Tuesday, October 23, 2012
Daily Report
Top Stories
• Irish police caught a fugitive who was on
the run for 3 years for $75m mortgage fraud in the United States, the Irish
Central reported October 22. Irish police caught the suspect peddling drugs in
Dublin. – Irish Central See item 8
below in the Banking and Finance Sector
• Six employees of a Modesto, California bank
were hospitalized October 19 after at least three of them broke out in hives
shortly after a customer handed a bank teller money wrapped in a paper towel,
authorities said. – Modesto Bee See item 11
below in the Banking and Finance Sector
• Authorities in Jordan disrupted a major
terrorist plot by al-Qa’ida-linked operatives to launch near-simultaneous
attacks on multiple civilian and government targets, reportedly including the
U.S. Embassy in the capital, Amman, Western and Middle Eastern officials said
October 22. – Washington Post
20.
October 22, Washington Post –
(International) Jordan disrupts major al-Qaeda terrorist plot. Authorities
in Jordan disrupted a major terrorist plot by al-Qa’ida-linked operatives to
launch near-simultaneous attacks on multiple civilian and government targets,
reportedly including the U.S. Embassy in the capital, Amman, Jordan, Western
and Middle Eastern officials said October 21. The Jordanian government issued a
statement describing the plot and saying that 11 people with connections to
al-Qa’ida’s affiliate in Iraq have been arrested. The foiled attack, described
as the most serious plot uncovered in Jordan since at least 2005, was viewed
with particular alarm by intelligence agencies because of its sophisticated design
and the planned use of munitions intended for the Syrian conflict — a new sign
that Syria’s troubles could be spilling over into neighboring countries, the
officials said. The alleged plotters are Jordanian nationals. The officials
said the group had amassed a stockpile of explosives and weapons from Syrian
battlefields and devised a plan to use military-style tactics in a wave of
attacks across Amman. The scheme called for multiple strikes on shopping
centers and cafes as a diversionary tactic to draw the attention of police and
security officials, allowing other operatives to launch attacks against the
main targets, which included government buildings and embassies. A Western
official briefed on details of the plot confirmed that the heavily fortified
U.S. Embassy in Amman was among the targets. The Jordanian government’s
statement said its intelligence service had broken up a cell that had been
planning the attacks since June, arresting 11 people described as “supporters”
of al-Qa’ida in Iraq. The State Department had no immediate comment on the plot
and declined to confirm or deny that the U.S. Embassy in Amman had been on the
target list. Source: http://www.washingtonpost.com/world/national-security/jordan-disrupts-major-al-qaeda-terrorist-plot/2012/10/21/e26354b4-1ba7-11e2-9cd5-b55c38388962_story.html?hpid=z3
• A suspect shot seven women — killing three
of them — inside the Azana Salon and Spa in Brookfield, Wisconsin, while using
flammable liquid to fuel a fire, CNN reported October 22. – CNN
35.
October 22, CNN – (Wisconsin) Wisconsin
police: After domestic violence arrest, suspect kills 3 — and himself. A
suspect gunned down seven women, killing three of them, inside the same Azana
Salon and Spa in Brookfield, Wisconsin, while using flammable liquid to fuel a
fire, CNN reported October 22. The building’s sprinkler system helped subdue
that small blaze, the Brookfield Police chief said. As for the suspect, he
apparently died from a self-inflicted gunshot wound. Authorities were still
working to identify the victims, including trying to determine whether one of
them was the suspect’s wife. The first calls came into police about an active
shooter across from the Brookfield Square Mall and near the Westmoor Country
Club, all about 11 miles west of Milwaukee. Law enforcement officers from
various agencies soon converged on the scene. They found smoke in the building
from a fire believed to be started by the suspect. Inside too was a small
propane tank. The police chief said it was not clear whether the suspect left
it there or whether it had been left by contractors working on the building.
Four gunshot victims also soon got out of the salon and were transported to a
hospital in Milwaukee. That medical facility was locked down as the manhunt
continued for the shooting suspect. Hours later, authorities found the
suspect’s body and declared the event over. Authorities described a contentious
recent history between the suspect and his wife. A restraining order against
him was filed 4 days after an October 4 tire slashing, with a 4-year restriction
being dictated October 18. Source: http://www.cnn.com/2012/10/21/us/wisconsin-shooting/index.html?hpt=ju_c2
Details
Banking and Finance Sector
8. October
22, Irish Central – (California; International) Police catch US soldier fugitive
on run over $75m mortgage fraud. Irish police caught a fugitive who has
been on the run for 3 years for $75 million mortgage fraud in the U.S., Irish
Central reported October 22. The former U.S. soldier will be deported back to
the United States and into the custody of the FBI the week of October 22, the
Irish Independent reported. Irish police caught him peddling drugs in Dublin.
