Tuesday, September 18, 2012
Daily Report
Top Stories
• Hundreds of residents in Mishawaka, Indiana,
returned home September 15 after a chemical fire at a vacant plant in the midst
of a federal cleanup forced them, and many area businesses to evacuate. – Associated
Press
5. September 17, Associated Press – (Indiana) Evacuation
order lifted after Indiana chemical fire. Hundreds of residents in
Mishawaka, Indiana, returned home early September 15 after a chemical fire at a
vacant plant in the midst of a federally supervised cleanup ousted them from
their homes. The all-clear was given after air monitoring showed it was safe
for residents to return home within a 1-mile radius of the old Baycote factory.
The Mishawaka battalion chief said the September 14 fire released a chemical
vapor cloud of unknown substances, noting that about 200 people live or work at
businesses in the evacuation zone. The Baycote complex was once an
electroplating and metal-finishing business, but it has been vacant since 2008.
The U.S. Environmental Protection Agency (EPA) began cleaning up the site in
the spring of 2012. The EPA on-scene coordinator said more than 50,000 gallons
of liquid and solid chemicals were stored there when the cleanup started, but
most of the material was already removed. He said chemicals that a crew put
into a plastic-lined cardboard box self-combusted and caught fire early the
evening of September 14 — hours after the workers left the building. He said
the white cloud the fire made may have contained hydrogen cyanide, hydrogen
sulfide, and sulfur dioxide. The fire was confined to the storage container.
The EPA plans to analyze what caused the fire and reassess its approach to
removing the remaining chemicals from the site, the on-site coordinator said. Source:
http://www.manufacturing.net/news/2012/09/evacuation-order-lifted-after-indiana-chemical-fire
• A deadly, drug-resistant superbug outbreak that
began during the 2011 summer at the National Institutes of Health Clinical
Center claimed its seventh victim September 7. – Washington Post
21. September 14, Washington Post – (Maryland) NIH
superbug claims 7th victim. A deadly, drug-resistant superbug outbreak that
began during the 2011 summer at the National Institutes of Health Clinical
Center claimed its seventh victim September 7, when a seriously ill boy from
Minnesota succumbed to a bloodstream infection, officials said September 14.
The boy was the 19th patient at the research hospital to contract an
antibiotic-resistant strain of the bacterium Klebsiella pneumoniae that arrived
in August 2011 with a New York woman who needed a lung transplant. But his case
marked the first new infection of this superbug at NIH since January — a
worrisome signal that the bug persists inside the huge brick-and-glass federal
facility in Bethesda, Maryland. Source: http://www.washingtonpost.com/national/health-science/nih-superbug-claims-7th-victim/2012/09/14/09b3742e-fe9b-11e1-b153-218509a954e1_story.html
• Government safety regulators are investigating
nearly 200,000 Ford Crown Victoria police cars due to complaints about
defective steering columns. – Associated Press
27. September 15, Associated Press – (National) Safety
regulators looking at Ford police cars. Government safety regulators are
investigating Ford‘s Crown Victoria police cars due to complaints about
defective steering columns, the Associated Press reported September 15. The probe
affects about 195,000 cars from the 2005 through 2008 model years. The
government has received three complaints that part of the steering column can
separate and cause loss of steering control. No crashes or injuries were
reported, the National Highway Traffic Safety Administration said in documents
posted September 15 on its Web site. Investigators will determine if the cars
have a safety defect and whether a recall is needed. So far the vehicles have
not been recalled. A Ford spokeswoman said that the company is aware of the
investigation and is cooperating. The investigation only affects police
versions of the Crown Victoria, she said. The Montgomery County, Maryland,
Police Department said earlier the week of September 10 it was inspecting its
324 Crown Victorias because of a steering problem with its cruisers. Police in
Tucson, Arizona also recently began inspecting its fleet of Crown Victorias.
The police officer union says that at least six vehicles were found to be
deficient and in need of repair. Source: http://www.dailyherald.com/article/20120915/business/709159881/
• Microsoft researchers investigating counterfeit
software in China found that new systems being booted for the first time were
already compromised with botnet malware. – PCWorld See item 35 below in the Information Technology Sector
• A man accused of trying to detonate a car bomb
outside a bar in Chicago was scheduled to appear in federal court September 17.
– Associated Press; WMAQ 5 Chicago
42. September 17, Associated Press; WMAQ 5 Chicago –
(Illinois) Teen charged with Chicago bomb plot due in court. A man
accused of trying to detonate a car bomb outside a bar in downtown Chicago was
scheduled to appear in federal court September 17. Prosecutors said an
undercover agent gave the man a phony car bomb and watched him press the
trigger. He was charged with attempting to use a weapon of mass destruction and
attempting to damage and destroy a building with an explosive. Federal
prosecutors said the device was harmless and the public was never at risk. An affidavit
said the man was active in jihadist Internet forums. The FBI said he searched
online for information about making bombs and he was offered several chances to
walk away from the plot. He was arrested September 14. Source: http://www.nbcchicago.com/news/local/Teen-Charged-With-Chicago-Bomb-Plot-Due-in-Court-170010526.html#ixzz26kAmIgLL
Details
Banking and Finance Sector
10. September
14, WAPT 16 Jackson – (Mississippi) Woman says men strapped bomb to her, told her
to rob bank. A woman told police that she was forced to strap on a backpack
she thought contained explosives and was told to rob a Canton, Mississippi
bank, the Associated Press reported September 14. The woman walked into a
Trustmark bank and told employees she had a bomb and they should call police,
the Canton police chief said. She told police that two men attacked and
kidnapped her near a gas station in Canton. The men threatened to kill the
woman and hurt her child if she did not rob the bank, the police chief said.
