Tuesday, October 2, 2012
Daily Report
Top Stories
• Millions of pounds of unexploded bombs
dumped in the Gulf of Mexico by the U.S. government after World War II pose a
significant risk to offshore drilling, according to Texas oceanographers. – Reuters
5.
September 28, Reuters – (National) Unexploded
bombs lurk in U.S. offshore oil patch: Experts. Millions of pounds of
unexploded bombs dumped in the Gulf of Mexico by the U.S. government after
World War II pose a significant risk to offshore drilling, according to Texas
oceanographers, Reuters reported September 28. The United States, along with
other governments, dumped munitions and chemical weapons in oceans from 1946
until the practice was banned in the 1970s by U.S. law and international
treaty, said a Texas A&M University professor of oceanography. As
technological advances allow oil companies to push deeper into the waters of
the Gulf of Mexico, these forgotten hazards pose a threat as the industry picks
up the pace of drilling after BP Plc‘s deadly Macondo well blowout in 2010.
Unexploded ordnance has been found in the offshore zone known as Mississippi
Canyon where the Macondo well was drilled. The Bureau of Ocean Energy
Management will auction 38 million acres of oil and gas leases in the central
gulf in March. The U.S. government designated disposal areas for unexploded
ordnance off the Atlantic and Pacific coasts, as well as in the Gulf of Mexico.
However, nearly 70 years after the areas were created, no one knows exactly how
much was dumped, or where the weapons are, or whether they present a danger to
humans or marine life. In 2011, BP shut its Key Forties crude pipeline in the
North Seas for 5 days while it removed a 13-foot unexploded German mine found
resting next to the pipeline that transports up to 40 percent of the United
Kingdom‘s oil product. Source: http://news.yahoo.com/unexploded-bombs-lurk-u-offshore-oil-patch-experts-173754705.html
• The U.S. Air Force is investigating severed
wires found during scheduled maintenance on a Joint Surveillance Target Attack
Radar System aircraft at Northrop Grumman in Lake Charles, Louisiana. – Associated
Press
11.
October 1, Associated Press –
(Louisiana) How did wires get cut on military plane? The U.S. Air Force
is investigating severed wires found during scheduled maintenance on a Joint
Surveillance Target Attack Radar System aircraft at Northrop Grumman in Lake
Charles, Louisiana, the Associated Press reported October 1. The Lake Charles
American Press quoted a Robins Air Force Base spokeswoman in Georgia as saying
the Air Force and Northrop Grumman are working together to learn how the wires
were cut. A company spokesman said Northrop Grumman is supporting the Air Force
in the investigation. Source: http://www.sacbee.com/2012/10/01/4869264/how-did-wires-get-cut-on-military.html
• The hackers who claimed credit for
cyberattacks that disrupted the online operations of several U.S. banks the
week of September 24 had technical capability greater than the typical
hacktivist, said a security expert. – CSO Online See item 18 below in the Information Technology Sector
• A report said employees at Amtrak, the
nation‘s largest passenger rail carrier, failed drug and alcohol tests at a 51
percent higher rate than the industry average. – CNN
22. October
1, CNN – (National) Report: Amtrak employees failing drug, alcohol
tests at alarming rate. A report blasts Amtrak, the nation‘s largest
passenger rail carrier, for dangerously overlooking drug and alcohol use by its
employees, CNN reported October 1. The report released September 27, an
internal audit by Amtrak‘s Office of Inspector General, says drug and alcohol
use by employees has steadily risen since 2006. The majority of employees who
failed drug tests were reported to have tested positive for cocaine and
marijuana, according to the report. Amtrak‘s employees failed drug and alcohol
tests at a staggering 51 percent higher rate than the rail industry average,
the report says. Amtrak officials estimated that they have spent $1.5 million
to screen employees in 2012 alone, but employees have exceeded industry
averages failing drug tests in each of the past 5 years. Federal regulations
requiring railroad companies to implement drug and alcohol testing were put in
place after a deadly 1987 Amtrak collision with a freight train in Chase,
Maryland. In that accident, investigators concluded that a Conrail freight
train engineer was under the influence of marijuana and ran three signals
before colliding with the passenger train, killing 16. The report suggested many
ways Amtrak could prevent employees from showing up to work drunk and on
illegal drugs. The recommendations include increasing the frequency of drug and
alcohol testing, reviewing results and comparing them to industry averages,
