Tuesday, November 21, 2012
Daily Report
Top Stories
• A Bristol Township,
Pennsylvania man risked the lives of utility workers and police officers after
he allegedly tried to steal copper cable used to provide safe walking amperage at
a PECO facility, Phillyburbs.com reported November 20. – Phillyburbs.com
2. November
20, Phillyburbs.com – (Pennsylvania) Police: Suspected copper theft risked lives of
PECO workers, police. A Bristol Township, Pennsylvania man risked the lives
of PECO workers and police officers after he allegedly tried to steal copper cable
used as a grounding safety measure, Phillyburbs.com reported November 20. Bristol
Township police were also investigating two similar copper thefts at the PECO property
the week of November 12 that resulted in more than $30,000 in damage. November
17, Bristol Township police and PECO employees were called to the property in
the 7100 block of Mill Creek Road for a report of criminal trespassing, police
said. Two men were seen running inside the power plant building. The two men allegedly
cut and damaged copper cables that help protect PECO employees entering the
site from being electrocuted by providing safe walking amperage on the
property, police said. The utility’s repair crews began fixing the damaged
cables and an initial damage estimate totaled more than $10,000 in damage,
police said. The man was arraigned November 19 before a district judge on
charges of criminal trespassing, conspiracy, theft, receiving stolen property,
and related charges. Source: http://www.phillyburbs.com/news/local/courier_times_news/police-suspectedcopper-theft-risked-lives-of-peco-workers-police/article_2a80c608-6b6d-52fd-aa62-6f9becbfa96d.html
• Three weeks after Hurricane Sandy, four New York City hospitals
remain closed for inpatients, leaving thousands of patients scrambling to find
other medical centers for treatment. – Kaiser Health News
25. November
19, Kaiser Health News – (New York) 4 NYC hospitals still closed
by Hurricane Sandy. Three weeks after Hurricane Sandy, four New York City
hospitals remain closed for inpatients, leaving thousands of patients
scrambling to find other medical centers to treat everything from broken bones
to brain cancer, Kaiser Health News reported November 19. The closures of NYU
Langone Medical Center, Bellevue Hospital Center, the Manhattan VA Medical
Center, and Coney Island Hospital have meant more business for some nearby
hospitals and an unwelcomed cost for others. Several of the hospitals taking in
Sandy evacuees initially reported losing millions of dollars – with much of the
shortfall the result of taking in Medicaid and uninsured patients from Bellevue
and, in some cases, displaced nursing home residents. Source: http://www.medpagetoday.com/PublicHealthPolicy/GeneralProfessionalIssues/36013
• Four southern California men were charged with plotting to kill
Americans and destroy U.S. targets overseas by joining al-Qa’ida and the
Taliban in Afghanistan, federal officials said November 19. – Associated
Press
29. November
20, Associated Press – (National; International) FBI: 4 Calif. men charged in
alleged terror plot. Four southern California men were charged with
plotting to kill Americans and destroy U.S. targets overseas by joining
al-Qa’ida and the Taliban in Afghanistan, federal officials said November 19.
