Tuesday, July 3, 2012 

Daily Report

Top Stories

• Millions of people in a number of States along the East Coast and farther west went into a third day without power July 2 after a round of summer storms that killed more than a dozen people, destroyed homes and businesses, and wreaked havoc on area travel. – Associated Press

2. July 2, Associated Press – (National) At least 22 dead after US storms cut power in East. Millions of people in a swath of States along the East Coast and farther west went into a third sweltering day without power July 2 after a round of summer storms that killed more than a dozen people. The outages left many to contend with stifling homes and spoiled foodas temperatures approached or exceeded 100 degrees. Around 2 million customers from North Carolina to New Jersey and as far west as Illinois were without power, that was down from the more than 3 million homes and businesses that lost power shortly after the June 29 storm hit. Utility officials said the power would likely be out for several more days. Since June 29, severe weather was blamed for at least 22 deaths, most from trees falling on homes and cars. The power outages prompted concerns of traffic problems as commuters took to roads with darkened stoplights. There were more than 400 signal outages in Maryland July 2, including more than 330 in hard-hit Montgomery County outside the nation’s capital, according to the State Highway Administration. There were 100 signal outages in northern Virginia late July 1, and 65 roads were closed, although most were secondary roads. Power crews from as far away as Florida and Oklahoma were headed to the mid-Atlantic region to help get the power back on. Source: http://www.businessweek.com/ap/2012-07-02/at-least-22-dead-after-us-storms-cut-power-in-east

 • A programming error on a massive New York Stock Exchange trade by a broker-dealer June 29 was caught before it caused a “disastrous” set of events at market close that could have cost millions, the exchange said. – Reuters See item 14 below in the Banking and Finance Sector

 • GlaxoSmithKline was fined $3 billion in the largest fraud settlement in U.S. history for failing to report safety data on some of its most popular prescription drugs. – CNNMoney

40. July 2, CNNMoney – (National) GlaxoSmithKline in $3 billion fraud settlement. GlaxoSmithKline was fined $3 billion July 2 by the U.S. Department of Justice after failing to report safety data on some of its most popular drugs. The payment is the largest fraud settlement in U.S. history, and the largest payment ever by a drug company. GlaxoSmithKline will plead guilty to two counts of introducing misbranded drugs, Paxil and Wellbutrin, into interstate commerce. Specifically, the government alleged the drugs were marketed as a treatment for conditions for which they had not been approved. It said Paxil, which treats depression and anxiety disorders in adults, was marketed to children and adolescents, and Wellbutrin, an antidepressant, was marketed as a weight-loss aid. A third count involved a failure to report safety data about the drug Avandia, a diabetes drug, to the Food and Drug Administration between 2001 and 2007. GlaxoSmithKline also reached a 5-year compliance agreement with the Department of Health and Human Services. Under terms of the deal, company executives could forfeit annual bonuses if they or their subordinates engage in significant misconduct, and sales agents are now being paid based on quality of service rather than sales targets. Source: http://money.cnn.com/2012/07/02/news/companies/GlaxoSmithKline-settlement/index.htm?hpt=hp_t2

 • Using only $1,000 worth of equipment, a group of researchers from the University of Texas at Austin hijacked a small drone, highlighting the vulnerabilities of unencrypted GPS signals. – Discover Magazine

44. July 1, Discover Magazine – (National) Unencrypted GPS lets hackers take control of drones. Using only $1,000 worth of equipment, a group of researchers from the University of Texas at Austin hijacked a small drone, highlighting the vulnerabilities of unencrypted GPS signals, Discover Magazine reported July 1. While the powerful military drones used overseas use encrypted GPS signals, the ones in the United States rely on signals from open civilian GPS, which makes them vulnerable to GPS “spoofing.” The head of the university’s Radionavigation Laboratory and his team put on a demonstration for representatives of the Federal Aviation Administration and the DHS. To take control of the drone, the research group generated a fake GPS signal to match the real one, and then used the fake signal to overwhelm the real one, placing the drone under their control. The lead researcher predicts there could be as many as 30,000 drones patrolling the skies by 2020 and recommends investment in some resources in the authentication of civilian GPS signals. Source: http://blogs.discovermagazine.com/80beats/2012/07/01/unencrypted-gps-lets-hackers-take-control-of-drones/

 • U.S. critical infrastructure firms saw an increase in the number of reported cybersecurity incidents between 2009 and 2011, according to a new report from the U.S. Industrial Control System Cyber Emergency Response Team. – Dark Reading See item 54 below in the Information Technology Sector