demonstrating that drug and alcohol control is a priority for Amtrak senior
management, improving the physical observation of employees, and increased
training of supervisors. Source: http://www.cnn.com/2012/09/28/travel/amtrak-drug-alcohol-tests/index.html
Details
Banking and Finance Sector
13. October
1, Cherry Hill Courier-Post – (Pennsylvania; New Jersey) Glassboro
man pleads guilty to loan fraud. A Glassboro, New Jersey man, who owns more
than 300 rental properties in Philadelphia, pleaded guilty October 1 to two
counts of loan fraud. The man pledged almost 200 homes to secure a pair of
loans worth some $10 million, but he did not have clear title to the
properties, said the U.S. attorney‘s office. He also inflated the value of
rents and forged leases, the federal prosecutor said. He obtained the loans in
2007 and defaulted a year later. Authorities said he borrowed more than $3
million from East River Bank and Polonia Bank, and more than $6.6 million from
Republic First Bank. Source: http://www.courierpostonline.com/article/20121001/NEWS/310010022/Glassboro-man-pleads-guilty-loan-fraud?odyssey=nav|head
14. October
1, Los Angeles Times – (National) American Express to refund $85 million to credit
card customers. American Express Co. agreed to refund $85 million to
250,000 customers and pay $27.5 million in civil penalties after federal and
State regulators found numerous violations of consumer protection laws. Among
the alleged infractions were misleading some people who signed up for the
company‘s Blue Sky credit card program into believing they would get a $300
payment they never received, charging improper late payments, and deceiving
customers about the benefits of paying off old debts, the regulators said. The
agency was among several regulators that conducted the investigation, which
involved three American Express subsidiaries — American Express Centurion Bank,
American Express Travel Related Services Co., and American Express Bank.
Source: http://www.latimes.com/business/money/la-fi-mo-american-express-refund-fine-credit-card-20121001,0,238756.story
15. September
29, KABC 7 Los Angeles – (California) ‘Desperate Bandit’ robs US
Bank in Placentia. A serial bank robber, dubbed by the FBI as ―The
Desperate Bandit,‖ struck again at a U.S. Bank in Placentia, California,
September 28. He presented the teller a note stating that he was armed, but no
weapon was seen. He fled the scene with an undisclosed amount of cash.
Authorities said that in previous bank robberies, his note said, ―I am
desperate.‖ The suspect has robbed five banks, including one in Chino August 8,
and another in Anaheim Hills September 5. September 14 he struck two banks, one
in Tustin and one in Corona. Source: http://abclocal.go.com/kabc/story?section=news/local/orange_county&id=8829329
16. September
29, San Antonio Express-News – (Texas; International) U.S.
agents try to seize $1.2 million more in probe of ex-Mexican treasurer. Federal
authorities are trying to keep more than $1.2 million in a brokerage account of
a Texas company linked to a former treasurer of neighboring Coahuila state,
Mexico, as part of a money-laundering investigation, the San Antonio
Express-News reported September 29. The money is in a JP Morgan Chase Bank
brokerage account in the name of Peninsula South Padre I LLC. Public records
list as a company manager a man who was detained in February with the former
Coahuila treasurer by sheriff‘s deputies in east Texas, only to be let go by
federal authorities. The company is also listed as the owner of a pair of
commercial properties in Brownsville that federal authorities are trying to
seize. The forfeiture case was the latest development in a series of attempts by
law enforcement to seize an additional $6.5 million in bank accounts, and a
dozen properties in San Antonio, South Padre Island, and the Rio Grande Valley,
worth $20 million. Prosecutors have said in court documents that the properties
were purchased with laundered money. Source: http://www.mysanantonio.com/news/local_news/article/U-S-agents-seize-1-2-million-more-in-probe-of-3903644.php
17. September
28, New York Times – (National) Ex-SAC analyst pleads guilty in insider trading
conspiracy. A onetime technology industry analyst at SAC Capital Advisors
pleaded guilty September 28 to insider trading, the fourth former SAC employee
to admit to illegal trading while employed at the fund. Federal prosecutors
contend that several SAC members were part of a seven-person conspiracy — a
―circle of friends‖ — that earned about $62 million in illegal gains trading on
secret tips from executives at publicly traded technology companies. The former
analyst was the fifth person to plead guilty and cooperate with the government.