The defendants, including a man who served in the U.S. Air Force, were arrested
for plotting to bomb military bases and government facilities, and for planning
to engage in “violent jihad,” an FBI spokeswoman said in a release. Federal
authorities said the trio and the FBI’s confidential source bought airplane
tickets the week of November 12 for flights from Mexico City to Istanbul, with
plans to later continue to Kabul. Source: http://www.usatoday.com/story/news/nation/2012/11/20/calif-men-chargedterror-plot/1716215/
• Bomb threats closed multiple courthouses across Oregon November
19. All threats were found to be false, but the calls mirror others phoned in
to government buildings across Washington and Nebraska this month. – Herald
and News
31. November
19, Herald and News – (Oregon) Bomb threat evacuates courthouses. Bomb threats
closed multiple courthouses across Oregon November 19, including the Klamath County
Circuit Court and Lake County Circuit Court buildings. All threats were found
to be false, according to the Oregon State Police. The Klamath County
Government Center received a call reporting explosives were hidden in the basement
and set to detonate in 25 minutes. Klamath County Undersheriff said many officers
responded to the scene, including city police and sheriff’s deputies. Both the Klamath
County Government Center and courthouse were evacuated until a bombsniffing dog
could search each building. Oregon State Police said in a press release that 19
county courthouses and the Oregon Public Service Building in Salem received
bomb threats made by phone. These calls mirror the eight reportedly phoned in
across Washington State November 15 and nine reportedly made across Nebraska
November 2. All of those calls were unfounded. Source: http://www.heraldandnews.com/members/news/frontpage/article_63778980-32d7-11e2-8a1d-001a4bcf887a.html
Details
Banking and Finance Sector
6. November
20, Associated Press – (Georgia) Ga. insurance chief warns consumers after breach. The
Georgia Insurance Commissioner confirmed that 28,467 households in the State
could be affected by an online security breach involving Nationwide Insurance
Co., the Associated Press reported November 20. He said the company notified
him that a portion of its computer network was accessed illegally. The hackers gained
unauthorized access to personal information of policyholders and applicants for
policies. He said the company also committed to provide his office with
evidence of written notice to everyone who could have been affected and to
provide those people with free credit monitoring and identify theft protection
for at least a year. Source: http://www.wtvm.com/story/20143612/ga-insurance-chief-warns-consumersafter-breach
7. November
20, Krebs on Security – (International) Beware card- and
cash-trapping at the ATM. Security experts with the European ATM Security
Team (EAST) say five countries in the region this year have reported card
trapping incidents, Krebs on Security reported November 20. Such attacks
involve devices that fit over the card acceptance slot and include a
razor-edged spring trap that prevents the customer’s card from being ejected
from the ATM when the transaction is completed. “Spring traps are still being
widely used,” EAST wrote in its most recent European Fraud Update. “Once the
card has been inserted, these prevent the card being returned to the customer
and also stop the ATM from retracting it.” According to EAST, most card
trapping incidents take place outside normal banking hours with initial
fraudulent usage taking place within 10 minutes of the card capture (balance
inquiry and cash withdrawal at a nearby ATM), followed by point-of-sale
transactions. A twist on this attack involves “cash traps,” often claw-like
contraptions that thieves insert into the cash-dispensing slot which are
capable of capturing or skimming some of the dispensed bills. EAST also reports
that one of the most common ways that ATM thieves are stealing cash recently
involves jamming an oversized fork-like device into the cash dispenser slot to keep
it open following a normal ATM transaction. Thieves in Europe reportedly used this
method to steal more than a million Euros from French cash machines this year. Source:
http://krebsonsecurity.com/2012/11/beware-card-and-cash-trapping-at-the-atm/
8. November
20, Associated Press – (International) UBS rogue trader guilty of fraud. A rogue
trader who lost $2.2 billion in bad deals at Swiss bank UBS was sentenced to 7 years
in prison November 20 after being convicted in what prosecutors called the biggest
fraud case in U.K. banking history. The trader exceeded his trading limits and failed
to cover his losses, allegedly faking records to hide his tracks at the bank’s London
office. At one point, he risked running losses of up to $12 billion. Source: http://www.google.com/hostednews/ap/article/ALeqM5jEctqCa9X7T8oa_dmSaoy-0fP6jQ?docId=f8dc2b30cdad440898d48460b004f68f
9. November
19, Bloomberg News – (Texas; International) Stanford’s accountants guilty of
hiding $7 billion fraud. Two former accounting executives were convicted of
helping the Texas financier who ran Stanford International Bank Ltd. hide a
Ponzi scheme that bilked investors of $7 billion, Bloomberg News reported
November 19. A jury in federal court in Houston convicted Stanford’s ex-chief
accounting officer, and its former global controller of conspiring to hide a
fraud scheme built on bogus certificates of deposit at the Antigua-based bank.
