Thursday, May 2, 2013
Complete DHS Daily Report for May 2, 2013
• Authorities arrested 18 suspects in connection with a $10 million organized theft ring that allegedly stole and then sold raw copper from an Asarco LLC mine in Hayden, Arizona. – Phoenix Business Journal
1. April 30, Phoenix Business Journal – (Arizona) 18 arrested in connection with Arizona copper theft ring. Authorities arrested 18 suspects in connection with a $10 million organized theft ring that allegedly stole raw copper from an Asarco LLC mine in Hayden. Several workers were charged with helping steal semi-truck loads of copper mined at the site and selling it to metal recyclers throughout the U.S. as well as on the Chinese black market. Source: http://www.bizjournals.com/phoenix/news/2013/04/30/18-arrested-in-connection-with-arizona.html
• Washington’s Chelan County Public Hospital No. 1 was the victim of a cyberattack that moved $1.03 million out of the hospital’s payroll system. Organized hackers in Ukraine and Russia performed the attack and used 100 accomplices in the U.S. to move the money. – Krebs on Security
23. April 30, Krebs on Security – (Washington) Wash. hospital hit by $1.03 million cyberheist. Chelan County Public Hospital No. 1 in Washington was the victim of a $1.03 million breach that moved the money out of the hospital’s payroll system. Organized hackers in Ukraine and Russia used a work-at-home scheme to carry out the attack with the help of 100 different accomplices in the U.S. Source: http://krebsonsecurity.com/2013/04/wash-hospital-hit-by-1-03-million-cyberheist/
• Two employees at Rawson-Neal Psychiatric Hospital in Las Vegas were fired and 3 were disciplined in an ongoing investigation into the hospital’s practice of sending mentally ill patients to other States. – Sacramento Bee
24. April 30, Sacramento Bee – (Nevada) Two hospital workers fired over ‘dumping’ of Nevada psychiatric patients. Two employees at Rawson-Neal Psychiatric Hospital in Las Vegas were fired and 3 were disciplined in an ongoing investigation into the hospital’s practice of sending mentally ill patients to other States. Investigators found that 10 out of nearly 1,500 patients were placed on buses within the last 5 years without proper housing, medication, or contacts once they reached their destinations. Source: http://www.sacbee.com/2013/04/30/5381856/two-hospital-workers-fired-over.html
• Researchers found that the U.S. Department of Labor’s Web site was infected and used to spread malware the morning of May 1. – Threatpost
25. May 1, Threatpost – (National) U.S. Department of Labor website discovered hacked, spreading PoisonIvy. Researchers found that the U.S. Department of Labor’s Web site was infected and used to spread malware May 1, though the malware was later removed. The attack collects system information from the victim’s computer and then a malicious payload is downloaded via an Internet Explorer vulnerability, and appeared similar to some previous intelligence-gathering campaigns. Source: http://www.darkreading.com/attacks-breaches/us-department-of-labor-website-discovere/240153967
Banking and Finance Sector
4. April 30, BankInfoSecurity – (International) FBI: DDoS botnet has been modified. The FBI warned that the Brobot botnet used in a campaign of hacktivist attacks against U.S. banking institutions has been updated in an attempt to circumvent banks’ countermeasures. Source: http://www.bankinfosecurity.com/fbi-ddos-botnet-has-been-modified-a-5719
5. April 30, Federal Bureau of Investigation – (California) Central Coast man pleads guilty to nearly $50 million investment scandal. A Central Coast man pleaded guilty to running several fraud schemes that caused more than $47 million in losses to victims and banks. Source: http://www.loansafe.org/central-coast-man-pleads-guilty-to-nearly-50-million-investment-scandal
6. April 30, Dallas Morning News – (Texas) Police seeking information on masked bandit who robbed Arlington bank Monday. The man who robbed an Arlington, Texas bank April 29 is believed to be the “Mesh Mask Bandit,” suspected of robbing 14 other banks in the region since December 2012. Source: http://crimeblog.dallasnews.com/2013/04/police-seeking-information-on-masked-bandit-who-robbed-arlington-bank-monday.html/
