Thursday, November 1, 2012
Daily Report
Top Stories
• Utility crews were assessing the damage and working to restore
service to more than 2 million homes and businesses in New Jersey. The State‘s
largest utility, Public Service Electric&Gas (PSE&G), said it has
restored power to 30 percent of its 1.4 million customers who lost service. – Associated
Press
3. October
31, Associated Press – (New Jersey) More than 2M in NJ without electricity. Utility
crews were assessing the damage and working to restore service to more than 2
million homes and businesses in New Jersey. The State‘s largest utility, Public
Service Electric & Gas (PSE&G), said it has restored power to 30
percent of its 1.4 million customers who lost service. Still, 900,000 PSE&G
customers are without electricity. Jersey Central Power & Light reported
outages for 954,283 customers, mainly in Monmouth and Ocean counties. Atlantic
City Electric said 121,035 homes and businesses remain in the dark. Orange
& Rockland Electric reported 53,822 customers without service.
• Two of the biggest airports serving New York — John F. Kennedy
(JFK) and New Jersey‘s Newark Liberty International — reopened ―on a very
limited operational schedule‖ after losing power during the recent superstorm.
– Associated Press
17. October
31, Associated Press – (New Jersey; New York) JFK, Newark airports reopen on limited
schedule. Two of the biggest airports serving New York — John F. Kennedy
(JFK) and New Jersey‘s Newark Liberty International — reopened. The first passenger
flight to JFK arrived from Long Beach, California, October 31 with 150 passengers
and the first flight into Newark was a FedEx plane. A Port Authority of New
York and New Jersey spokesman said the two airports reopened ―on a very limited
operational schedule.‖ Some terminals at Newark lost power during the superstorm,
but electricity returned October 30. New York‘s LaGuardia Airport remained
closed. Authorities were assessing the impact of the storm on the airport. Source:
http://www.wboc.com/story/19961809/jfk-newark-airports-reopen-on-limitedschedule
• Six New York City hospitals were forced to evacuate hundreds of
patients October 30 after losing power at the height of Hurricane Sandy,
according to the New York City mayor and other news reports. – Los Angeles
Times
28. October
30, Los Angeles Times – (New York) Storm forces evacuation of
hundreds of New York hospital patients. Six New York City hospitals were
forced to evacuate hundreds of patients October 30 after losing power at the
height of Hurricane Sandy, according to the New York City mayor and other news
reports. New York City officials were coordinating with 53 healthcare
facilities about water levels, staffing, and structural issues. New York
Downtown Hospital and the Manhattan Veterans Affairs Hospital closed October 29
during the hurricane. NYU Langone Medical Center hospitals, including Tisch
Hospital, were evacuated. Tisch Hospital staff and most of its 200 patients
were evacuated after a backup generator failed, the Associated Press reported.
At Coney Island Hospital in Brooklyn, officials decided to evacuate the facility
when it was operating on a backup generator. Officials at Bellevue Hospital,
which lost power but
remained open, monitored the hospital‘s energy needs while it ran on backup
power.
• Telecommunications companies told federal regulators that
Hurricane Sandy knocked out 25% of wireless cell towers and a quarter of cable
services in 10 States. A small number of 9-1-1 call centers were also affected.
– USA Today See item 42 below in the Communications Sector
Details
Banking and Finance Sector
10. October
31, Associated Press – (Illinois) Ill. man guilty in $48 million bank fraud. A suburban
Chicago man has pleaded guilty to defrauding a bank of more than $48 million as
part of two failed condominium projects in Chicago‘s Loop, the Associated Press
reported October 31. The U.S. Department of Justice said the man pleaded guilty
to a single count of bank fraud. Authorities said a co-defendant remains a
fugitive and believed to be outside the United States. According to the man‘s
plea, between 1993 and 2003 he and the co-defendant borrowed money from the
former CIB Bank based in part on fraudulent purchase contracts on two buildings
that inflated the buildings‘ worth. The bank lost the money. Source: http://www.sfgate.com/news/crime/article/Ill-man-guilty-in-48-million-bankfraud-3995201.php
11. October
31, Reuters – (International) Barclays hit by fresh U.S. investigations. Barclays,
already rocked by an interest rate rigging scandal, unveiled new U.S.
