control-server-1752343.html
32. November
19, Associated Press – (National) Judge approves FTC’s $22.5M fine of Google. A
federal judge approved a $22.5 million fine to penalize Google for an alleged
privacy breach, rejecting a consumer-rights group’s plea for tougher
punishment. The rebuke resolves allegations that Google duped millions of Web
surfers using the Safari browser into believing their online activities could
not be tracked by the company as long as they did not change the browser’s
privacy settings. That assurance was posted on Google’s Web site earlier this
year, even as the Internet search leader was inserting computer coding that
bypassed Safari’s automatic settings and enabled the company to peer into the
online lives of the browser’s users. The U.S. Federal Trade Commission concluded
that the contradiction between Google’s stealth tracking and its privacy
assurances to Safari users violated a vow the company made in another
settlement with the agency in 2011. Google had promised not to mislead people
about its privacy practices. Source: http://www.boston.com/business/technology/2012/11/19/judge-approves-ftc-fine-google/aR6ovDPNRs0upay1mIDCGP/story.html
33. November
19, Help Net Security – (International) Google Chrome app grabs
identities, forges blogs in victims’ name to promote scam. A Google Chrome
app that promises to change the color of Facebook accounts instead nabs
authentication cookies and generates dozens of blogs registered to the victims’
Gmail address, Bitdefender warns. Once the malicious app is installed from
Google’s Chrome Web Store, it starts displaying a large Google Ads banner
redirecting users to a “work from home scam.” When clicking the sign-up link,
users are redirected to a fraudulent Web site. The blogs generated under the
email address of the victims, which are used in further disseminating the scam,
have registered a large number of hits among users in the United States, the
United Kingdom, Germany, Spain, Romania, and other countries. The app can also
post wall messages on the victims’ account. The messages use friend tagging to
convince the victim’s friends to visit the blog domains. Each time the app
posts on a users’ timeline, it links to one of the auto-generated blogs to
avoid blacklisting. According to Softpedia, the app in question - “Modify Your
Facebook Color” - has been downloaded from the Play Store by over 38,000 users.
Source: http://www.net-security.org/secworld.php?id=13977&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader
34. November
19, IDG News Service – (International) Hackers break into two FreeBSD Project
servers using stolen SSH keys. Hackers compromised two servers used by the
FreeBSD Project to build third-party software packages. Anyone who has installed
such packages since September 19 should completely reinstall their machines,
the project’s security team warned. Intrusions on two machines within the
FreeBSD.org cluster were detected November 11, the FreeBSD security team said
November 17. The two compromised servers acted as nodes for the project’s
legacy third-party package-building infrastructure. The incident only affected
the collection of third-party software packages distributed by the project and
not the operating system’s “base” components, such as the kernel, system
libraries, compiler, or core command-line tools. The FreeBSD security team
believes the intruders gained access to the servers using a legitimate SSH
authentication key stolen from a developer, and not by exploiting a vulnerability
in the operating system. The package sets currently available for all versions
of FreeBSD have been validated and none of them have been altered in any way,
the team said. Source: http://www.computerworld.com/s/article/9233822/Hackers_break_into_two_FreeBSD_Project_servers_using_stolen_SSH_keys?source=rss_security&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+computerworld/s/feed/topic/17+(Computerworld+Security+News)&ut
35. November
19, Threatpost – (International) Facebook enabling HTTPS by default for North
American users. Facebook the week of November 19 will begin turning on
secure browsing by default for its millions of users in North America. The
change will make HTTPS the default connection option for all Facebook sessions
for those users, a shift that gives them a good baseline level of security and
will help prevent some common attacks. Facebook users have had the option of
turning on HTTPS since early 2011 when the company reacted to attention
surrounding the Firesheep attacks. However, the technology was not enabled by
default and users had to manually make the change in order to get the better
protection of HTTPS. Now, users will have to manually turn HTTPS off if they do
not want it, a distinction that is a major change, especially for Facebook’s
massive user base, which has become a major target for attackers. Source: http://threatpost.com/en_us/blogs/facebook-enabling-https-default-north-american-users-111912
Communications Sector
36.
November 19, Radio Ink – (Ohio) Two
charged with stealing copper from Radio One. Federal authorities in
Cleveland charged a man and a woman with the malicious destruction of
federally-licensed communications lines under the domestic terrorism provision
of the law, Radio Ink reported November 19. The Radio One Cleveland chief
engineer said the copper was stolen from WJMO 1300 AM Cleveland. He said thieves
pulled up the four-inch copper strap surrounding all four antenna tuning units
(dog houses) and disconnected all 480 ground radials in the process. The
indictment charges that August 17 or August 18, the man and woman unlawfully
entered the property of Radio One and willfully and maliciously destroyed and
removed copper material from four radio-station towers situated on the
property. Emergency repairs cost nearly $11,000 while permanent repairs will
cost an estimated $125,000, according to the indictment. Source: http://www.radioink.com/Article.asp?id=2576604&spid=24698
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.
No comments:
Post a Comment