Friday, July 20, 2012 

Daily Report

Top Stories

 • The energy industry has been targeted by cyberthreats of extortion, espionage, and sabotage, according to a new report. Industry leaders think more needs to be done to secure smart grids. – McAfee

3. July 18, McAfee – (National) McAfee report highlights critical need for improved energy grid security. McAfee announced a report detailing the thoughts of industry leaders on the state of energy security July 18. The report, Getting Smarter About Smart Grid Cyberthreats, looks at how legacy smart grids are vulnerable to attack and how security must be built into these critical systems. The electrical power grid is the backbone on which everything else depends on, the report stated. It noted a cybercriminal could debilitate a major city by a single targeted attack on the energy grid and compromise anything from the lights and appliances in homes, to heart monitors in hospitals, to air defense systems. The most prevalent cyberthreat reported by the global energy sector is extortion, the study found. Criminals gain access to a utility’s system, demonstrate that they are capable of doing damage, and demand a ransom. The report said additional threats include espionage and sabotage, all with the goal of financial gain, data theft, and shutting down facilities. Source:

 • A southeast Texas chemical company and its ex-president were charged for scheming to illegally transport hazardous materials without proper documentation and placards. A grand jury indictment said the malfeasance resulted in the deaths of two workers who were exposed to hydrogen sulfide. – Associated Press

5. July 19, Associated Press – (Texas) Texas man charged in environmental violations. A southeast Texas chemical company and its ex-president were charged with environmental violations that resulted in the deaths of two workers. A federal grand jury’s 13-count indictment was unsealed July 18, said a statement from the U.S. Attorney for the Eastern District of Texas. The grand jury accused Port Arthur Chemical and Environmental Services, LLC and its former president of scheming to illegally transport hazardous materials without proper documentation and placards. Those actions led to the deaths of two truck drivers in December 2008 and April 2009, according to the statement. The truck drivers died of exposure to hydrogen sulfide, a toxic gas. The conspiracy count carries a maximum sentence of 5 years in prison. The company can be fined up to $500,000. The firm produced and sold caustic materials to paper mills. The owner and the company he owned and operated until November 2010 are accused of violating federal rules that regulate transport of such hazardous materials. The incidents are also being investigated by the U.S. Environmental Protection Agency, the Texas Commission of Environmental Quality, and many other State and federal agencies. Source:

 • The number of people in the United States and Canada sickened in a Salmonella Infantis outbreak linked to dog and cat food manufactured at a South Carolina plant more has grown to 49 people, with officials expecting more cases in coming months. – Food Safety News

23. July 19, Food Safety News – (National; International) Diamond Pet Foods human cases reach 49. At least 49 people have fallen ill since October 2011 in a Salmonella Infantis outbreak linked to dog and cat food manufactured at a Diamond Pet Foods facility in Gaston, South Carolina, according to the U.S. Centers for Disease Control and Prevention (CDC) in its final outbreak update. That case count has risen from 22 since the CDC’s previous update June 13, Food Safety News reported July 19. Of those ill, 47 are from the United States and 2 are from Canada. The rate of new cases has declined since the peak in April and May, but more cases continue to surface as people come in contact with recalled dog food. Considering the expected shelf life of pet food is 1 year, the CDC anticipates more cases to occur in the coming months. Source:

 • Computer security experts disabled Grum, the world’s third-largest botnet, a cluster of infected computers used by cyber criminals to send spam to millions of people. Grum was responsible for approximately 18 percent of global spam. – New York Times See item 45 below in the Information Technology Sector


Banking and Finance Sector

12. July 18, KGET 17 Bakersfield – (California) Nine people indicted in multi-million mortgage fraud scheme. Eight people from Bakersfield, California, and a man from Los Angeles were indicted in what authorities called a $5 million mortgage fraud scheme, KGET 17 Bakersfield reported July 18. Federal prosecutors said the individuals worked for and operated Jara Brothers Investments, Paragon Realty, and Paragon Home Mortgage. Investigators said they defrauded lenders by paying buyers to purchase houses at inflated prices using falsified or exaggerated income on loan documents. Source:

13. July 18, Los Angeles Times – (California; Washington) ‘AK-47 Bandit’ who shot Chino officer tied to three bank robberies. A ski-masked gunman known as the “AK-47 Bandit” who wounded a Chino, California police officer in February after a bank robbery has been tied to two other bank robberies, the FBI said July 18. In the February 29 robbery at the California Bank & Trust in Chino, the gunman made a 9-1-1 call from a nearby pay phone saying he had a bomb and would detonate it. However, the call was a diversionary tactic, authorities said. The gunman is believed to have robbed a Bank of the West March 12 in Vacaville. He is also suspected of robbing a Chase Bank in the Seattle area July 6, the FBI said. The gunman wears ski masks and bulletproof vests and is armed with an AK-47, with a sling and drum magazine, authorities said. Source:

14. July 18, Associated Press – (National) 8 tagged as potential threats to financial system. Federal regulators tagged eight exchanges and clearinghouses that settle trades as potential threats to the stability of the financial system that need strict government oversight July 18. They include the Chicago Mercantile Exchange, the Depository Trust Co., the National Securities Clearing Corp., and the Options Clearing Corp. The announcement was made by the Financial Stability Oversight Council, a group of top regulators that includes the Treasury Secretary and the Federal Reserve Chairman. The action was mandated by the 2010 financial overhaul law. The agencies that regulate the exchanges and clearinghouses will set rules for them to manage risks. Source:

