Friday, November 16, 2012
Daily Report
Top Stories
• BP will plead guilty to manslaughter
charges, including numerous other felony charges, stemming from the 2010
Deepwater Horizon explosion and oil spill in the Gulf of Mexico, and BP also
agreed to pay $4.5 billion in government penalties, the U.S. Attorney General
announced November 15. – CNNMoney
1. November
15, CNNMoney – (National) BP to pay record penalty for Gulf oil
spill. BP will plead guilty to manslaughter charges stemming from the 2010
Deepwater Horizon explosion and oil spill in the Gulf of Mexico, and agreed to
pay $4.5 billion in government penalties, the U.S. Attorney General announced
November 15. Of the penalties, $4 billion will resolve criminal charges. An
additional $525 million will be paid to resolve claims brought by the U.S.
Securities and Exchange Commission that BP lied to investors by understating
the amount of oil flowing into the Gulf. Separate from the corporate
manslaughter charges, a federal grand jury returned an indictment charging the
two highest-ranking BP supervisors on board the Deepwater Horizon on the day of
the explosion with 23 criminal counts. The two men were charged with seaman’s
manslaughter and involuntary manslaughter for each of the 11 men killed in the
blast, as well as a criminal violation of the clean water act. The grand jury
also charged BP’s second-highest ranking representative at the company’s
unified command post with hiding information from Congress and allegedly lying
to law enforcement officials. The company also will plead guilty to a felony
count of obstruction of Congress, a misdemeanor count under the Clean Water Act
and a misdemeanor count under the Migratory Bird Treaty. The fine comes on top
of $20 billion that the company has agreed to pay into a trust fund to meet
damage claims from the millions of gallons of oil spilled into the Gulf. It
said it expects to pay a final $860 million into that fund this quarter.
Transocean, the owner and operator of the rig, also had unresolved liability
issues. The U.S. Department of Justice, in its September filing, said the
company is also guilty of gross negligence. Source: http://money.cnn.com/2012/11/15/news/bp-oil-spill-settlement/index.html?hpt=hp_t1&hpt=us_c1
• The United States
electrical grid is vulnerable to terrorist attacks, including cyber strikes,
which could cause far more damage than those associated with natural disasters
such as Hurricane Sandy, according to a report released November 14. – Reuters
3. November
14, Reuters – (National) Report warns electricity grid vulnerable
to attack. The electrical grid is vulnerable to terrorist attacks,
including cyber strikes, that could cause far more damage than those associated
with natural disasters such as Hurricane Sandy, according to a report released
November 14. Without urgent attention to security, the United States risks
having large parts of the country blacked out “for weeks or months” at a cost
of billions of dollars, the National Research Council said. “Major cascading
blackouts in the U.S. Southwest in 2011, and in India in 2012, underscore the
need for the measures discussed in this report,” the group said. In the intervening
5 years, the potential for cyber attacks on critical elements of the electric
power delivery system — including communications, sensors and controls, or
other key infrastructure — has risen sharply. “Any telecommunication link that
is even partially outside the control of the system operators could be an
insecure pathway into operations and a threat to the grid,” the report said.
The sprawling power transmission system, spread across hundreds of miles and
with many key facilities unguarded, is “inherently vulnerable,” according to
the council. Deregulation in the mid-1990s, designed to increase competition in
the supply of bulk power, was said to have put the network even more at risk.
