Monday, October 15, 2012
Daily Report
Top Stories
• Nine men — including four former Duke Energy
employees — stole copper wiring from the utility in Ohio and sold it to
recycling centers in northern Kentucky for about 4 years, federal prosecutors
said. – Cincinnati Enquirer
2.
October 12, Cincinnati Enquirer –
(Ohio; Kentucky) 9 indicted in copper thefts from Duke; 4 are ex-workers. Federal
prosecutors said nine men — including four former Duke Energy employees — stole
copper wiring from the utility in Ohio and sold it to recycling centers in
northern Kentucky. The men were indicted by a federal grand jury October 11,
with conspiring to transport goods in interstate commerce, transporting stolen
goods in interstate commerce, receiving stolen goods, and conspiracy to launder
money. A former Duke maintenance and construction supervisor conspired with
former co-workers to take copper wiring from Duke job sites and transport it to
Kentucky, according to federal prosecutors. The crimes took place from 2006 to
November 2010, according to a spokesman for the U.S. Attorney for the Eastern
District of Kentucky. Duke workers were supposed to take excess copper wire
from construction sites to the utility‘s recycling plant in Cincinnati.
Instead, the men sold it for cash to metal recycling facilities in Boone,
Campbell, and Kenton counties and divided the proceeds. Source: http://news.cincinnati.com/article/20121011/NEWS010701/310110218/9-indicted-in-copper-thefts-from-Duke?odyssey=tab|mostpopular|text|FRONTPAGE&nclick_check=1
• U.S. financial institutions should expect to
become the targets of cyberattacks seeking to intercept wire transfers to steal
funds from their customers‘ bank accounts, according to a report released by
security firm RSA. – Softpedia See item 12
below in the Banking and Finance Sector
• A school bus carrying 40 children was
knocked on its side near Victorville, California, October 11 when a U-Haul
truck backed into it. Sixteen students and the bus driver were injured,
authorities said. – Associated Press
18.
October 11, Associated Press –
(California) 17 hurt in Victorville, Calif., school bus crash. A school
bus carrying 40 children was knocked on its side October 11 when a U-Haul truck
backed into it, injuring 16 students and the bus driver, authorities said. The
crash occurred as the children were being taken home from Galileo Academy in
Victorville, California, about 60 miles northeast of Los Angeles. Two of the
children had ‗‗serious but non-life threatening‘‘ injuries and were taken to a
medical center, said a spokeswoman for San Bernardino County fire. Ten others
were also transported to hospitals. The remaining four were treated and
released at the scene, said a California Highway Patrol officer. One of the
children seriously injured suffered a laceration to the head, and the other
possibly had a broken leg, he said. Parents were contacted by school and
transportation officials, and came to the scene of the accident to pick up
their children. Source: http://www.boston.com/news/education/2012/10/11/hurt-victorville-calif-school-bus-crash/Nypzn2c2hquQlpVIXTP5PP/story.html
• Federal health officials notified 12,000 of
the approximately 14,000 people who may have received contaminated steroid
shots responsible for a meningitis outbreak. But they said patients would have
to watch for symptoms of the deadly infection for months. – Associated Press
33. October
12, Associated Press – (National) Meningitis outbreak growing, 14 people dead. Federal
health officials have tracked down 12,000 of the roughly 14,000 people who may
have received contaminated steroid shots in the nation‘s growing meningitis
outbreak, warning October 11 that patients will need to keep watch for symptoms
of the deadly infection for months. Of the 170 people sickened in the outbreak,
all but one had a rare fungal form of meningitis after receiving suspect
steroid shots for back pain, the Centers for Disease Control said. The other
case is an ankle infection discovered in Michigan; steroid shots also can be
given to treat aching knees, shoulders or other joints. Fungus has been found
in at least 50 vials of an injectable steroid medication made at a specialty
compounding pharmacy in Massachusetts, investigators said. Health authorities
have not yet said how they think the medication was contaminated, but they have
ruled out other suspects — other products used in administering the shots — and
the focus continues to be on that pharmacy, the New England Compounding Center.
