Monday, September 17, 2012
Daily Report
Top Stories
• Three antiwar advocates targeted the Y-12
National Security Complex in Tennessee for infiltration after considering two
other U.S. nuclear-weapons locations. The trio used open-source information to
plot the unauthorized entry. – Global Security Newswire
8. September
14, Global Security Newswire – (Tennessee) Y-12 protesters
mulled infiltrating New Mexico, Missouri nuclear sites: Report. A group of
three antiwar advocates targeted the Y-12 National Security Complex in
Tennessee for infiltration after considering two alternative U.S.
nuclear-weapon locations, and the trio used open-source information to plot the
unauthorized entry over a period of months, one of the trespassers said
September 12 in comments reported by the Knoxville News Sentinel. The members
of the antinuclear group Transform Now Plowshares infiltrated the Oak Ridge
site’s ―Protected Area‖ July 28, where a facility holding large quantities of
weapon-grade uranium is located. The three had enough time to allegedly pour
out blood, put up signs, and paint on the sides of buildings before they were
discovered and apprehended. The group’s final member to be freed from detention
said the group also considered attempting entry at the Los Alamos National
Laboratory in New Mexico and the Kansas City Plant in Missouri. Both
installations house nuclear-weapon production facilities. Source: http://www.nti.org/gsn/article/y-12-protesters-mulled-infiltrating-new-mexico-kansas-nuclear-sites/
• Vaccine protection for children against
pertussis wanes 5 years after they receive their last dose, which could be
fueling large recent outbreaks, according to a new study. – Center for
Infectious Disease Research and Policy
29.
September 13, Center for Infectious Disease
Research and Policy – (California; National) Outbreak study
details waning protection from pertussis vaccine. The Center for Infectious
Disease Research and Policy reported September 13 that a detailed look at
California children during the State’s large pertussis outbreak in 2010
revealed that protection from the diphtheria, tetanus, and pertussis (DTaP)
vaccine wanes 5 years after children receive their last dose, which could be
fueling outbreaks. The findings come on the heels of a warning earlier this
summer from the Centers for Disease Control and Prevention (CDC). The agency,
along with State health department partners, found an unusual illness spike in
13- and 14-year-olds in Washington, which also raised the possibility of waning
pertussis (whooping cough) vaccine protection. The United States was headed
toward its worst pertussis year in decades, CDC officials said in July, and two
States — Washington and Colorado — have declared epidemics. Source: http://www.cidrap.umn.edu/cidrap/content/other/news/sep1312pertussis.html
• Two colleges, in North Dakota and Texas,
were evacuated and classes were cancelled after they received bomb threats
September 14. – Reuters
31.
September 14, Reuters – (North Dakota;
Texas; Indiana) Texas, North Dakota universities re-opened after bomb
scares. The University of Texas at Austin allowed students back into the
school’s buildings September 14 after officials earlier evacuated them due to a
bomb threat called in by a man who said he was linked to al Qa’ida. Minutes
after the University of Texas ordered an evacuation, North Dakota State
University in Fargo issued its own warning about a bomb threat and told
everyone to leave its buildings. North Dakota State was also eventually
re-opened after an investigation. A third school, Valparaiso University in Valparaiso,
Indiana, also issued a security warning September 14. ―An unspecific threat to
campus was made through a graffiti message alluding to dangerous and criminal
activity alleged to be carried out during the chapel break period on Friday,‖
said a posting on its Web site. The university said it had added additional
security. Source: http://www.reuters.com/article/2012/09/14/us-usa-texas-evacuation-idUSBRE88D10R20120914
• Violent homegrown extremists are
increasingly targeting law enforcement officers and are using public
information to circumvent counter-terror tactics protecting them, according to
a new bulletin. – Government Security News
36.
