Thursday, March 14, 2013
Complete DHS Daily Report for March 14, 2013
• Police arrested and charged eight individuals for stealing copper at 13 electric substations across Philadelphia. Authorities believe they are part of a larger criminal organization tied to other copper thefts. – Associated Press; Bucks County Courier Times
2. March 13, Associated Press; Bucks County Courier Times – (Pennsylvania) 8 arrested in copper thefts at Pa. power stations. Police arrested and charged eight individuals March 12 for stealing copper at 13 electric substations across Philadelphia in 2012. Authorities believe they are part of a larger criminal organization tied to committing thefts at PECO Energy substations and incurring damages and losses of roughly $175,000. Source: http://www.abc27.com/story/21629530/8-arrested-in-copper-thefts-at-papower-stations
• Three major credit reporting companies reported that hackers appeared to have stolen the personal information of celebrities and government figures from their Web sites. – Softpedia See item 5 below in the Banking and Finance Sector
• A U.S. Department of Agriculture employee wrote fraudulent checks payable to the federal government totaling in $6.2 million dollars and stole from approximately 18 government agencies, including water authorities. – Selma Times-Journal
17. March 12, Selma Times-Journal – (Alabama) Man guilty of stealing $800k from West Dallas Water Authority. A U.S. Department of Agriculture employee wrote fraudulent checks payable to the federal government totaling in $6.2 million dollars and stole from approximately 18 government agencies. Using fraudulent methods, the employee stole from several water authorities including nearly $800,000 from the West Dallas Water Authority. Source: http://www.selmatimesjournal.com/2013/03/12/man-guilty-of-stealing-800kfrom-west-dallas-water-authority/
• Members of two hacktivist groups discovered, and researchers confirmed, SQL Interjection vulnerabilities on the Web sites of the U.S. Customs and Border Protection and the Office of Personnel Management. – Softpedia
19. March 13, Softpedia – (National) OpBlackSummer: US Government sites CBP.gov and OPM.gov reportedly hacked. Members of two hacktivist groups have discovered SQL Interjection vulnerabilities on the Web sites of the U.S. Customs and Border Protection and the Office of Personnel Management that were validated by two researchers who were provided details of the vulnerabilities. Source: http://news.softpedia.com/news/OpBlackSummer-US-Government-Sites-CPBgov-and-OPM-gov-Reportedly-Hacked-336836.shtml
Banking and Finance Sector
5. March 13, Softpedia – (International) Hackers stole details of officials and celebrities from credit reporting companies. Three major credit reporting companies reported that hackers appeared to have stolen the personal information of celebrities and government figures from their Web sites. The FBI and Los Angeles Police Department are investigating. Source: http://news.softpedia.com/news/Hackers-Stole-Details-of-Officials-and-Celebrities-from-Credit-Reporting-Companies-336687.shtml
6. March 12, Dow Jones Newswires – (International) J.P. Morgan Chase confirms denial-of-service attacks on Chase.com. J.P. Morgan Chase announced via Twitter that its Chase Online banking service was experiencing availability issues due to a denial of service (DoS) attack.
7. March 11, Philadelphia Inquirer – (Pennsylvania) Serial bandit strikes for 6th time. A robber believed responsible for five previous bank robberies in Philadelphia struck a sixth bank March 11. Source: http://articles.philly.com/2013-03-11/news/37626394_1_bank-robber-bankjobs-republic-bank
8. March 12, Florida Today – (Florida) Palm Bay man held massive credit-card scheme. A man seen using multiple credit cards at a gas station in West Melbourne was arrested and is suspected of stealing more than $100,000 from several victims. Source: http://www.floridatoday.com/article/20130312/NEWS01/130312021/Palm-Bay-man-held-massive-credit-card-scheme
Information Technology Sector
27. March 13, Softpedia – (International) National Journal hacked, used to push malware via Fiesta exploit kit. Atlantic Media confirmed that the Web site of the National Journal was compromised and used to spread malware. Source: http://news.softpedia.com/news/National-Journal-Hacked-Used-to-Push-Malware-Via-Fiesta-Exploit-Kit-336706.shtml
28. March 12, IDG News Service – (International) Microsoft has access issues with Hotmail, Outlook, SkyDrive services. Microsoft experienced issues with its Hotmail, Outlook, and SkyDrive services for several hours March 12, leaving users unable to login. Source: http://www.networkworld.com/news/2013/031313-microsoft-hasaccess-issues-with-267644.html
29. March 12, Threatpost – (International) Issue with SWFUploader could lead to XSS vulnerabilities, content spoofing. Several versions of the popular SWFUploader applet contain vulnerabilities that could allow cross-site scripting (XSS) and content spoofing and let attackers take over accounts. Source: http://threatpost.com/en_us/blogs/issue-swfuploader-could-lead-xssvulnerabilities-content-spoofing-031213
30. March 12, Help Net Security – (International) Microsoft releases four critical bulletins. Microsoft’s March 12 Patch Tuesday released patches for seven issues, four of which were rated “critical.” Source: http://www.net-security.org/secworld.php?id=14583
31. March 12, The H – (International) Adobe closes more critical holes in Flash Player. Adobe released updates to Flash Player that addresses four vulnerabilities that could allow arbitrary code execution. Source: http://www.h-online.com/security/news/item/Adobe-closes-morecritical-holes-in-Flash-Player-1821723.html
32. March 12, IDG News Service – (National) Google to pay $7M for Wi-Fi eavesdropping. Google agreed to pay $7 million to 37 States and the District of Columbia for its inadvertent collection of personal data during updates to its navigation service via Street View cars. The recorded data will be destroyed and the equipment and software used to collect will only be used with prior consent and notice. Source: http://www.csoonline.com/article/730152/google-to-pay-7m-to-states-for-wifi-eavesdropping
33. March 12, Oaklawn Patch – (Illinois) ComEd blames rogue raccoon for Sunday’s damaging power surge. An electrical utility company blamed a March 10 electrical surge, which caused power outages to more than 1,000 customers and fried customer’s electronic equipment and appliances, on a raccoon. The power surge led to traffic being closed on a road after an electrical wire fell across a major street. Source: http://oaklawn.patch.com/articles/comed-blames-rouge-raccoon-for-sunday-sdamaging-power-surge
Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Content and Suggestions: Send mail to firstname.lastname@example.org or contact the DHS Daily Report Team at (703)387-2314
Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.
Removal from Distribution List: Send mail to email@example.com.
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at firstname.lastname@example.org or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at email@example.com or visit their Web page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.