Wednesday, October 31, 2012


Daily Report

Top Stories

• Millions of people from Maine to the Carolinas awoke October 30 without electricity, and New York City was all but closed off by car, train, and air as superstorm Sandy steamed inland, still delivering punishing wind and rain. The U.S. death toll climbed to 39, many of the victims killed by falling trees. – Associated Press

1. October 30, Associated Press – (National) At least 39 dead, millions without power in Sandy’s aftermath. Millions of people from Maine to the Carolinas awoke October 30 without electricity, and New York City was all but closed off by car, train, and air as superstorm Sandy steamed inland, still delivering punishing wind and rain. The U.S. death toll climbed to 39, many of the victims killed by falling trees. The full extent of the damage in New Jersey, where the storm roared ashore October 29 with hurricane-force winds of 80 mph, was unclear. Police and fire officials, some with their own departments flooded, fanned out to rescue hundreds. More than 8.2 million people across the east were without power. Airlines canceled more than 15,000 flights around the world. The storm also disrupted the presidential campaign with just a week to go before Election Day. Lower Manhattan, which includes Wall Street, was among the hardest-hit areas after the storm sent a nearly 14-foot surge of seawater, a record, coursing over its seawalls and highways. The New York Stock Exchange was closed for a second day, and said it will reopen October 31. A huge fire destroyed as many as 100 houses in a flooded beachfront neighborhood October 30, an incident in which 3 people were injured. A huge swell of water swept over the small New Jersey town of Moonachie, near the Hackensack River, and authorities struggled to rescue about 800 people. Source: http://www.foxnews.com/weather/2012/10/30/at-least-17-dead-millions-without-power-in-sandy-aftermath/

 • High winds and heavy rain prompted the closing of the New Jersey Turnpike’s Hudson County Extension between Exit 14 and the Holland Tunnel, the closing of the major toll road between Exit 8 and Exit 7, and speed restrictions of 45 mph for the nearly 100 miles below Exit 12, the Newark Star-Ledger reported October 30. – Newark Star-Ledger

12. October 30, Newark Star-Ledger – (New Jersey) Hurricane Sandy wreaks continued havoc on N.J. roads, public transit. High winds and heavy rain prompted the closing of the New Jersey Turnpike’s Hudson County Extension between Exit 14 (Newark Airport/I-78/Routes 1&9) and the Holland Tunnel, the closing of the major toll road between Exit 8 (Route 33/Hightstown/Freehold) and Exit 7 (Route 206/Bordentown/Trenton), and speed restrictions of 45 mph for the nearly 100 miles below Exit 12 (Carteret/Rahway), the Newark Star-Ledger reported October 30. A travel ban remained in effect in Atlantic County, and personal vehicles were barred from Jersey City and Hoboken. New Jersey Transit train and bus service remained suspended, and Port Authority Trans-Hudson trains were still not running. The New Jersey governor said October 29 that transportation officials would have to assess the flooding before making a decision on when commuters could again take trains and buses to work. The Bayonne and Goethals bridges and the Outerbridge Crossing — the three spans from New Jersey to Staten Island — were closed. The Interstate 95/Scudder Falls Bridge above Trenton was closed the overnight October 29 because of downed wires across the roadway, while Philadelphia area crossings over the Delaware River were restricted to emergency vehicles and essential personnel, officials said. Source: http://www.nj.com/news/index.ssf/2012/10/hurricane_sandy_wreaks_continu.html#incart_river

 • Verizon Communications said October 30 that its wireline service was suffering as flooding in its central offices in lower Manhattan affected its back-up generators and batteries. – Reuters  See item 35 below in the Communications Sector

 • A witness heard an explosion near his home in Pacific, Washington, October 28 that turned out be some kind of homemade explosive that destroyed an important U.S. Geological Survey (USGS) flood monitoring device on the flood prone White River. – Northwest Cable News

42. October 29, Northwest Cable News – (Washington) Bomb destroys flood gauge on eve of storm. A witness heard an explosion near his home in Pacific, Washington, October 28 that turned out be some kind of homemade explosive that destroyed an important U.S. Geological Survey (USGS) flood monitoring device on the flood prone White River. The device uplinks critical river flow information to the Web for flood managers from several agencies. The U.S. Army Corps of Engineers used it for the operation of the Howard Hanson Dam upstream. The agencies were expecting to use it during the upcoming rain storms forecasted for October 30 and the rest of the week. The box is so vital for flood protection that USGS technicians replaced it in a matter of a few hours. Pacific police were not commenting on the case, but did say they have not arrested anyone and have no suspects at this time. The boxes provide a network that give agencies an overall flood picture so they can evacuate homes and close streets if necessary hours before the flood waters arrive. Source: http://www.nwcn.com/home/?fId=176356601&fPath=/news/local&fDomain=10212
 