Compounding pharmacies traditionally supply products that are not commercially
available, unlike the steroid at issue in the outbreak. And a Massachusetts
Department of Public Health doctor said it appears the company violated state
law governing those pharmacies, which are not supposed to do large-scale
production like a drug manufacturer. Instead, they are supposed to produce
medication for patient-specific prescriptions, she said. Idaho became the 11th
State to report at least one illness. The others are Florida, Indiana,
Maryland, Michigan, Minnesota, New Jersey, North Carolina, Ohio, Tennessee, and
Virginia. Source: http://www.delawareonline.com/viewart/20121012/HEALTH/310120067/Meningitis-outbreak-growing-14-people-dead?odyssey=tab|topnews|text|Home
Details
Banking and Finance Sector
12. October
12, Softpedia – (International) Experts: Banks should review authentication
procedures to prevent trojan attacks. According to a report released by
security firm RSA, U.S. financial institutions should expect to become the
targets of cyberattacks. The firm was not referring to the recent distributed
denial-of-service (DDOS) attacks launched by hackers, but the campaign called
Project Blitzkrieg, Softpedia reported October 12. Project Blitzkrieg is said
to rely on a trojan called Gozi Prinimalka to intercept wire transfers made by
the banks‘ customers with the purpose of emptying their accounts. To ensure
success, the initiators want to target 30 unnamed banks with the help of 100
botmasters that could help in sustaining the attacks. Researchers from
information security firm Solutionary once again highlighted that this
operation leverages the weak state of security surrounding financial
institutions, especially those from the United States. ―Solutionary highly
recommends banks review authentication procedures for wire transfers‖ a
research analyst at Solutionary‘s Security Engineering Research Team explained.
The expert warned that directly or indirectly this campaign will result in a
DDOS attack and regular users, as well as the targeted firms, should be
prepared to handle it. That is because the botnets utilized in massive DDOS
attacks often composed of work or home computers. Source: http://news.softpedia.com/news/Experts-Banks-Should-Review-Authentication-Procedures-to-Prevent-Trojan-Attacks-298953.shtml
13. October
12, Rochester Democrat and Chronicle – (New York) 4 charged in bank
robbery spree. Four people are facing felony charges in connection with
five recent bank robberies in Monroe County, New York suburbs, the Rochester
Democrat and Chronicle reported October 11. The four were all charged with
second-degree robbery, Monroe County sheriff‘s deputies announced. All four
people are accused of participating in five bank robberies in five communities
since September 22. The group is accused of robbing an M&T Bank and a Chase
Bank October 9; a Bank of America October 3; and two Chase Bank branches
September 22 and 29. Source: http://www.democratandchronicle.com/article/20121011/NEWS01/310110036/4-charged-in-bank-robbery-spree?odyssey=nav|head&nclick_check=1
14. October
12, Traders Magazine – (National) SEC automating analysis of suspicious trading
patterns. The Chairman of the Securities and Exchange Commission (SEC) said
October 11 that the SEC is upgrading its investigative technology so it can
identify ―suspicious trading patterns and relationships among multiple traders
and across multiple securities.‘‘ She told the 2012 New England Securities
Conference that the SEC will use ―newly-developed analytics‖ to spot abuses. A
new Market Abuse Unit has spearheaded the analysis project for the Division of
Enforcement. With the tool, ―staff are able to search across this database to
recognize suspicious trading patterns and identify relationships and connections
among multiple traders and across multiple securities, generating significant
enforcement leads and investigative entry points,‘‘ according to the
enforcement‘s division director. The agency also has put in place an
Aberrational Performance Inquiry team that focuses on identifying hedge fund
managers that may be engaging in fraudulent practices. The agency is also using
an ―e-discovery‖ system to make wide searches of data produced for the agency
by the securities industry to find ―needles that might have been missed or
overlooked.‘‘ That system will be integrated with other tools, including
technology that allows phonetic searches of voice recordings, to find leads.
