Monday, October 1, 2012 


Daily Report

Top Stories

 • A Chinese national was charged in U.S. court with trying to obtain large quantities of carbon fiber, a restricted high-tech material used for military purposes. – Associated Press

11. September 27, Associated Press – (National) Chinese man charged in NYC carbon fiber sting. A Chinese national was charged September 26 in U.S. court with trying to broker an illegal deal for large quantities of carbon fiber, a restricted high-tech material used for military purposes. Prosecutors refused to say where and when he was arrested. The defendant made an appearance September 26 in federal court in Brooklyn, New York, on charges he sought the material for a fighter jet in China. A magistrate jailed him without bail. The defense attorney said his client lives in Quanzhou and works for a company that uses carbon fiber in the manufacturing of sports equipment. Authorities say higher-grade carbon fiber is a key component in aerospace and nuclear engineering. That has raised fears that the material could pose a risk if it falls into the hands of military foes or terrorists, and made it the subject of tight Department of Commerce regulations. A criminal complaint accuses the Chinese national of contacting two Taiwanese accomplices, who already were under investigation in 2012, about buying specialized carbon fiber without an export license. ―When I place the order, I place 1 to 2 tons,‖ the Chinese national allegedly told one of the cohorts in a conversation intercepted in July. The complaint says 1 ton costs about $2 million. An undercover U.S. agent posing as a seller of carbon fiber later emailed the Chinese national, inviting him to the United States to meet about a possible deal. August 10, the Chinese national told the agent he was the middleman for a customer that ―needed a sample of the carbon fiber because it would be used for the test flight of a ‗fighter plane‘ on Oct. 5, 2012,‖ the complaint says. Source: http://www.businessweek.com/ap/2012-09-27/chinese-man-charged-in-nyc-carbon-fiber-sting

 • U.S. Cyber Command‘s top intelligence officer accused China of persistent efforts to pierce Defense Department computer networks. – Reuters

39. September 28, Reuters – (International) U.S. Cyber Command officer says China is targeting Pentagon computers. September 27, the U.S. Cyber Command‘s top intelligence officer accused China of persistent efforts to pierce Defense Department computer networks. He said a proposal was moving forward to boost the cyber command in the U.S. military hierarchy. ―Their level of effort against the Department of Defense is constant‖ while alleged Chinese attempts to steal corporate trade secrets has been growing, the command‘s director of intelligence told Reuters after remarks to a forum on the history of cyber threats. The Office of the National Counterintelligence Executive, a U.S. intelligence arm, said in a landmark report a year ago that ―Chinese actors are the world‘s most persistent perpetrators of economic espionage.‖ ―It‘s continuing apace,‖ the top officer said. ―In fact, I‘d say it‘s still accelerating.‖ He accused China of trying to exfiltrate Defense Department secrets. Asked whether any classified U.S. networks had been successfully penetrated — something not publicly known to have occurred — he replied: ―I can‘t really get into that.‖ A spokesman for the Chinese embassy did not immediately respond to a request for comment. In the past Chinese officials have denied such accusations. Source: http://www.huffingtonpost.com/2012/09/27/samuel-cox-us-cyber-command-china_n_1921465.html?utm_hp_ref=technology

 • U.S. intelligence agencies linked the attack on the U.S. mission in Libya that killed the Ambassador and three other U.S. officials to terrorism led by militants with ties to al-Qa‘ida. – Washington Post

41. September 27, Washington Post – (International) Attack on U.S. Consulate in Libya determined to be terrorism tied to al-Qaeda. U.S. intelligence agencies have determined that the attack on the U.S. mission in Libya involved a small number of militants with ties to al-Qa‘ida in North Africa but see no indication that the terrorist group directed the assault, U.S. officials said September 27. The determination reflects an emerging consensus among analysts at the CIA and other agencies that has contributed to a shift among senior Presidential administration officials toward describing the siege of U.S. facilities in Benghazi as a terrorist attack. U.S. intelligence officials said the composition of the militant forces involved in the assault has become clearer and that analysts now think two or three fighters affiliated with al-Qa‘ida in the Islamic Maghreb (AQIM) were involved. U.S. officials said a lesser-known Islamist group, Ansar al-Sharia, played a much larger role in sending fighters and providing weapons for the attack, which killed the U.S. Ambassador and three other Americans. The intelligence picture assembled so far indicates militants had been preparing an assault on the U.S. compound in Benghazi for weeks but were so disorganized that, after the battle started, they had to send fighters to retrieve heavier weapons. U.S. intelligence officials said they think the attack was not timed to coincide with the September 11, 2001, anniversary. Instead, the officials said, the assault was set in motion after protesters scaled the walls of the U.S. Embassy in Cairo as part of a protest of an amateur anti-Islamic YouTube video. The State Department said September 27 that it was pulling more American staff from the U.S. Embassy in Tripoli out of concern for their safety. A State Department official described the reduction as temporary and said the embassy was not being closed. Source: http://www.washingtonpost.com/world/national-security/attack-on-us-consulate-in-libya-determined-to-be-terrorism-tied-to-al-qaeda/2012/09/27/8a298f98-08d8-11e2-a10c-fa5a255a9258_story.html