SAC has been a focus of federal authorities since the government began its
crackdown on insider trading at hedge funds in 2007. Source: http://dealbook.nytimes.com/2012/09/28/ex-sac-analyst-pleads-guilty-in-insider-trading-conspiracy/
18. September
28, CSO Online – (International) Bank attackers more sophisticated than
typical hacktivists, expert says. The hackers who said they were behind
cyberattacks that disrupted the online operations of several U.S. banks the
week of September 24 had technical firepower that went beyond the typical
hacktivist, said one security expert. Experts debated the methods used in
cyber-assaults on Wells Fargo, U.S. Bank, and PNC Bank, each struck on separate
days, CSO Online reported September 28. The senior security evangelist at
Akamai said the banks‘ Web servers were hit by as much as 65 gigabits of
traffic per second, roughly as much as 60 times greater than the typical denial
of service attack launched by hactivists. Also, the attackers used a single
toolkit in building the programs that sent mostly junk data over the Internet
to the banks‘ servers, he said. Hactivists typically use multiple toolkits
running programs spread across compromised computers and systems of
sympathizers. The attack traffic Akamai confronted was ―fairly uniform,‖ he
said. ―This does not happen with a hacktivist mob.‖ A security researcher for
FireEye who monitored the attack traffic has said he believes it was generated
on hundreds of thousands of computers, many of which were likely owned by
sympathizers of the attackers recruited through Web sites and social networks.
He stuck by his people-powered theory, but agreed the attackers could have used
a combination of servers and personal computers, some compromised and some
belonging to sympathizers. Source: http://www.csoonline.com/article/717603/bank-attackers-more-sophisticated-than-typical-hacktivists-expert-says
19. September
28, San Gabriel Valley Newspapers – (California) FBI seeks
‘Don’t Even’ bandit for bank robberies in San Gabriel Valley, Inland Empire. A
September 27 bank robbery in Rosemead, California, was the work of a serial
bandit linked to at least five bank robberies and attempted robberies
throughout Los Angeles and San Bernardino counties, officials said September
28. In addition to the robbery at a Bank of the West branch, the ―Don‘t Even
Bandit‖ is also sought in connection with four other bank robberies in
Alhambra, Covina, Fontana, and Ontario dating back to August 27, FBI officials
said. ―He got his name based on witnesses describing that his verbal demands
included the threatening language, ‗don‘t even,‘ ‖ a FBI spokeswoman said. In
all five crimes, the bandit‘s tactics were similar. In addition to verbally
demanding cash, the robber passes a teller a note. No weapon was seen during
the crimes, however because of the violent nature of bank robbery, the FBI
spokeswoman said the suspect is considered ―armed and dangerous.‖ Source: http://www.pasadenastarnews.com/ci_21654351/fbi-seeks-dont-even-bandit-bank-robberies-san
20. September
28, WINK 11 Fort Myers – (Florida; National) 80 fraudulent credit
cards found in suspect’s vehicle. Lee County, Florida sheriff deputies
arrested a man September 27 on counterfeit credit card trafficking charges
after finding 80 fraudulent credit cards and 32 gift cards in his car after a
traffic stop, along with a credit card scanner. Fifteen of the cards were
confirmed to have stolen credit card information programmed onto them. A
computer check revealed the man had been arrested in New York, New Jersey,
Indiana, and Connecticut on fraudulent credit card charges. Source: http://www.winknews.com/Local-Florida/2012-09-28/80-fraudulent-credit-cards-found-in-suspects-vehicle#.UGYJQJjA-NA
21. September
28, Richmond Times-Dispatch – (Virginia) Petersburg man
accused of impersonating CIA officer in bank robbery scheme. A federal
grand jury indicted a man September 27 on charges of impersonating a Central
Intelligence Agency (CIA) officer and using that role to recruit others to rob
banks in northern Virginia. The man faced charges of impersonating a government
official and three counts of attempted bank robbery, the U.S. attorney‘s office
said in a news release. According to the indictment, the man allegedly
pretended to be an employee and officer of the CIA and solicited others to rob
banks on behalf of the U.S. government. In June, he was alleged to have
directed the attempted robbery of one bank in Fairfax County and of two banks
in Alexandria, according to the indictment. Source: http://www2.timesdispatch.com/news/2012/sep/28/petersburg-man-accused-impersonating-cia-officer-b-ar-2242235/
Information Technology Sector
51. October
1, Softpedia – (International) Brute force attack can break PINs of Cisco
CallManager accounts, researcher finds. While performing a review of
Cisco‘s Unified Communications Manager (CallManager), a software-based
call-processing system, a security researcher found a way to break the PINs of
registered accounts by performing a brute force attack. ―When looking at the
phone handset configuration, some URLs are set to allow the handset to retrieve
Personal Address Book details or access the Fast Dials. That caught my
attention and I immediately pointed my web proxy to those URLs, forgetting
about the handset interface,‖ the expert explained. The researcher noticed the
handset itself is actually performing simple GET HTTP requests to the
CallManager to initiate the log-in sequence. The response contains a ―sid‖
token which is needed to perform the brute force attack. Since it is not
possible to perform a userID enumeration, the attack is done with an
application such as Burp. Source: http://news.softpedia.com/news/Brute-Force-Attack-Can-Break-PIN-of-Cisco-CallManager-Researcher-Finds-295989.shtml
52. September
29, Softpedia – (International) Mobile ‘visual malware’ able to reconstruct
3D model of victim’s environment. Researchers from the Naval Surface
Warfare Center and Indiana University created a piece of ―visual malware‖
called PlaceRaider that is able to create an accurate 3D model of the user‘s
indoor environment by taking pictures and collecting data from other sensors.
