Complete DHS Daily Report for August 6, 2013
• Over 20 cars of a train carrying sodium hydroxide derailed in Lawtell, Louisiana, prompting the evacuation of roughly 100 homes within one mile of the derailment August 4. – Associated Press
10. August 5, Associated Press – (Louisiana) Train derails in La.; about 100 homes evacuated. Over 20 cars of a train carrying sodium hydroxide derailed in Lawtell, prompting the evacuation of roughly 100 homes within one mile of the derailment August 4. Source: http://news.msn.com/us/train-derails-in-la-about-100-homes-evacuated
• An outbreak of Cyclospora in Iowa and Nebraska that caused hundreds of confirmed illnesses was linked to Mexican-grown Taylor Farms salad mix.– Food Safety News
21. August 2, Food Safety News – (National) Cyclospora outbreak linked to Taylor Farms Salad, some served at Olive Garden and Red Lobster. According to the U.S. Food and Drug Administration, the outbreak of Cyclospora in Iowa and Nebraska that caused hundreds of confirmed illnesses was linked to Mexican-grown Taylor Farms salad mix. Some of the contaminated salad mix was served at Olive Garden and Red Lobster restaurants and investigators believe the product expired and is no longer on the market. Source: http://www.foodsafetynews.com/2013/08/cyclospora-outbreak-linked-to-taylor-farms-salad-some-served-at-olive-garden-and-red-lobster/
• Crews reached 60 percent containment of Washington’s Colockum Tarps Fire that burned 80,400 acres by August 4. – Wenatchee Complex Command Post
25. August 4, Wenatchee Complex Command Post – (Washington) Colockum Tarps Fire now at 80,400 acres, 60% contained. Crews reached 60 percent containment of Washington’s Colockum Tarps Fire that burned 80,400 acres by August 4. Evacuation orders remained in effect due to the potential spread of the fire outside fire lines. Source: http://www.khq.com/story/23037599/colockum-tarps-fire-now-at-80000-acres-60-contained
• A research project which set up fake industrial control systems purporting to be connected to water plant systems observed the Comment Crew/APT1 hacking group had targeted and compromised one decoy system, among other project results. – MIT Technology Review See item 46 below in the Information Technology Sector
Banking and Finance Sector
5. August 3, Tallahassee Democrat – (Florida) Federal Deposit Insurance Corporation suing Wakulla Bank leadership. The Federal Deposit Insurance Corporation announced a $14 million lawsuit against five senior leaders at the failed Wakulla Bank for allegedly taking unreasonable risks and violating internal policies that led to the bank’s failure. Source: http://www.tallahassee.com/article/20130803/NEWS/130803001/?nclick_check=1
6. August 2, Associated Press – (New Hampshire) NH businessman found guilty in mortgage fraud case. A Manchester man was convicted of running a $13 million mortgage fraud scheme where he offered to bail out distressed homeowners if they signed over their deeds, and then had straw buyers purchase the properties at inflated prices. Source: http://www.nashuatelegraph.com/news/1012312-469/nh-businessman-found-guilty-in-mortgage-fraud.html
7. August 2, Zachary Plainsman-News – (Louisiana; Texas) Houston man pleads guilty to using fake credit cards to access cash at La. casinos. A Houston man pleaded guilty to creating a variety of counterfeit payment cards and then using them in Louisiana casinos to steal $118,684. Source: http://www.zacharytoday.com/view/full_story/23270510/article-Houston-man-pleads-guilty-to-using-fake-credit-cards-to-access-cash-at-La--casinos---?instance=secondary_news_left_column
8. August 2, Reuters – (Connecticut) Former Green Mountain employee charged in insider trading scheme. The U.S. Securities and Exchange Commission charged a former employee of Green Mountain Coffee Roasters Inc. with allegedly participating in an insider trading scheme that netted himself and an accomplice in Hamden $7 million. Source: http://www.reuters.com/article/2013/08/02/us-sec-greenmountain-idUSBRE97112420130802
9. August 2, Riverside Press-Enterprise – (California) Rancho Mirage man indicted in $5.3 million scheme. A Rancho Mirage man was charged with allegedly participating in a mortgage refinancing scheme through his business, Nationwide Mortgage Concepts, that defrauded Ally Financial of around $5.3 million. Source: http://www.pe.com/business/business-headlines/20130802-mortgage-fraud-rancho-mirage-man-indicted-in-5.3-million-scheme.ece
For another story, see item 41below in the Information Technology Sector
Information Technology Sector
37. August 5, Threatpost – (International) BREACH compression attack steals HTTPS secrets in under 30 seconds. Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext (BREACH) an attack that enables the reading of encrypted messages via plaintext injection into an HTTPS request, prompted an advisory after it was demonstrated at the Black Hat 2013 conference. Source: https://threatpost.com/breach-compression-attack-steals-https-secrets-in-under-30-seconds/101579