Source: http://www.tradersmagazine.com/news/sec-automates-identification-suspicious-trading-110401-1.html?pg=1
15. October
11, WIBC 93.1 FM Indianapolis – (National) FBI Seeking ‘Ray
Bandit’. Federal authorities are looking for a bank robber they are calling
the ―Ray Bandit‖ who has held up at least 10 banks across the Midwest, WIBC
93.1 FM Indianapolis reported October 11. A FBI official said the suspect hit
his tenth bank in Omaha, Nebraska, October 10, and suspects he may be a
resident of Illinois or Iowa. The suspect is often in disguise and usually
wears wide-brimmed hats, Ray Ban-type sunglasses, a beard, and band aids or
thimbles on his fingers. The suspect‘s robberies began in July and have been in
banks based in grocery stores — two in Wisconsin, one in Iowa, six in Illinois,
two in Indiana, and officials believe he may be behind one in Nebraska. Source:
http://www.wibc.com/news/Story.aspx?ID=1789366
Information Technology Sector
45. October
12, The H – (International) Firefox 16 re-released fixing multiple
vulnerabilities. The latest version of Firefox, version 16, returned to
Mozilla‘s servers with the release of Firefox 16.0.1 after the discovery of
vulnerabilities caused the organization to remove the just-released update for
the Web browser from circulation. Mozilla described the problem as that of a
malicious Web site being able to potentially determine the URLs and parameters
used and suggested downgrading to Firefox 15.0.1, despite the numerous critical
bugs fixed in Firefox 16. October 10, a security researcher posted a
proof-of-concept, which demonstrated that Firefox 16 was insecure with its
location variables, allowing an attacker to open a window pointing at part of
another site, wait for that site to redirect the window to a ―logged in‖ page,
and then retrieve the new location and data. Accessing the location information
should normally be prevented by the browser‘s ―Same Origin‖ policy. Mozilla‘s
advisory said a similar but separate critical flaw was found in Firefox 16,
Firefox ESR 10.0.8, SeaMonkey 2.13, Thunderbird 16, and Thunderbird ESR 10.0.8
and earlier, which not only disclosed the location object, but, in Firefox 15
and earlier, had the potential for arbitrary code execution. Firefox 16.0.1
closes both holes. These were not the only holes fixed in 16.0.1; another
security advisory said developers also identified two of the top crashing bugs
in the browser engine and that these bugs showed signs of having corrupted
memory. Mozilla concluded that it could be possible to exploit these holes to
execute code. Source: http://www.h-online.com/security/news/item/Firefox-16-re-released-fixing-multiple-vulnerabilities-1728382.html
46. October
11, Computerworld – (International) New security threat at work:
Bring-your-own-network. Even as IT pros wrestle with the
bring-your-own-device (BYOD) trend, corporate security is being further
complicated by another emerging trend: bring your own network (BYON). BYON is a
byproduct of increasingly common technology that allows users to create their
own mobile networks, usually through mobile wireless hotspots. Security
professionals say BYON requires a new approach to security because some internal
networks may now be as insecure as consumer devices. An attorney with the law
firm Much Shelist said BYON represents a more dangerous threat to data security
than employees who bring their own smartphones or tablets into the office. ―The
network thing blows this up completely, because it takes the data out of the
network the company protects,‖ he said. Source: http://www.computerworld.com/s/article/9232302/New_security_threat_at_work_Bring_your_own_network
47. October
11, Softpedia – (International) ‘I will use a bomb to destroy an airplane,’
computer virus says on victim’s behalf. Japanese police arrested three
people, accusing them of making online death threats. Later, however,
investigators determined that a piece of malware may have actually posted the
threats on their behalf. One of the suspects was detained after posting a
message on a government site threatening to commit mass murder in a shopping
area. An airline company was threatened via email that its planes would be
bombed, a similar message was sent to the kindergarten attended by the children
of the royal family, and a discussion board post mentioned blowing up a famous
shrine. Authorities are investigating the connection between the malware and
the threats, but security researchers reveal that the trojan in question,
Backdoor.Rabasheeta, is capable of performing such tasks. Source: http://news.softpedia.com/news/I-Will-Use-a-Bomb-to-Destroy-an-Airplane-Computer-Virus-Says-on-Victim-s-Behalf-298664.shtml
48. October
10, SecurityWeek – (International) Google, Yahoo DNS diverted after breach at
.ie domain registrar. The Irish version of Google and Yahoo went offline
October 9 when perpetrators changed the sites‘ Domain Name Server (DNS)
records. An ―unauthorized access‖ ―security incident‖ resulted in the DNS
nameserver records for two ―high profile .ie domains‖ to be changed, the IE
Domain Registry (IEDR) stated. IEDR identified the two domains as Google.ie and
Yaoo.ie in a separate statement, and identified the affected registrar as MarkMonitor.
IEDR worked with MarkMonitor to correct the problem, but it is not clear how
the unauthorized access happened. One possibility is that MarkMonitor‘s log-in
details for the IEDR registrar‘s console was socially engineered, according to
the statement. Source: http://www.securityweek.com/google-yahoo-dns-diverted-after-breach-ie-domain-registrar
49. October
9, Business Insurance – (International) Average insurance cost
per data breach rises to $3.7M: Study. The average insurance cost per
computer data breach incident increased from $2.4 million in 2010 to $3.7
million in 2011, according to a new NetDiligence study. Based on claims
submitted in 2011 for incidents between 2009 and 2011, the average number of
records exposed decreased 18 percent to 1.4 million, according to the study. A
typical breach ranged from $25,000 to $200,000 in insurance costs. Legal
damages stemming from data breaches represented the bulk of insurance costs, at
an average of $582,000 for legal defense costs and an average of $2.1 million
in settlements costs, compared with $500,000 and $1 million, respectively, in
2010. Source: http://www.businessinsurance.com/article/20121009/NEWS07/121009907
For more stories, see items 12 and 14 above in the Banking and Finance Sector
Communications Sector
See
item 46 above in the Information Technology Sector
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.