Monday, November 5, 2012
Daily Report
Top Stories
• Widespread gas shortages stirred fears among
residents and disrupted some rescue and emergency services in New York and New
Jersey November 1. – New York Times
3. November
1, New York Times – (New Jersey; New York) Gasoline runs short, adding woes to
storm recovery. Widespread gas shortages stirred fears among residents and
disrupted some rescue and emergency services November 1 as the New York region
struggled to return to a semblance of normalcy after being ravaged by Hurricane
Sandy, the New York Times reported November 1. Four days after the hurricane,
the effort to secure enough gas for the region moved to the forefront of
recovery work. The problems affected even New York City, where the Taxi
Commission warned that the suddenly indispensable fleet of yellow cabs would
thin significantly November 2 because of the fuel shortage. According to
figures from the American Automobile Association, of the gas stations it
monitors, roughly 60 percent of stations in New Jersey and 70 percent on Long
Island were closed. At stations that were open, nerves frayed. Fights broke out
November 1 at the block-long Hess station on 10th Avenue in Midtown Manhattan,
forcing the Police Department to send three officers to keep the peace, a
police official said. The police had to close two lanes of the broad
thoroughfare to accommodate a line of customers stretching eight blocks, to
37th Street. The ports and refineries that supply much of the region‘s gas were
shut down in advance
of the storm and were damaged by it. That disrupted deliveries to gas stations
that had power to pump the fuel. However, the bigger problem was that many
stations and storage facilities remained without power. Politicians were
scrambling November 1 to increase the supply of fuel — the Port of New York and
New Jersey opened just enough to allow boats carrying gas to move, and the
governor of New Jersey waived restrictions that make it harder for stations to
buy gas from out-of-State suppliers. He said that the U.S. President sent
250,000 gallons of gas and 500,000 gallons of diesel fuel to the State through
the Department of Defense, and he pledged to send more if needed. Source: http://www.nytimes.com/2012/11/02/nyregion/gasoline-shortages-disrupting-recovery-from-hurricane.html?ref=us&_r=1&&pagewanted=all
• Nine more cases of fungal meningitis were
reported from an outbreak tied to steroid medications shipped by a
Massachusetts company, bringing the national total to 377 cases, U.S. health
officials said November 1. – Reuters
27. November
1, Reuters – (National) Nine more cases of meningitis reported in
outbreak. Nine more cases of deadly fungal meningitis were reported from an
outbreak tied to steroid medications shipped by a Massachusetts company,
bringing the national total to 377 cases, U.S. health officials said November
1. The Centers for Disease Control and Prevention (CDC) said Virginia revised
down the number of deaths from three to two, reducing the national fatality
total to 28. The CDC gave no reason for the revision. In addition to the 377
cases of meningitis, the CDC said there also were 9 reported cases of
infections after a potentially contaminated steroid was injected into a joint
such as a knee, hip, shoulder, or elbow, bringing the total number of
infections nationwide to 386. The steroid was supplied by New England
Compounding Center of Massachusetts, which faces multiple investigations.
Health authorities said its facility near Boston failed to make medications in
sterile conditions. Source:
http://news.yahoo.com/nine-more-cases-meningitis-reported-outbreak-233744039.html
• Hurricane Sandy will likely cost
telephone and cable service providers hundreds of millions of dollars, with
companies such as Verizon Communications and Cablevision Systems Corp. hit
hardest, according to analysts. – Reuters
31. November 1, Reuters – (New York) Sandy caused ‘major
damage’ to U.N. headquarters: Official. The United Nations (U.N.)
headquarters suffered severe damage when Hurricane Sandy caused heavy flooding
at the world body‘s Manhattan complex along the East River, the U.N. security
chief said November 1. Sandy made landfall in New York City October 29. The
storm surge from the East River also affected the United Nations, which
remained shut from October 29-October 31. ―Tuesday morning it became evident
that we had suffered pretty major damage in the United Nations,‖ the U.N.