 • California officials approved a plan that suggests major investments in the State’s aging system of levees that protect water, freeways, homes, and farmland in the Central Valley, an area ranked as of the nation’s highest flood risks. – Associated Press

68. June 29, Associated Press – (California) Calif. approves flood plan for Central Valley. California officials approved a plan June 29 that recommends major investments in the State’s aging system of levees that protect people and farmland in the Central Valley, an area with one of the highest flood risks in the nation. The plan, adopted by the Central Valley Flood Protection Board, calls for as much as $17 billion in repairs and new investments in the levees and other infrastructure, including $5 billion in bond funds already approved by State voters. Officials and experts agree the flood control system built along the Sacramento and San Joaquin rivers by farmers and governments over the past 150 years is in disrepair. About 1 million Californians live in the floodplains, and the levees protect an estimated $69 billion in assets, including the State’s water supply, major freeways, agricultural land, and the valley’s remaining wetland and riparian habitat, yet more than half of the region’s urban and rural levees do not meet standards. Also, about half of the channels are believed to be inadequate to handle projected flooding. The plan does not include specific projects but offers recommendations concerning floodway and bypass expansion; improvements to intake and gate structures; urban and rural levee repairs; fish passage improvements; and ecosystem restoration. The plan also outlines new flood protection requirements for cities and counties. The State will now require urban communities that want to do new development to achieve 200-year flood protection — double the federal standard — by 2025. Source: http://www.mercurynews.com/news/ci_20974166/calif-approves-flood-plan-central-valley


Banking and Finance Sector 

11. July 29, Nextgov – (National; International) Buyer beware: Mobile payments might not be protected. Some current financial rules may not be fully up to the task of regulating the growing number of mobile payment systems, government officials told a House subcommittee June 29. The associate general counsel for the Federal Reserve Board of Governors warned members of the House Financial Services Subcommittee on Financial Institutions and Consumer Credit that in the broader regulatory scheme many mobile systems may not be covered, especially those used by people or organizations that are not banks. Mobile payments usually refer to making purchases, bill payments, charitable donations, or payments to other persons using a mobile device, with the payment applied to a phone bill, credit card, or withdrawn directly from a bank account. As mobile payment options have multiplied, however, concerns have been raised over ensuring the transactions are secure and private; and that consumers have recourse if something goes wrong. Source: http://www.nextgov.com/mobile/2012/06/buyer-beware-mobile-payments-might-not-be-protected/56540/

12. July 2, BankInfoSecurity – (National) Phisher convicted in massive scheme. An Atlanta man was convicted for the role he played in a massive phishing and fraud scheme that targeted Chase Bank, Bank of America, Branch Bank and Trust Co., and payroll processor ADP June 27. The man was convicted of conspiracy to commit wire fraud, identity theft, and conspiracy to gain unauthorized access to protected computers, according to a statement issued by the New Jersey U.S. Attorney’s Office. Authorities said the scheme defrauded the banks and ADP of $1.5 million. Two other defendants in the case previously pleaded guilty, one is in custody, and another is detained in Nigeria pending extradition. Two others remain at large. The phishing attacks directed unsuspecting users to spoofed or fake Web pages designed to mimic legitimate sites. Once on the spoofed sites, consumers were conned into entering confidential personal and financial information, including their names, dates of birth, Social Security numbers, mothers’ maiden names, and online account usernames and passwords. The convicted defendant and others used the stolen usernames and passwords to hack and compromise accounts, as well as initiate unauthorized transactions and withdrawals. Source: http://www.bankinfosecurity.com/phisher-convicted-in-massive-scheme-a-4911

13. June 29, InformationWeek – (International) Banking trojan harvests newspaper readers’ credentials. Security firm ESET warned of financial malware trying to harvest usernames and passwords from a major newspaper’s Web site, Information Week reported June 29. ESET said it observed financial malware known variously as Gataka and Tatanga being used in four recent attack campaigns. Targets include banks in Germany and the Netherlands, as well as an attack “trying to obtain accounts on a major U.S. newspaper’s Web site by performing brute-force guesses of usernames and passwords,” a malware researcher at ESET said. In all of the campaigns, ESET observed the malware connecting with between three and 10 different hacked Web pages, which served as proxies for the botnet’s command-and-control server. The researcher estimated that the underlying botnet contained “somewhere between 20,000 and 40,000 infected hosts,” with the vast majority of compromised PCs located in Germany. The Gataka malware itself was first detailed by S21sec in February 2011. The security firm dubbed the trojan application, written in C++, as being “rather sophisticated” given its ability to hide on infected systems. It does that in part by downloading encrypted modules after it infects a system. According to S21sec, these modules or plug-ins offer additional functionality and are decrypted in memory when injected to the browser or other processes to avoid detection by antivirus software. Source: http://www.informationweek.com/news/security/vulnerabilities/240003004

