Thursday, November 15, 2012
Daily Report
Top Stories
• Authorities recovered $1.5 million in copper
plates stolen from the Asarco plant in Hayden, Arizona, the Associated Press
reported November 13. – Associated Press
4. November 13, Associated
Press – (Arizona) Authorities
recover $1.5 million in stolen copper. Authorities recovered $1.5 million
in copper plates stolen from the Asarco plant in Hayden, Arizona, the
Associated Press reported November 13. An Arizona Department of Public Safety
spokesman said the case began in late September with the recovery of $300,000
in copper plates that were found in the back of a commercial vehicle during a
traffic stop and later at a warehouse in Marana. The spokesman said the
warehouse was supplying copper to a scrap metal yard in the Los Angeles area
and that federal authorities moved to stop the shipment of those items to
China. Source: http://ktar.com/22/1588381/15-million-in-stolen-copper-recovered
• There
are 10,000 active identity theft crime rings across the U.S., with the greatest
concentration in a “ring of fraud” that stretches across the Southeast United
States, according to a new report by fraud-fighting firm ID Analytics. – NBC
News See item 5 below in the Banking and Finance Sector
• A Mexican federal police
commander was arrested November 13 and charged with providing false information
in the case of 14 officers accused of ambushing a U.S. Embassy vehicle in
August. – Associated Press
23. November 14, Associated
Press –
(International) Mexican police commander linked to attack on U.S. Embassy
vehicle. A Mexican federal police commander was arrested and charged with
providing false information in the case of 14 officers accused of ambushing a
U.S. Embassy vehicle in August, authorities said November 13. Initial reports
on the shooting, which wounded two CIA agents, said federal police mistook the
embassy SUV for a criminal vehicle, but officials later said it appeared to be
an intentional attack and raised the possibility it was staged at the behest of
a drug cartel. The inspector general was jailed November 12, accused of lying
to authorities about what happened in the August 24 attack south of Mexico
City, two government officials familiar with the case said. The 14 officers,
who were formally charged with attempted murder last week, were in plain
clothes and civilian vehicles when they chased and fired at the gray Toyota SUV
with diplomatic plates, then peppered the windows of the armored vehicle with
152 bullets when it came to a stop. Two CIA officers, whose identities have not
been released by the U.S. government, had non-life-threatening injuries, and a
third person in the car, a Mexican navy captain, was not hurt. The officers so
far do not face organized crime charges. However, the Mexican attorney
general’s office has said the investigation is continuing, and it is still
exploring whether the officers had links with organized crime. Source: http://www.thereporter.com/news/ci_21992983/mexican-police-commander-linked-attack-u-s-embassy
• A former Dixon, Illinois
comptroller was scheduled to plead guilty to stealing $53 million of public
money while overseeing the town’s public finances beginning in 1990 and
siphoning it into a secret bank account. – Associated Press
27. November 14, Associated
Press – (Illinois) Ex-comptroller
to plead guilty in $53M scam. The former comptroller of Dixon, Illinois, was
scheduled to plead guilty to a federal charge that accuses her of stealing $53
million of public money while overseeing the town’s public finances and
siphoning it into a secret bank account, a U.S. attorney’s spokesman said,
according to the Associated Press November 14. She is accused of using her
modestly paid town hall job to steal tax dollars that supported an extravagant
way of life and won her national fame as a horse breeder. Prosecutors allege
she began stealing the money in 1990. She had been working for the town since
she was 17 and started to oversee the town’s public finances in the 1980s. Her
scheme unraveled only after a co-worker filling in for her while she was on an
extended vacation stumbled upon the secret bank account, prosecutors allege.
The authorities allege she created phony invoices that she characterized as
being from the State of Illinois. She then allegedly put that money from a city
account into another account, which she repeatedly used for personal expenses.