She told police the men told her to keep the bank doors open so they could
watch her during the robbery. Police closed down some of the streets in the
area for several hours and told residents they were to stay inside with their
doors locked. FBI officials said it had not been determined if the device was
an actual bomb. The backpack was safely detonated by bomb squad members. Source:
http://www.wapt.com/news/central-mississippi/Police-Men-strapped-bomb-to-woman-told-her-to-rob-bank/-/9156946/16604466/-/r8nyof/-/index.html
11. September
14, KCBS 2 Los Angeles – (California) ‘Desperate Bandit’
strikes again in Tustin, Chino. Officials said the ―Desperate Bandit‖ hit a
Tustin, California bank September 14, and also robbed a bank in Chino later
that day. In the first robbery, the FBI said the man walked into a Bank of the
West branch, passed a note to a teller, and left with about $240. The bandit is
also believed to have previously robbed US Bank branches in Chino and Anaheim.
In each of the reported robberies, the suspect has handed over typed notes and
describes his financial situation as ―desperate,‖ hence the nickname. Source: http://losangeles.cbslocal.com/2012/09/14/desperate-bandit-strikes-again-in-tustin-chino/
12. September
14, Associated Press – (National) 7 charged in $17M multistate fraud schemes. A
federal indictment unsealed September 14 charged seven people with running a
multistate Ponzi scheme and related mortgage fraud scams that prosecutors said
cost investors and lenders a combined $17 million. The years-long investigation
resulted in the arrest of a man and his father-in-law, who were charged with
operating Loomis Wealth Solutions, a fraudulent California-based investment fund
that cost more than 100 investors more than $7 million. They and five other
defendants are also charged in a 50-count indictment with costing lenders $10
million in losses through two mortgage fraud schemes involving about 200
properties in Arizona, California, Florida, and elsewhere. Source: http://www.mercurynews.com/breaking-news/ci_21548696/7-charged-17m-multistate-fraud-schemes
13. September
13, Bloomberg News – (National) Canadian man pleads guilty in $130 million Ponzi
scheme. A Canadian man pleaded guilty to charges he ran a $130 million
Ponzi scheme selling fraudulent certificates of deposit to 1,200 people through
banking entities he controlled, U.S. prosecutors said. The man admitted that
from January 2004 to March 2009 he and others sold more than $129.5 million of
bogus CDs to investors, causing losses of more than $75 million. He pleaded
guilty to 18 counts of conspiracy, mail and wire fraud, and tax evasion,
prosecutors said. The man surrendered voluntarily, has been in custody since
April, and is cooperating with the government to recover funds, his lawyer
said. He faces as long as 20 years in prison and a fine of twice the loss for
the most serious charges. Source: http://www.bloomberg.com/news/2012-09-14/canadian-man-pleads-guilty-in-130-million-ponzi-scheme.html
Information Technology Sector
31. September
17, The H – (International) Attackers exploit unpatched Internet Explorer
vulnerability. According to a security specialist, a security hole in
Microsoft‘s Internet Explorer (IE) Web browser is being used by cyber criminals
to infect computers with malware. The vulnerability, which was apparently
unknown and unpatched until now, appears to hinge on how IE handles arrays in
HTML files. So far, the attackers only targeted versions 7 and 8 of IE on fully
patched Windows XP SP3 systems; it is not yet certain whether the exploit can
be used with other software combinations. The specialist discovered the code on
a server apparently being used for targeted attacks by the Chinese hacker group
known as the Nitro gang. The first exploit for the critical Java vulnerability
Oracle fixed with an emergency patch in August was also found on a server that
appears to be linked to the Nitro gang. In the current attack, a specially
prepared Web page executes a Flash applet that uses heap spraying to distribute
shellcode in the system memory. It then reloads an iframe that uses the IE
vulnerability to run the shellcode. An analysis from security firm Alien Vault
found the remote administration tool Poison Ivy is currently being distributed
in this way to give the attackers complete access to the infected system.
Source: http://www.h-online.com/security/news/item/Attackers-exploit-unpatched-Internet-Explorer-vulnerability-1709592.html
32. September
17, Help Net Security – (International) LinkedIn-themed
spam using data stolen in June breach? Spoofed LinkedIn emails notifying
recipients of messages requiring their attention are not new, but ones being
distributed recently appear to be more targeted than usual. The emails
supposedly come from LinkedIn Reminders and usually contain ―There are a total
of messages awaiting your response‖ in the subject line. What makes this spam
run different is that most of them landed in real accounts instead of spam
traps, making Avira‘s researchers suspect the spammers have access to
information stolen from the professional social network during the June breach.
