Thursday, October 4, 2012 


Daily Report

Top Stories

 • Problems at California refineries have slashed supplies, cutting fuel production and raising wholesale prices to levels not seen since 2007. – San Jose Mercury News

3. October 3, San Jose Mercury News – (California) Refinery problems send California gas prices skyrocketing. Problems at California refineries have slashed supplies across the State, cutting fuel production and raising wholesale prices — the price stations pay for their gasoline — by as much as 73 cents, to levels not seen since 2007, the San Jose Mercury-News reported October 3. ―California gasoline prices may surge in the next 5 days, perhaps to levels higher than February‘s $4.33-a-gallon average,‖ said an analyst with Gasbuddy.com. ―It is within the realm of possibility that average prices reach near $4.40 or even higher if the situation worsens.‖ Bloomberg News reported that Exxon Mobil‘s 150,000-barrel-a-day Torrance refinery lost power October 1 and may suffer production problems for another week. Chevron‘s Kettleman-Los Medanos pipeline, which carries crude from Kern County to Northern California refineries, was shut down October 1 after elevated levels of organic chloride were detected in the oil. In addition, Chevron‘s 240,000-barrel-a-day Richmond plant, the largest refinery in Northern California, has been running at reduced capacity since a fire August 6. Maintenance work at the Phillips 66 plants in Rodeo and Arroyo Grande was under way, further curbing State supplies. Source: http://www.mercurynews.com/traffic/ci_21682632/refinery-problems-send-california-gas-prices-skyrocketing

 • A Russian agent was arrested for using a Texas-based front company to send sensitive U.S. technology to the Russian military and intelligence agencies. – ABC News

10. October 3, ABC News – (International) Russian agent sent advanced US military tech home: Feds. A Russian agent was arrested for allegedly using a Texas-based front company to send sensitive American technology to the Russian military and intelligence agencies, the Department of Justice said October 3. According to federal officials, the man was at the center of a Russian ―military procurement ring‖ that for years employed complex schemes to trick U.S. customs agents into believing his company was shipping harmless goods — like traffic light parts — to Russia, rather than advanced microelectronics that could be used in military applications including radar and surveillance systems, weapons guidance systems, or detonation triggers. The ring also allegedly provided microchips to a specialized electronics laboratory run by the FSB, Russia‘s intelligence agency and successor to the KGB. In addition to the agent, 10 other suspects working in the United States and in Russia were indicted for their alleged role in the scheme. The ploy was apparently so significant that U.S. officials said in court documents the front company‘s fluctuating revenue bore a ―striking similarity‖ to fluctuations in Russian defense spending over the last several years. Source: http://abcnews.go.com/Blotter/russian-agent-advanced-us-military-tech-home-feds/story?id=17385118#.UGxwP65T-Hs

 • Four people have died and 22 more in 5 States were made sick by meningitis linked to a rare fungal infection blamed on contaminated steroids. – NBC News

30. October 3, NBC News – (National) Fungal meningitis suspected in four deaths, 26 cases as outbreak grows. Four people have died and 22 more were made sick by meningitis linked to a rare fungal infection blamed on contaminated steroids, health officials said October 3. They are ―almost certain‖ more will be identified before it is over. The 26 cases include 18 people in Tennessee, 1 in North Carolina, 2 in Florida, 3 in Virginia, and 2 in Maryland, the U.S. Centers for Disease Control and Prevention reported. Two of the deaths were in Tennessee, one in Virginia, and one in Maryland. The chief suspect is contaminated vials of a pain treatment injected directly into the spine. The drug, called methylprednisolone acetate, was made by a compounding pharmacy — one that makes drugs to order. The suspected batches were made without any preservatives. Several of the patients are seriously ill, said the Tennessee Department of Health commissioner. Two clinics have closed voluntarily and a third is no longer giving the injections. Source: http://vitals.nbcnews.com/_news/2012/10/03/14203956-fungal-meningitis-suspected-in-four-deaths-26-cases-as-outbreak-grows?lite