regulatory investigations into the bank‘s financial probity October 31. Following
investigations in the U.K. over its dealings with Qatari investors, Barclays said
the U.S. Department of Justice and Securities and Exchange Commission were probing
whether its relationships with third parties who help it win or retain business
are compliant with U.S. laws. The bank is under investigation by Britain‘s
financial regulator and fraud prosecutor into payments to Qatari investors
after it raised billions of pounds from the Gulf state 5 years ago to save it
from taking a taxpayer bailout. Barclays also said that the U.S. Federal Energy
Regulatory Commission (FERC) could be close to fining it over an investigation
into the manipulation of power prices in the western United States from late
2006 until 2008. FERC could notify the bank of proposed penalties as early as
October 31, and Barclays said it would ―vigorously defend this matter. The
investigation was first announced in April, alleging the bank took substantial
electricity market positions to move daily index settlements. Source: http://www.reuters.com/article/2012/10/31/us-barclays-resultsidUSBRE89U0C420121031
12. October
31, New York Times – (New York) After Hurricane Sandy, stock exchanges prepare to
open. Despite the damage from Hurricane Sandy, New York City‘s Wall Street
is preparing to open for business October 31. After closing the stock and bond markets
for two days, the New York Stock Exchange (NYSE), Nasdaq, and other trading
platforms were set to resume normal operations, following nonstop meetings and
extensive testing of their systems. The exchanges want to get up and running as
soon as possible to serve their clients and show they can operate in difficult
conditions. A long delay could frustrate investors and damage their image. The
New York Exchange and Nasdaq said their systems were ready to resume
operations. But some firms that trade on the exchanges continued to face
problems in the aftermath of the storm. In preparation, the New York Exchange
created an emergency response team, and roughly 30 staff members have been
sleeping at the Lower Manhattan headquarters. October 30, the exchange
conducted trial runs with financial firms to detect potential bugs. As the
markets prepared to go back online, exchange officials and regulators braced
for technical problems. The Securities and Exchange Commission spent much of
October 30 walking the exchanges through checklists that aim to detect potential
mishaps.
Source: http://www.cnbc.com/id/49617351
13. October
31, Help Net Security – (International) Bank of America
customers under phishing attack. The phishing ―account suspended‖ warning
purportedly sent by Bank of America‘s Cardmember Services is hitting inboxes
once again, Help Net Security reported October 31. ―During our usual security
enhancement protocol, we observed multiple login attempt error while login in
to your online banking account,‖ the email reads. ―We have believed that
someone other than you is trying to access your account for security reasons,
we have temporarily suspend your account and your access to online banking and
will be restricted if you fail to update.‖ According to PhishTank, the offered
link takes potential victims to a very realistically spoofed Bank of America login
page. The fake Web page has since been made unavailable. However, the URL in the
email can be easily changed to point to another page,
14. October
30, American Banker – (New York) Citi to close storm-damaged Wall Street building
for „weeks‟. One of Citigroup‘s downtown New York City offices damaged by
Hurricane Sandy will be closed for weeks, the company said October 30. Our
facility at 111 Wall Street experienced severe flooding and will be out of commission
for several weeks,‖ a chief executive wrote in a memo to employees. ―We are
still assessing when other sites that were not damaged, including 388 and 390 Greenwich
Street, can reopen.‖ Continued power outages, lack of mass transportation, and
mandatory evacuation orders make decision-making difficult, he wrote. For the time
being, Citi will rely on back-up sites and work-from-home strategies.
