Thursday, October 25, 2012


Daily Report

Top Stories

 • A judge sentenced a former Costa Rican businessman to 60 years in prison October 23, for his $485 million international insurance fraud and money laundering scheme. – Associated Press See item 7 below in the Banking and Finance Sector

 • An Amtrak train carrying 174 passengers and 4 crew members that derailed at high speed near Niles, Michigan, after departing Chicago October 21, stopped only 21 feet before it would have collided with parked freight hopper cars, the National Transportation Safety Board (NTSB) said October 23. – Chicago Tribune

15. October 23, Chicago Tribune – (Michigan) NTSB: Chicago-Michigan Amtrak missed freight cars by 21 feet. An Amtrak train carrying 174 passengers and 4 crew members that derailed at high speed near Niles, Michigan, after departing Chicago October 21 stopped only 21 feet before it would have collided with parked freight hopper cars, the National Transportation Safety Board (NTSB) said October 23. Moments before the accident, which injured nine passengers, the train traveled over a misaligned track switch that diverted it into a rail yard, investigators said. The misaligned, or reversed, track switch sent the train into the rail yard instead of continuing on the main track it was on, the investigation determined. The reversed track switch would appear to indicate human error on the part of Amtrak. A derailing device had been installed between the yard track and the main track as a protective measure to derail any cars that might accidentally roll out of the yard before they could reach the main track, officials said. The Amtrak train dislodged the derailing device, but the train did not derail at that point, investigators found. The train continued on the yard track and derailed about 290 feet beyond the reversed switch, stopping with all cars upright, officials said. The Amtrak locomotive was a so-called “smart train,’’ equipped with a safety system called Incremental Train Control System that is designed to detect problems involving track switches, signals, and railroad crossing warning devices. The cause of the derailment was still under investigation. Source: http://articles.chicagotribune.com/2012-10-23/news/chi-ntsb-chicagomichigan-amtrak-missed-hitting-freight-car-by-21-feet-20121023_1_marc-magliari-amtrak-trains-track-switch

 • Researchers warned that security flaws in airline boarding passes could allow would-be terrorists or smugglers to know in advance whether they will be subject to certain security measures, and perhaps even permit them to modify the designated measures, the Washington Post reported October 23. – Washington Post

16. October 23, Washington Post – (National) Experts warn about security flaws in airline boarding passes. Researchers warned that security flaws in airline boarding passes could allow would-be terrorists or smugglers to know in advance whether they will be subject to certain security measures, and perhaps even permit them to modify the designated measures, the Washington Post reported October 23. The vulnerabilities center on the Transportation Security Administration’s (TSA) pre-screening system, a paid-for program in which the screening process is expedited for travelers at the airport: Under the program, passengers can still be subject at random to conventional security screening. Flight enthusiasts, however, recently discovered that the bar codes printed on all boarding passes — which travelers can obtain up to 24 hours before arriving at the airport — contain information on which security screening a passenger is set to receive. Simply by using a smartphone or similar device to check the bar code, travelers could determine whether they would pass through full security screening, or the expedited process. The findings highlight serious vulnerabilities in the current TSA security systems, according to a security expert. Source: http://www.washingtonpost.com/national/experts-warn-about-security-flaws- in-airline-boarding-passes/2012/10/23/ed408c80-1d3c-11e2-b647- bb1668e64058_story.html

 • The drug-mixing pharmacy in Massachusetts linked to a deadly meningitis outbreak failed to sterilize its products the minimum required time, did not keep its manufacturing equipment sanitary, and operated a leaky boiler near the “clean room” where drugs were packaged, State officials said October 22. – Wall Street Journal

22. October 23, Wall Street Journal – (Massachusetts) State: Pharmacy ignored safety rules. The drug-mixing pharmacy in Massachusetts linked to a deadly meningitis outbreak failed to sterilize its products the minimum required time, did not keep its manufacturing equipment sanitary, and operated a leaky boiler near the “clean room” where drugs were packaged, State officials said October 22. On 13 occasions, New England Compounding Center (NECC) shipped products from two now-recalled batches of the steroid linked to the outbreak before receiving a report from an outside lab that tested them for safety, violating industry-backed guidelines the company said it followed, Massachusetts health officials said. Some medicines were sent 11 days before receiving a report. In addition, NECC did not test its manufacturing equipment, such as a machine used to sterilize its injectable drugs, as regularly as industry standards call for. October 2, officials found “visible particulate black matter” in several vials of the drug that had been recalled, which later were confirmed by the Food and Drug Administration to be a fungal contaminant. The findings were preliminary results from an investigation by State and federal health officials into the nationwide outbreak, which has sickened 304 people, killing 23. The State has taken the first step towards permanently revoking the license of the pharmacy and its three principal pharmacists. Investigators have not yet pinpointed what contaminated the vials of steroid injections. Still under investigation is the presence of a recycling center in the same building complex as the pharmacy and a boiler that was leaking in the room next to the laboratory where medicines were made. The leaking water “created an environment in which contaminations could have occurred,” a health official said. The findings underscore the gray area of regulation that NECC and other compounding pharmacies occupy. The company was covered by rules intended for small pharmacies, while operating more like a traditional drug maker, with significant manufacturing and interstate distribution, officials said. Source: http://online.wsj.com/article/SB10001424052970203406404578075092760806164.html?KEYWORDS=pharmacy