 • Trusteer researchers discovered a new Man-in-the-Browser scam that does not target specific Web sites, but instead collects data submitted to all sites without the need for post-processing. – Help Net Security See item 46 below in the Information Technology Sector

 • Despite their efforts, federal officials have been unable to stop Lake Okeechobee from rising, putting extra strain on Herbert Hoover Dike, one of the country‘s most at risk of failure. – South Florida Sun-Sentinel

65. October 2, South Florida Sun-Sentinel – (Florida) Water in Lake Okeechobee still rising as dumping continues. Flushing billions of gallons of water out to sea has not stopped Lake Okeechobee, and south Florida flood concerns, from rising, the South Florida Sun-Sentinel reported October 2. The U.S. Army Corps of Engineers since September 19, has been draining water from the lake to ease the strain on the Herbert Hoover Dike, considered one of the country‘s most at risk of failure. Discharges to the east and west coast dumped about 11 billion gallons of lake water out to sea as of September 29, according to the Corp. It tries to keep the lake between 12.5 and 15.5 feet above sea level. The lake was at 15.63 feet October 1. The Corps considers 17.25 feet to be the maximum allowable threshold for the dike, with dike stability becoming an even greater risk if the lake tops 18 feet. Five years of construction aimed at strengthening the lake‘s ailing 143-mile dike has cost taxpayers more than $360 million and the work remains far from finished. The dike rehab so far has focused on building a reinforcing wall aimed at stopping erosion on a 21-mile southeastern portion that is considered the most vulnerable to a breach. Draining lake water helps protect the 70-year-old dike, but it also wastes lake water relied on to back up south Florida water supplies during the typically dry winter and spring. In addition, dumping billions of gallons of lake water out to sea has damaging environmental consequences on coastal estuaries; threatening fishing grounds and water quality in prime tourism territory. Source: http://www.sun-sentinel.com/news/palm-beach/fl-lake-okeechobee-dumping-continues-20121001,0,6400558,full.story

Details

Banking and Finance Sector

12. October 3, NBC News; Reuters – (National) Corporate lawyer admits stealing $10 million from clients. A Manhattan, New York corporate lawyer pleaded guilty October 2 to stealing more than $10 million in clients‘ money. The plea ended a year-long legal saga that began September 2011 when the lawyer flew to Hong Kong — a day after the Manhattan district attorney‘s office notified his law firm, Crowell & Moring, that he was the subject of a criminal probe. Prosecutors later accused him of embezzling millions in escrow funds starting in 2009, when he allegedly began siphoning money into bank accounts he controlled. Prosecutors accused him of fleeing to avoid arrest. The man pleaded guilty to several counts of grand larceny and scheme to defraud. Source: http://usnews.nbcnews.com/_news/2012/10/03/14196449-corporate-lawyer-douglas-arntsen-admits-stealing-10-million-from-clients?lite

13. October 2, City News Service – (California; National) Attorney, salesman charged with defrauding thousands. An Oceanside, California attorney and a telemarketing salesman were arraigned in federal court October 2 on a 50-count indictment charging them with defrauding thousands of homeowners in an $11 million ―loan modification‖ fraud scheme. The attorney, salesman, and two other defendants previously arraigned were accused of using the attorney‘s law firm, 1st American Law Center (1ALC), to persuade victims to pay thousands of dollars each by deceptively touting 1ALC‘s purported success and legal resources, and falsely promising that 1ALC would successfully modify their residential mortgage loans. The defendants and their co-conspirators allegedly used high-pressure sales tactics and outright lies to prey on homeowners across the country who were struggling to make their monthly mortgage payments and were at risk of losing their homes to foreclosure. The four defendants were charged with conspiring to commit mail fraud and wire fraud. The attorney was also charged with money laundering. Source: http://camppendleton.patch.com/articles/attorney-salesman-charged-with-with-defrauding-thousands