September 14, Government Security News –
(National) Law enforcement can become go-to targets for terrorists, bulletin
warns. Violent homegrown extremists see U.S. law enforcement officers as
targets in the face of tougher security at more fortified locations and have
access to publicly available information to help them circumvent counter-terror
tactics protecting officers, according to an unclassified bulletin by the
National Counterterrorism Center (NCTC), Government Security News reported
September 14. The bulletin was disseminated August 2, and said law enforcement
entities are being identified by ―homegrown violent extremists (HVEs)‖ as
strategic targets and targets of opportunity. The bulletin was posted on the Public
Intelligence information site September 12, and stated the tactics used by
undercover operations and other law enforcement to track domestic terror groups
has created a feeling among a ―core element‖ of HVEs that sees such operations
as persecution, reflecting an ―inherent aggression towards Islam‖. Law
enforcement has used information and undercover operations to disrupt a ―a
number of high-profile plots since 2009,‖ it said. It warned that public
disclosure of law-enforcement operations in the media and in publicly available
court documents can lead to officers being targets of plots. Source: http://www.gsnmagazine.com/node/27277?c=law_enforcement_first_responders
• Enfal malware has infected hundreds of
computers, targeting defense contractors, nuclear and energy employees, and
government groups, researchers said. – Softpedia See item 41 below in the Information Technology Sector
Details
Banking and Finance Sector
11. September
14, Associated Press – (Oklahoma; National) ‘Bucket List Bandit’ caught in Okla.
after crime spree. An FBI agent said a suspect dubbed the ―Bucket List Bandit,
who is believed to be responsible for bank robberies in nine States, was
arrested in Oklahoma City September 13. The FBI nicknamed the robber the
―Bucket List Bandit‖ after he allegedly told a Utah bank teller he had only 4
months to live. A warrant charged the man with robbing the Huntingdon National
Bank branch in Erie, Pennsylvania, September 10. It said a confidential
informant gave the FBI his name and birth date. Authorities then reviewed
surveillance video and found an ―obvious likeness‖ to him during robberies in
Missouri, Colorado, Arizona, Idaho, Utah, North Carolina, Tennessee, and
Illinois. Source: http://www.csmonitor.com/USA/Latest-News-Wires/2012/0914/Bucket-List-Bandit-caught-in-Okla.-after-crime-spree
12. September
14, Asbury Park Press – (New Jersey) Freehold Twp. man charged
in bank fraud. A Freehold Township, New Jersey man was one of eight people
charged September 13 by federal authorities with conspiracy to commit bank
fraud and money laundering as part of a more than $30 million mortgage fraud
scheme. Authorities said the man was part owner of Woodbridge-based Premiere
Mortgage Services. Through his company, fraudulent documents of ―straw buyers‖
were submitted to financial institutions asserting the buyers had more assets
and income than they actually did, according to authorities. When the financial
institutions approved the mortgages, he and others split the proceeds,
authorities said. The properties went into foreclosure, defrauding the banks
and other companies of millions. Two Brazilian nationals involved in the scheme
remain at large. Source: http://www.app.com/article/20120913/NJNEWS/309130066/Freehold-Twp-man-charged-in-bank-fraud
13. September
14, Associated Press – (International) Prosecutor: UBS trader accused of $2.3
billion fraud ‘caused chaos,’ risked bringing down bank. A senior trader at
the Swiss bank UBS was a ―master fraudster who lost his bank $2.3 billion,
imperiling its very existence through risky deals and deceit in a bid to
improve his status, bonus, and job prospects, prosecutors said September 14. A
prosecution lawyer told a British jury that the man lied to his employer,
invented clients, and breached the bank’s safeguards against high-risk trading
between 2008 and 2011. The man was a senior equities trader with the bank in
London when he was arrested in September 2011 after UBS discovered
irregularities in trading records. He pleaded not guilty to two counts of fraud
and two counts of false accounting. The fraud wiped $4.5 billion, or 10
percent, off the share price of Switzerland’s biggest bank. Source: http://www.washingtonpost.com/business/ex-ubs-trader-goes-on-trial-accused-of-fraud-that-cost-swiss-bank-2-billion/2012/09/14/d0ed09b6-fe3b-11e1-98c6-ec0a0a93f8eb_story.html
14. September
12, KABC 7 Los Angeles – (California) ‘$5K Bandit’ robs same Los
Alamitos bank 3 times in 14 months. A knife-wielding suspect robbed a US
Bank branch in Los Alamitos, California, for the third time in 14 months