 • Adobe warned that an internal server with access to its digital certificate code signing infrastructure was hacked by ―sophisticated threat actors‖ engaged in ―highly targeted attacks.‖ – ZDNet See item 46 below in the Information Technology Sector

 • An employee fired from his job at a Minneapolis company shot and killed the owner, three others, and wounded four, before killing himself. – KARE 11 Minneapolis

50. September 28, KARE 11 Minneapolis – (Minnesota) Owner, UPS driver among those killed in Minneapolis workplace shooting. Family members confirmed that the founder of a Minneapolis sign company was among those dead after a deadly mass shooting September 27. A United Parcel Service driver was also confirmed as one of the shooting fatalities. Four others were rushed to a hospital. A hospital spokeswoman said September 28 one of the injured was in critical condition, another was in serious condition. A third person was treated and released. Current and former employees on the scene said the shooter was an employee who reportedly was fired earlier in the day. A police spokesman said the gunman killed four people and injured four more, three men critically, before he turned the gun on himself. Dozens of police squad cars and SWAT officers swarmed the residential neighborhood on the city‘s north side after an employee called 9-1-1 to report shots had been fired. The owner was a high profile small business owner who was recently honored by being selected to travel to the White House for a seminar. Source: http://www.kare11.com/news/article/992873/391/Owner-UPS-driver-among-those-killed-in-workplace-shooting

Details

Banking and Finance Sector

13. September 28, Bloomberg News – (National) BofA reaches $2.43 billion deal with investors over Merrill. Bank of America Corp. agreed to a $2.43 billion settlement with investors who suffered losses during its acquisition of Merrill Lynch & Co., resolving one of the biggest legal battles to stem from the takeover, Bloomberg News reported September 28. Bank of America faced regulatory probes, investor lawsuits, and criticism from lawmakers after buying Merrill in January 2009 for $18.5 billion without warning shareholders about spiraling losses at the brokerage before they voted to approve the deal. Under the settlement, Bank of America promised to overhaul corporate-governance policies. Shareholders sued in 2009 claiming Bank of America failed to disclose information about bonuses to Merrill employees and about the firm‘s financial losses in the fourth quarter of 2008. Source: http://www.bloomberg.com/news/2012-09-28/bofa-reaches-2-43-billion-deal-with-investors-over-merrill-1-.html

14. September 27, Easton Express-Times – (Pennsylvania; New Jersey) ‘Silent Bandit’ to plead guilty to robbing six area banks, his attorney says. A Bethlehem Township, Pennsylvania man dubbed the ―Silent Bandit‖ signed paperwork admitting he robbed six banks in Pennsylvania and New Jersey in an almost 3-week span, according to his attorney, the Easton Express-Times reported September 27. The man confessed to the spree that began April 3 and ended when he was arrested April 19 by a Pocono Mountain Regional Police following a robbery, the man‘s attorney said. Court records show he stole a total of $12,534 from the six banks. The robber was labeled the ―Silent Bandit‖ by the FBI for allegedly passing a threatening note to tellers. According to records, the man robbed the following banks in Pennsylvania: a KNBT in a Giant grocery store in Bethlehem, a PNC Bank in a ShopRite grocery store in Warminster, a QNB Bank in a Giant in Richland Township, and an ESSA Bank in a Weis grocery store in Mount Pocono. In New Jersey, he robbed a PNC Bank in a ShopRite in Marlton, and a PNC Bank in a ShopRite in Hopewell. Source: http://www.lehighvalleylive.com/breaking-news/index.ssf/2012/09/silent_bandit_to_plead_guilty.html