14. October 2, Associated Press – (National) Fla. man gets prison for NY investment fraud. A Florida mutual fund executive October 2 admitted to a $11 million fraud where he lied and promised investors early shares in companies such as Facebook and Groupon and spent their money instead on a lavish lifestyle. The man pleaded guilty in court in New York City to defrauding investors by claiming falsely in 2010 and 2011 that he and his mutual funds owned shares in Facebook Inc. and Groupon Inc., which were then privately traded. The judge accepted the man‘s plea to charges of conspiracy, securities fraud, and wire fraud but said he will wait to decide whether to accept his plea to a money laundering charge because it was unclear that the man fully conceded his guilt. Source: http://online.wsj.com/article/AP093ee9b0ff0d4bb29643e714f1e1ed43.html

Information Technology Sector

45. October 3, The Register – (International) Zombie-animating malnets increase 300% in just 6 months. Cyber criminals are bolstering the infrastructure behind the delivery of botnets, a move that is leading toward more potent and numerous threats, say researchers. Botnet infections are commonly spread though compromised Web sites seeded with malicious scripts and promoted via black hat SEO tactics such as link farms. These malware networks, or malnets, pose a growing threat, according to a new study by Web security firm Blue Coat. Malnets largely deal in mass-market malware, and, as such, are different from advanced persistent threats (APTs) associated with cyber-espionage attacks targeting large corporations and Western governments. Attacks will be updated and changed, but the underlying infrastructure used to lure in users and deliver these attacks is reused. The ease with which cyber criminals can launch attacks using malnets creates a vicious cycle, a process by which individuals are lured to malware, infected, and then used to infect others. Source: http://www.theregister.co.uk/2012/10/03/malnets/

46. October 3, Help Net Security – (International) Universal Man in the Browser attack targets all Web sites. Trusteer researchers discovered a new Man-in-the-Browser (MitB) scam that does not target specific Web sites, but instead collects data submitted to all sites without the need for post-processing. This development, which they are calling Universal Man-in-the-Browser (uMitB), is significant. Traditional MitB attacks collect data (log-in credentials, credit card numbers, etc.) entered by the victim in a specific Web site. And while MitB malware may collect all data entered by the victim, it requires post-processing by the fraudster to parse the logs and extract the valuable data. Parsers are easily available for purchase in underground markets, while some criminals simply sell off the logs in bulk. According to Trusteer‘s CTO: ―In comparison, uMitB does not target a specific web site. Instead, it collects data entered in the browser at all websites and uses ‗generic‘ real time logic on the form submissions to perform the equivalent of post-processing. This attack can target victims of new infections as well as machines that were previously infected by updating the existing malware with a new configuration. The data stolen by uMitB malware is stored in a portal where it is organized and sold.‖ Source: http://www.net-security.org/malware_news.php?id=2283

47. October 3, CNET News – (International) Regulators shut down global PC ‘tech support’ scam. Regulators from five countries joined together in an operation to crack down on a series of companies they say orchestrated one of the most widespread Internet scams of the decade. October 3, the U.S. Federal Trade Commission (FTC) and other international regulatory authorities said they shut down a global criminal network that allegedly bilked tens of thousands of consumers by pretending to be tech support providers. The chairman of the FTC said 14 companies and 17 individuals were targeted in the investigation. In the course of the crackdown, U.S. authorities froze $188,000 in assets, but the chairman said that would increase over time due to international efforts. Source: http://news.cnet.com/8301-13578_3-57525250-38/regulators-shut-down-global-pc-tech-support-scam/

48. October 3, Homeland Security News Wire – (International) Self-contained, Android-based network to study cyber disruptions, help secure hand-held devices. Cyber researchers at Sandia National Laboratories linked together 300,000 virtual hand-held computing devices running the Android operating system so they can study large networks of smartphones and find ways to make them more reliable and secure. Android dominates the smartphone industry and runs on a range of computing gadgets. The work is expected to result in a software tool that will allow others in the cyber research community to model similar environments and study the behaviors of smartphone networks. Ultimately, the tool will enable the computing industry to better protect hand-held devices from malicious intent. Source: http://www.homelandsecuritynewswire.com/dr20121003-selfcontained-androidbased-network-to-study-cyber-disruptions-help-secure-handheld-devices