Details

Banking and Finance Sector

5. October 24, Plymouth Patch – (Minnesota) California man faces new charges in credit card-skimming scheme. A California man arrested in Plymouth, Minnesota, in July and charged with masterminding a sophisticated identity theft scheme using credit card skimming devices in the Twin Cities is facing three more charges in connection with the scheme, the Plymouth Patch reported October 24. Plymouth police arrested the man and his wife July 6 for speeding. A search of their rental car turned up a list of 100 Twin Cities’ gas stations, along with a computer file on how to repair a gasoline pump, a magnetic card reader, many new credit cards in both their names, numerous blank credit cards, a cordless drill, and a computer. When police visited one of the gas stations on the list they found that credit card-skimming devices were installed on six of the eight gas pumps. Earlier, the owner of another gas station contacted police and reported that credit-card skimmers were installed on two gas pumps. Officers were able to match DNA on the devices to the husband. Officers obtained a search warrant in September to conduct a forensic review of the credit-card skimmers and found more than 100 names and credit-card information was acquired. Prior to the Minnesota cases, the husband was previously arrested in May in Glendale, California, and charged with identity theft. Police found about 40 handwritten Social Security numbers and electronic storage devices containing more Social Security numbers and fraudulent credit cards in different names in his possession in that case, according to a complaint. Source: http://plymouth-mn.patch.com/articles/california-man-faces-new-charges-in-credit-card-skimming-scheme

6. October 24, Reuters – (National) Barnes & Noble reports breach of U.S. customer credit card data. Retailer Barnes & Noble said customers who shopped at 63 of its stores as recently as September may have had their credit card information stolen, and that federal law enforcement authorities have been informed of the breach, Reuters reported October 24. All PIN pads at its 700 stores were disconnected by the close of business September 14 due to signs of tampering on some of the units, the company said in a statement. Stores in California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania, and Rhode Island were affected, Barnes & Noble said. The company advised those who have swiped their cards at stores in the affected states to change their debit-card PIN numbers as a precaution, and to review their statements for unauthorized transactions. Still, the company said its customer database was secure, and that purchases made on the Barnes & Noble Web site, Nook e-reader, and Nook mobile apps were not affected. Source: http://www.reuters.com/article/2012/10/24/us-barnesnoble-breach- idUSBRE89N05L20121024

7. October 23, Associated Press – (Virginia; International) Former Costa Rican businessman convicted in $485M fraud scheme sentenced in Va. to 60 years. A judge sentenced a former Costa Rican businessman and professional soccer team owner to 60 years in prison October 23, for his $485 million insurance fraud scheme. The man, the president of Provident Capital Indemnity Ltd, was convicted in April on 10 fraud and money laundering counts in a scam prosecutors said claimed thousands of victims worldwide. Provident sold bonds guaranteeing funding for life settlement firms. The bonds were sold based on fraudulent financial statements and were not protected by reinsurance agreements with major companies, as the man had claimed. As a result, many investors lost their life savings. The 60-year sentence equals the term given to a Spring, Texas man who worked for a life settlement company called A&O that did business with Provident. Another A&O principal was sentenced to 45 years, and five other conspirators have received shorter sentences. An accountant convicted of conducting a phony audit for Provident will be sentenced in November. The Provident and A&O cases were brought in Virginia because that was where some of the victims and transactions were located. Source: http://www.washingtonpost.com/national/former-costa-rican-businessman- convicted-in-485m-fraud-scheme-sentenced-in-va-to-60-years/2012/10/23/1b8dc908- 1d52-11e2-8817-41b9a7aaabc7_story.html