As a result, many parts of the bulk high-voltage system are heavily stressed
and at risk for multiple failures should an attack occur. Source: http://www.reuters.com/article/2012/11/14/us-usa-electricity-attacks-idUSBRE8AD1LL20121114
• United Airlines grounded certain flights across the United
States November 15 due to a glitch in the computer system that controls the
airline’s ground operations. – Fox Business
15. November
15, Fox Business – (National) United flights resuming after nationwide computer
glitch. United Airlines grounded certain flights across the United States
November 15 due to a glitch in the computer system that controls the airline’s
ground operations. A United spokesperson said that the internal system was “up
and running,” adding that the airline is “getting back to normal.” The glitch
caused “some but not all mainline flights” to be delayed, though United Express
was not impacted, the spokesman said. The system outage was related to United’s
Unimatic ground operation software. United said some computer activity had
resumed, though it was not clear how long it would take to completely resolve
all of the issues. The carrier has been plagued by a number of computer outages
since its merger with Continental. Since combining their computer systems in
March, outages have been reported in March, May, and August of 2012. Source: http://www.foxbusiness.com/industries/2012/11/15/united-airlines-flights-said-to-be-grounded-nationwide/?test=latestnews
• The contractor hired by the South Carolina Department of
Revenue to provide computer security focused on the agency’s compliance with
rules governing the handling of credit-card information, not stopping malicious
programs such as those that hackers used to steal the tax records of 4.5
million South Carolina consumers and businesses. – Columbia State
29. November
14, Columbia State – (South Carolina) Security contractor didn’t detect hacker
from SCDOR website. The contractor hired by the South Carolina Department
of Revenue to provide computer security focused on the agency’s compliance with
rules governing the handling of credit-card information, not stopping malicious
programs such as those that hackers used to steal the tax records of 4.5
million South Carolina consumers and businesses, the Columbia State reported
November 14. The Revenue Department also had its own computer security system
that ran periodic scans for viruses and malware that hackers could use. Neither
security effort prevented nor detected the massive theft, conducted using
State-approved credentials, until State officials learned of the breach from
the U.S. Secret Service a month after the data was swiped. While many questions
remain about how the hacking occurred, the South Carolina governor ordered more
computer security November 15 for the 16 State agencies that are part of her
Cabinet. The agencies will use the Division of State Information Technology’s
computer network monitoring services, which can spot unusual uploads or
downloads and malicious programs within minutes. The State will assign four
employees to provide around-the-clock monitoring of computer systems, such as
spotting inappropriate log-ins. Source: http://www.goupstate.com/article/20121114/WIRE/211151017/1088/SPORTS?p=1&tc=pg
Details
Banking and Finance Sector
10. November
15, Sacramento Bee – (California) Fraud suspect accused of cheating businesses,
Inyo County tribe. A former El Dorado Hills, California businessman was
arrested on charges of running a multimillion-dollar insurance fraud that cost
a California Indian tribe $7 million, as well as targeting a host of employers.
The man was arrested October 24 in Arizona on fraud and money-laundering
charges, federal prosecutors said. According to the indictment, he set up a
company in Roseville called Independent Management Resources to provide
low-cost workers’ compensation insurance to construction contractors, roofers “and
other high-risk occupations.” The man partnered with the Fort Independence
Indian Reservation of Inyo County to establish a company called Independent
Staffing Solutions (ISS) according to an Assistant U.S. Attorney. The tribe
owned ISS but the man’s firm essentially ran it, the indictment said. After
getting clients, he then “began diverting and misappropriating millions of
dollars รข€¦ for his personal use,” the U.S. attorney’s office alleged. The
man’s firm filed for bankruptcy protection in Nevada in 2008. Court records
said his firm owed the tribal-owned company $7 million. Source: http://www.sacbee.com/2012/11/15/4987321/fraud-suspect-accused-of-cheating.html
11. November
14, Chicago Tribune – (Illinois) FBI: Two more banks hit by ‘Stringer Bell Bandit’.
The FBI said the “Stringer Bell Bandit” hit two more banks in Chicago’s
Loop area, bringing to seven the number of banks he has robbed or tried to rob
since early October, the Chicago Tribune reported November 14. The robber — so
named because he looks similar to a lead character in the HBO show The Wire —
entered a Chase Bank branch November 13 and approached a teller’s window with
his right hand in his pocket, according to the FBI and police. He displayed a
note and told the teller, “Empty the drawer,’’ according to a police report.
But he ran off when the teller asked for help from her supervisor because she
did not understand what he wanted. About 3 hours later, the same man entered a
Citibank Branch, shaking and acting erratically, and demanded money. The teller
handed over cash from the drawer and the robber said, “Thank you,’’ and walked
out, the report said. Source: http://articles.chicagotribune.com/2012-11-14/news/chi-fbi-two-more-banks-hit-by-stringer-bell-bandit-20121114_1_teller-chase-bank-robbery-note
12. November
14, U.S. Federal Bureau of Investigation – (Oregon) Former
Oregon broker pleads guilty to mortgage fraud scheme involving approximately
$7M in bad loans. A man pleaded guilty November 13 to conspiracy to commit
bank fraud and bank fraud charges related to a mortgage fraud scheme in central
Oregon. The man admitted that he caused financial institutions to lose between
$2.5 million and $7 million in bad loans he pushed through as a licensed
mortgage broker with his company Deschutes Mortgage Group in Bend, Oregon.