Details

Banking and Finance Sector

5. October 30, Techworld – (International) Bank phishing gang arrested after hotel swoop. U.K. police arrested three men accused of being involved in large-scale Trojan phishing attacks against a range of banks, Techworld reported October 30. Picked up in a London hotel after an operation described as ―intelligence-led‖, the two unnamed Romanians and a Nigerian were arrested October 29 on suspicion of money laundering and conspiracy to defraud, police said. The men are alleged to be behind the appearance of 2,000 bogus bank login pages that had been part of a campaign to steal account details. The police press release did not go into much detail beyond confirming that the attacks had hit a sizable number of bank users, leading to the theft of money. Computers were seized while further searches are being carried out in London and the Midlands. Source: http://news.techworld.com/security/3408031/bank-phishing-gang-arrested-after-hotel-swoop/

6. October 29, Ventura County Star – (California) Ventura police identify ‘wigout bandit’ suspect in recent bank robberies. Ventura, California police and the FBI October 29, identified a man dubbed the ―wigout bandit,‖ a suspect in recent bank robberies and other crimes. The suspect is wanted on suspicion of three robberies since August and got his nickname because he wore a different wig every time he robbed a bank, authorities said. The robberies occurred August 1 at a U.S. Bank, and August 23 at a Chase Bank, as well as at a Rabobank. The suspect is known to frequent hotels in Ventura, Oxnard, and Santa Barbara and is considered armed and dangerous, authorities said. Source: http://www.vcstar.com/news/2012/oct/29/ventura-police-identify-man-allegedly-for-recent/

7. October 29, Chicago Tribune – (Illinois) Elmer Fudd Bandit’ hits 5th bank on northwest side. A robber dubbed the ―Elmer Fudd Bandit‖ — because of his cap and plaid flannel shirt — is suspected of hitting his fifth bank in the Chicago area since mid-October, authorities said. In the most recent heist, the robber implied he had a gun when he entered a bank in the Oriole Park neighborhood October 29, according to a police official. The man approached a teller and presented a note demanding cash, according to a FBI spokeswoman. After receiving an undisclosed amount of money, the robber fled on foot, she said. The robber then got into a mid-sized car that sped away. The FBI said the same robber is believed to have struck four other times: a robbery October 13 at a TCF Bank in Chicago; an attempted robbery October 14 at a TCF Bank in Des Plaines; a robbery October 15 at a Charter One branch in Norridge; and the October 24 robbery of a TCF Bank branch in Stickney. Source: http://www.chicagotribune.com/news/local/breaking/chi-police-report-northwest-side-bank-robbed-20121029,0,4144488.story

For more stories, see item 1 above in Top Stories and 32 below in the Information Technology Sector

Information Technology Sector

29. October 30, SC Magazine UK – (International) Hurricane Sandy could cause problems in cyber space. With Hurricane Sandy colliding with the East Coast, cyber criminals are likely to take advantage of the historic storm to make money or steal personal information from the unsuspecting. Like with most major news events, users should be on the lookout for legitimate-looking scams that will use the hurricane’s mainstream allure to dupe them. ―If the past repeats itself, Facebook postings, tweets, emails and websites claiming to have exclusive video or pleading for donations for disaster relief efforts will appear shortly after the storm hits,‖ security company Avast warned October 29. ―These messages often include malicious code that attempt to infect computers with viruses, spyware or Trojan horses.‖ Online vandals have also been known to bait users through a technique known as black-hat search engine optimization (SEO), in which search results are poisoned so the attackers’ sites appear near the top of rankings. Natural disasters lend a particularly lucrative hand to cyber criminals because many users want to make donations to victims. As such, they can be easily tricked into giving their money away to bogus sites that appear to be charities, such as the American Red Cross. Source: http://www.scmagazineuk.com/hurricane-sandy-could-cause-problems-in-cyber-space/article/265955/

30. October 30, Threatpost – (International) EFF raises questions on privacy leaks in Ubuntu. The Elonic Frontier Foundation (EFF) is warning users of Ubuntu’s latest release that the open-source operating system sends their search queries to third parties, including Amazon, by default, and that some of their search results may be viewable by other users on the same network. The privacy leaks are present in Ubuntu 12.10 and the group says that Canonical, which runs the Ubuntu project, should disable the inclusion of online search results by default and make it clearer to users what is being done with their search queries and IP addresses. The issues that the EFF is raising are related to a feature called Dash in the Ubuntu Unity desktop that is designed to be a central search mechanism for documents, files, and other information both on the local machine and online. When a user searches for a given term, the query is sent to a Ubuntu server, and the query also includes his/her IP address. The search results, depending upon the query, may include products from Amazon related to the search term. Source: http://threatpost.com/en_us/blogs/eff-raises-questions-privacy-leaks-ubuntu-103012