under-secretary-general for safety and security told reporters. ―The storm
surge, which was higher than anyone predicted, came over the FDR Drive, came
into the service drive at the 3B (basement) level of the United Nations, rose
above our loading dock levels of the 3B and then started plummeting down into
the lower levels of the United Nations,‖ he said. He said this caused problems
with the U.N. complex‘s chilled-air plant, electrical operations, and
communications. ―We are not back to full operations,‖ he said. ―We clearly have
some damage to our communications systems.‖ The U.N. secretary-general‘s chief
of staff said U.N. peacekeeping, humanitarian, and other operations worldwide
were not affected by the impact Sandy had on United Nations headquarters in New
York City. U.N. officials told reporters that they expected U.N. Web sites to
be operational November 1, and that some were already functional. Many U.N. Web
sites have been out of operation since October 29. Source: http://www.chicagotribune.com/news/sns-rt-us-storm-sandy-unbre8a01k7-20121101,0,3559583.story
• The final repair bill for the Army Corps of
Engineers‘ Omaha District totaled $360 million. Levee rehabilitation work came
to $160 million and repairs to damages at the six mainstem dam projects totaled
$200 million. – Glasgow Courier
57. November 1, Glasgow
Courier – (National) $56M
awarded for dam repairs. The Army Corps of Engineers awarded the final
round of contracts for repairs throughout the Missouri River basin following
the flood of 2011, the Glasgow Courier reported November 1. The final repair
bill for the Corps‘ Omaha District totaled $360 million. Levee rehabilitation
work came to $160 million and repairs to damages at the six mainstem dam
projects totaled $200 million. The work on 15 levee systems is expected to be
complete by the spring of 2013. Completion of work on the dams will take a year
or more. According to a release from the Omaha District, examples of repair
work include spillway repairs, under seepage control systems, repairs to Corps-owned
levees that were scoured during the flood, relief wells, retaining walls, toe
drains, and other erosion repairs. Six projects totaling more than $56 million
were awarded for construction at the Fort Peck Dam and power plant. The Fort
Peck Project manager said several of the contracts were multi-year repairs
scheduled for completion in 2015. Source: http://www.glasgowcourier.com/cms/news/story-654901.html
Details
Banking and Finance Sector
8. November
2, Mlive.com – (Michigan) Grand Rapids businessman to plead in $12 million
mortgage fraud, federal records show. Court records showed the owner of the
Grand Rapids, Michigan real-estate title agency Prime Title Services agreed to
plead guilty in a $12 million mortgage scheme, MLive.com reported November 2.
He will plead guilty in U.S. District Court to conspiracy to commit wire fraud,
according to the plea agreement. The man owned the real estate title company
when he conspired with another person to defraud banks and title companies
between 2002 and 2006, authorities said. He allegedly concealed from mortgage
lenders and title companies prior liens and mortgages on properties that were
owned and sold by the co-conspirator and one of his companies. He also failed
to timely record new mortgages on properties owned by the co-conspirator and
his company at Register of Deeds offices, the plea agreement said. Source: http://www.mlive.com/news/grand-rapids/index.ssf/2012/11/grand_rapids_businessman_to_pl.html
9. November
2, City News Service – (California) Woman faces 30 years in $20 million mortgage
fraud. A Washington woman pleaded guilty in federal court to spearheading a
$20-million mortgage fraud scheme on about 30 properties in California‘s
Orange, Riverside, and San Bernardino counties, City News Service reported
November 2. The woman, who resides in Glenoma, Washington, pleaded guilty to
one count of mail fraud, according to an assistant U.S. Attorney. The woman and
several others conspired to fraudulently obtain loans by purchasing homes in
the names of various straw buyers, according to prosecutors. She offered to pay
the sellers substantially more than the asking price as long as they agreed to
give her the difference, prosecutors said. The loan applications in the name of
straw buyers she recruited inflated employment records, income, and assets.
Bank statements and other documents were forged to back up the bogus
information. She received more than $20 million in loans for about 30 properties
in the three counties. The straw buyers defaulted on the loans, leading to
foreclosure and losses of more than $11 million to the lenders, prosecutors
said. Source: http://lagunaniguel-danapoint.patch.com/articles/woman-faces-30-years-in-20-million-mortgage-fraud
10. November
1, WCMH 4 Columbus – (Ohio) Police arrest armed bank robbery suspect. An armed
man that allegedly robbed a Cambridge, Ohio bank November 1 was in custody, and
a bomb squad was called in to detonate what the suspect claimed was an
explosive device. Cambridge police said the suspect walked into a U.S. Bank and
handed the clerk a note demanding money. The suspect left with the cash, and
was confronted by a Cambridge Police officer. The suspect said he had an
explosive device, and the officer saw that he was armed with a handgun. The
officer took the suspect into custody with the help of a retired Columbus
Police officer who happened to be nearby. The suspect had two handguns on him
at the time of the arrest, according to police. The item the suspect claimed to
be an explosive device was secured and given to the bomb squad to be detonated.
