Tuesday, November 20, 2012

Daily Report

Top Stories

 The federal government entered a record $497 million False Claims Act judgment against the now-defunct Westland/Hallmark Meat Co., the company that sparked the largest-ever meat recall after undercover abuse footage was made public in 2008. – Food Safety News

12. November 18, Food Safety News – (National) Landmark settlement reached in Westland-Hallmark Meat case. The now defunct Westland/Hallmark Meat Co. sparked the largest-ever meat recall after undercover abuse footage was made public in 2008, and now the company has sparked the largest-ever judgement for an animal abuse case, Food Safety News reported November 18. The Humane Society of the United States (HSUS) announced November 16 that it reached a partial settlement with two of the nine defendants in its False Claims Act lawsuit and that the federal government was entering a final judgement of $497 million against the company. While the judgement is record-setting for an animal abuse case, the company will not actually pay the full fine to the government. According to HSUS, “The full judgment – which is the largest court judgment ever entered for animal abuse – cannot be collected in light of Hallmark’s insolvency, and is intended to deter future animal cruelty in the nation’s slaughterhouses.” Westland/Hallmark went out of business after the abuse footage–which showed “downer” cows (animals unable to walk) being dragged, violently prodded, and forklifted–caused national outrage. As a supplier to the National School Lunch Program NSLP, the company had agreed to follow strict animal welfare standards in its contract with the U.S. Department of Agriculture. The litigation stems from the company failing to live up to that contract. Downer cows are not legally allowed to enter the food supply, in part because they are at increased risk for BSE, otherwise known as mad cow disease. Non-ambulatory animals are also more likely to be contaminated with fecal matter and disease-causing bacteria. The undercover abuse footage prompted a 143 million pound ground beef recall; the vast majority of the meat was already consumed by the time it was recalled. Source: http://www.foodsafetynews.com/2012/11/landmark-settlement-reached-inwestlandhallmark-meat-case/

 Human waste has been pouring into New York Harbor from the fifth largest sewage treatment plant in the country since it was hit by Hurricane Sandy, and the operator of the plant cannot predict when it will stop, WNBC 4 New York reported November 16. – WNBC 4 New York

21. November 16, WNBC 4 New York – (New York; New Jersey) Human waste continues to pour into NY harbor after Sandy. Human waste has been pouring into New York Harbor from the fifth largest sewage treatment plant in the country since it was hit by hurricane Sandy, and the operator of the plant cannot predict when it will stop, WNBC 4 New York reported November 16. A 12-foot surge of water swamped the Newark, New Jersey plant that serves some three million people when Sandy struck October 29. The plant has pumped more than three billion gallons of untreated or partially treated wastewater into local waterways since then. The executive director of the Passaic Valley Sewerage Commission, only said “ASAP” when asked about when repairs to the sprawling facility could be made. Until then, the main outfall will continue dumping millions of gallons of partially treated human waste a day. Pathogens in partially treated waste are a health hazard and public safety threat, officials said. Fishing, crabbing, and shellfishing bans in the New Jersey waters of the harbor will remain in effect, said a Department of Environmental Protection spokesman. The New York City Department of  environmental Protection also issued an advisory to residents to avoid contact with the water.

 Police are searching for a gunman who they say used the same weapon to kill three Brooklyn, New York shopkeepers since July. All three victims were of Middle Eastern descent and their stores are within a 5-mile radius. – CBS News; Associated Press

38. November 19, CBS News; Associated Press – (New York) Brooklyn serial killer: Gunman sought in three shopkeeper slayings, NYPD says. Police are searching for a gunman who they say used the same weapon to kill three Brooklyn, New York shopkeepers since July, CBS News and the Associated Press reported November 19. All three victims were of Middle Eastern descent. Their stores are within a 5-mile radius, and none of them have surveillance cameras. The last victim was killed at his store, She She, in Brooklyn’s Flatbush section November 16. Police said that ballistics evidence connected the same gun to the shooting deaths of two other Brooklyn shopkeepers over the summer of 2012. A clothing store owner was killed inside Valentino Fashion in Bay Ridge July 6. Another victim was found dead August 2 at his Amazing 99 Cents Deal shop in Bensonhurst. Source: http://www.cbsnews.com/8301-504083_162-57551667-504083/brooklynserial-killer-gunman-sought-in-three-shopkeeper-slayings-nypd-says/