15. October
30, Internal Revenue Service; U.S. Department of Justice – (Texas)
Jury finds Alvin man guilty on bank fraud charges. A federal jury
convicted a man of conspiracy to commit bank fraud and nine counts of bank
fraud involving loans totaling more than $39 million in the Houston area, a
United States Attorney announced October 30. The government presented evidence
at trial that from July 2004 and continuing through September 2007, the man,
along with his co-conspirators, participated in a scheme to defraud financial
institutions insured by the Federal Deposit Insurance Corporation and
residential mortgage lenders. The man would locate condominium units from a
builder or developer. He would then set up trust accounts with names similar to
the condominiums through which the title to pass. Co-defendants would recruit
straw buyers with good credit to act as borrowers in applications for residential
mortgage loans to purchase one or more of the properties, which would ultimately
go into foreclosure because of the failure to pay the loans. The loss from the scheme
was determined to be more than $20 million. Source: http://www.yourhoustonnews.com/pearland/news/jury-finds-alvin-man-guiltyon-bank-fraud-charges/article_3eeb7197-9869-5e20-bfa3-74e0b8bf8b19.html
Information Technology Sector
36. October
31, Help Net Security – (International) Can the Nuclear exploit
kit dethrone Blackhole? The author of the Nuclear exploit pack recently
released version 2.0. He/she advertises it on his/her own page, likely linked
to from a number of underground forum entries. As evidenced from the page, the
exploit pack is currently being used in several malicious campaigns, which end
up delivering information stealing trojans and ransomware onto the compromised
computers. However, what differentiates this offer from others is that the
cybercriminal is determined not to be blamed for the criminal actions performed
by his/her customers, and he/she tries to achieve this by introducing Terms of
Service (TOS) that everyone must agree to before using the kit. According to a
researcher, the Nuclear exploit pack‘s TOS forbid actions that violate the law
of the Russian Federation, acquisition of traffic using spam emails, iFrame-based
traffic acquisition practices, testing the software on public services such (VirusTotal
and others), offering Cybercrime-as-a-Service business services using the kit,
and developing an affiliate program using the exploit kit. The kit also lacks operational
security features which would make the campaigns harder to detect and analyze. Source:
http://www.net-security.org/malware_news.php?id=2308
37. October
31, Softpedia – (International) Multiplatform Jacksbot malware spotted in the
wild. Several weeks ago, security researchers from Intego issued a report
about a new Java backdoor trojan called
Jacksbot. At the time, the threat was considered lowrisk because no computers
were infected with it. Now, however, Trend Micro experts said they spotted the
trojan in the wild. Since it is a Java application, Jacksbot can target not
only Windows systems, but also Mac, Linux, and any other OS that supports the
Java Runtime Environment (JRE). So far, experts found it on only two computers —
one in Malaysia and one in Australia. Considering that one of Jacksbot‘s
capabilities is to steal Minecraft passwords, it is believed that this might
also have something to do with the way it is spread. A threat response engineer
at Trend Micro claims that Jacksbot can be considered a remote access trojan
(RAT) because it is capable of taking control of computers, and allow its
master to execute various ―backdoor commands. Although it can run on any
platform that supports JRE, it appears that the backdoor mainly focuses on
Windows. Experts say the developers might be experimenting for a multiplatform
malware, but for the time being, judging by its code, it only works properly on
Windows.
Source: http://news.softpedia.com/news/Multiplatform-Jacksbot-Malware-Spotted-inthe-Wild-303363.shtml
38. October
31, Softpedia – (International) SQL Injections and DDoS attacks: Most popular
topics on hacker forums. Security solutions provider Imperva released the result
of its 13th Hacker Intelligence Initiative report, which is based on the
analysis of some highly popular hacker forums, including one that is considered
to be one of the largest, with 250,000 members. According to experts, the most
discussed topics on hacker forums are SQL Injection and distributed
denial-of-service (DDoS) attacks, both occupying 19 percent of the discussion
volume. It is believed SQL Injection is a favorite attack vector because many
of the security solutions deployed by organizations do not even know how to
identify such attacks. Another hot topic among hackers is represented by social
networks. That is because these Web sites are not only an important source of
information, but they also provide the means to make a profit. Facebook is the
most discussed (39 percent), followed by Twitter (37 percent), and Myspace (15
percent). Google+ and LinkedIn show up in only 5 percent and 4 percent, respectively,
of the social media-related threads. Source: http://news.softpedia.com/news/SQL-Injections-and-DDOS-Attacks-Most-Popular-Topics-on-Hacker-Forums-303268.shtml
39. October
31, The H – (International) Plone CMS vulnerable to privilege escalation and
code execution. The Plone Foundation warned users that there are multiple vulnerabilities
in its open source Plone content management system as well as the Zope toolkit.