The two men are the last former Stanford executives to face criminal trial over
the scheme. Prosecutors told jurors the accountants were among a handful of
employees carefully tracking funds the company’s founder “sucked out” of the
bank to finance risky private ventures. The founder was convicted in March of
masterminding the fraud and stealing more than $2 billion of investor deposits
to finance a lavish lifestyle. Source: http://www.businessweek.com/news/2012-11-19/stanford-s-accountants-guiltyof-hiding-7-billion-fraud
10. November
19, Associated Press – (Rhode Island) RI men who scammed terminally ill in $30M
investment fraud plead guilty mid-trial. Two men accused of stealing the identities
of terminally ill people to reap $30 million from insurance companies and brokerage
houses pleaded guilty November 19 in Providence, Rhode Island, several days
into their trial. An estate planning lawyer and philanthropist who was the CEO
of Estate Planning Resources, and his former employee, each entered guilty
pleas in U.S. District Court to single counts of wire fraud and conspiracy,
ending the trial that began the week of November 12 and was expected to last up
to 3 months. Prosecutors said the CEO and his employee took out variable
annuities and so-called “death-put” bonds that would pay out when a person
died. Authorities said they lied to terminally ill people to get personal information
that was used to purchase bonds and annuities in their names without consent. Source:
http://www.washingtonpost.com/business/ri-men-who-scammed-terminally-illin-30m-investment-fraud-plead-guilty-mid-trial/2012/11/19/1ecadeb8-325f-11e2-92f0-496af208bf23_story.html
11. November
19, Associated Press – (New Jersey; International) NJ-based executives with Celgene,
Sanofi-Aventis charged in insider trading scheme. Executives at two leading
drug companies were among six people arrested November 19 and charged with
insider trading in what federal prosecutors said was a five-year-long scheme
that netted more than $1 million. Among those charged were the director of
financial reporting at Celgene Corp., a biotech drug maker based in Summit, New
Jersey; and a man who held a similar position at Sanofi-Aventis, a France-based
pharmaceutical company with U.S. headquarters in Bridgewater. Along with a high
school friend of the first man, who was a marketing executive with Stryker
Corp., a medical technology company, they passed privileged information on
their companies’ merger and acquisition plans, financial results, and
regulatory applications to others who would make stock trades based on the
information, according to the criminal complaint. Insider trading was alleged
to have occurred prior to several deals, including Celgene’s purchase of
Pharmion, and Celegene’s acquisition of Abraxis. Source: http://www.washingtonpost.com/business/nj-based-executives-with-celgenesanofi-aventis-charged-in-insider-trading-scheme/2012/11/19/ce767aec-3279-11e2-92f0-496af208bf23_story.html
12. November
19, U.S. Securities and Exchange Commission – (Georgia; National) SEC
halts prime bank scheme in Georgia. The U.S. Securities and Exchange
Commission (SEC) November 19 charged the operators of a long-running prime bank
scheme with defrauding at least 220 investors in more than 20 States of $15
million. It also is seeking an emergency court order to freeze the operators’
assets for the benefit of investors. The SEC alleges that a man who lives in
Florida, and a woman, a former Georgia resident who now lives in California,
raised $15 million from investors, primarily in Georgia. The man portrayed himself
as the “U.S. Director” of a secret European trust that had the power to create
money and claimed to have appointed the woman as a “U.S. Regional Director” for
the trust. The two led investors to believe that they could receive 38 percent
annual interest on loans to the trust, provided they abide by the trust’s
strict rules requiring secrecy. However, investor money was instead used to
merely pay other investors, the hallmark of a Ponzi scheme. The SEC’s complaint
also names as relief defendants two entities that the man controls — MSC
Holdings USA LLC, and MSC Holdings Inc. — and another entity controlled by the
woman — MSC GA Holdings LLC. The SEC believes the three firms may have received
ill gotten assets from the fraud that should be returned to investors. Source: http://www.sec.gov/news/press/2012/2012-236.htm
13. November
19, Wall Street Journal – (Delaware) First Bank of Delaware loses
charter over AML problems. First Bank of Delaware was stripped of its State
charter to operate and the bank was penalized $15 million by federal regulators
for failing to implement an effective anti-money laundering compliance program,
the Wall Street Journal reported November 19. The bank, based in Wilmington,
Delaware, settled with the Federal Deposit Insurance Corp. and the U.S.
Department of the Treasury’s Financial Crime Enforcement Network, which
together found that First Bank failed to implement an effective compliance
program with internal controls designed to report evidence of money laundering
or other suspicious activity. First Bank also settled charges with the U.S.
Department of Justice (DOJ) related to the same misconduct. The DOJ alleged
that the bank, from 2009 to 2011, violated the Financial Institutions Reform,
Recovery and Enforcement Act by originating withdrawals on behalf of fraudulent
merchants, causing money to be taken from the bank accounts of consumers. The
bank established direct relationships with several fraudulent merchants and
third-party payments processors working with additional fraudulent merchants,
the DOJ alleged. It originated hundreds of thousands of debit transactions
against consumers’ bank accounts, using “remotely-created checks,” a type of
transaction the DOJ said is widely known to be used by fraudulent companies.
