Thursday, May 2, 2013
Complete DHS Daily Report for May 2, 2013
Daily Report
Top Stories
• Authorities arrested 18 suspects in connection
with a $10 million organized theft ring that allegedly stole and then sold raw
copper from an Asarco LLC mine in Hayden, Arizona. – Phoenix Business
Journal
1.
April 30, Phoenix Business Journal – (Arizona) 18
arrested in connection with Arizona copper theft ring. Authorities arrested
18 suspects in connection with a $10 million organized theft ring that
allegedly stole raw copper from an Asarco LLC mine in Hayden. Several workers
were charged with helping steal semi-truck loads of copper mined at the site
and selling it to metal recyclers throughout the U.S. as well as on the Chinese
black market. Source: http://www.bizjournals.com/phoenix/news/2013/04/30/18-arrested-in-connection-with-arizona.html
• Washington’s Chelan County Public Hospital
No. 1 was the victim of a cyberattack that moved $1.03 million out of the
hospital’s payroll system. Organized hackers in Ukraine and Russia performed
the attack and used 100 accomplices in the U.S. to move the money. – Krebs
on Security
23.
April 30, Krebs on Security –
(Washington) Wash. hospital hit by $1.03 million cyberheist. Chelan
County Public Hospital No. 1 in Washington was the victim of a $1.03 million
breach that moved the money out of the hospital’s payroll system. Organized
hackers in Ukraine and Russia used a work-at-home scheme to carry out the
attack with the help of 100 different accomplices in the U.S. Source: http://krebsonsecurity.com/2013/04/wash-hospital-hit-by-1-03-million-cyberheist/
• Two employees at Rawson-Neal Psychiatric
Hospital in Las Vegas were fired and 3 were disciplined in an ongoing
investigation into the hospital’s practice of sending mentally ill patients to
other States. – Sacramento Bee
24.
April 30, Sacramento Bee – (Nevada) Two
hospital workers fired over ‘dumping’ of Nevada psychiatric patients. Two
employees at Rawson-Neal Psychiatric Hospital in Las Vegas were fired and 3
were disciplined in an ongoing investigation into the hospital’s practice of
sending mentally ill patients to other States. Investigators found that 10 out
of nearly 1,500 patients were placed on buses within the last 5 years without
proper housing, medication, or contacts once they reached their destinations.
Source: http://www.sacbee.com/2013/04/30/5381856/two-hospital-workers-fired-over.html
• Researchers found that the U.S. Department
of Labor’s Web site was infected and used to spread malware the morning of May
1. – Threatpost
25. May 1,
Threatpost – (National) U.S. Department of Labor website discovered hacked,
spreading PoisonIvy. Researchers found that the U.S. Department of Labor’s
Web site was infected and used to spread malware May 1, though the malware was
later removed. The attack collects system information from the victim’s
computer and then a malicious payload is downloaded via an Internet Explorer
vulnerability, and appeared similar to some previous intelligence-gathering
campaigns. Source: http://www.darkreading.com/attacks-breaches/us-department-of-labor-website-discovere/240153967
Details
Banking and Finance Sector
4. April 30, BankInfoSecurity – (International) FBI:
DDoS botnet has been modified. The FBI warned that the Brobot botnet used
in a campaign of hacktivist attacks against U.S. banking institutions has been
updated in an attempt to circumvent banks’ countermeasures. Source: http://www.bankinfosecurity.com/fbi-ddos-botnet-has-been-modified-a-5719
5. April 30, Federal Bureau of Investigation –
(California) Central Coast man pleads guilty to nearly $50 million
investment scandal. A Central Coast man pleaded guilty to running several
fraud schemes that caused more than $47 million in losses to victims and banks.