If that is true, the scammers are probably having more success than usual in
trying to get users to follow the offered link. While the link‘s destination is
an online pharmacy presenting no immediate danger to users, the destination can
be changed at any time, and lead them to Web sites serving malware. Source: http://www.net-security.org/secworld.php?id=13607
33. September
15, V3.co.uk – (International) Stolen iOS data used as malware lure. The
recent high-profile breach of Apple iOS device data has become the latest lure
for malware writers looking to infect users. Researchers with McAfee discovered
a series of files being advertised on download services as an archive of the
data stolen by hackers affiliated with the Anonymous AntiSec campaign. Though
the hackers claimed the data was lifted from the personal laptop of an FBI
agent, the bureau denied the claim and a U.S. publisher later took the blame
for the breach. According to a McAfee senior threat researcher, the attackers
hid a trojan as a file made to look as if it contained the hacked data. ―As you
might have guessed, this file is not the real list but an ‗exe‘ file and, of
course, a malware,‖ he said. ―[W]e recommend you take care before downloading
an alleged sensational file.‖ Source: http://www.v3.co.uk/v3-uk/news/2205805/stolen-ios-data-used-as-malware-lure
34. September
14, Threatpost – (International) Tool scans for RTF files spreading malware in
targeted attacks. Exploits embedded inside Microsoft Office documents such
as Word, PDFs, and Excel spreadsheets have been at the core of many targeted
attacks during the past 2 years. Detection of these attack methods is improving
and hackers are recognizing the need for new avenues into enterprise networks.
Some have been finding success using rich text format (RTF) files to spread
malware that exploits Office vulnerabilities. In June, a researcher reported
she collected 90 RTF files over the course of 3 months, many with China-related
file names and many targeting specific industries. All of them were exploiting
CVE-2012-0158, a vulnerability in Active X controls within MSCOMCTL.OCX—OLE
files developed by Microsoft to allow object linking and embedding to documents
and other files. Source: http://threatpost.com/en_us/blogs/tool-scans-rtf-files-spreading-malware-targeted-attacks-091412
35. September 14, PCWorld – (International) Your PC
may come with malware pre-installed. Microsoft researchers investigating
counterfeit software in China found that new systems being booted for the first
time were already compromised with botnet malware right out of the box.
Microsoft filed a computer fraud suit against a Web domain registered to a
Chinese businessman. The suit alleges the Nitol malware on the new PCs points
the compromised systems to 3322.org. Microsoft believes the site is a major hub
of malware and malicious online activity. Microsoft claimed that the site in
question hosts Nitol, as well as 500 other types of malware. A Washington Post
report stated it is the largest single repository of malicious software ever
encountered by Microsoft. Source: http://www.pcworld.com/article/262325/your_pc_may_come_with_malware_pre_installed.html
36. September 14, Threatpost – (International) Fake
ADP and FDIC notifications leading users to Blackhole Exploit Kit. The latest
iteration of the Blackhole Exploit Kit hit the Web the week of September 10 and
attackers spread links to get unsuspecting victims to click through to the
first version of the kit. Email notifications claiming to come from Microsoft
Exchange, ADP, the Federal Deposit Insurance Corporation (FDIC), and other
purported ―trusted sources‖ were spotted leading Web users to pages hosting the
original exploit kit. A notification claiming to come from payroll services
company ADP tries to trick employees into clicking through to what appears to
be their Online Invoice Management account to ―protect the security of [their]
data.‖ An email disguised as a voicemail notification from Microsoft Exchange
Server tries to get users to click a link to listen to a voicemail. An email
that appears to be from the FDIC tries to get users to click to download ―a new
security version.‖ Source: http://threatpost.com/en_us/blogs/fake-adp-and-fdic-notifications-leading-users-blackhole-exploit-kit-091412
Communications Sector
37. September
15, Greenville News – (South Carolina) Damage costly as highwire copper thieves
disrupt cable service. Authorities in South Carolina are looking for the
copper thief or thieves who ―somehow reached the cable/phone lines measuring
from one telephone pole to another (which is approximately 400 feet and
approximately 35 feet from ground), cutting them, stealing the copper wiring,
fibrotic cables and metal conduit lines,‖ according to a Spartanburg County
sheriff‘s report. Neighbors reported loss of service beginning September 14.
The theft in Chesnee involved equipment belonging to Chesnee Communications and
Charter Communications, and will result in roughly $10,000 in repairs for each
company, a sheriff‘s deputy said. Source: http://www.greenvilleonline.com/article/20120915/NEWS/309150111/Damage-costly-highwire-copper-thieves-disrupt-cable-service?odyssey=tab|topnews|text|FRONTPAGE&gcheck=1&nclick_check=1
For another story, see item 33
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.
No comments:
Post a Comment