September 11, police said. The suspect, dubbed the ―$5K Bandit‖ by the FBI,
entered the bank branch, demanded money from tellers, and threatened them with
a large butcher knife. The suspect jumped over the bank counter with the knife
in his hand. The amount of money stolen was not disclosed. Source: http://abclocal.go.com/kabc/story?section=news/local/orange_county&id=8808357
Information Technology Sector
39. September
14, The Register – (International) Smartmobe Wi-Fi blabs far too much about us,
warn experts. Smartphones leak far more personal information about their
users than previously imagined, according to new research. Security researchers
at Sensepost were able to track and profile users and their devices by
observing the phones’ attempts to join Wi-Fi networks. The researchers created
their own distributed data interception framework that profiled mobile devices,
laptops, and their users in real-time. Smartphones tend to keep a record of
Wi-Fi base stations their users previously connected to, and often poll the
airwaves to see if a recognized network is within reach. Although this is
supposed to make joining wireless networks seamless for users, it also makes it
easy for the researchers to link home addresses and other information to
individually identifiable devices. Source: http://www.theregister.co.uk/2012/09/14/smartphone_tracking_research/
40. September
14, The H – (International) Manipulated data causes BIND DNS servers to
crash. An advisory from the Austrian national Computer Emergency Readiness
Team (CERT) warns that the free DNS server BIND, which is maintained by the
Internet Systems Consortium, contains a security vulnerability that allows
attackers to crash it using specially crafted data records. The Austrian national
CERT explains that sealing off a server from the outside is not sufficient to
protect it against an attack. Apparently, a name server query could, for
example, be triggered by an email, causing the server to load the specially
crafted record. That the query appears to come ―from the inside‖ offers no
protection. Source: http://www.h-online.com/security/news/item/Manipulated-data-causes-BIND-DNS-servers-to-crash-1708087.html
41. September
14, Softpedia – (International) 874 systems from 33 countries infected with
Enfal malware, researchers find. The Enfal malware — best known for its
involvement in the LURID targeted attacks — is still causing a lot of damage.
Researchers said 874 computers from 33 different countries were infected with a
new version of the malicious trojan. An analysis of the command and control
(C&C) servers shows that most of the current victims reside in countries
such as Vietnam, Russia, and Mongolia. Other affected countries appear to be
China (29 infections), Philippines (11 infections), the United States (19
infections), India, and some Middle Eastern States. The main targets seem to be
government organizations, military and defense contractors, nuclear and energy
sectors, Tibetan communities, and the space and aviation industry, researchers
from Trend Micro noted. According to experts, the attacks start with a cleverly
designed email that carries malicious attachments. The attachment, a document
named Special General Meeting.doc, carries a trojan that exploits a vulnerability
in Microsoft Office to drop a backdoor onto the infected computer. Once the
trojan is on a system, the malware communicates with its designated C&C
server, allowing the cyber criminals to take complete control of the machine.
The modifications made to the traditional variant indicate the campaign
designers are trying to bypass security mechanisms such as network monitoring
and intrusion detection systems. Source: http://news.softpedia.com/news/874-Systems-from-33-Countries-Infected-with-Enfal-Malware-Researchers-Find-292206.shtml
42. September
13, Threatpost – (International) Research shows half of all Androids contain
known vulnerabilities. About half of all Android phones contain at least
one vulnerability that could be used to take control of the device, according
to new research. Duo Security, which launched a free vulnerability scanning
application for Android in the summer of 2012, said their preliminary data from
users shows a huge number of the devices are vulnerable to at least one of all
known Android flaws. The X-Ray app from Duo scans Android devices for a set of
known vulnerabilities in a variety of the Android releases. Many of them are
flaws attackers have used in the last few months. The main issue with Android
security and patches is that each carrier is responsible for pushing out new
versions of the operating system to its users, and they all do it on random
timelines. Also, users do not have to upgrade, so there is a good chance many
users are running older, vulnerable versions of Android at any given time.