8. October 23, WTOP 103.5 FM Washington D.C. – (District of Columbia; Maryland; Virginia) D.C. tax employee accused of filing millions in fraudulent returns. An employee at the Washington D.C. Office of Tax and Revenue is facing charges for helping to file hundreds of bogus federal and local tax returns that, together with co- conspirators, netted about $14 million in fraudulent tax refunds, WTOP 103.5 FM Washington D.C. reported October 23. Prosecutors charge that the employee and at least two co-conspirators filed more than 900 federal tax returns and nearly 300 D.C. tax returns that were fraudulent. Prosecutors have not determined the number of false returns filed in Maryland and Virginia, but acknowledge some were filed there as well. A filing by the U.S. Attorney’s Office said the employee — a control technician at the D.C. Office of Tax and Revenue (OTR) — also worked at 2FT Fast Facts Tax Service, a tax preparation company that was the subject of a federal investigation. The court records indicated the employee would use her position in the OTR to monitor the audit status of her clients’ tax returns and to help those clients file bogus tax returns. According to prosecutors, the employee and her co-conspirators would reduce their clients’ taxable income by claiming bogus deductions for charitable contributions and work-related expenses. Source: http://www.wtop.com/109/3089836/DC-tax-employee-accused-of-filing- millions-in-fraudulent-returns

9. October 23, U.S. Federal Trade Commission – (International) U.S. defendants who allegedly abetted fake debt collector calls from India agree to settle FTC charges. A man who worked with bogus debt collectors in India agreed to settle U.S. Federal Trade Commission (FTC) charges that he and his companies deceived and threatened consumers into paying debts that were not owed or that the defendants were not authorized to collect totaling $5.4 million, according to a October 23 FTC release. The settlement bars the man, American Credit Crunchers, LLC, and Ebeeze, LLC, from debt collection, and prohibits them from misrepresenting that they are affiliated with the government or a non-profit group, buying any good or service, any aspects of the good or service, and their refund policy. The FTC’s February 2012 complaint alleged that the callers who worked with the defendants would contact consumers who previously received or inquired about online payday loans. Often pretending to be law enforcement or other government authorities, the callers would falsely threaten to immediately arrest and jail consumers if they did not agree to make a payment on a supposedly delinquent payday loan. The FTC alleged that information submitted by consumers who had applied online for these loans found its way into the hands of the defendants, who used it to convince consumers that they owed them money. The FTC charged the defendants with violating the FTC Act and the Fair Debt Collection Practices Act. Source: http://www.ftc.gov/opa/2012/10/americancredit.shtm

10. October 23, Riverside Press-Enterprise – (California) ‘Desperate Bandit’ linked to bank robbery. A man who robbed a Temecula, California bank October 15, is believed to be the “Desperate Bandit,” who is suspected in seven other bank robberies, including one in Corona, authorities said October 23. Riverside County sheriff’s officials said the man went into a Pacific Trust Bank carrying a black briefcase. He gave a teller a note that said he had a weapon and demanded cash. The string of robberies appears to have begun August 8, at a US Bank branch in Chino, FBI officials said. The man is also suspected of robbing a Bank of America branch in Corona on September 15, and robbing banks in Anaheim, Fullerton, La Habra, Placentia, and Tustin. Source: http://www.pe.com/local-news/riverside-county/temecula/temecula-headlines- index/20121023-temecula-desperate-bandit-linked-to-bank-robbery.ece

11. October 23, USA Today – (Pennsylvania) FBI: Phila. baggage worker stole $20K in new $100 bills. The FBI arrested a US Airways baggage handler at Philadelphia International Airport October 23, for allegedly stealing $20,000 worth of redesigned $100 bills not yet in circulation. The man admitted swiping the currency after a polygraph, an FBI agent said in an affidavit. He then led agents to the new bills, which he had stashed in his wife’s car. The FBI said the money was stolen October 11, from a $3.2 million shipment of new, security-enhanced bills being transferred from Dallas to the Federal Reserve in East Rutherford, New Jersey. The FBI said the man was the only handler who had access to the money. Source: http://www.greenvilleonline.com/usatoday/article/1653415?odyssey=mod|newswell|text|News|s

Information Technology Sector

27. October 24, The Register – (International) Hackers get 10 months to pwn victims with 0-days before world+dog finds out. Hackers exploit security vulnerabilities in software for 10 months on average before details of the holes surface in public, according to a new study. Researchers from Symantec believe that these zero-day attacks, so called because they are launched well before vendors are even aware of the vulnerabilities, are more prevalent and more potent than previously thought. Zero-day exploits are often closely guarded secrets and can be very valuable to criminals — but once details of the exploited flaws emerge in public, developers and system administrators can get to work to mitigate or halt the attacks. However, this also reveals to everyone else that these holes exist in systems. Two researchers from Symantec Research Labs identified 18 zero-day attacks between 2008 and 2011, and 11 of them were previously undetected. “A typical zero-day attack lasts 312 days on average and that, after vulnerabilities are disclosed publicly, the volume of attacks exploiting them increases by up to five orders of magnitude,” the researchers noted. Source: http://www.theregister.co.uk/2012/10/24/zero_day_study/