The contents of the device were collected, and they were being analyzed by the
Ohio State Fire Marshal‘s Office. Source: http://www2.nbc4i.com/news/2012/nov/01/police-arrest-armed-bank-robbery-suspect-ar-1225719/
11. November
1, WBBM 2 Chicago – (Arizona; Florida) FTC sues robocallers over $30 million
scam. The U.S. Federal Trade Commission (FTC) sued five robocall companies
headquartered in Arizona and Florida for scamming individuals out of an
estimated $30 million in two years, WBBM 2 Chicago reported November 1.
According to the FTC, the companies would place automated calls to consumers
offering ―cardholder services,‖ with an opportunity to reduce the interest
rates on their credit cards. The firms Green Savers, Treasure Your Success,
Ambrosia Web Design, A+ Financial Center, and Key One Solutions allegedly
misled consumers into believing their credit card rates would be reduced. In
calls from those companies, telemarketers allegedly charged the victims
up-front fees ranging from a few hundred dollars to nearly $3,000, claiming the
consumer would see greater savings on their credit card bills through lower
rates. In some cases, the companies allegedly did not disclose the up-front fee
at all. However, consumers saw no savings on their bills, and often found it
difficult – if not impossible – to get a refund of the fee they paid. Source: http://chicago.cbslocal.com/2012/11/01/ftc-sues-robocallers-over-30-million-scam/
12. November
1, Associated Press – (Rhode Island) Ex-Red Sox star accused of fraud in Rhode
Island. Rhode Island‘s economic development agency sued a former Red Sox
pitcher and some of its former officials November 1, saying they misled the
State into approving a loan guarantee to the pitcher‘s failed video game
company. The collapse of the company, 38 Studios, is likely to leave the State
on the hook for $100 million. Among other things, the lawsuit said executives
at 38 Studios — as well as the former executive director of the agency and
others — knew the company would run out of money by 2012, but concealed that
knowledge from the agency board. Source: http://www.nytimes.com/2012/11/02/us/ex-red-sox-star-accused-of-fraud-in-rhode-island.html
13. October
30, Associated Press – (California) LA County man arrested in $49M investment scam. Federal
prosecutors arrested a Los Angeles County man on charges he ran a $49 million
fraudulent investment scheme, the Associated Press reported October 30. A U.S.
attorney spokesman said the man, the CEO and co-owner of Technology for
Telecommunication and Multimedia, Inc., was arrested without incident at his
home on 12 counts of wire fraud and other crimes. He is accused of bilking
investors with false promises that his day-trading would bring them substantial
profits, that their money was safe, and could be returned on request. However,
prosecutors said he used investor funds to pay for his family‘s expenses and
gambling, in addition to making bad trades. He also allegedly provided the FBI
with fraudulent documentation. Source: http://www.sfgate.com/news/crime/article/LA-County-man-arrested-in-49M-investment-scam-3994740.php
Information Technology Sector
38. November
2, The H – (International) Apple releases iOS 6 and Safari security
updates. Apple released updates for iOS 6, which include security fixes.
The iOS 6.0.1 update includes security fixes for the kernel, passcode locking,
and WebKit. The WebKit issues were also fixed in an update of the Safari Web
browser for Mac OS X. The kernel flaw allowed maliciously crafted applications
to bypass the Address Space Layout Randomization (ASLR) system and discover
kernel addresses. The passcode lock problem allowed anyone with physical access
to a device to gain access to the new Passbook application‘s passes which could
have included tickets, boarding passes, or vouchers. The two WebKit holes both opened
up the possibility of a malicious Web site either terminating the application
or running arbitrary code; one involved the checking of JavaScript arrays and
the other was a use-after-free issue with SVG images. Source: http://www.h-online.com/security/news/item/Apple-releases-iOS-6-and-Safari-security-updates-1742206.html
39. November
2, IDG News Service – (International) Firefox to force secure connections for
selected domains. Mozilla introduced a pre-loaded list of domains for
Firefox that only can be connected to securely in order to help protect the
privacy and security of users. To force secure connections between the browser
and a server, Mozilla uses HTTP Strict Transport Security (HSTS), a mechanism
used by servers to indicate that the connecting browser must use a secure
connection, according to a Mozilla developer. When the browser connects to an
HSTS server for the first time though, the browser does not know if it should
use a secure connection because it never received a HSTS header from that host.
