Wednesday, May 1, 2013   

Complete DHS Daily Report for May 1, 2013

Daily Report

Top Stories

 • A man was charged with fraud and identity theft for allegedly using information from insiders with access to Alabama Department of Corrections systems to obtain inmates’ personal information and then file false tax returns in their names. – Softpedia  See item 8 below in the Banking and Financial Sector

 • Crude oil mixed with natural gas spewed across U.S. Route 219 in Bradford, Pennsylvania, April 27 after a valve on a pipeline broke, prompting authorities to close the highway for about 5 hours. – Associated Press

17. April 29, Associated Press – (Pennsylvania) Bradford, Pa., highway closed by spewing oil from pipeline. Crude oil mixed with natural gas spewed across U.S. Route 219 in Bradford April 27 after a valve on a pipeline broke, prompting authorities to close the highway for about 5 hours. Source: http://www.the-leader.com/news/x91992959/Bradford-Pa-highway-closed-by-spewing-oil-from-pipeline

 • A former water official was convicted on 11 counts of lying about mixing carcinogen-tainted well water into the village of Crestwood, Illinois’s drinking supply from 1982 until 2008. – Associated Press
22. April 30, Associated Press – (Illinois) Tainted well water case ends in guilty verdict. A former suburban Chicago water official was convicted April 29 on 11 counts of lying about mixing carcinogen-tainted well water into the village of Crestwood’s drinking supply from 1982 until 2008 in order to cut costs. Source: http://www.businessweek.com/ap/2013-04-30/tainted-well-water-case-ends-in-guilty-verdict

 • At least 8 people were injured and nearly 150 arrested in Virginia Beach after instances of violence and disorder as between 30,000 and 40,000 people congregated for College Beach Weekend 2013 beginning April 26, an event city officials knew little about beforehand. – Associated Press

39. April 30, Associated Press – (Virginia) Nearly 150 people arrested in violent VB weekend. At least 8 people were injured and nearly 150 arrested in Virginia Beach after instances of violence and disorder as between 30,000 and 40,000 people congregated for College Beach Weekend 2013 beginning April 26, an event city officials knew little about beforehand. Source: http://www.sfgate.com/news/crime/article/Nearly-150-people-arrested-in-violent-VB-weekend-4475606.php

Details

Banking and Finance Sector

7. April 30, V3.co.uk – (International) Ramnit sleeping malware targets UK financial sector. A new variant of the Ramnit malware with advanced detection-evading characteristics was found attacking online banking customers in the U.K., according to Trusteer researchers. Source: http://www.v3.co.uk/v3-uk/news/2264999/ramnit-sleeping-malware-targets-uk-financial-sector

8. April 29, Softpedia – (Alabama) Alabama man charged on suspicion of using prisoner identities in fraud scheme. A man was charged with 34 counts of fraud and identity theft for allegedly using information from insiders with access to Alabama Department of Corrections systems to obtain inmates’ personal information and then file false tax returns in their names, fraudulently earning over $2.5 million between 2010 and 2012. Source: http://news.softpedia.com/news/Alabama-Man-Charged-on-Suspicion-of-Using-Prisoner-Identities-in-Fraud-Scheme-349198.shtml

9. April 29, St. Louis Post-Dispatch – (Missouri) FDIC sues former directors of failed Champion Bank. The Federal Deposit Insurance Corporation filed a $15.6 million suit against 10 executives and board members of the failed Champion Bank for allegedly investing recklessly in failing housing developments, leading to the bank’s failure. Source: http://www.stltoday.com/business/local/fdic-sues-former-directors-of-failed-champion-bank/article_92e5a10b-4713-539e-8689-1e4012b8ad28.html

10. April 29, U.S. Securities and Exchange Commission – (Connecticut) Level Global agrees to pay more than $21.5 million to settle SEC insider trading charges. Greenwich-based Level Global Investors LP agreed to pay the U.S. Securities and Exchange Commission more than $21.5 million to settle charges of insider trading. Source: http://www.sec.gov/news/press/2013/2013-76.htm

Information Technology Sector

34. April 30, Softpedia – (International) PDF vulnerability exploited in MiniDuke campaign, used in Zegost, PlugX attacks. Researchers at Trend Micro found that at least three advanced persistent threat (APT) campaigns are using the CVE-2013-0640 vulnerability in Adobe Reader to spread malware, though their payloads differ. Source: http://news.softpedia.com/news/PDF-Vulnerability-Exploited-in-MiniDuke-Campaign-Used-in-Zegost-PlugX-Attacks-349753.shtml

35. April 30, Softpedia – (International) Vulnerabilities in D-Link IP cameras can be used to capture video streams. Several vulnerabilities in D-Link IP cameras can be exploited to access video streams, execute arbitrary commands, bypass authentication, and other purposes, according to research from Core Security. Source: http://news.softpedia.com/news/Vulnerabilities-in-D-Link-IP-Cameras-Can-Be-Used-to-Capture-Video-Streams-349669.shtml

36. April 29, Threatpost – (International) Google mandates app updates come from Google Play. Google instituted a policy whereby apps available through its Google Play app store must issue updates via Google Play’s update mechanism in order to prevent malicious apps from sending updates to users after an approved app is downloaded. Source: http://threatpost.com/google-mandates-app-updates-come-from-google-play/

37. April 29, Computerworld – (International) Google pays record $31K bounty for Chrome bugs. Google paid a researcher from the University of Luxembourg $31,336 for uncovering three “high” rated vulnerabilities in Chrome via the company’s bug bounty program. Source: http://www.networkworld.com/news/2013/042913-google-pays-record-31k-bounty-269213.html

For an additional story see item 7 above in the Banking and Finance Sector
Communications Sector

38. April 29, WBIR 10 Knoxville – (National) Phone outage impacts East TN businesses. Arkansas-based national Internet and telephone provider Windstream suffered an outage for more than 5 hours April 29, impacting multiple businesses throughout the country including long-distance and toll free call processing services. Source: http://www.wbir.com/news/article/272253/2/Windstream-outage-affecting-business-phone-lines-across-country



Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.


Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.