Source: http://threatpost.com/en_us/blogs/research-shows-half-all-androids-contain-known-vulnerabilities-091312
43. September
13, Threatpost – (International) Google updates Chrome for Android, fixes
several vulnerabilities. Google issued a security update for its Chrome
operating system on Android devices, resolving seven medium-risk
vulnerabilities. On the Google Chrome Blog, a software engineer wrote that the
update strengthens Chrome for Android’s sandbox technology as well as resolving
seven other moderate bugs. The fix is available for users of Android 4.0 (Ice
Cream Sandwich) and 4.1 (Jelly Bean). Source: http://threatpost.com/en_us/blogs/google-updates-chrome-android-fixes-several-vulnerabilities-091312
44. September
13, IDG News Service – (International) ‘CRIME’ attack abuses SSL/TLS data
compression feature to hijack HTTPS sessions. The ―CRIME‖ attack announced
the week of September 3 exploits the data compression scheme used by the
Transport Layer Security (TLS) and SPDY protocols to decrypt user
authentication cookies from HTTPS traffic, one of the attack’s creators
confirmed September 13. The ―CRIME‖ attack was developed by two security
researchers who plan to present it the week of September 17 at the Ekoparty security
conference in Buenos Aires, Argentina. The week of September 3, the researchers
revealed that CRIME abuses an optional feature present in all versions of TLS
and Secure Sockets Layer (SSL) — the cryptographic protocols used by HTTPS.
However, they declined to name the feature at that time. Source: http://www.computerworld.com/s/article/9231281/_CRIME_attack_abuses_SSL_TLS_data_compression_feature_to_hijack_HTTPS_sessions
45. September 12, Threatpost – (International) Scammers
exploit Apple iPhone release with accessory offers. With the release for
Apple’s new iPhone 5 coming soon, scammers are exploiting the vast anticipation
for the device. The interest in the unreleased product is so wide that among
the first iPhone 5 mass spam campaigns is one attempting to push accessories
for the device rather than the more ambitious route of offering the recipients
a chance at acquiring the device itself. Source: http://threatpost.com/en_us/blogs/scammers-exploit-apple-iphone-release-accessory-offers-091212
For another story, see item 46 below in the Communications Sector
Communications Sector
46. September
13, Green County Record – (Virginia) Greene County customers lose
CenturyLink service. About 6,000 CenturyLink customers in Greene County,
Virginia, lost phone and Internet service for several hours September 13, after
a utility crew accidentally cut a fiber-optic line at U.S. 33 Business and the
Stanardsville Bypass. Homes, businesses, and the Greene County 9-1-1 dispatch
center were knocked offline. The CenturyLink’s vice president for Virginia
confirmed the incident and said the cut involved workers not affiliated with
the company. The Greene County sheriff said emergency calls were rerouted to
Charlottesville and county staff used cell phones and other unaffected land
lines to field non-emergency calls during the service interruption. The
CenturyLink vice president said all service was expected to be restored
September 13. Source: http://www2.dailyprogress.com/news/2012/sep/13/greene-county-customers-lose-centurylink-service-ar-2204166/
47. September
13, KPCC 89.3 FM Pasadena – (California) Sprint, Verizon, AT&T
sign $12 million settlement over 2007 Malibu Canyon fire. California
utility regulators settled a dispute with three telecommunication companies
over responsibility for a wildfire in Malibu in 2007, KPCC 89.3 FM Pasadena
reported September 13. When Santa Ana winds swept through Malibu Canyon in
October 2007, they knocked over three utility poles. Those poles sparked a fire
that burned nearly 4,000 square acres. It destroyed 14 structures and three
dozen cars. Cell phone firms had antennas on the poles, or shared pole
ownership with other telecommunication companies. The California Public Utilities
Commission investigated whether these five companies contributed to the fire by
unsafely mounting equipment there. The settlement resolves liability for three
companies: Sprint, Verizon, and AT&T. Together, those companies will pay
$12 million in equal shares. About $7 million will go to the State’s general
fund. The rest will go into a new utility pole inspection fund. The commission
is still investigating two more companies, Southern California Edison and
NextG. Regulators said the settlement can help deter other utilities that
maintain electronic equipment in wildland or fire-prone areas. Source: http://www.scpr.org/blogs/environment/2012/09/13/9969/sprint-verizon-t-sign-12-million-settlement-over-2/
For more stories, see
items 39, 42, 43, and 45 above in the Information Technology Sector
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.