7. April 30, Laguna Niguel-Dana Point Patch – (California) FBI issues bulletin for ‘armed and dangerous’ bank robber. A suspect known as the “Gone Plaid Bandit” allegedly robbed a U.S. Bank branch in Los Angeles April 27, and is suspected of robbing 11 total bank robberies in Orange County and surrounding areas. Source: http://lagunaniguel-danapoint.patch.com/articles/fbi-issues-bulletin-for-armed-and-dangerous-bank-robber-66f54a38
8. April 30, Federal Deposit Insurance Corporation – (Pennsylvania) FDIC orders Citizens Bank of Pennsylvania, Philadelphia, Pennsylvania (CBPA), to pay $5 million for deceptive practices. The Federal Deposit Insurance Corporation and Citizens Bank of Pennsylvania reached a settlement where the bank will pay a $5 million penalty and $1.4 million in restitution for engaging in deceptive practices that impacted 75,000 consumers. Source: http://www.loansafe.org/fdic-orders-citizens-bank-of-pennsylvania-philadelphia-pennsylvania-cbpa-to-pay-5-million-for-deceptive-practices
Information Technology Sector
31. May 1, Softpedia – (International) Reputation.com hacked, all users passwords reset. Internet reputation and management company Reputation.com suffered a security breach where attackers obtained personal information and a limited number of encrypted passwords. The company reset all users’ passwords and is investigating. Source: http://news.softpedia.com/news/Reputation-com-Hacked-All-User-Passwords-Reset-350034.shtml
32. May 1, PCGamesN – (International) Not cool: Bitcoin mining malware found in ESEA server client. The popular ESEA server client used for online gaming was found to contain Bitcoin mining malware, with some users reporting overheated or disabled GPUs as a result of the mining. Source: http://www.pcgamesn.com/counterstrike/not-cool-bitcoin-mining-malware-found-esea-server-client
33. May 1, Softpedia – (International) Cybercriminals register more fake SourceForge domains to distribute trojans. Researchers have found several fake SourceForge Web sites that were established to spread the ZeroAccess trojan. Source: http://news.softpedia.com/news/Cybercriminals-Register-More-Fake-SourceForge-Domains-to-Distribute-Trojan-349918.shtml
34. May 1, The Register – (International) Mozilla accuses Gamma of dressing up dictators’ spyware as Firefox. Mozilla, the developers of the Firefox browser, filed a cease-and-desist order against Gamma International, developer of the FinFisher intelligence/law enforcement spyware, after the spyware was found imitating the Firefox installer file to infect users’ systems. Source: http://www.theregister.co.uk/2013/05/01/mozilla_gamma_cease_and_desist/
For another story, see item 4 above in the Banking and Finance Sector
35. April 30, KFSM 5 Fayetteville – (Arkansas) Cox experiences service outages in Northwest Arkansas. Cox Communications customers in Bentonville and Siloam Springs service areas lost television, Internet, and telephone services April 30 for several hours before the issue was resolved. Source: http://5newsonline.com/2013/04/30/cox-customers-experience-service-outages-in-northwest-arkansas/
36. April 29, Big Horn Radio Network – (Wyoming) Communications Outage. Communications Company Century Link announced that a mile of fiber optics line was damaged and needed to be repaired after a third party cut the fiber optic line April 29, causing a blackout which affected emergency services dispatch centers. Source: http://www.mybighornbasin.com/Communications-Outage/16220517
Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Content and Suggestions: Send mail to firstname.lastname@example.org or contact the DHS Daily Report Team at (703)387-2314
Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.
Removal from Distribution List: Send mail to email@example.com.
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at firstname.lastname@example.org or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at email@example.com or visit their Web page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.