Source: http://www.sfgate.com/news/us/article/Feds-Ex-comptroller-to-plead-guilty-in-53M-scam-4033769.php
Details
Banking and Finance Sector
5. November
14, NBC News – (National) 10,000 ID fraud gangs active in US, especially the
Southeast, study finds. There are 10,000 active identity theft crime rings
across the U.S., with the greatest concentration in a “ring of fraud” that
stretches across the Southeast from Virginia to Mississippi, according to a new
report by fraud-fighting firm ID Analytics, NBC News reported November 14. A
majority of these rings are what the firm calls “Friends & Family” groups,
not professional criminal organizations, the report concludes. The rings are
most highly concentrated in Washington D.C.; Detroit; Tampa, Florida;
Greenville, Mississippi; Macon, Georgia; and Montgomery, Alabama. ID Analytics
compiled the results by examining its massive database of credit applications
and other identity “risk events,” which includes 1.7 billion entries. The firm
cross references credit applications from major banks, auto dealers, wireless
firms, and other credit grantors looking for evidence of systematic identity
fraud. A “crime ring” was defined by ID Analytics as two or more individuals
working in concert, repeatedly submitting fraudulent applications in an attempt
to commit fraud. Collusion was determined by noting when multiple members of
the rings used similar personal identifying information, such as Social
Security numbers, in fraud attempts. Source: http://redtape.nbcnews.com/_news/2012/11/14/15144350-10000-id-fraud-gangs-active-in-us-especially-the-southeast-study-finds?lite
6. November
14, Wall Street Journal – (International) China’s illicit flows
are ‘big issue’ for money laundering. Banks face a risk from money
laundering in China because of large flows of illicit money, weak controls, and
the difficulties of screening names, said a new report from research and
consulting firm Celent. Money laundering is “a big issue” in southern China,
Celent said, because of the informal nature of capital flows there. With
increased international exposure to the Yuan as its use grows in commerce and
finance, the report urged regulators and financial institutions “to step up
efforts to curb money laundering activities.” One of the major issues is
screening transactions. A survey of 25 banks with Chinese operations included
in the report revealed that 60% found technology issues were a challenge in
using Chinese names in international payments and 56% found the same challenge
with messaging systems. Also, a questionnaire sent with the survey showed banks
find local Chinese blacklists of undesirable customers harder to use than the
standard list of sanctioned individuals from the U.S. Department of the
Treasury’s Office of Foreign Assets Control (OFAC). Most banks can screen the
OFAC list using technology, but one questionnaire respondent said monitoring
the Chinese lists requires “eyeball checking.” Source: http://blogs.wsj.com/corruption-currents/2012/11/14/chinas-illicit-flows-are-big-issue-for-money-laundering/
7. November
13, Pensions & Investments – (National) Labor Department
settles with Ivy, 3 other firms over Madoff losses. The U.S. Department of
Labor (DOL) November 13 announced a $217 million settlement with four companies
to resolve a series of lawsuits relating to losses from investments in Bernard
L. Madoff Securities’ Ponzi scheme. The settlement was reached with Ivy Asset
Management, J.P. Jeanneret Associates, Beacon Associates Management, Andover
Associates Management, and their former and current owners and executives,
according to the DOL’s statement. The settlement resolves litigation filed by
both the DOL and the New York attorney general’s office as well as private and
class-action lawsuits brought by individuals and pension plans that claimed
they invested in Madoff Securities’ trading strategy on the advice of the
companies. The suits, including the DOL’s, alleged the four firms and their
owners and principals “misrepresented and concealed doubts and suspicions”
about investment in the Madoff Securities’ trading strategy. Source: http://www.pionline.com/article/20121113/DAILYREG/121119967/labor-department-settles-with-ivy-3-other-firms-over-madoff-losses
8. November
13, Redlands-Loma Linda Patch – (California) Halo Bandit
accused of robberies in Yucaipa, Hemet arrested at border. A man wanted in
connection with bank robberies in Yucaipa, Hemet, San Jacinto, and Menifee,
California, and a failed attempt at a Murrieta bank, was arrested November 11
at the San Ysidro border crossing when he tried to enter the U.S. from Mexico,
Riverside County sheriff’s officials said November 13. The FBI nicknamed the
suspect the Halo Bandit in October for the halo on his Angels ballcap. The man
is suspected in the robberies of a Citibank branch in Yucaipa October 24, a
bank in Murrieta about 2 hours earlier October 24, a Citibank branch in Yucaipa
November 7, a Bank of America branch in Menifee September 27, and others
between April and October. Source: http://redlands.patch.com/articles/halo-bandit-accused-of-robberies-in-yucaipa-hemet-menifee-arrested-at-border#photo-11884420
Information Technology Sector
33. November
14, Softpedia – (International) Malware uses social media and blogging sites
as part of its C&C server. Researchers have uncovered some interesting
phishing attacks that rely on blogging and social media Web sites as part of
the command and control (C&C) server, Softpedia reported November 14.