―Consequently, an active network attacker could prevent the browser from ever
connecting securely (and even worse, the user may never realize something is
amiss),‖ the developer said, adding that setting up the connection that way
still leaves it vulnerable to attacks. As a workaround for that problem,
Mozilla added a list to Firefox with domains that the browser should only
connect to securely by default. Source: http://www.computerworld.com/s/article/9233200/Firefox_to_force_secure_connections_for_selected_domains
40. November
2, The H – (International) Speculation over Facebook access via Google
index. According to a report on HackerNews, until recently, a special
Google search query returned numerous Facebook links permitting access to other
users‘ accounts. The links contain a token which automatically logs into
someone else‘s Facebook account. The search results are also reported to have
contained links providing access to other users‘ email addresses. The links
appear to have come from notification emails sent out by Facebook in response
to events. The emails contain a direct link to the relevant event on Facebook.
To make it easier for users to log in, Facebook includes the user‘s email
address in the link URL. This is then entered into the relevant field on the
login page automatically and users need only enter their password — and even
this can be omitted if they are already logged in. In some cases, Facebook also
uses links containing tokens which log users in without requiring a password. This
is not a security problem in itself, since Facebook sends these emails directly
to the account owner. The problem arises when these links fall into the wrong
hands. It is currently unclear how they were indexed by Google. A Facebook
employee hypothesized that the notification emails may have been made publicly
available for reasons such as the use of a throwaway email site, access to
which does not require a password. He also stated that Facebook has deactivated
token-based logins in response to the issue. Google also appears to have taken
action, with the links in question having largely vanished from its search
results. Source: http://www.h-online.com/security/news/item/Speculation-over-Facebook-access-via-Google-index-1742538.html
41. November
1, Network World – (International) Security research labels over 290,000 Google
Play Android apps as ‘high-risk’. One-quarter of more than 400,000 Android
applications examined in the Google Play store pose security risks to
mobile-device users, according to new research. Security vendor Bit9
categorized these Android apps as ―questionable‖ or ―suspicious‖ because they
could gain access to personal information to collect GPS data, phone calls or
phone numbers, and much more after the user granted ―permission‖ to the app.
―You have to say ‗yes‘ to the application or it won‘t run,‖ pointed out Bit9‘s
CTO. Games, entertainment, and wallpaper apps especially seem to want to grab
data, even though their functions would seem to have little direct use for it.
