Monday, March 25, 2013
Complete DHS Daily Report for March 25, 2013
• DHS and ICS-CERT advised the energy, oil, water, and chemical industries to apply a patch to certain Siemens industrial control software that addresses a previously found vulnerability. – Threatpost
1. March 21, Threatpost – (National) DHS, ICS-CERT warn of Siemens HMI vulnerabilities. DHS and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) advised the energy, oil, water, and chemical industries to use the newly patched Siemens industrial control software that addresses a previously found vulnerability. Source: http://threatpost.com/en_us/blogs/dhs-ics-cert-warn-siemens-hmi-vulnerabilities-032113
• The brother of the Galleon Group founder found guilty of insider trading was indicted for allegedly being part of his brother’s insider trading ring. – New York Times See item 6 below in the Banking and Finance Sector
• Authorities issued a lock down of Marine Corps Base Quantico while searching for a marine that shot and killed two fellow marines. Officials lifted the lockdown after they found the suspect dead in an apparent suicide. – CNN
18. March 22, CNN – (Virginia) ‘A long night’ at marine base; 3 dead in shooting. Authorities issued a lock down of the Marine Corps base in Quantico while searching for a marine that shot and killed two fellow marines on base. Officials lifted the lockdown after they found the marine in his room, dead from a self-inflicted gunshot wound. Source: http://www.cnn.com/2013/03/22/us/virginia-quantico-shooting/index.html
• A report claimed a Washington, D.C. ambulance and 2 medic units were within a 4-mile radius of an officer that was struck and severely injured, but did not respond because fire stations failed to properly monitor for emergency calls. – WRC 4 Washington D.C.
24. March 21, WRC 4 Washington, D.C. – (District of Columbia) Report: 3 ambulances improperly out of service when D.C. police office was struck. A March 21 report by the deputy mayor for public safety claimed a Washington, D.C. ambulance and 2 medic units were within a 4-mile radius of an officer that was struck and severely injured March 5, but did not respond to the scene. The report alleges the fire stations failed to properly monitor for emergency calls. Source: http://www.nbcwashington.com/news/local/Report-3-Ambulances-Improperly-Out-of-Service-When-DC-Police-Officer-Was-Struck-199444121.html
Banking and Finance Sector
5. March 22, Softpedia – (International) Website and mobile banking service of TD Bank disrupted by DDOS attack. Canada-based Toronto-Dominion (TD) Bank experienced service interruptions to its Web site and mobile banking services caused by a distributed denial of service (DDoS) attack March 21. Source: http://news.softpedia.com/news/Website-and-Mobile-Banking-Service-of-TD-Bank-Disrupted-by-DDOS-Attack-339532.shtml
6. March 21, New York Times – (New York) Brother of Galleon Group founder is indicted on insider trading charges. The brother of the Galleon Group founder found guilty of insider trading was indicted for allegedly being part of his brother’s insider trading ring. Source: http://dealbook.nytimes.com/2013/03/21/prosecutors-weigh-insider-trading-charges-against-raj-rajaratnams-brother/
7. March 20, Santa Rosa Press Democrat – (California) FBI seeks ‘Hoodie Bandit’ suspected in Sonoma County bank robberies. The FBI released photos of the suspect known as the “Hoodie Bandit”, suspected of robbing three banks in Santa Rosa and Rohnert Park in February. Source: http://www.pressdemocrat.com/article/20130320/ARTICLES/130329955/1308/news?Title=FBI-seeks-Hoodie-Bandit-suspected-in-Sonoma-County-bank-robberies&tc=ar
Information Technology Sector
25. March 22, Softpedia – (International) Yahoo, LinkedIn, Twitter accounts vulnerable to session fixation attacks. A security researcher identified a vulnerability that could allow cybercriminals to launch session fixation attacks and gain access to users’ accounts. Source: http://news.softpedia.com/news/Yahoo-LinkedIn-Twitter-Accounts-Vulnerable-to-Session-Fixation-Attacks-Video-339448.shtml
26. March 22, IDG News Service – (International) Google Drive hit by three outages this week. Google Drive experienced three service interruptions the week of March 18, preventing users from accessing files during the interruptions. Source: http://www.computerworld.com/s/article/9237831/Google_Drive_hit_by_three_outages_this_week
27. March 22, Softpedia – (International) Security hole in control panels of UK registrars led to domain hijacking. About 300 domains were stolen from U.K. registrar 123-Reg by attackers exploiting a vulnerability in the service’s Web hosting control panel that allowed users with an account to access other accounts. Source: http://news.softpedia.com/news/Security-Hole-in-Control-Panels-of-UK-Registrars-Led-to-Domain-Hijacking-339475.shtml
28. March 22, Softpedia – (International) PyCon incident: Two people fired, DDOS attack launched against SendGrid site. SendGrid’s Web site was targeted by a distributed denial of service (DDoS) attack after an incident by a former employee at a conference drew the attention of social media users and a self-professed Anonymous group. Source: http://news.softpedia.com/news/PyCon-Incident-Two-People-Fired-DDOS-Attack-Launched-Against-SendGrid-Site-339407.shtml
29. March 21, Richmond Times-Dispatch– (Virginia) 3 area TV stations experiencing antenna problem. A March 6 problem with a shared antenna in the Richmond area left WCVW, WRIC, and WRLH television stations unavailable to some of their viewers. The problem affects those who receive their television “over-the-air” instead of through cable or satellite. Source: http://www.timesdispatch.com/business/local/companies/area-tv-stations-experiencing-antenna-problem/article_ebd285d1-40e0-5fc6-a19b-97dbf567fb68.html
30. March 21, New Orleans Times-Picayune – (Louisiana) Super Bowl blackout report blames electric relay device, cites poor communication. A March 21 report on the 2012 Super Bowl blackout blamed the outage on a mis-operation of a relay device that was part of an electric switchgear near the stadium. The device’s settings were within recommended default settings but poor communication between the manufacturer and the stadium prevented the device’s set-up to align with the stadium’s specific fuse requirements. Source: http://www.nola.com/business/index.ssf/2013/03/analysis_of_super_bowl_blackou.html
Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Content and Suggestions: Send mail to email@example.com or contact the DHS Daily Report Team at (703)387-2314
Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.
Removal from Distribution List: Send mail to firstname.lastname@example.org.
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at email@example.com or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at firstname.lastname@example.org or visit their Web page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.