15. September 27, CSO Online – (International) As promised, hacktivists disrupt PNC Bank. PNC Bank‘s Web site was disrupted September 27 by a group of hacktivists who have also claimed responsibility for downing the sites of Wells Fargo and U.S. Bank earlier the week of September 24. The latest attack was identical to the other two in that hundreds of thousands of computers are used to overwhelm the sites‘ bandwidth, said a security researcher for FireEye. The hactivists also claim to be behind the distributed denial of service (DDoS) attacks the week of September 17 against Bank of America and JPMorgan Chase, as well as U.S. Bank September 26. PNC confirmed the attack. A spokesman told the Chicago Tribune that the disruption affected some online customers. ―We are working to restore full service to everyone,‖ he said. Based on the kind of traffic the FireEye researcher saw, the banks‘ sites were being overwhelmed by requests from the computers of supporters of the hacktivists. The group has used social networks, including Google+, underground sites, and their own Web site to recruit sympathizers. Source: http://www.csoonline.com/article/717493/as-promised-islamic-hacktivists-disrupt-pnc-bank

16. September 27, Help Net Security – (International) Fake Visa/Mastercard ‘Security incident’ notifications doing rounds. Bogus emails purportedly sent by the Visa/Mastercard ―Identity Theft Department‖ are targeting the cards‘ users by trying to convince them that a ―security incident‖ has put their online banking and credit card credentials at risk, Help Net Security reported September 27. Unfortunately for those users who click a link included in the emails, the destination page is a phishing page. ―Although the fake form is not hosted on a secure (https) site as all genuine online financial transactions would be, the scammers have made an attempt to make the process seem more authentic by providing a typical image based security code field,‖ Hoax-Slayer reported. ―Users who enter the requested details will then be taken to further fake pages that request more financial and personal details. All information submitted on the bogus form will be sent to online criminals and used to make fraudulent transactions in the victim‘s name.‖ Source: http://www.net-security.org/secworld.php?id=13679

17. September 27, Bloomberg News – (International) Yakuza gang targeted with U.S. Treasury Department sanctions. The U.S. Department of the Treasury said it imposed sanctions on Japan‘s second-biggest Yakuza gang for its involvement in weapons and drug trafficking, prostitution, fraud, and money laundering, Bloomberg News reported September 27. The Tokyo-based Sumiyoshi-kai was targeted under an executive order to combat transnational criminal organizations, the Treasury said in a statement. Also sanctioned were the group‘s leader and his deputy. The U.S. President identified the Yakuza syndicates as transnational criminal organizations in July 2011 and the Treasury has already imposed sanctions on the Yamaguchi-gumi, Japan‘s largest gang. Source: http://www.bloomberg.com/news/2012-09-28/yakuza-gang-targeted-with-u-s-treasury-department-sanctions.html

18. September 27, New York Times – (Massachusetts) Goldman to pay $12 million to settle S.E.C. ‘pay to play’ case. Goldman Sachs September 27 settled federal allegations that one of its investment bankers curried favor with a public official to win lucrative government contracts in Massachusetts. The bank struck a $12 million settlement with the Securities and Exchange Commission (SEC) to resolve the ―pay to play‖ accusations without admitting or denying guilt. The banker who was a vice president at the firm did not settle with the agency. The SEC‘s order suggested the banker helped win government business for Goldman after promoting his ties to the then-Massachusetts treasurer, who was indicted on public corruption charges in April. The banker, the agency said, in essence ran a campaign office for the former treasurer out of Goldman, acting as a fund-raiser and speechwriter during work hours and using the company‘s email system and phones. The campaigning, which spanned from 2008 to 2010, also led the banker to indirectly contribute money to the former treasurer. During the same period, the SEC said, the banker began soliciting public contracts for Goldman, a conflict of interest that violates securities laws. Goldman ultimately snared 30 ―prohibited‖ deals to help arrange Massachusetts bond offerings. Source: http://dealbook.nytimes.com/2012/09/27/goldman-to-pay-12-million-to-settle-s-e-c-pay-to-play-case/