 A suspect in Bolivar, Missouri, was accused of planning a movie theater massacre at a

screening of the final “Twilight” movie after police were alerted that he purchased 400
rounds of ammunition and two assault rifles for the planned attack. – ABC News

42. November 16, ABC News – (Missouri) Cops stop alleged movie theater gun plot. A suspect in Bolivar, Missouri, was accused of planning a movie theater massacre at a screening of the final “Twilight” movie. He was charged November 16 with first degree assault, making a terroristic threat, and armed criminal action after his mother alerted police that he had purchased 400 rounds of ammunition and two assault rifles “very similar to the ones in Aurora, Colorado, movie theater shooting,” according to probable cause statement issued by the Bolivar Police Department. The suspect allegedly told the police that he had already purchased a ticket for the November 18 screening of “The Twilight Saga: Breaking Dawn — Part 2.” He said he also planned to shoot up a nearby Wal-Mart store, according to the statement. He had previously threatened to stab a Wal-Mart employee in 2009. Police characterized the suspect as “being off his medication,” but he was able to purchase the rifles November 12 and November 13. Source: http://abcnews.go.com/US/cops-stop-alleged-movie-theater-unplot/story?id=17742369#.UKph_K7kGok


Banking and Finance Sector

9. November 17, Bloomberg News – (New York) Ex-Refco lawyer guilty of aiding $2.4 billion fraud. Refco Inc.’s former outside lawyer whose 2009 fraud conviction was reversed in January was again found guilty by a jury in federal court in New York City, Bloomberg News reported November 17. Prosecutors claimed he helped Refco’s Chief Executive Officer and other executives defraud investors of $2.4 billion. Jurors found the lawyer guilty of one count of conspiracy and two counts each of securities fraud, wire fraud, and filing false statements with the U.S. Securities and Exchange Commission. The new trial had been granted by a U.S. appeals court, which ruled that the judge in the first trial improperly instructed a deliberating juror outside the presence of the accused’s lawyers. Prosecutors at the second trial accused him of helping New York-based Refco’s management hide transactions that concealed losses. ”Over and over and over again, [he] ignored his duties as an officer of the court by actively participating in the crimes of his client — telling blatant lies, falsifying important documents, and concealing others,” a U.S. Attorney said in a statement. Source: http://www.businessweek.com/news/2012-11-16/ex-refco-lawyer-guilty-ofaiding-2-dot-4-billion-fraud

10. November 17, Orange County Register – (California) FBI: ‘Don’t Even Bandit’ robs  bank in Fullerton. A man authorities believe to be the “Don’t Even Bandit” is suspected of robbing a Chase bank branch in Fullerton, California, November 16. A man walked into the bank branch, handed a teller a note demanding money, and left with an undisclosed amount of cash, police said. The robber is suspected of being the “Don’t Even Bandit,” a FBI special agent said. The “Don’t Even Bandit” is believed to have carried out at least six bank robberies in California, including a holdup at a Bank of America in Garden Grove in early October. According to news reports, he got his name after his threats to witnesses of earlier robberies included the words “don’t even.” Source: http://www.ocregister.com/news/bank-378024-don-bandit.html

Information Technology Sector

31. November 19, The H – (International) Trojan uses Google Docs to communicate with its control server. IT security firm Symantec discovered a trojan called Backdoor.Makadocs that hides in Rich Text Format (RTF) and Microsoft Word documents and injects malicious code via Trojan.Dropper. It uses the Google Docs service’s Viewer feature to communicate with its command-and-control (C&C) server. Symantec currently rates the trojan’s threat level as “very low”. In a post on its blog, the company says that the carrier document appears to primarily target users in Brazil. The malware transfers information such as the infected computer’s host name and operating system. Symantec says that it has already been updated for Microsoft’s newly released Windows 8 and Windows Server 2012 operating systems. The unusual characteristic of the trojan is the use of Google Docs. Using the viewer to contact the trojan’s C&C server prevents the data traffic between the infected system and the C&C server from being discovered as Google Docs connections are encrypted using HTTPS. However, the company added that Google could prevent the viewer from being misused by implementing a firewall.