38. August 5, Wired.com – (International) Feds are suspects in new malware that attacks Tor anonymity. A piece of malware that exploits a vulnerability in Firefox 17 and redirects connections over The Onion Router (TOR) network so users’ true IP addresses can be discerned was found on several Web sites hosted by Freedom Hosting. Source: http://www.wired.com/threatlevel/2013/08/freedom-hosting/
39. August 5, Softpedia – (International) Experts say 10 companies are responsible for 60% of Russian mobile malware. Security firm Lookout released a study of Russian mobile malware and found that 10 organizations were responsible for creating 60% of mobile malware originating in Russia, among other findings. Source: http://news.softpedia.com/news/Experts-Say-10-Companies-Are-Responsible-for-60-of-Russian-Mobile-Malware-373107.shtml
40. August 5, Softpedia – (International) Samsung Smart TVs can be hijacked, researchers warn. Researchers from ISEC Partners at the Black Hat 2013 conference demonstrated several vulnerabilities in Samsung Smart TVs that can be exploited to obtain sensitive information or spy via webcam. Source: http://news.softpedia.com/news/Samsung-Smart-TVs-Can-Be-Hijacked-Researchers-Warn-373064.shtml
41. August 5, V3.co.uk – (International) IPv6 is latest tool for stealing credit card numbers and passwords. Security firm Neohapsis warned that the lack of implementation of the IPv6 protocol could allow attacks to monitor networks or redirect users to malicious pages by setting up a false IPv6 version of an IPv4 connection. Modern operating systems will then select the IPv6 connection due to their inbuilt preference for the protocol. Source: http://www.v3.co.uk/v3-uk/news/2286734/ipv6-is-latest-tool-for-stealing-credit-card-numbers-and-passwords
42. August 4, IDG News Service – (International) Android one-click Google authentication method puts users, businesses at risk. A Tripwire researcher at the DEF CON 21 conference detailed a way in which the weblogin feature on Google sites can be used to give attackers access to Google accounts. The researcher published a proof-of-concept app that can steal weblogin tokens and send them to the attacker for use. Source: https://www.computerworld.com/s/article/9241355/Android_one_click_Google_authentication_method_puts_users_businesses_at_risk
43. August 2, PC Magazine – (International) Smart bot reads your Facebook, mimics you in spear phishing messages. Trustwave researchers presented findings on how social media is used to generate spearphishing attacks and released a tool called Microphisher which automates the monitoring of a target’s social media in order to develop a ‘fingerprint’ of believable language patterns to better impersonate the target. Source: http://securitywatch.pcmag.com/security/314402-smart-bot-reads-your-facebook-mimics-you-in-spear-phishing-messages
44. August 2, Techworld – (International) Phishing attacks show sudden drop as criminals use servers for DDoS. The Anti-Phishing Working Group released their first quarter 2013 report, which found that detected phishing Web sites fell 20 percent in the quarter as cybercriminals switched servers to malware distribution or distributed denial of service (DDoS) attacks. Source: http://news.techworld.com/security/3462159/phishing-attacks-show-sudden-drop-as-criminals-use-servers-for-ddos/
45. August 2, Computerworld – (International) Attackers turning to legit cloud services firms to plant malware. A researcher at Zscaler presented findings at the Black Hat 2013 conference that showed cybercriminals are increasing their use of legitimate cloud services to distribute their malware. Source: https://www.computerworld.com/s/article/9241324/Attackers_turning_to_legit_cloud_services_firms_to_plant_malware
46. August 2, MIT Technology Review – (International) Chinese hacking team caught taking over decoy water plant. A Trend Micro researcher presented the results of a project which set up fake industrial control systems purporting to be connected to water plant systems, and found that the Comment Crew/APT1 Chinese hacking group had targeted and compromised one decoy system, among other project results. Source: http://www.technologyreview.com/news/517786/chinese-hacking-team-caught-taking-over-decoy-water-plant/
47. August 3, Lakeland Ledger – (Florida) Cable service disrupted. An unspecified disruption caused cable, telephone, and Internet service to be lost for much of August 3 for Bright House Network customers throughout Tampa Bay. Source: http://www.theledger.com/article/20130803/news/130809744
48. August 2, Albany Times Union – (New York) Fairpoint restores phone service. Approximately 1,500 Columbia County residents lost phone service for about 2 hours August 2 after equipment failure at Fairpoint Communications. Source: http://www.timesunion.com/local/article/Fairpoint-phone-outage-resolved-4703194.php
Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Content and Suggestions: Send mail to email@example.com or contact the DHS Daily Report Team at (703)387-2314
Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.
Removal from Distribution List: Send mail to firstname.lastname@example.org.
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at email@example.com or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at firstname.lastname@example.org or visit their Web page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.