Thursday, March 14, 2013
Complete DHS Daily Report for March 14, 2013
Daily Report
Top Stories
• Police arrested and charged eight individuals for stealing
copper at 13 electric substations across Philadelphia. Authorities believe they
are part of a larger criminal organization tied to other copper thefts. – Associated
Press; Bucks County Courier Times
2. March
13, Associated Press; Bucks County Courier Times –
(Pennsylvania) 8 arrested in copper thefts at Pa. power stations. Police
arrested and charged eight individuals March 12 for stealing copper at 13
electric substations across Philadelphia in 2012. Authorities believe they are
part of a larger criminal organization tied to committing thefts at PECO Energy
substations and incurring damages and losses of roughly $175,000. Source: http://www.abc27.com/story/21629530/8-arrested-in-copper-thefts-at-papower-stations
• Three major credit reporting companies reported that hackers
appeared to have stolen the personal information of celebrities and government
figures from their Web sites. – Softpedia See item 5 below in
the Banking and Finance Sector
• A U.S. Department of Agriculture employee wrote fraudulent
checks payable to the federal government totaling in $6.2 million dollars and
stole from approximately 18 government agencies, including water authorities. –
Selma Times-Journal
17. March
12, Selma Times-Journal – (Alabama) Man guilty of stealing $800k
from West Dallas Water Authority. A U.S. Department of Agriculture employee
wrote fraudulent checks payable to the federal government totaling in $6.2
million dollars and stole from approximately 18 government agencies. Using
fraudulent methods, the employee stole from several water authorities including
nearly $800,000 from the West Dallas Water Authority. Source: http://www.selmatimesjournal.com/2013/03/12/man-guilty-of-stealing-800kfrom-west-dallas-water-authority/
• Members of two hacktivist groups discovered, and researchers
confirmed, SQL Interjection vulnerabilities on the Web sites of the U.S.
Customs and Border Protection and the Office of Personnel Management. – Softpedia
19. March
13, Softpedia – (National) OpBlackSummer: US Government sites CBP.gov and
OPM.gov reportedly hacked. Members of two hacktivist groups have discovered
SQL Interjection vulnerabilities on the Web sites of the U.S. Customs and
Border Protection and the Office of Personnel Management that were validated by
two researchers who were provided details of the vulnerabilities. Source: http://news.softpedia.com/news/OpBlackSummer-US-Government-Sites-CPBgov-and-OPM-gov-Reportedly-Hacked-336836.shtml
Details
Banking and Finance Sector
5. March
13, Softpedia – (International) Hackers stole details of officials and
celebrities from credit reporting companies. Three major credit reporting
companies reported that hackers appeared to have stolen the personal
information of celebrities and government figures from their Web sites. The FBI
and Los Angeles Police Department are investigating. Source: http://news.softpedia.com/news/Hackers-Stole-Details-of-Officials-and-Celebrities-from-Credit-Reporting-Companies-336687.shtml
6. March
12, Dow Jones Newswires – (International) J.P. Morgan Chase
confirms denial-of-service attacks on Chase.com. J.P. Morgan Chase announced
via Twitter that its Chase Online banking service was experiencing availability
issues due to a denial of service (DoS) attack.
7. March
11, Philadelphia Inquirer – (Pennsylvania) Serial bandit strikes for
6th time. A robber believed responsible for five previous bank robberies in
Philadelphia struck a sixth bank March 11. Source: http://articles.philly.com/2013-03-11/news/37626394_1_bank-robber-bankjobs-republic-bank
8. March
12, Florida Today – (Florida) Palm Bay man held massive credit-card scheme. A
man seen using multiple credit cards at a gas station in West Melbourne was arrested
and is suspected of stealing more than $100,000 from several victims. Source: http://www.floridatoday.com/article/20130312/NEWS01/130312021/Palm-Bay-man-held-massive-credit-card-scheme
Information Technology Sector
27. March
13, Softpedia – (International) National Journal hacked, used to push malware
via Fiesta exploit kit. Atlantic Media confirmed that the Web site of the
National Journal was compromised and used to spread malware. Source: http://news.softpedia.com/news/National-Journal-Hacked-Used-to-Push-Malware-Via-Fiesta-Exploit-Kit-336706.shtml
28. March
12, IDG News Service – (International) Microsoft has access issues with Hotmail,
Outlook, SkyDrive services. Microsoft experienced issues with its Hotmail,
Outlook, and SkyDrive services for several hours March 12, leaving users unable
to login. Source: http://www.networkworld.com/news/2013/031313-microsoft-hasaccess-issues-with-267644.html
29. March
12, Threatpost – (International) Issue with SWFUploader could lead to XSS
vulnerabilities, content spoofing. Several versions of the popular SWFUploader
applet contain vulnerabilities that could allow cross-site scripting (XSS) and
content spoofing and let attackers take over accounts. Source: http://threatpost.com/en_us/blogs/issue-swfuploader-could-lead-xssvulnerabilities-content-spoofing-031213
30. March
12, Help Net Security – (International) Microsoft releases four
critical bulletins. Microsoft’s March 12 Patch Tuesday released patches for
seven issues, four of which were rated “critical.” Source: http://www.net-security.org/secworld.php?id=14583
31. March
12, The H – (International) Adobe closes more critical holes in Flash Player.
Adobe released updates to Flash Player that addresses four vulnerabilities
that could allow arbitrary code execution. Source: http://www.h-online.com/security/news/item/Adobe-closes-morecritical-holes-in-Flash-Player-1821723.html
Communications Sector
32. March
12, IDG News Service – (National) Google to pay $7M for Wi-Fi eavesdropping. Google
agreed to pay $7 million to 37 States and the District of Columbia for its
inadvertent collection of personal data during updates to its navigation service
via Street View cars. The recorded data will be destroyed and the equipment and
software used to collect will only be used with prior consent and notice. Source:
http://www.csoonline.com/article/730152/google-to-pay-7m-to-states-for-wifi-eavesdropping
33. March
12, Oaklawn Patch – (Illinois) ComEd blames rogue raccoon for Sunday’s damaging
power surge. An electrical utility company blamed a March 10 electrical surge,
which caused power outages to more than 1,000 customers and fried customer’s electronic
equipment and appliances, on a raccoon. The power surge led to traffic being closed
on a road after an electrical wire fell across a major street. Source: http://oaklawn.patch.com/articles/comed-blames-rouge-raccoon-for-sunday-sdamaging-power-surge
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.