Source: http://www.loansafe.org/central-coast-man-pleads-guilty-to-nearly-50-million-investment-scandal
6. April 30, Dallas Morning News – (Texas) Police
seeking information on masked bandit who robbed Arlington bank Monday. The
man who robbed an Arlington, Texas bank April 29 is believed to be the “Mesh
Mask Bandit,” suspected of robbing 14 other banks in the region since December
2012. Source: http://crimeblog.dallasnews.com/2013/04/police-seeking-information-on-masked-bandit-who-robbed-arlington-bank-monday.html/
7. April 30, Laguna Niguel-Dana Point Patch –
(California) FBI issues bulletin for ‘armed and dangerous’ bank robber. A
suspect known as the “Gone Plaid Bandit” allegedly robbed a U.S. Bank branch in
Los Angeles April 27, and is suspected of robbing 11 total bank robberies in
Orange County and surrounding areas. Source: http://lagunaniguel-danapoint.patch.com/articles/fbi-issues-bulletin-for-armed-and-dangerous-bank-robber-66f54a38
8. April 30, Federal Deposit Insurance Corporation –
(Pennsylvania) FDIC orders Citizens Bank of Pennsylvania, Philadelphia,
Pennsylvania (CBPA), to pay $5 million for deceptive practices. The Federal
Deposit Insurance Corporation and Citizens Bank of Pennsylvania reached a
settlement where the bank will pay a $5 million penalty and $1.4 million in
restitution for engaging in deceptive practices that impacted 75,000 consumers.
Source: http://www.loansafe.org/fdic-orders-citizens-bank-of-pennsylvania-philadelphia-pennsylvania-cbpa-to-pay-5-million-for-deceptive-practices
Information Technology Sector
31.
May 1, Softpedia – (International) Reputation.com
hacked, all users passwords reset. Internet reputation and management
company Reputation.com suffered a security breach where attackers obtained
personal information and a limited number of encrypted passwords. The company
reset all users’ passwords and is investigating. Source: http://news.softpedia.com/news/Reputation-com-Hacked-All-User-Passwords-Reset-350034.shtml
32.
May 1, PCGamesN – (International) Not
cool: Bitcoin mining malware found in ESEA server client. The popular ESEA
server client used for online gaming was found to contain Bitcoin mining
malware, with some users reporting overheated or disabled GPUs as a result of
the mining. Source: http://www.pcgamesn.com/counterstrike/not-cool-bitcoin-mining-malware-found-esea-server-client
33.
May 1, Softpedia – (International) Cybercriminals
register more fake SourceForge domains to distribute trojans. Researchers
have found several fake SourceForge Web sites that were established to spread
the ZeroAccess trojan. Source: http://news.softpedia.com/news/Cybercriminals-Register-More-Fake-SourceForge-Domains-to-Distribute-Trojan-349918.shtml
34.
May 1, The Register – (International) Mozilla
accuses Gamma of dressing up dictators’ spyware as Firefox. Mozilla, the
developers of the Firefox browser, filed a cease-and-desist order against Gamma
International, developer of the FinFisher intelligence/law enforcement spyware,
after the spyware was found imitating the Firefox installer file to infect
users’ systems. Source: http://www.theregister.co.uk/2013/05/01/mozilla_gamma_cease_and_desist/
For
another story, see item 4 above in the Banking and Finance Sector
Communications Sector
35. April
30, KFSM 5 Fayetteville – (Arkansas) Cox experiences service
outages in Northwest Arkansas. Cox Communications customers in Bentonville
and Siloam Springs service areas lost television, Internet, and telephone
services April 30 for several hours before the issue was resolved. Source: http://5newsonline.com/2013/04/30/cox-customers-experience-service-outages-in-northwest-arkansas/
36. April
29, Big Horn Radio Network – (Wyoming) Communications Outage. Communications
Company Century Link announced that a mile of fiber optics line was damaged and
needed to be repaired after a third party cut the fiber optic line April 29,
causing a blackout which affected emergency services dispatch centers. Source: http://www.mybighornbasin.com/Communications-Outage/16220517
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.
No comments:
Post a Comment