Thursday, November 8, 2012

Daily Report

Top Stories

 • About 21,000 West Virginia homes and businesses remained without power November 7 as utility crews continued restoring service knocked out by the storm. However, officials in some places said a full recovery will take months. – Associated Press

2. November 7, Associated Press – (West Virginia) FirstEnergy says about 21,000 W.Va. customers still without power; Preston, Randolph have most. Life after Superstorm Sandy was slowly returning to normal across West Virginia's hardest-hit counties November 7, but officials in some places said a full recovery will take months. About 21,000 West Virginia homes and businesses remained without power as utility crews continued restoring service knocked out by the storm. Preston County reported nearly 6,000 customers without power, and Randolph County with more than 4,000 outages. The utility said it had about 3,000 outages in Upshur and about 2,000 in Barbour, but fewer than 2,000 apiece in Webster and Tucker counties. Ohio-based FirstEnergy said it expected to return electricity to most customers by November 9 and the remainder by the end of the weekend of November 10. Schools remained closed in Preston and Webster counties, but a Preston emergency management director said authorities were working with the school board in hopes of getting buses back on the road the week of November 12. Source:

 • American Airlines suspended most flights to and from the New York area November 7 through November 8 as a winter storm approached the northeast United States. Delta Air Lines Inc. also expected canceled flights. – Bloomberg News

6. November 6, Bloomberg News – (New Jersey; New York) United, AMR to halt NYC-area flights tomorrow on storm. United Continental Holdings Inc. and AMR Corp.’s American Airlines suspended most flights to and from the New York area November 7 through November 8 as a winter storm approached the northeast United States. About 500 flights will be scrubbed as United pares service at its hub at New Jersey’s Newark Liberty airport for 24 hours at midday, said a spokesman. American and its American Eagle unit cut 290 flights. Delta Air Lines Inc. also expected to scrap some flights, and Southwest Airlines Co. and US Airways Group Inc. were monitoring the new storm, a spokesman said. The new storm was threatening the Northeast after Hurricane Sandy forced about 20,000 cancellations the week of October 29. Flooding along the coast was expected from Delaware north to Connecticut, including New Jersey and Long Island, where tides may rise as much as 3 feet above normal. Source:

 • Drinking water in one out of eight Denver homes with lead plumbing may be contaminated with lead, test results revealed November 7. Concentrations exceeded the federal drinking water standard by as much as 3.8 times. – Denver Post

12. November 7, Denver Post – (Colorado) Denver detects lead in tapwater, urges residents to limit exposure. Drinking water in one out of eight Denver homes with lead plumbing may be contaminated with lead, a health hazard that causes brain and nerve damage, especially in children, the Denver Post reported November 7. This result from recent tests forced Denver Water to warn residents and to take action to protect people. The lead concentrations measured in samples from 60 homes exceeded the federal drinking water standard of 15 parts per billion (ppb) by as much as 3.8 times. The 13 percent of Denver homes that had high lead levels, up from 8 percent of homes in 2011, was the highest percentage logged in 12 years, according to Denver Water data provided to the Denver Post. The Environmental Protection Agency requires water utilities to take action when required annual tests show more than 10 percent of homes with lead pipes have water containing lead above 15 ppb. In November, all 1.3 million metro residents served by Denver Water must be notified and advised of precautions they can take. Source:

 • Scientists devised a virtual machine that can extract private cryptographic keys stored on a separate virtual machine when it resides on the same piece of hardware. This technique can be used to pierce a key defense found in cloud environments. – Ars Technica See item 24 below in the Information Technology Sector


Banking and Finance Sector

4. November 6, Tampa Bay Tribune – (Florida) Sarasota man admits role in mortgage fraud. A Sarasota, Florida man pleaded guilty November 6 to conspiracy to commit bank fraud that resulted in $6.8 million in losses for banks, according to a release from a U.S. Attorney. Starting in March 2003 running through July 2008, the man and others conspired to commit bank fraud and he used several corporate entities to perpetuate the fraud scheme, including Southeast Capital Advisors, LLC. He marketed a "no money down" residential purchase program that made loans to his clients, enabling them to make down payments to purchases of residential properties. Then, he and his co-conspirators prepared and submitted fraudulent mortgage loan applications to lenders for the clients. The applications also usually overstated the clients' assets and understated their liabilities. Some loan applications also included the fraudulent misrepresentation that the clients intended to use the properties as their primary residences, when in fact they were investment properties. Some of the loans on the residential properties went into default, and the losses incurred by the lenders on 49 such residential properties totaled $6.8 million, according to the release. Source:

5. November 6, KLAS 8 Las Vegas – (Nevada) Las Vegas man convicted of using stolen credit card numbers. A federal jury November 5 convicted a Las Vegas man of felony charges for unlawfully obtaining thousands of credit, debit, and gift card numbers and using them to obtain cash and buy electronics, Nevada's U.S. Attorney said. The man was convicted of 1 count of conspiracy, 4 counts of possession of 15 or more counterfeit or unauthorized access devices, 1 count of aggravated identity theft, and criminal forfeiture. According to the superseding indictment and evidence presented by the government at trial, between May 2010 and April 2012 the man purchased stolen credit, debit, or gift card account numbers from a person in Pakistan. He then used them to purchase items, including electronics, which he later resold for his own benefit. He also obtained thousands of pages of customer records, including credit card numbers, that were stolen from a hotel in Las Vegas. He used computer software to predict gift card numbers issued by card companies. He then spent the money on the gift cards before the owners could use them. Source:

Information Technology Sector

20. November 7, Softpedia – (International) Malware uses password recovery app to extract credentials stored in browser. Most of the pieces of malware designed to steal user credentials, log keystrokes in order to collect the information. However, a new threat called PASSTEAL (TSPY_PASSTEAL.A) relies on a password recovery application to accomplish the task. According to Trend Micro researchers, the malware collects the information stored in Web browser by sniffing out accounts from different online services and apps. The sample analyzed by the security firm contains the PasswordFox app designed to work with Firefox. “In effect, the password recovery tool enables PASSTEAL to acquire all login credentials stored in the browser- even from websites using secured connections (SSL or HTTPS),” a threat response engineer at Trend Micro explained. ”Some sites that use this connection includes Facebook, Twitter, Pinterest, Tumblr, Google, Yahoo, Microsoft, Amazon, EBay, Dropbox, and online banking sites. PASSTEAL also doesn't restrict itself to browser applications. Certain variants are designed to log information from applications such as Steam and JDownloader.” After it extracts the data, the malicious element executes a command to save all the information into a .xml file. Based on this .xml file, a text (.txt) file is also created. Once all the information is gathered, the malware connects to a remote FTP server and uploads the files. Source:

21. November 7, Computerworld – (International) Adobe, now 'married' to Microsoft, moves Flash updates to Patch Tuesday. November 6, Adobe announced that it will pair future security updates for its popular Flash Player with Microsoft's Patch Tuesday schedule. At the same time, Adobe issued an update that patched seven critical Flash vulnerabilities, and Microsoft shipped fixes for Internet Explorer 10 (IE10), which includes an embedded copy of Flash. However, the move to synchronize Flash Player updates with Microsoft's monthly patch schedule was the bigger news. "Starting with the next Flash Player security update, we plan to release regularly-scheduled security updates for Flash Player on 'Patch Tuesdays,'" Adobe said. Source:

22. November 7, The H – (International) Chrome 23 closes holes, promises longer battery life. Version 23 of Chrome addresses 15 security vulnerabilities in the browser, 6 of which are rated as "high severity." These include high-risk use-after-free problems in video layout and in SVG filter handling, an integer bounds check issue in GPU command buffers, and a memory corruption flaw in texture handling; a Mac-only problem related to wild writes in buggy graphics drivers was also fixed. Eight medium-severity flaws including an integer overflow that could lead to an out-of-bounds read in WebP handling, as well as a low-risk flaw were also corrected. Source:

23. November 7, The H – (International) Security updates for Flash and Air. November 7, Adobe released new versions of its Flash Player to eliminate a number of critical vulnerabilities. The vulnerabilities were associated with several CVE numbers; CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5280 are buffer overflows, CVE-2012-5279 is a memory corruption issue, and CVE-2012-5278 is a security bypass; all of which are listed as potentially allowing an attacker to inject malicious code into the system. All the flaws were discovered by members of the Google Security Team. Google Chrome's embedded Flash Player was updated in the update of Google Chrome to version 23, also released November 7. The automatic delivery of Flash Player for Windows 8 was also delivered to all users. Adobe updated its AIR runtime which includes Flash Player and the associated development kits. Version is now the current version on all platforms. Source:

24. November 6, Ars Technica – (International) Virtual machine used to steal crypto keys from other VM on same server. Piercing a key defense found in cloud environments such as Amazon's EC2 service, scientists devised a virtual machine that can extract private cryptographic keys stored on a separate virtual machine when it resides on the same piece of hardware. The technique, unveiled in a research paper published by computer scientists from the University of North Carolina, the University of Wisconsin, and RSA Laboratories, took several hours to recover the private key for a 4096-bit ElGamal-generated public key using the libgcrypt v.1.5.0 cryptographic library. The attack relied on "side-channel analysis," in which attackers crack a private key by studying the electromagnetic emanations, data caches, or other manifestations of the targeted cryptographic system. Source:

Communications Sector

25. November 7, Associated Press – (National) AT&T, govt reach deal on data plan complaints. AT&T agreed to pay the federal government $700,000 and offer refunds to customers for mistakenly forcing some smartphone users into monthly data plans, the Associated Press reported November 7. In late 2009, AT&T began to require new smartphone customers to subscribe to monthly data plans. Existing subscribers with pay-per-use plans or no plan at all had to get a monthly plan when they upgraded to a new smartphone. The requirement was not supposed to apply when subscribers replaced a lost or broken phone through an insurance program or warranty, or if they moved to a different AT&T service area. However, a computer error moved those customers into monthly plans anyway. AT&T Inc. now must offer to restore the older plans and give refunds, which the Federal Communications Commission said could be up to $30 a month. Source:

Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site:

Contact Information

Content and Suggestions: Send mail to or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to

Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at or visit their Web page at v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.