Friday, April 19, 2013
Complete DHS Daily Report for April 19, 2013
• An explosion at the West Fertilizer Co., located in West, Texas, leveled dozens of homes, killed as many as 15 people, injured more than 160, and spewed toxic fumes that forced the evacuation of half the surrounding community. Rescuers are still searching for survivors. – Reuters
17. April 18, Reuters – (Texas) Rescuers search for survivors of Texas fertilizer plant blast. An explosion at the West Fertilizer Co., located in West, Texas, leveled dozens of homes, killed as many as 15 people, injured more than 160, and spewed toxic fumes that forced the evacuation of half the surrounding community. Rescuers are still searching for survivors. Source: http://www.reuters.com/article/2013/04/18/us-usa-explosion-texas-idUSBRE93H02A20130418
• Additional rainfall to the region caused the City of Saginaw’s wastewater retention basins to overflow again bringing the total release of treated wastewater to 834 million gallons since April 9, including an estimated 18.97 million gallons over the past two days. – Michigan Live
20. April 17. Michigan Live – (Michigan) Saginaw releases 834 million gallons of treated wastewater over nine-day period. Additional rainfall to the region caused the City of Saginaw’s wastewater retention basins to overflow again bringing the total release of treated wastewater to 834 million gallons since April 9, including an estimated 18.97 million gallons over the past two days. Additional precipitation is forecasted for the next two days. Source: http://www.mlive.com/news/saginaw/index.ssf/2013/04/retention_basin_overflowing_ag.html
• The FBI arrested a Mississippi man in connection with sending a U.S. senator and the U.S. President threatening letters potentially laced with ricin, the letters were intercepted at an off-site mail facility in Washington, D.C. Test results were expected April 18 determining the substance used to contaminate the letters. – CNN
26. April 18, CNN – (Washington, D.C.; Mississippi) Test results due in ricin scare; Mississippi man arrested. The FBI arrested a Mississippi man in connection with sending a U.S. senator and the U.S. President threatening letters potentially laced with ricin, the letters were intercepted at an off-site mail facility in Washington, D.C. Test results were expected April 18 determining the substance used to contaminate the letters. Source: http://www.cnn.com/2013/04/18/politics/tainted-letter-intercepted/index.html
• Due to issues with financials, BitFloor, the largest Bitcoin exchange in the U.S. closed down indefinitely and will return all funds. – IDG News Service See item 34 below in the Information Technology Sector
• The cause of an April 16 fire, which started in the attic space of a building and destroyed four businesses and caused $1.7 million in damages, remains unknown according to authorities. – Fresno Bee
44. April 17. Fresno Bee – (California) Fire causes $1.7m damage to California strip mall. The cause of an April 16 fire, which started in the attic space of a building and destroyed four businesses and caused $1.7 million in damages, remains unknown according to authorities. Source: http://www.firehouse.com/news/10922151/fire-causes-17m-damage-to-california-strip-mall
• A fire which occurred during the same time as two explosions at the Boston Marathon finish line April 15 left damage to a conference room and auditorium at the John F. Kennedy Library and Museum, prompting the Boston Police Department’s arson squad to close the facility indefinitely and to conduct investigations to see if the fire is linked to the explosions. – New York Daily News
45. April 17. New York Daily News – (Boston) Arson squad arrives at JFK Presidential Library; building closed ‘indefinitely’ for investigation after marathon bombings. A fire which occurred during the same time as two explosions at the Boston Marathon finish line April 15 left damage to a conference room and auditorium at the John F. Kennedy Library and Museum, prompting the Boston Police Department’s arson squad to close the facility indefinitely and to conduct investigations to see if the fire is linked to the explosions. Source: http://www.nydailynews.com/news/national/jfk-library-closed-probe-post-bombing-fire-article-1.1319001
Banking and Finance Sector
4. April 17. Tewksbury Patch – (Massachusetts) Brazen Merrimack Valley bandit hits as many as three more banks. A man known as the “Merrimack Valley Bandit” has robbed as many as three more banks, including a bank he had previously robbed, bringing the total number of alleged robberies to eight banks. Source: http://tewksbury.patch.com/articles/merrimack-valley-bandit-hits-another-bank-more-info-emerging
5. April 17. Federal Bureau of Investigations– (Alabama) Alabama man charged for sending fraudulent $10M promissory note in attempt to satisfy mortgage. A federal judge convicted two men April 16 for mailing a fictitious $10 million financial note to pay off his home mortgage. The fictitious financial note claimed to be a valid financial instrument drawn on a secret U.S. government account. Source: http://www.loansafe.org/alabama-man-charged-for-sending-fraudulent-10m-promissory-note-in-attempt-to-satisfy-mortgage
6. April 17. Fleet Owner – (Ohio) 28 charged with skimming more than $1.7 million from trucking companies. The Northern District of Ohio U.S. Attorney’s Office filed a 97-count indictment charging 28 people for violations including wire fraud, money laundering, and conspiracy for their acts in a scheme that skimmed over $1.7 million from a trucking company. Source: http://fleetowner.com/regulations/28-charged-skimming-more-17-million-trucking-companies&utm_source=feedly
7. April 17, DNA Info – (Chicago) Seven sentenced in credit card scheme at Wrigley Field, city restaurants. Seven Chicago residents were sentenced for their role in skimming 175 cards at the restaurants in which they were employed and for making purchases with fake cards derived from information from a stolen card reader totaling more than $200,000. Source: http://www.dnainfo.com/chicago/20130417/wrigleyville/seven-sentenced-credit-card-scheme-at-wrigley-field-city-restaurants