14. June 29, Reuters – (National; International) NYSE catch saves broker from disastrous blunder. A programming error on a massive New York Stock Exchange (NYSE) trade by a broker-dealer June 29 nearly caused a “disastrous” set of events at market close that could have cost millions but was caught by a person overseeing end of day trading, the exchange said. A broker-dealer placed an order at closing for 17 million shares of Monster Worldwide, which was trading at $8.50 a share, with no offers in site, which seemed unusual given the thin book for the stock. The Designated Market Manager, a NYSE monitor, saw it, alerted the operations staff, the stock was halted, and the broker-dealer was contacted. It turned out the broker-dealer did not want to buy Monster Worldwide. Rather, it was looking to buy an unspecified amount of Monster Beverage Corp. Had the 17 million share order gone through, the stock, which had a share buy imbalance of 17,000, would have soared as the buy orders — there were about 60 of them — would have continued to automatically execute until there were no more offers. Source: http://www.reuters.com/article/2012/06/29/nyse-marketstructure-blunder-idUSL2E8HTJLC20120629

15. June 29, Washington Post – (International) U.S. targets informal banks for alleged aid to Taliban. The U.S. administration imposed sanctions on a pair of informal money-exchange networks in Afghanistan and Pakistan June 29 in what officials described as the first use of the tactic to attack the financial underpinnings of Taliban militants who rely on the system to fund their insurgency. The sanctions announced by the Treasury Department were coordinated with similar measures adopted by the United Nations as part of a broad effort to slow the flow of cash used by the Taliban to pay salaries and purchase weapons for attacks in Afghanistan. The informal cash networks — commonly known as hawalas — have long been used by Taliban commanders and other militants to move funds back and forth across the Afghan-Pakistani border, according to administration officials. The two hawalas were identified as the Haji Khairullah Haji Sattar Money Exchange and the Roshan Money Exchange. Treasury Department documents alleged that Afghan Taliban commanders maintained accounts in both networks and regularly withdrew thousands of dollars to pay off Taliban-backed “shadow” governors, buy weapons, and pay fighters’ salaries. Source: http://www.washingtonpost.com/world/national-security/us-targets-informal-banks-for-alleged-aid-to-taliban/2012/06/29/gJQAWAInBW_story.html

16. June 28, U.S. Department of Justice – (Ohio; Indiana; Kentucky) Operators of $8.9 million Ponzi scheme plead guilty to federal charges. The U.S. Department of Justice announced June 28 that a man from Cincinnati and another from Brookville, Indiana, each pleaded guilty to one count of conspiracy to commit mail and wire fraud, one count of obstruction of justice, and one count of income tax evasion for running an investment scheme, The scheme ensnared about 72 investors in Ohio, Indiana, and Kentucky who lost $8,924,451.46. According to court documents, the men claimed they were licensed through CityFund or Dunhill to sell securities. They solicited investors between 2003 and March 2011 to invest in a “day trading” Ponzi scheme. They told investors the strategy involved purchasing large blocks of stocks in overseas markets with the investment liquidated to cash before the close of the trading day. Investors were guaranteed profits of 10 to 15 percent and in some cases even 30 percent. Many victims rolled over their retirement accounts into the scheme based on false promises of lucrative gains. All of the representations made by the men were false. Neither of them was licensed to sell securities, nor were the CityFund or Dunhill entities licensed broker firms. Most of the investors’ funds were never invested in anything. Rather, they spent most of the money on themselves, paying for their exorbitant personal expenses and lifestyles. Source: http://www.justice.gov/usao/ohs/news/06-28-12.html