According to FireEye experts, it all starts with an attachment called
“AutoCleanTool.rar.” When the file is unzipped and executed, users are
presented with a small application window which prompts them to enter their
full email address and its associated password. Once the credentials are handed
over, the information is saved into the Windows registry, after which it is
transmitted to the attackers by the malware. In the meantime, a directory
structure is created and a malicious DLL file is dropped in a couple of
locations. Once the DLL (NetCCxx.dll) is loaded, the malware first checks to
see if it can connect to the Internet by using a GET request. Then, it starts
contacting a number of domains, all of which appear to be hosted on Chinese
social media and blogging Web sites. From these Web sites, the malware starts
downloading a series of .jpg image files. The images contain an “unknown
padding,” 471 bytes in size, after the “Endofimage” marker. This “unknown
padding” is referenced by the threat in order to update itself. The data it
takes from one image becomes part of a new .ini file that contains
configuration details. Another part of the retrieved data contains the URL for
an additional image file, which in turn contains more configuration
information. This way, the malware can update itself without being noticed by
security software. Furthermore, the data from the .jpg file can also be
utilized to update the entire framework and even add new components. Source: http://news.softpedia.com/news/Malware-Uses-Social-Media-and-Blogging-Sites-as-Part-of-Its-C-C-Server-306801.shtml
34. November
14, Business Wire – (International) Intel Corporation: McAfee Threats Report
shows global expansion of cybercrime. McAfee November 14 released the
McAfee Threats Report: Third Quarter 2012, which explores techniques in
cybercrime as well as the global evolution of cyber exploits. The latest report
uncovers new details of “Operation High Roller.” It states that mobile malware
almost doubled the previous quarter’s total, and reveals an all-time high in
database breaches. McAfee Labs also saw jumps in some categories of malware,
including ransomware and signed binaries. Rootkits and Mac malware continue to
rise, while password-stealing Trojans and AutoRun malware also trended strongly
upward. Source: http://www.4-traders.com/INTEL-CORPORATION-4829/news/Intel-Corporation-McAfee-Threats-Report-Shows-Global-Expansion-of-Cybercrime-15509039/
35. November
14, Softpedia – (International) Experts find ransomware that works on Windows
8. Symantec has identified a variant of ransomware that works on Windows 8.
Symantec experts have tested several ransomware samples to see how well they
work on Windows 8. Some of the threats have not managed to lock up the infected
computers and hold them for ransom, but Trojan.Ransomlock.U has no problem
accomplishing the task. Trojan.Ransomlock.U is designed to display the ransom
message based on the victim’s location and researchers reveal that this feature
works without any problems on Windows 8. Source: http://news.softpedia.com/news/Experts-Find-Ransomware-That-Works-on-Windows-8-306855.shtml
36. November
13, IDG News Service – (International) Phishing attack targets CloudFlare customers.
Customers of the popular CloudFlare Web site acceleration and security
service were targeted in an email attack that directed them to a fake version
of the Web site. Reports about spoofed CloudFlare emails that contained links
to a phishing Web site were posted November 12 on the company’s support forum
by customers. The rogue messages masqueraded as CloudFlare alerts about account
load limits being exceeded. Around 785,000 sites are currently configured to
use CloudFlare’s DNS servers, according to a report by U.K.-based Internet
research and security firm Netcraft. Source: http://www.networkworld.com/news/2012/111312-phishing-attack-targets-cloudflare-264225.html
37. November
13, eWeek – (International) Microsoft fixes 19 security flaws in November
Patch Tuesday update. Microsoft pushed out six security bulletins covering
19 vulnerabilities across Windows, Internet Explorer, and several other
products November 13. Four of the six updates are rated “Critical.” MS12-071
addresses three security issues in Internet Explorer, none of which are known
to be currently under attack. However, Microsoft indicated it expects exploit
code to be available soon, and successful exploitation of these issues would
allow an attacker to remotely execute code. MS12-075 addresses three
vulnerabilities in the Windows kernel in all supported versions of Windows. The
most severe of the flaws permits a successful hacker to remotely execute code
on the compromised system if the attacker can lure the user to a Web site with
a maliciously-crafted TrueType font file embedded. The other two critical
bulletins address issues in the Windows shell (two vulnerabilities) and the
.NET Framework (five vulnerabilities). In the case of the Windows shell issues,
the vulnerabilities could allow remote code execution if a user browses to a
specially-crafted briefcase in Windows Explorer. Source: http://www.eweek.com/security/microsoft-fixes-19-security-flaws-in-november-patch-tuesday-update/
For another story, see item 38 below in the Communications Sector
Communications Sector
38.
November 14, PC Magazine –
(International) Skype security issue prompts password reset shutdown. Skype,
a tool that roughly 250 million users rely on for cheap, seamless international
audio and video calling, suffered a security breach that could allow anyone to
change a user’s password and take over their account, PC Magazine reported
November 14. According to reports, the simple hack can be executed as long as
the intruder knows the user’s account name and associated email address. In
response, Skype has temporarily disabled the password reset feature in Skype to
protect users. Originally discovered on a Russian hacker Web site, the exploit
was tested and confirmed by TheNextWeb over the last 24 hours. Source: http://www.pcmag.com/article2/0,2817,2412100,00.asp
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.