According to court records, he and others prepared and submitted fraudulent
home loan applications and other false documents to lending institutions to
obtain financing to purchase real estate. To convince financial institutions to
approve the loans and advance loan funds, he and others falsely inflated
borrowers’ monthly incomes, omitted borrowers’ liabilities, falsely claimed on
home loan applications that the financing was for a primary residence, and used
straw buyers to obtain financing for real estate. Additionally, the man and
others caused large amounts of money to be deposited into borrowers’ checking
accounts to temporarily inflate their account balances, thereby causing
borrowers’ banks to generate false verifications of deposit (VOD). These VODs
were used by him and others to falsely prove cash reserves to the lending
institutions as a material part of the loan approval process. Source: http://www.loansafe.org/former-oregon-broker-pleads-guilty-mortgage-fraud-scheme-involving-approximately-7m-in-bad-loans
13. November
14, Threat Post – (International) Planned cyberattacks on US banks on hold. The
hacker behind a coordinated attack against major U.S. banks such as Bank of
America, Chase, Citibank, PNC, Wells Fargo, and nearly two dozen other banks
called off the operation after media reports surfaced a month ago exposing the
planned attacks, Threat Post reported November 14. Known as vorVzakone, the
Russian has pulled back on his attempt to recruit 100 botmasters for massive
man-in-the-middle attacks against American banks. Security blog Krebs on
Security named vorVzakone as the mastermind behind the wire-fraud campaign.
“Based on a communication posted following the media hype, vorVzakone has since
given up on his attack plans for now,” said the head of business development
for online threats managed services at RSA. “As a result, he has retreated to
the deeper Web where we believe he may regroup and plan his attack albeit more
secretly.” The scheme centered around an obscure piece of crimeware known as
Gozi-Prinimalka, an offshoot of the Gozi banking Trojan. VorVzakone was
recruiting up to 100 participants for the attack, initially planned for the
first week of November. A RSA FraudAction research team member said in October
that this was the first time a private cybercrime organization recruited
outsiders for such an attack. The attackers were promised a cut for their
efforts, and were only to be given executable files by vorVzakone, keeping the
recruits dependent on him for updates. Source: http://threatpost.com/en_us/blogs/planned-cyberattacks-us-banks-hold-111412
For
another story, see item 35 below in the Information
Technology Sector
Information Technology Sector
33. November
15, Dark Reading – (International) Most organizations unprepared for DDoS
attacks, study says. Organizations are becoming increasingly concerned
about system availability as they experience more and more distributed
denial-of-service (DDoS) attacks, a new study said. The study, conducted by the
Ponemon Institute, surveyed 705 IT security professionals on issues related to
downtime and DDoS. While security pros have traditionally been focused on
preventing data theft or corruption, today’s professionals are more worried
about system availability, the study says. “DDoS attacks cost companies 3.5
million dollars every year,” Ponemon says. “Sixty-five percent reported
experiencing an average of three DDoS attacks in the past 12 months, with an
average downtime of 54 minutes per attack.” Most organizations do not have the
ability to strike back at attackers. “While 60 percent say they want technology
that slows down or even halts an attacker’s computer, the majority (63 percent)
of respondents give their organizations an average or below average rating when
it comes to their ability to launch counter measures,” the report states.
Three-quarters of organizations still rely on antivirus and anti-malware to
protect themselves from attacks. Source: http://www.darkreading.com/risk-management/167901115/security/vulnerabilities/240142111/most-organizations-unprepared-for-ddos-attacks-study-says.html
34. November
15, Government Computer News – (National) Supply chain
threats ‘hard to detect expensive to fix’. A Congressional intelligence
panel recommends that “the United States should view with suspicion the
continued penetration of the U.S. telecommunications market by Chinese
telecommunications companies,” and a recent report on emerging threats
identifies supply chain security as a growing concern. The House Permanent
Select Committee on Intelligence warned against Chinese telecom vendors in its
report, “The U.S. National Security Issues Posed by Chinese Telecommunications
Companies Huawei and ZTE,” released in October. The 60-page report noted that
telecom plays a critical role in national security and already is being
targeted by other nations. Additionally, a report from the Georgia Tech
Information Security Center and Georgia Tech Research Institute characterizes
supply chain threats as “hard to detect, expensive to fix, and a policy
nightmare,” with few good solutions. Supply chain threats involve the inclusion
of back doors, malicious code, or other flawed hardware, software, or firmware
in products; and the threats can occur anywhere along the line, from developers
and manufacturers to vendors and integrators. They can include substandard or
illegal counterfeit goods as well as maliciously designed products that can
allow unauthorized access to sensitive systems, including critical
infrastructure. Source: http://gcn.com/Articles/2012/11/15/Supply-chain-threats-hard-to-detect-expensive-to-fix.aspx?p=1
35. November
15, The Register – (International) Opera site served Blackhole malvertising,
says antivirus firm. Opera has suspended ad-serving on its portal as a
precaution while it investigates reports that surfers were being exposed to
malware simply by visiting the Norwegian browser firm’s home page. Malicious
scripts loaded by portal.opera.com were redirecting users towards a malicious
site hosting the notorious BlackHole exploit kit, according to BitDefender,
which said it had detected the apparent attack on its automated systems.