Bit9 notes this does not mean these apps are malware per se, but they could do
damage if compromised because the user has granted so much permission. Source: http://www.computerworld.com/s/article/9233139/Security_research_labels_over_290_000_Google_Play_Android_apps_as_high_risk
42. November
1, Softpedia – (International) Phishers steal email account credentials with
shady ‘Windows Update’ site. A group of cybercriminals is attempting to
gather Yahoo!, Gmail, Windows Live, AOL, and any other email account
credentials. According to GFI Labs experts, the thieves set up a phishing page
on a Web site called microsofts(dot)us. When users visit this site, most likely
after clicking on links received via spam, they are presented with a message
that reads: ―Your computer is out of date and risk is very high. To update your
windows installation records you are required to choose your email address
below.‖ After victims provide their email addresses and associated passwords,
they are presented with a page that contains instructions on how to update
Windows. The instructions are not malicious, but at this point, the user‘s
credentials are stored in a database controlled by the cybercriminals. The site
is currently flagged as being malicious by browsers and security solutions
providers, and the Web page in question was removed. However, users are still
advised to be cautious since the phishers can easily relocate the page. Source:
http://news.softpedia.com/news/Phishers-Steal-Email-Account-Credentials-with-Shady-Windows-Update-Site-303710.shtml
43. November
1, V3.co.uk – (International) Cyber criminals look to exploit interest in
Windows 8. Two cyber threats targeting early adopters of Microsoft‘s
recently launched Windows 8 operating system were recently discovered. Trend
Micro detected the TROJ_FAKEAV.EHM malware and a phishing email scam targeting
Windows 8 customers October 31. The malware is reportedly hosted and spread via
a number of malicious sites. It infects machines by displaying a fake scanning
result window that aims to dupe its victims into purchasing a bogus antivirus
program for Windows 8. The phishing email looks to fool users into handing over
sensitive data, such as their email address and password, by masquerading as a
fake, free Windows 8 download offer. Source: http://www.v3.co.uk/v3-uk/news/2221625/cyber-criminals-look-to-exploit-interest-in-windows-8
44. October
30, IDG News Service – (International) Lack of abuse detection allows cloud
instances to be used like botnets. Some cloud providers fail to detect and
block malicious traffic originating from their networks, which provides
cybercriminals with an opportunity to launch attacks in a botnet-like fashion,
according to a report from security consultancy firm, Stratsec. Researchers
from the company reached this conclusion after performing a series of
experiments on the infrastructure of five ―common,‖ but unnamed, cloud
providers. The experiments involved sending different types of malicious
traffic from remotely controlled cloud instances (virtual machines) to a number
of test servers running common services such as HTTP, FTP, and SMTP. Source: http://www.computerworld.com/s/article/9233077/Lack_of_abuse_detection_allows_cloud_instances_to_be_used_like_botnets
Communications Sector
45. November
2, Atlanta Journal-Constitution – (Georgia) Police: CNN bomb
threat was extortion attempt. Police continued to investigate a bomb threat
and extortion plot called in November 2 to the CNN Center in Atlanta. Police
received a call from a person claiming to have planted a chemical bomb
somewhere on the campus of the Atlanta landmark, the Atlanta Police captain
told reporters. ―He threatened to detonate that bomb, and demanded $15,000 and
I believe an airline ticket out of town,‖ he said. Police closed down roads
surrounding the CNN Center and an adjacent hotel while teams went
floor-by-floor searching for any suspicious items that might be an explosive.
Neither building was evacuated. After an hour and a half police completed the
search without finding anything and reopened the roads. ―He called the Zone 1
precinct‖ in west Atlanta, the captain said — the CNN Center is in Atlanta
Police Zone 5 downtown. ―He also called CNN security and made the same threat.‖
―He made a comment that he was wanted by the federal government for some sort
of RICO violation,‖ he said. Police are still trying to determine the motive
for the call. Source: http://www.ajc.com/news/news/local/bomb-threat-closes-downtown-streets/nSttR/
46. November
1, Torrington Register Citizen – (Connecticut) Some customers
find CPTV knocked out by Sandy. Hurricane Sandy left some TV viewers
without access to Connecticut Public Television (CPTV), the Torrington Register
Citizen reported November 1. Over-the-air (antenna) viewers of WEDW 49 Stamford
or WEDY 65 New Haven found only darkness on those digital channel slots since
the storm blew through the area earlier the week of October 29. A CPTV spokeswoman
said the station signals were victims of power outages at the transmitters. ―As
soon as they restore power, those channels will come back on,‖ she said
November 1. Source: http://www.registercitizen.com/articles/2012/11/01/news/doc5092b3f9c7da7663834636.txt
47. November
1, Reuters – (National) Sandy seen costing telco, cable hundreds of
millions of dollars. Hurricane Sandy will likely cost telephone and cable
service providers hundreds of millions of dollars, with companies such as
Verizon Communications and Cablevision Systems Corp. hit hardest, according to
analysts, Reuters reported November 1. The storm could end up costing cable and
telephone network operators $550 million to $600 million in clean-up and repair
costs, according to a Barclays analyst. Along with Cablevision and Verizon,
Time Warner Cable, and the wireless operations of AT&T Inc. and Sprint
Nextel were included in the analyst‘s estimate. Source: http://www.reuters.com/article/2012/11/01/us-storm-sandy-telecoms-idUSBRE8A01QU20121101
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.
No comments:
Post a Comment