28. October 24, Softpedia – (International) The FBI warns of dating extortion scams and payday loan schemes. The FBI’s Internet Crime Complaint Center (IC3) issued an alert to warn Internet users about the new twists added by scammers to previously existing scams. The advisory comes after the agency received a large number of complaints from victims. The first type of improved scam detailed in the advisory refers to “dating extortion.” In these plots, the criminals select their victims on online dating Web sites. After gaining their trust, the fraudsters attempt to convince users to take part in sexual conversations. Soon afterwards, the victims receive a text message with a link to a Web site that contains their names, phone numbers, photographs, and the adult-themed conversations they had with the con artist. These “cheater” Web sites offer customers the chance to purchase the conversations for $9. The information can also be removed from the site for $99. However, according to the victims’ reports, the information was not removed from the Web sites even after the money was paid. Payday loan schemes are also highly common, but the “improved” variants do not just involve harassing phone calls, but also home visits from the so-called debt collectors. In these scams, victims are harassed in myriad ways about an alleged loan which they must repay. Although many of the targets of these plots never applied for payday loans, the con artists keep threatening them until they submit. Source: http://news.softpedia.com/news/The-FBI-Warns-of-Dating-Extortion-Scams- and-Payday-Loan-Schemes-301859.shtml

29. October 24, Infosecurity – (International) Sony PS3 hacked again. Sony’s policy of maintaining control over what software can run on its PS3 console has been undermined — some suggest permanently — by the release of the PS3 LVO decryption keys. The PS3 has been hacked before, notably by a hacking group called fail0verflow which discovered the ECDSA cryptographic key used by the console to authorize high- level operations. This allowed users to run any code, rather than just Sony-allowed code. Sony responded with the release of the 3.60 firmware, which plugged most known security holes. Now, a group called the Three Muskateers has leaked the LVO decryption keys. According to Eurogamer, “the reveal of the LV0 key basically means that any system update released by Sony going forward can be decrypted with little or no effort whatsoever.” Source: http://www.infosecurity-magazine.com/view/28956/sony-ps3-hacked-again/

30. October 24, Help Net Security – (International) Weak crypto allowed spoofing emails from Google, PayPal domains. A mathematician discovered that Google and many other big Internet companies use weak cryptographic keys for certifying the emails sent from their corporate domains — a weakness that can easily be exploited by spammers and phishers to deliver emails that look like they were sent by the companies in question. According to Wired, he discovered the flaw after receiving an email from a Google job recruiter. Doubting its authenticity, he checked the email’s header information, and it seemed legitimate. However, he also noticed the DomainKeys Identified Mail key the company uses for the google.com emails was only 512 bits long and, therefore, crackable within days with the help of cloud computing. Believing this to be a recruiting test, he decided to crack the key and use it send emails to Google’s two founders from themselves. After receiving no reply at first, he decided to re-check Google’s cryptographic key. He discovered it changed to the standard length, leading him to conclude Google was unaware of this vulnerability until they received his emails. The mathematician then examined whether other popular firms, online services, and social networks were vulnerable to the same attack. He discovered that PayPal, eBay, Apple, Amazon, Twitter, and many other companies — including several banks — were using 384 bits, 512 bits, or 768 bits keys. Source: http://www.net-security.org/secworld.php?id=13833

Communications Sector

31. October 24, Associated Press – (Michigan) Authorities report phone problems around Michigan. Authorities in Michigan reported scattered problems with phone service around the State. Officials in Oakland County, which includes Detroit’s northern suburbs, said government offices had trouble October 24 with incoming and outgoing phone calls because of a problem with its carrier’s network. Calls still were going through to a switchboard and toll-free lines. In west Michigan, police in the Grand Rapids suburb of Wyoming reported problems with incoming and outgoing calls. MLive.com reported 9-1-1 service was working. AnnArbor.com reported non- emergency phone service at City of Ann Arbor offices was down October 24. Employees could not make or receive calls. Non-emergency service was affected at a Washtenaw County dispatch center, which handles dispatching for Ann Arbor, Washtenaw County, and Ypsilanti. Phone problems also were reported in Midland and St. Clair counties. Source: http://wwmt.com/template/inews_wire/wires.regional.mi/3e4bbd56-www.wwmt.com.shtml

Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.


Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.