19. September 27, Lafayette Advertiser – (Louisiana) Reward offered for bank robber’s arrest. The man who robbed a bank in Opelousas, Louisiana, earlier in September is now considered a suspect in at least three other area robberies, the Lafayette Advertiser reported September 27. It was believed the suspect had started his crime spree in Opelousas, but a police chief said the man is now considered a suspect in an unsuccessful bank robbery in Alexandria as well. The latest robbery took place at a Regions Bank branch in Broussard September 24. The other two robberies were at separate Whitney Bank locations, the first in Opelousas and the second in Lafayette. An official with the New Orleans FBI office said his agency also considered the crimes related and most likely the work of the same man. In all of the robberies, the suspect walked into the bank and handed a note to a teller demanding money and saying he was armed, though none of tellers reported seeing a weapon. After getting money from the teller and removing the dye pack, the suspect is described as calmly turning around and walking out of the bank. Source: http://www.theadvertiser.com/article/20120928/NEWS01/209280317/Reward-offered-bank-robber-s-arrest?nclick_check=1

Information Technology Sector

45. September 27, Threatpost – (International) Cisco patches numerous bugs in IOS, UCM. Cisco released nine security advisories for various products, including eight for its ubiquitous IOS operating system. Many of the vulnerabilities fixed in the patch release were denial-of-service (DoS) flaws. None of them can give an attacker the ability to run code remotely on affected machines. The one bulletin that does not relate to IOS is for a vulnerability in the Cisco Unified Communications Manager (UCM). That flaw is a DoS bug in the session initiation protocol (SIP) implementation in UCM. SIP is used in a variety of products to help set up voice and video calls on IP networks. Source: http://threatpost.com/en_us/blogs/cisco-patches-numerous-bugs-ios-ucm-092712

46. September 27, ZDNet – (International) Adobe code signing infrastructure hacked by ‘sophisticated threat actors’. September 27, Adobe warned that an internal server with access to its digital certificate code signing infrastructure was hacked by ―sophisticated threat actors‖ engaged in ―highly targeted attacks.‖ The compromise, which dates back to early July, led to the creation of at least two malicious files that were digitally signed using a valid Adobe certificate, according to Adobe‘s security chief. Although only two files were signed, the hack effectively gave the attackers the ability to create malware masquerading as legitimate Adobe software and signals a raising of the stakes in the world of Advanced Persistent Threats (APTs). According to the security chief, one of the two digitally signed malware files is a utility that extracts password hashes from the Windows operating system. Source: http://www.zdnet.com/adobe-code-signing-infrastructure-hacked-by-sophisticated-threat-actors-7000004925/

47. September 27, SecurityWeek – (International) Building Android malware is trivial with available tools. Because of readily available tools that enable even a novice developer to create malicious mobile applications, users should be cautious when downloading and installing mobile apps, especially from non-official App Stores. Developing Android malware to harvest information is a ―trivial‖ task and possible using readily available tools, a security architect and director at Kindsight Security Labs told SecurityWeek. He demonstrated how to inject snippets of code into a legitimate Android application that infected a mobile device with malware. The malware, when executed, connected with a remote command-and-control center and transmitted data from the device. Source: http://www.securityweek.com/building-android-malware-trivial-available-tools

48. September 27, Threatpost – (International) Analysis shows some URL shorteners often point to untrusted Websites. In an analysis of 1.7 billion shortened URLs, researchers at Web of Trust found that 8.7 percent of TinyURLs and 5 percent of Bit.ly URLs led to sites that received poor ratings for ―trustworthiness‖ and ―child protection.‖ ―Certainly the URL shortening services do not intend to point people to malicious websites,‖ said Web of Trust‘s CEO, ―but perhaps they can do more to proactively protect their services from being exploited.‖ Web of Trust goes on to point out that many countries‘ TLDs through which link shortening services route traffic are loosely regulated and return suspicious ratings for as many as 90 percent of the Web sites under their top level domains. Source: http://threatpost.com/en_us/blogs/analysis-shows-some-url-shorteners-often-point-malicious-websites-092712

49. September 26, SecurityWeek – (International) Remote wipe flaw present in other Android devices, not just Samsung. The security vulnerability that could fully wipe Samsung Galaxy S III device appears to not be limited to just Samsung devices after all, but affects most smartphones running older versions of Android. While a security specialist‘s research focused on Samsung Galaxy S III phones, he said the vulnerability was not limited to Samsung devices but affected a wider pool of Android devices. The flaw appeared to originate in older versions of Google‘s Android operating system, according to tests run by the Android Police blog. Source: http://www.securityweek.com/remote-wipe-flaw-present-other-android-devices-not-just-samsung

 For more stories, see items 15 and 16 above in the Banking and Finance Sector

Communications Sector

See items 47 and 49 above in the Information Technology Sector


Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.


Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.