8. April 17. KHQ 6 Spokane – (Washington) Straw Hat bandit arrested for four bank robberies. Spokane County detectives, using surveillance footage from several banks, arrested the man they believe is responsible for multiple bank robberies. The perpetrator wore a straw hat in at least one of the robberies. Source: http://www.khq.com/story/22007244/straw-hat-bank-robber
9. April 17. Associated Press – (Oregon; Washington) Hedge fund manager pleads guilty to Ponzi scheme. A Portland hedge-fund manager pled guilty to 17 counts of wire and mail fraud in a Ponzi scheme April 16 where he netted $6.4 million. The Securities and Exchange Commission has filed suit alleging the manager lured more than 100 people to invest $37 million in his hedge funds by falsely boasting double-digit returns and using the money to fund earlier investments and his travel and personal expenses. Source: http://union-bulletin.com/news/2013/apr/17/hedge-fund-manager-pleads-guilty-to-ponzi-scheme/
Information Technology Sector
34. April 18, IDG News Service – (International) US Bitcoin exchange BitFloor shuts down again. Due to issues with financials, BitFloor, the largest Bitcoin exchange in the U.S. closed down indefinitely and will return all funds. The exchange is unable to provide the same amount of USD deposits and withdrawals as it has in the past. Source: http://www.networkworld.com/news/2013/041813-us-bitcoin-exchange-bitfloor-shuts-268848.html
35. April 18, Softpedia – (International) Malware alert: Fertilizer plant explosion near Waco, Texas. Hackers are utilizing current U.S. events in order to send bogus emails depicting the incidents in the form of malicious links and videos that push malware onto victims’ computers through a RedKit exploit kit. Source: http://news.softpedia.com/news/Malware-Alert-Fertilizer-Plant-Explosion-Near-Waco-Texas-346570.shtml
36. April 18, Softpedia – (International) Snapchat warns users of spam campaign. The creators of Snapchat are warning users of hoax accounts that are targeting public accounts and sending spam messages inviting users to Skype conversations that could potentially link them to malicious sites or even make automated phone calls to spread bogus antivirus warnings. Snapchat temporarily disabled new account registrations and have prevented users from receiving messages from individuals not included on their friends list to help mitigate the issue. Source: http://news.softpedia.com/news/Snapchat-Warns-Users-of-Spam-Campaign-346475.shtml?
37. April 18, IDG News Service – (International) Popular home routers contain critical security vulnerabilities. Researchers offered consumers options to mitigate potential attacks on their home and small office routers that contain security problems. Thirteen popular routers were discovered vulnerable in allowing a hacker to snoop or modify network traffic as well as access credentials. Source: http://www.computerworld.com/s/article/9238474/Popular_home_routers_contain_critical_security_vulnerabilities
38. April 18, Help Net Security – (International) Backdoor Trojan uses “magic code” to contact C&C server. Researchers discovered a backdoor-opening malware that uses a “magic code” in order to start communication with the same IP address and port once the C&C server instructs it to do so. The attackers gain permanent access to the machine once the account is created. Source: http://www.net-security.org/malware_news.php?id=2471&utm_source=feedly&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29
39. April 18, Softpedia – (International) Fake SourceForge website serves ZeroAccess malware. Experts from a security firm determined hackers are using the SourceForge Web site to drop the ZeroAccess Trojan onto user’s computers and inject malware. Source: http://news.softpedia.com/news/Fake-SourceForge-Website-Serves-ZeroAccess-Malware-346423.shtml?utm_source=feedly
40. April 17, Network World – (International) Large-scale Google outage affects customers worldwide. Google is working to identify the cause of a nearly 3-hour outage of their web services April 17 when users noticed service disruptions worldwide. Source: http://www.networkworld.com/news/2013/041713-google-outage-268814.html?
41. April 17, V3.co.uk – (International) Malwarebytes cripples thousands of computers with faulty software security update. Malwarebytes released a definitions update April 16 that treated essential Windows .dil and .exe files as malware, thereby stopping them from running and knocking thousands of IT systems and computers offline. The company is reworking the update and posted details for firms affected on their forum page. Source: http://www.v3.co.uk/v3-uk/news/2262234/malwarebytes-cripples-thousands-of-computers-with-faulty-software-security-update
42. April 17, Softpedia – (International) Official UGG blog hacked, abused for HSBC phishing scheme. The official UGG blog has been breached by hackers who are using the space to host a phishing scheme designed to look like the HSBC Web site and lure users into providing their personal information. The attack is executed through an email with the malicious HTML file attached. Source: http://news.softpedia.com/news/Official-UGG-Blog-Hacked-Abused-for-HSBC-Phishing-Scheme-346094.shtml
Nothing to report
Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Content and Suggestions: Send mail to firstname.lastname@example.org or contact the DHS Daily Report Team at (703)387-2314
Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.
Removal from Distribution List: Send mail to email@example.com.
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at firstname.lastname@example.org or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at email@example.com or visit their Web page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.