The DOJ alleged that First Bank knew, or at least turned a blind eye, to the
fact that the authorization for the withdrawals was obtained by fraud. Source: http://blogs.wsj.com/corruption-currents/2012/11/19/first-bank-of-delawareloses-charter-over-aml-problems/
Information Technology Sector
35. November
20, The H – (International) Nintendo’s Wii U Miiverse accidentally hacked.
Shortly after the Nintendo Wii U was released in North America, Trike, a
user on the NeoGAF forums, gained access to the debug menu for Miiverse, the
social network for Wii U players. Trike says he got access to the debug menu by
pressing the X button while hovering the cursor over the exit button. The debug
menu allowed him a look into admin lists, where he could have even changed
administrators’ passwords. To the delight of many users, he was also able to
get an idea of games that will probably be released in the future because he
was able to see forums that had already been set up for yet to be announced
games. The vulnerability appears to have been fixed quickly. Nintendo later
confirmed that the incident was not a hoax to UK gaming site CVG, but claimed
the menu accessed was a “mock up” which has now been removed. Source: http://www.h-online.com/security/news/item/Nintendo-s-Wii-U-Miiverseaccidentally-hacked-1753062.html
36. November
20, V3.co.uk – (International) Researchers warn of ‘Cool’ exploit platform. Users
are being warned of the emergence of a new and popular malware exploit kit,
dubbed ‘Cool’, which allows an attacker to remotely target security vulnerabilities
in order to perform ‘drive by’ malware installations. Researchers said that in
addition to serving up attacks, the tool is also able to perform more
sophisticated functions, including scanning for browser and operating system
and detecting potentially vulnerable plug-ins. According to two F-Secure researchers,
Cool bears a strong resemblance to the Blackhole malware kit. The duo noted
that a number of the attack targets, techniques, and updates displayed by Cool
match that of Blackhole. The researchers pointed out that when new
vulnerabilities are disclosed, Blackhole and Cool often show updates at similar
times and target many of the same vulnerable components and versions. The
F-Secure researchers also noted a resemblance between the two attack kits at
the coding level, performing similar functions and operations when carrying out
attacks. They noted that when attacking components such as Flash, the two kits
even go so far as to use the same file names and code. Source: http://www.v3.co.uk/v3-uk/news/2225876/researchers-warn-of-cool-exploitplatform
37. November
20, The H – (International) Opera 12.11 fixes high-severity vulnerability.
The recent 12.11 release of Opera’s Web browser addresses a high severity security
vulnerability that could have allowed a remote attacker to execute arbitrary
code on a victim’s system. According to the company, the problem in previous
versions of the browser was caused by an error when handling HTTP responses
that caused a heap-based buffer overflow. For an attack to be successful, a victim
must first visit a maliciously crafted site. The update also closes a
low-severity security hole that could have been used to detect what files a
user has on their machine. Non-security-related changes include fixes for
several issues related to the SPDY networking protocol, a problem that
prevented Google’s Gmail email service from loading, and a crashing bug under
Mac OS X. Opera advises all users to upgrade to the latest version. Source: http://www.h-online.com/security/news/item/Opera-12-11-fixes-high-severityvulnerability-1753773.html
38. November
19, Dark Reading – (International) Israel draws ire of Anonymous. As the fierce
airstrikes between Israel and Hamas-led forces in the Gaza Strip rage on,
another battle fought by volunteer cyberwarriors from around the world is
striking out at Israel. Israeli officials November 18 said there have been more than 44
million hacking attempts against its government Web sites since the Gaza air
strikes first began November 14. A few hundred attempts are made each day, they
said, including cyberattack attempts against the defense, prime minister,
president, and Foreign Ministry Web sites. Most of the attacks appear to be
defacements and distributed denial of service (DDoS) attacks, but some also
include data dumps posted online, according to reports. Some 88 Web site
defacements were posted on Pastebin. Israel’s finance minister said that just
one hack was successful on a Web site that resulted in about 10 minutes of
downtime, but he would not name the site. Source: http://www.darkreading.com/advanced-threats/167901091/security/attacksbreaches/240142355/israel-draws-ire-of-anonymous.html
Communications Sector
Nothing to
report
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.