32. November 19, Associated Press – (National) Judge approves FTC’s $22.5M fine of Google. A federal judge approved a $22.5 million fine to penalize Google for an alleged privacy breach, rejecting a consumer-rights group’s plea for tougher punishment. The rebuke resolves allegations that Google duped millions of Web surfers using the Safari browser into believing their online activities could not be tracked by the company as long as they did not change the browser’s privacy settings. That assurance was posted on Google’s Web site earlier this year, even as the Internet search leader was inserting computer coding that bypassed Safari’s automatic settings and enabled the company to peer into the online lives of the browser’s users. The U.S. Federal Trade Commission concluded that the contradiction between Google’s stealth tracking and its privacy assurances to Safari users violated a vow the company made in another settlement with the agency in 2011. Google had promised not to mislead people about its privacy practices. Source: http://www.boston.com/business/technology/2012/11/19/judge-approves-ftcfine-google/aR6ovDPNRs0upay1mIDCGP/story.html

33. November 19, Help Net Security – (International) Google Chrome app grabs identities, forges blogs in victims’ name to promote scam. A Google Chrome app that promises to change the color of Facebook accounts instead nabs authentication cookies and generates dozens of blogs registered to the victims’ Gmail address, Bitdefender warns. Once the malicious app is installed from Google’s Chrome Web Store, it starts displaying a large Google Ads banner redirecting users to a “work from home scam.” When clicking the sign-up link, users are redirected to a fraudulent Web site. The blogs generated under the email address of the victims, which are used in further disseminating the scam, have registered a large number of hits among users in the United States, the United Kingdom, Germany, Spain, Romania, and other countries. The app can also post wall messages on the victims’ account. The messages use friend tagging to convince the victim’s friends to visit the blog domains. Each time the app posts on a users’ timeline, it links to one of the auto-generated blogs to avoid blacklisting. According to Softpedia, the app in question - “Modify Your Facebook Color” - has been downloaded from the Play Store by over 38,000 users. Source: http://www.netsecurity.org/secworld.php?id=13977&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader

34. November 19, IDG News Service – (International) Hackers break into two FreeBSD Project servers using stolen SSH keys. Hackers compromised two servers used by the FreeBSD Project to build third-party software packages. Anyone who has installed such packages since September 19 should completely reinstall their machines, the project’s security team warned. Intrusions on two machines within the FreeBSD.org cluster were detected November 11, the FreeBSD security team said November 17. The two compromised servers acted as nodes for the project’s legacy third-party package building infrastructure. The incident only affected the collection of third-party software packages distributed by the project and not the operating system’s “base” components, such as the kernel, system libraries, compiler, or core command-line tools. The FreeBSD security team believes the intruders gained access to the servers using a legitimate SSH authentication key stolen from a developer, and not by exploiting a vulnerability in the operating system. The package sets currently available for all versions of FreeBSD have been validated and none of them have been altered in any way, the team said.

35. November 19, Threatpost – (International) Facebook enabling HTTPS by default for North American users. Facebook the week of November 19 will begin turning on secure browsing by default for its millions of users in North America. The change will make HTTPS the default connection option for all Facebook sessions for those users, a shift that gives them a good baseline level of security and will help prevent some common attacks. Facebook users have had the option of turning on HTTPS since early 2011 when the company reacted to attention surrounding the Firesheep attacks. However, the technology was not enabled by default and users had to manually make the change in order to get the better protection of HTTPS. Now, users will have to manually turn HTTPS off if they do not want it, a distinction that is a major change, especially for Facebook’s massive user base, which has become a major target for attackers.

Communications Sector

36. November 19, Radio Ink – (Ohio) Two charged with stealing copper from Radio One. Federal authorities in Cleveland charged a man and a woman with the malicious destruction of federally-licensed communications lines under the domestic terrorism provision of the law, Radio Ink reported November 19. The Radio One Cleveland chief engineer said the copper was stolen from WJMO 1300 AM Cleveland. He said thieves pulled up the four-inch copper strap surrounding all four antenna tuning units (dog houses) and disconnected all 480 ground radials in the process. The indictment charges that August 17 or August 18, the man and woman unlawfully entered the property of Radio One and willfully and maliciously destroyed and removed copper material from four radio-station towers situated on the property. Emergency repairs cost nearly $11,000 while permanent repairs will cost an estimated $125,000, according to the indictment. Source: http://www.radioink.com/Article.asp?id=2576604&spid=24698

Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.

Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.