Information Technology Sector

50. July 2, Help Net Security – (International) Blackhole exploit kit got upgraded. Phoenix and Blackhole are the most popular and widely used exploit kits because their creators are always tinkering with them and pushing out updates and improved attack capabilities. Blackhole’s authors recently added the still unpatched XML Core Services vulnerability to the pack and also changed the JavaScript code that initiates the exploitation sequence so it can dynamically generate new domain domains, Help Net Security reported July 2. “If the location or URL for the iframe, which actually contains the malicious code, changes or is taken down, all of the compromised sites will have to be updated to point to this new location,” Symantec researchers explained. “To deal with this, the Blackhole JavaScript code on compromised sites now dynamically generates pseudo-random domains based on the date and other information, and then creates an iframe pointing to the generated domain.” Source: http://www.net-security.org/secworld.php?id=13189&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader

51. July 2, H Security – (International) VLC Media Player 2.0.2 adds Retina display support. July 1, the VideoLAN project released the second point update to version 2.0 of its VLC Media Player. According to its developers, the major update to the open source media player software fixes “a lot of regressions” in the 2.0.x branch, which was already downloaded more than 100 million times. The update fixes an Ogg-related heap-based buffer overflow and a vulnerability (CVE-2012-2396) that could be used to cause a denial-of-service condition when opening a specially crafted MP4 file. Source: http://www.h-online.com/security/news/item/VLC-Media-Player-2-0-2-adds-Retina-display-support-1629967.html

52. July 2, H Security – (International) Serious holes in Cisco WebEx player patched. Cisco published an advisory concerning four buffer overflows in the Cisco WebEx player and one buffer overflow in the Cisco Advanced Format player running on Windows, Mac OS X, and Linux, H Security reported July 2. According to Cisco, the vulnerabilities could allow an attacker to execute code on a system. The players are used to play back WebEx meeting recordings and are automatically installed when required by WebEx meetings. Exploiting the applications requires the playback of a maliciously constructed recording file that can either be delivered by e-mail or by getting the user to visit a malicious Web page; the vulnerabilities are not exploitable within a WebEx meeting. Source: http://www.h-online.com/security/news/item/Serious-holes-in-Cisco-WebEx-player-patched-1629845.html

53. June 29, Threatpost – (International) Mac OS X, Windows backdoors used in new APT attacks. A new Mac OS X backdoor variant was recently detected. It targets a Turkic ethnic group in central Asia, according to Kaspersky Lab. Researchers intercepted an advanced persistent threat campaign earlier the week of June 25 that targeted Uyghur Mac users. Researchers appear to have traced the command and control server to an IP address in China. Similar to Kaspersky’s discovery, AlienVault Labs claims to have found another backdoor that affects Windows users. Transmitted through e-mail, the attack also includes a zip file along with a Winrar file. The file extracts a binary that goes on to copy itself but not before dropping a DLL file on the system. After it is injected, the DLL file appears to help initiate Gh0st RAT, a remote access tool. Source: http://threatpost.com/en_us/blogs/mac-os-x-windows-backdoors-used-new-apt-attacks-062912

54. June 29, Dark Reading – (International) U.S. critical infrastructure cyberattack reports jump dramatically. U.S. critical infrastructure companies saw a dramatic increase in the number of reported cybersecurity incidents between 2009 and 2011, according to a new report from the U.S. Industrial Control System Cyber Emergency Response Team (ICS-CERT). In 2009, ICS-CERT fielded nine incident reports. In 2010, that number increased to 41. In 2011, it was 198. Of those 198, 7 resulted in the deployment of onsite incident response teams from ICS-CERT, and 21 of the other incidents involved remote analysis efforts by the Advanced Analytics Lab. Incidents specific to the water sector, when added to those that impacted multiple sectors, accounted for more than half of the incidents due to a larger number of Internet-facing control system devices reported by independent researchers, according to the report. Source: http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240003029/
For more stories, see items 11, 12 and 13 above in the Banking and Finance Sector and 55 below in the Communications Sector

Communications Sector 

55. June 30, Associated Press – (National) Storm knocks out servers for 3 websites. Netflix, Instagram, and Pinterest were using Twitter and Facebook to update subscribers after a June 29 Virginia storm caused server outages for hours. Netflix and Pinterest restored service by June 30. Instagram engineers were working to restore service, but no data was lost. The three Web sites are customers of Amazon Inc.’s Web services division. An Amazon spokeswoman said in an e-mail that the storm cut power to some of the company’s operations. Netflix, a video streaming service, tweeted that subscribers should reconnect if they still experienced problems. The online scrapbook service Pinterest said employees were working on remaining issues that may affect performance. Source: http://www.wwlp.com/dpps/news/national/storm-knocks-out-servers-for-3-websites_4222995

For more stories, see items 11 above in the Banking and Finance Sector and 52 above in the Information Technology Sector