According to the security advisory, these security holes could be exploited by an
attacker for privilege escalation, allowing them to bypass certain security restrictions,
or to execute malicious arbitrary code on a system. While specific details about
the vulnerabilities, which are rated as ―highly critical‖ by security
specialist Secunia, are being withheld for the time being, the developers
strongly recommend that administrators take certain steps in order to protect
their sites. These include making sure that installations are running with the
minimum required privileges, using an
intrusion detection system
to monitor resources for unauthorised changes, and monitoring system logs for
unusual activity. The Foundation says that a majority of these problems were
found as part of audits by the project‘s security team, but some were also reported
by users. All supported versions of the software are said to be affected.
Patches to close the holes will be released November 6. Source: http://www.h-online.com/security/news/item/Plone-CMS-vulnerable-toprivilege-escalation-and-code-execution-1740709.html
40. October
31, The H – (International) Trojan bargain with Windows 8 support. Cybercriminals
have already started to devlelop malware for Windows 8. For example, on a
Google-hosted site, a ―Remote Administration Tool‖ called Xtreme RAT, which is
already Windows-8-compatible, is available with free updates included. The tool
includes, among other functions, a keylogger which can store the recorded keystrokes
to any FTP server and can capture passwords from all major browsers. Xtreme RAT
can also transmit the screen contents to the ―admin‖ and tap Web cameras and
microphones. The developer advertises that his tool can trick Data Execution Prevention
(DEP) and that the latest version works with the so-called Cryptem — special
programs that change executable files to impede detection by antivirus
software. Source: http://www.h-online.com/security/news/item/Trojan-bargain-with-Windows-8-support-1740800.html
For another story, see item 13 above in
the Banking and Finance Sector
Communications Sector
41. October
30, Computerworld – (National) Storm forces Internet hubs to run on generator
power. Two buildings in lower Manhattan, New York, that serve as major network
hubs for the U.S. are operating on generator power, due to Hurricane Sandy, Computerworld
reported October 30. Telecom companies use the buildings, known as carrier
hotels to interconnect networks to allow data sharing and users of one network to
connect with those of another. Thus, the two buildings are critical to the
nation‘s infrastructure. Hundreds of domestic and international network
connections are made at these two buildings. The close proximity to network
resources turned the buildings into major data center locations. When Con
Edison shut off power in lower Manhattan October 29 to protect equipment from
storm flooding, it triggered generator backups for the two buildings. The
generator is currently powering the facilities.
Source: http://www.computerworld.com/s/article/9233080/Storm_forces_Internet_hubs_to_run_on_generator_power
42. October
30, USA Today – (National) FCC: 25% of cell towers, broadband down in 10
States. Telecommunications companies told federal regulators that Hurricane
Sandy knocked out 25% of wireless cell towers and a quarter of cable services
in 10 States. A ―very small,‖ but unspecified, number of 9-1-1 call centers
have also been affected, but emergency calls are being rerouted, the Federal
Communications Commission (FCC) chairman told reporters October 30. Neither the
telecom firms, which voluntarily reported the figures, nor the FCC estimated
how many wireless and cable customers were affected. However, the FCC chief
warned that service would likely get worse before it gets better. Further
disruptions are expected as the storm moves west and north or if cell towers
running on backup generators go down before electrical power is restored.
Utility companies estimated that between 7 million and 8 million customers did
not have power. Verizon Wireless, AT&T, Sprint Nextel, and T-Mobile USA all
reported service problems, as did Cablevision Systems, Comcast, and Time Warner
Cable. Source: http://www.usatoday.com/story/news/nation/2012/10/30/hurricane-sandywireless-cellphone-outage/1669921/
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.