BitDefender said it promptly warned Opera after it detected the problem
November 14. It seems likely the scripts had been loaded through a third-party
advertisement, a practice commonly known as malvertising. Opera has yet to
confirm the problem, but has disabled advertising scripts on its portal in case
they are tainted. A blog post by BitDefender claimed that cybercrooks were
using obfuscated script to hide the attack. In controlled tests, BitDefender
researchers were served with a PDF-based exploit designed to infect an unlucky
user with a freshly compiled variant of the infamous ZBot (ZeuS) banking
trojan. The exploit was served up from a server in Russia, according to
BitDefender. Source: http://www.theregister.co.uk/2012/11/15/opera_blackhole/
36. November
15, CNET News – (International) Adobe suffers database leak, user forum taken
offline. Adobe has temporarily closed one of its user forums after a hacker
caused a data breach. The forum, Connectusers.com, allows Adobe customers to
share information and opinions about its Connect online conferencing service.
However, after a hacker hailing from Egypt posted a purported file dump
containing user details from the site on Pastebin, Adobe preemptively took down
the forum and said it will reset the passwords of affected site members. The
file dump, posted by the alleged hacker using the alias ViruS_HimA, apparently
contains over 150,000 e-mail addresses and passwords from Adobe employees, the
U.S. military, and companies including Google and NASA. Emails ending with
adobe.com, .mil, and .gov have only been released as a screenshot. According to
the Hacker News, ViruS_HimA uploaded a php shell to the Web site, and then was
able to look for database configuration files in order to steal the forum
credentials, before exporting and dumping the database. ViruS_HimA said he
undertook the attack to shed light on how slow Adobe is to fix security issues
after it receives security notifications. The hacker also claims that Yahoo is
the next target. Source: http://news.cnet.com/8301-1009_3-57550136-83/adobe-suffers-database-leak-user-forum-taken-offline/
For more stories, see items 3 and 29 above in Top Stories, 13 above in
the Banking and Finance Sector
and 38 below in the Communications Sector
Communications Sector
37.
November 14, New Bern Sun Journal –
(North Carolina; Virginia; Tennessee) Internet problem hits three States. November
14, thousands of Internet customers in North Carolina, Virginia, and Tennessee
where affected when CenturyLink experienced network problems. The market
development manager for CenturyLink said the service had been restored after
several hours. “On the morning of Nov. 14, we experienced a fiber cut due to
third-party construction, which caused intermittent service outages in North
Carolina, Virginia, and Tennessee over the course of 3 1/2 hours,” he said in a
statement. Source: http://www.newbernsj.com/news/local/internet-problem-hits-three-states-1.49590
38.
November 14, V3.co.uk –
(International) Skype claims account hijack flaw fixed. Skype said it
addressed a security flaw which had left users vulnerable to account thefts and
forced the company to suspend its recovery service, V3.co.uk reported November
14. The company said that the flaw is now resolved and users can once again
request password recoveries. The vulnerability had allowed an attacker to take
over control of an account by simply discovering the target’s email address.
While Skype did not disclose how many accounts were compromised, the company
said that only a “small number” of users who had multiple accounts on the same
email address were affected. Source: http://www.v3.co.uk/v3-uk/news/2225025/skype-says-account-hijack-flaw-fixed
For
more stories, see items 3 above in Top Stories and 32 and 34 above in the Information Technology
Sector
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.