With an accomplice, he managed a finance company in Sacramento, California, and
defrauded investors and mortgage companies of millions since 2006. They both
vanished February 2, 2009. According to the Irish Independent, the former
soldier traveled to Ireland with a false U.S. passport, and lived for a few years
in rented apartments selling gold coins and precious metals over the Internet
to reputable traders and dealers. He also later swapped his fake U.S. passport
for a false Irish one under a synonym opened two bank accounts with Allied
Irish bank through
which flowed tens of thousands of euros. After the gold ran out, he turned to
drug dealing to make ends meet. Source: http://www.irishcentral.com/news/Police-catch-US-soldier-fugitive-on-run-over-75m-mortgage-fraud-175220331.html
9. October
21, Associated Press – (Nebraska) Neb. trio gets prison time for investment scheme. Three
people convicted October 17 in a fraudulent Nebraska investment scheme have
been sentenced to prison and ordered to make restitution of more than $16.6
million. Two were the principals of First Americans Insurance Service, which
had been under investigation since a 2009 bankruptcy filing; one worked for
them. First Americans, incorporated in 1980, had touted services to American
Indian tribes in more than 20 States before it failed. Prosecutors said they
solicited investments from private lenders who were told that their money was
backed by secure annuities. Instead of buying annuities, the three used the
money to support their business and personal expenses. Source: http://www.sfgate.com/news/article/3-Nebraskans-sent-to-prison-for-investment-scheme-3961665.php
10. October
19, U.S. Federal Bureau of Investigation – (Illinois;
International) Twin brothers indicted in $7.2 million commodities fraud
scheme. Twin brothers who live in Russia were indicted on federal fraud
charges for attempting to illegally turn a profit of $7.2 million through
manipulative trades in currency futures using the CME Group’s electronic
trading platform, the FBI announced October 19. The defendants allegedly
engaged in matching trades using two different futures commission merchants in
Chicago to obtain profits from one while not paying the corresponding losses to
the other. They were each charged with 8 counts of wire fraud and 2 counts of
commodities fraud in a 10-count indictment that was returned by a federal grand
jury October 17 and announced October 19. Arrest warrants will be issued in the
United States for both men. Source: http://www.loansafe.org/twin-brothers-indicted-in-7-2-million-commodities-fraud-scheme
11. October
19, Modesto Bee – (California) Hazmat scene at Modesto bank: 3 fall ill after
man hands teller money. Six employees of a Chase Bank in Modesto,
California, were hospitalized October 19 after at least three of them broke out
in hives shortly after a customer handed a bank teller money wrapped in a paper
towel, authorities said. The man gave a teller a “large amount of money” to
deposit in his account, according to a police sergeant. Minutes later, the
teller broke out with hives and had trouble breathing. She came into contact
with two other employees, who then exhibited similar symptoms. The county’s
Hazardous Materials Unit was called to the scene and the employees inside were
isolated. Each employee was rinsed twice using fire hoses and then taken to
hospitals. A fire department division chief said all six employees were
improving that night. Two firefighters in “level A suits” entered the bank with
sensitive equipment to test for gases, radiation, chemicals, and PH levels.
They detected an unknown substance on the money, and at the teller’s window
where it was deposited. Determining the nature of the substance will require
further testing at a lab, the division chief said. The police sergeant said
detectives believed they identified the man who brought the paper towel full of
contaminated money to the bank, and an investigation into the case is ongoing.