49. October 3, The H – (International) NIST names Keccak hashing algorithm as SHA-3. The United States National Institute of Standards and Technology (NIST) announced the winner of its competition to select a cryptographic hash algorithm to bear the name SHA-3. The 5-year competition attracted 64 entries in total with the winner being the Keccak algorithm created by four researchers. The competition was created in 2007 when NIST had reasons to suspect that the current SHA-2 algorithm might be threatened. Source: http://www.h-online.com/security/news/item/NIST-names-Keccak-hashing-algorithm-as-SHA-3-1722490.html

50. October 3, The H – (International) HSTS becomes IETF proposed standard. The HTTP Strict Transport Security protocol (HSTS) was approved as a proposed standard by the Internet Engineering Task Force. HSTS is designed to allow Web sites to ensure that only secure connections are being made to them by informing browsers that they should use a secure connection. The mechanism works by the server responding with a Strict-Transport-Security header that signals to the browser that it should connect using HTTPS for a time, not only for this connection, but potentially for subdomains as well. Once a browser gets this header, it is under orders to only use secure connections to the site. Source: http://www.h-online.com/security/news/item/HSTS-becomes-IETF-proposed-standard-1722502.html

51. October 2, Threatpost – (International) Microsoft reaches settlement with site linked to Nitol botnet. Microsoft announced October 2 that it reached a settlement with the operator of a Chinese Web site whose domain and sub-domains hosted more than 500 kinds of malware, including the Nitol botnet found on brand new computers. In a lawsuit filed 2 weeks ago by the software company, Microsoft alleged the domain 3322.org hosted Nitol, which was found being preloaded onto computers during an investigation into supply chain security in August. Microsoft created a sinkhole to divert infected computers and was able to block some 609 million connections from more than 7,650,000 unique IP addresses to those subdomains in just 16 days. As part of the settlement reached in a U.S. District Court in northern Virginia, the registered owner of 3322.org will work with Microsoft and China‘s Computer Emergency Response Team to prevent the site from remaining a conduit for malicious activity. Source: http://threatpost.com/en_us/blogs/microsoft-reaches-settlement-site-linked-nitol-botnet-100212

52. October 2, New York Times – (International) Google warns of new state-sponsored cyberattack targets. Beginning October 2, tens of thousands more Google users will begin to see a message at the top of their Gmail inbox, Google home page, or Chrome browser that state-sponsored attackers may be attempting to compromise their account or computer. The company said that since it started alerting users to malicious — probably state-sponsored — activity on their computers in June, it has picked up thousands of more instances of cyberattacks than it anticipated. A manager on Google‘s information security team said that since Google started to alert users to state-sponsored attacks 3 months ago, it gathered new intelligence about attack methods and the groups deploying them. He said the company was using that information to warn ―tens of thousands of new users‖ that they may have been targets. Source: http://bits.blogs.nytimes.com/2012/10/02/google-warns-new-state-sponsored-cyberattack-targets/

For another story, see item 10 above in Top Stories
Communications Sector

53. October 3, WSB 750 AM/95.5 FM Atlanta – (Georgia) Six arrested in Douglas Co. copper theft bust. Douglas County, Georgia authorities have arrested six people in a major copper theft bust, WSB 750 AM/95.5 FM Atlanta reported October 3. The sheriff said they have been working the case for 3 months after receiving a tip that the thieves were stealing copper from telephone wires. ―They‘re six of them: four men, two women. They would go to secluded areas in this county and other counties and use deer stands to climb the telephone poles and cut the cable,‖ he said. They would then melt it down and sell it. However, due to Georgia‘s tough new recycling laws, they had to go to North Carolina to make any money. The sheriff said the six also caused thousands of dollars of damage to AT&T, and disrupted phone service in Douglas County, Coweta County, and Carroll County over the last few months. Source: http://www.wsbradio.com/news/news/six-arrested-douglas-co-copper-theft-bust/nSR8L/

For another story, see item 48 above in the Information Technology Sector


Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.


Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.