31. October 30, The H – (International) ICS-CERT warns of increasing threat to industrial control systems. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued a warning about special tools and search engines that make attacks on systems and devices in infrastructures simple even for inexperienced attackers. Tools aimed at cracking digital control systems from companies such as GE, Rockwell Automation, Schneider Electric, and Koyo were released earlier in 2012. Tools for CoDeSys software from 3S Software also recently appeared. These tools lower the barriers for attackers by removing the need for specialist knowledge in order to carry out an attack. Special search engines such as the Shodan Computer Location Service and the Every Routable IP Project (ERIPP) are also making attacks simpler for attackers. One team of researchers told ICS-CERT that they used Shodan to discover more than 500,000 unsecured devices which use supervisory control and data acquisition (SCADA) and other industrial control systems (ICS). Source: http://www.h-online.com/security/news/item/ICS-CERT-warns-of-increasing-threat-to-industrial-control-systems-1739808.html

32. October 30, Wired – (International) Oops, e-mail marketer left Walmart, Capital One and others open to easy spoofing. Following a recent story about a widespread email vulnerability involving weak cryptographic keys, system administrators at many companies around the world began to check their DNS records to make sure that the DKIM keys they were using to authenticate their email were at least 1,024 bits in length — the recommended standard for secure authentication of email. No doubt, if they found they were using substandard keys, they replaced those keys with stronger ones to secure their corporate business email. However, according to one researcher, these companies may be overlooking third-party emailers who are responsible for sending out marketing newsletters and other communication to customers on their behalf. In fact, email marketing company Epsilon Interactive, which thought it fixed the problem a year ago, left Walmart, TD Ameritrade, TiVo, and others open to easy spoofing. Source: http://www.wired.com/threatlevel/2012/10/dkim-third-party-emailers/

33. October 30, Help Net Security – (International) Facebook investigates data leak from 1 million accounts. Facebook will be launching an internal investigation following the revelation by Czech blogger that data belonging to over 1 million Facebook users was offered for sale for $5. The blogger bought the data, which contained full names, email addresses and Facebook profile URLs, examined it, and discovered that some of the data is accurate. After making the discovery public on his blog, the blogger said he was contacted by Facebook. The company asked the blogger to forward them the data, then delete the file in his possession, name the Web site from which he bought it, remove some details from his blog, and keep any correspondence between them a secret. ―Facebook is vigilant about protecting our users from those who would try to expose any form of user information. In this case, it appears someone has attempted to scrape information from our site and combine the information with data publicly available elsewhere on the web,‖ Facebook commented the situation for Ars Technica. Source: http://www.net-security.org/secworld.php?id=13870

Communications Sector

34. October 30, ZDNet – (New York; National) Hurricane Sandy knocks out NYC data centers: Websites, services down. Hurricane Sandy-caused power outages have knocked much of the East Coast offline, but also preemptive substation shutdowns to prevent damage to electricity infrastructure substation equipment is affecting data centers and online services around the world, ZDNet reported October 30. New York City’s Consolidated Edison shut down large portions of the power grid in lower Manhattan to prevent damage to underground equipment, leaving more than an estimated 1 million without power. Within minutes, Gawker.com and technology Web site Gizmodo.com crumbled, saying a data center battery failure forced the sites to fall down at their lower Manhattan data center. Also affected was Buzzfeed.com citing similar problems, and LiveStream.com said it was experiencing a ―major outage.‖ In spite of being on the other side of the Atlantic, many are affected by the outages. HuffingtonPost.com remains down for many, after the publication said it was experiencing ―technical difficulties.‖ Source: http://www.zdnet.com/hurricane-sandy-knocks-out-nyc-data-centers-websites-services-down-7000006588/

35. October 30, Reuters – (National) Hurricane Sandy disrupts Northeast US telecom networks. Verizon Communications said October 30 that its wireline service was suffering as flooding in its central offices in lower Manhattan affected its back-up generators and batteries. The company said that its engineers were on site October 29 and were beginning to assess damage. Sprint Nextel said it was seeing outages at some cell sites because of the power outages across all the States in Sandy’s path including New York, New Jersey, Connecticut, Pennsylvania, Washington D.C., Maryland, northern Virginia, and New England. People complained of outages to their cable telephone, Internet, and television services from providers ranging from Comcast Corp, Cablevision Systems Corp, and Verizon in New Jersey, Connecticut, and New York. Cablevision said it was experiencing widespread service interruptions primarily related to loss of power. Cell phone service also appeared to be spotty for other top providers AT&T Inc and T-Mobile USA, a unit of Deutsche Telekom, according to some customers. Source: http://www.reuters.com/article/2012/10/30/uk-storm-sandy-telecommunications-idUSLNE89T02220121030


Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.


Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.