Source: http://www.modbee.com/2012/10/19/2420937/hazmat-scene-at-modesto-bank-3.html
Information Technology Sector
28. October
22, Help Net Security – (International) Increase in drive-by
attacks and infected emails. In August and September, the research team
from Eleven, a German email security provider, recorded a significant increase
in malware sent via email. The most significant growth was reported for
drive-by attacks in which emails link to manipulated Web sites that infect the
users’ computers when opened in a browser. Between August and September, the
number of such attacks increased more than 80-fold and their share of overall
spam levels increased from 0.1 percent to 9.5 percent. However, that growth was
not at the expense of “classic” malware email, which contains malware as
an attachment: the number of malware emails increased by 119 percent in
September and by 252.8 percent as compared to the same month in 2011. Virus
outbreaks remained roughly at the previous month’s level (–5.7 percent), but increased
by 50.5 percent in August. The plus was 186.4 percent as compared to September
2011. Source: http://www.net-security.org/malware_news.php?id=2299
29. October
22, Softpedia – (International) Cybercriminals found to sell access to
servers housed by Fortune 500 companies. Security professionals often warn
about the risks posed by using the Remote Desktop Protocol (RDP) service
without making sure that it is properly secured. As it turns out,
cybercriminals are relying on the servicto compromise machines and sell access
to them via underground markets. A security journalist discovered a Russian Web
site called dedicatexpress(dot)com, which claims to sell access to around
17,000 computers from all around the world. It appears these machines were
compromised because their owners failed to set strong RDP passwords,allowing
the attackers to easily take them over. Dedicatexpress(dot)com offers its
services to anyone who is willing to contact the owner via instant messaging
and pay aregistration fee of $20. Source: http://news.softpedia.com/news/Cybercriminals-Found-to-Sell-Access-to-Servers-Housed-by-Fortune-500-Companies-301104.shtml
30. October
20, Softpedia – (International) Second DDoS attack hits GitHub, some
repositories temporarily unavailable. A second distributed
denial-of-service (DDoS)attack has hit the popular code repository GitHub. This
one came only hours after a similar cyberattack forced the site’s services to
go offline. “Pages is currently being hitwith a DoS attack. We’re working to
mitigate the attack,” GitHub representatives wroton the status page. The
incident caused “a small percentage” of repositories to become unavailable
while a fileserver pair was being recovered. It appeared they were unable
timplement the additional cyberattack mitigation strategies they mentioned
after they stabilized the site’s performance October 18. The first attack
disrupted the site for around 1 1/2 hours and the second one caused an outage
that lasted for approximately hours. It is uncertain if the attacks are related
in any way, but starting with October 14, GitHub representatives reported
experiencing problems each day. Source: http://news.softpedia.com/news/Second-DDOS-Attack-Hits-GitHub-Some-Repositories-Temporarily-Unavailable-300890.shtml
31. October
19, Softpedia – (International) Experts develop malware that’s capable of
bypassing antivirus solutions. Security researchers developed a USB
dropper/spreadecapable of bypassing all of the popular commercial antivirus
products utilized by Internet users worldwide. The antivirus programs that
currently exist are designed to identify threats based on their signatures or
on their behavior. Normally, if the malwargets by one system, the other one
should detect it. However, researchers demonstrated there is a way to create
malicious elements that can spread from one computer to the other without being
detected. A security researcher specialized in reverse engineering and software
security created a virus whose behavior is not cataloged by any antivirus
solution as being malicious. The purpose of this test malware was to copy a
presumablmalicious file to a USB drive and create an autorun.inf file on the
targeted device without
being detected. The “malicious element” would constantly search for the
presence of removable disks. If one is found, it would be scanned to determine
if it is already infected. If it is not, the autorun.inf file and a malicious
executable would be copied onto it. Source: http://news.softpedia.com/news/Experts-Develop-Malware-That-s-Capable-of-Bypassing-Antivirus-Solutions-300747.shtml
32. October
18, Ars Technica – (International) Demo of ‘serious’ networking vulnerabilities
cancelled at HP’s request. A presentation at the Toorcon 14 security
conference October 20 was to highlight risks posed by gear from H3C and Huawei.
A researcher identified security vulnerabilities in network equipment from
Huawei and H3C, details he planned to publish at the conference. Two days
earlier, H3C’s owners, HP, contacted the researcher by voicemail and email
asking him to refrain from doing so. The researcher discovered the
vulnerabilities in July and reported them in August, roughly in parallel with
another researcher’s presentation on vulnerabilities in Huawei routers at Defcon.
The first researcher assessed his independently discovered vulnerabilities as
critical and planned to present workarounds enabling affected users to mitigate
the risks in his presentation. Source: http://arstechnica.com/security/2012/10/demonstration-of-serious-networking-vulns-cancelled-at-hps-request/
Communications Sector
33. October
22, Computerworld; IDG News Service – (International) Huawei gear
is secure, say U.S. network service providers. Responding to a
congressional report warning U.S. businesses not to buy equipment from Huawei
Technologies or ZTE, three U.S.-based telecommunications companies that use
Huawei products said they take strong precautions to safeguard their networks,
Computerworld reported October 22. The report, by the House Permanent Select
Committee on Intelligence, said the possibility that the two Chinese companies
have ties to the Chinese government raises the prospect that China is using
their gear to conduct electronic espionage. After the report was issued, three
Huawei customers — Clearwire, Cricket Communications, and Level 3
Communications — defended their choices. The Chinese government slammed the
congressional report. A Commerce Ministry spokesman said in a statement that
the report “was based on subjective suspicions and inaccuracies” and made
“groundless accusations against China.” Source: http://www.computerworld.com/s/article/9232579/Huawei_gear_is_secure_say_U.S._network_service_providers?
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.