The model created by PlaceRaider does not only contain the big picture, but
also the objects present in the environment, which could be anything from
credit cards, financial documents, information from computer monitors, and
other sensitive data. Source: http://news.softpedia.com/news/Mobile-Visual-Malware-Able-to-Construct-3D-Model-of-Victim-s-Environment-295554.shtml
53. September
28, Army Times – (International) MoH, DSC recipients’ Social Security numbers
exposed. A defense contractor‘s data breach left vulnerable the U.S. Army‘s
most highly decorated soldiers when a comprehensive awards database — including
Social Security numbers — was available online, Army Times learned. The exposed
database contains 31 Social Security numbers for 6 Medal of Honor recipients
and 25 Distinguished Service Cross recipients since September 11, 2011. The
database, which contains 518 records of award recipients, appeared to have been
accessed online by an employee of Brightline Interactive, a creative services
firm in Alexandria, Virginia. The database was closed to the public after Army
Times notified Army officials, who notified the contractor of the breach.
Source: http://www.armytimes.com/news/2012/09/army_breach1_092812w
54. September 28, Softpedia – (International) Expert finds
XSS flaw on eBay after bypassing ‘filtering mechanisms’. eBay listed a
security researcher in its hall of fame after the expert managed to identify a
―very unusual‖ non-persistent cross-site scripting (XSS) vulnerability. ―There
was a WAF/IPS in place which was filtering out the html and JavaScript being
embedded into the page. I managed to bypass the filtering mechanism of eBay and
was able to run my html code and JavaScript,‖ the expert explained. To
demonstrate his findings, he published a proof-of-concept (PoC) video in which
he details how he managed to bypass the filter. The researcher claims he also
identified high-risk vulnerabilities on Web sites owned by Adobe and Apple. The
PoCs for these particular security holes will be released as soon as the
companies address the problems. Source: http://news.softpedia.com/news/Expert-Finds-XSS-Flaw-on-eBay-After-Bypassing-Filtering-Mechanisms-295397.shtml
55. September 28, Computer Weekly – (International) Phishing
attacks cast wider nets in businesses. Phishing attacks are moving from
targeting a few key employees in businesses to much wider groups of employees,
according to corporate security awareness training company PhishMe. ―Once they
are in, attackers are using what they learn about the environment to attack bigger
groups,‖ said the company‘s vice-president of product management and services.
Some organizations are seeing phishing campaigns targeted at up to 250
employees at a time, but using slightly different fake emails to avoid
detections systems, he told Computer Weekly. Phishing attacks are also moving
away from using attachments because of greater awareness among corporate users
about the potential dangers of email attachments. Instead, they are using
emails about topical or local events likely to be of general interest to just
about anyone in the organization. Source: http://www.computerweekly.com/news/2240164139/Phishing-attacks-cast-wider-nets-in-businesses
For more stories, see items 17 and 18 above in the Banking and Financial Services Sector
Communications Sector
56. September
28, Beckley Register-Herald – (West Virginia) 4 accused of
copper theft arrested. Four Wyoming County, West Virginia residents were
arrested September 27 in connection with the copper theft earlier the week of
September 24 that left about 1,300 people without phone service, according to
the sheriff. One man was charged with grand larceny, felony destruction of
property, and theft resulting in loss of phone service, which is also a felony,
the sheriff said. The rest of the suspects were charged with grand larceny,
felony destruction of property, and theft resulting in loss of phone service.
The four were caught after trying to sell the copper to a recycling center in
Raleigh County. The State police were notified and the vehicle was stopped a
short time later with the copper still in the vehicle. Bond was set at $100,000
each. All four were remanded to Southern Regional Jail. Source: http://www.register-herald.com/local/x1241986982/4-accused-of-copper-theft-arrested
For another story, see
item 51 above in the Information Technology Sector
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.
No comments:
Post a Comment