15. July 18, Bloomberg News – (National) Mizuho to pay $128 million in U.S. case over CDO ‘dummy’ assets. Mizuho Financial Group Inc. agreed to pay $128 million to settle U.S. regulatory claims that it used “dummy assets” to inflate the credit ratings of a financial product tied to subprime mortgages as the housing market deteriorated in 2007, Bloomberg News reported July 18. The U.S. brokerage unit of Japan’s third-biggest bank by market value gave Standard and Poor’s inaccurate information about the assets backing a $1.6 billion collateralized debt obligation (CDO) it was structuring, the Securities and Exchange Commission (SEC) said in a statement. Once the inaccurate portfolio was rated, Mizuho used the misleading ratings to sell the CDO, known as Delphinus CDO 2007-1, which defaulted in 2008. Delaware Asset Advisers, which managed the Delphinus collateral, agreed to pay about $4.8 million to settle related claims, the SEC said. Source:

16. July 18, SecurityWeek – (International) Criminals circumvent fraud detectors with real-time credential theft. Trusteer researchers found that cyber-criminals were employing new tactics to circumvent the risk analytics engines used by banks to detect financial fraud, SecurityWeek reported July 18. Criminals intercept a complete set of log-in credentials, block legitimate users from accessing the account, and log into a compromised account before the one-time password expires, Trusteer’s CTO wrote in a blog post. By tricking users into entering the one-time password and blocking log-in attempts to the site, criminals circumvent the risk analytic tools used by banks to detect fraudulent behavior. The engines identify theft by looking for multiple devices simultaneously logged into a single account and successive logins from locations that are geographically too far apart. Malware intercepts the credentials and then shows users a page claiming the site is temporarily down, allowing the criminal to log in using the one-time password without triggering any alarms at the bank. Source:
For another story, see item 41 below in the Information Technology Sector

Information Technology Sector

40. July 19, The Register – (International) Firefox 14 tabs no longer sneak a peek at users’ privates. Mozilla plugged a privacy-related security hole in Firefox 13. The flaw allowed the software’s “new tab” feature to take snapshots of supposedly secure HTTPS sessions. Users raised concern over the feature that, for example, revealed online bank account details or private messages in Web mail sessions to the next user of a shared PC. Mozilla quickly acknowledged the problem and issued a workaround and privacy advice in early June. The browser maker bundled in a more comprehensive fix with Firefox 14, which stops the caching of content from sensitive Web sites. Source:

41. July 19, H Security – (International) Trojan attack on Maplesoft customers. Cyber criminals used an elaborate multi-stage concept to attack Maplesoft customers: the perpetrators accessed the software company’s customer database and then asked customers to install a malicious “security patch” on behalf of the company. Those who complied proceeded to infect their systems with the Zeus trojan. Maplesoft said it already closed the hole the attackers exploited to access the database, and the affected customers were informed. The company added that intruders were not able to access customers’ payment details during the breach. Source:

42. July 18, H Security – (International) Researchers criticize the iPhone’s PIN storing practice. Apple’s iPhone smartphones permanently store the PIN number from an installed SIM card in a keychain. According to a researcher from the Fraunhofer Institute for Secure Information Technology, this policy not only goes against the relevant standards, it also puts users’ security at risk because the PIN can be easily retrieved even from a locked device. The H’s associates at heise Security were able to easily and quickly locate the SIM_PIN entry with the four correct digits in the keychain. The entry remains in the keychain until the device is fully powered down. This fact is also documented in Apple’s recent security overview; apparently, Apple uses the entries to avoid having to request the SIM card’s PIN code from users after a crash. The problem is the SIM_PIN can be reconstructed if, for instance, a thief acquires a locked iPhone. The keychain entry is not protected by the iPhone’s code lock and can be retrieved directly. Source:

43. July 18, Infosecurity – (International) Researchers criticize Tridium for being ‘unresponsive’ to security issues. The researchers who worked with the Washington Post to uncover security gaps in Tridium’s Niagara Framework said Tridium has been “unresponsive” to fixing the flaws. In a follow-up blog to the report, the researchers said they were “disappointed” that it took so long for the public exposure of the security gaps in the Niagara Framework and that the U.S. government continued to purchase the Niagara software even though an audit in 2011 turned up critical, remotely exploitable vulnerabilities. At the same time, the researchers had praise for the DHS’s Industrial Control Systems Computer Emergency Response Team (ICS-CERT). After being informed of the security issues, ICS-CERT was making “every effort” with Tridium to get the problems fixed. Source:

44. July 18, Ars Technica – (International) Dropbox hires ‘outside experts’ to investigate possible e-mail breach. Dropbox users complained for several days about spam delivered to email accounts they created solely to log into Dropbox. There were no reports of unauthorized activity on Dropbox accounts, but it happened to enough users that Dropbox investigated the matter with its internal security team. The company also brought in “outside experts” to investigate if there was a breach. It is not yet certain there was a breach. Some Dropbox users posting on the support forum and Twitter reported receiving no spam, and the problem may be isolated to a small percentage of users. While some users accused Dropbox of having a security problem, others pointed out possible explanations that are more benign. Source:

45. July 18, New York Times – (International) Researchers say they took down world’s third-largest botnet. July 18, computer security experts took down Grum, the world’s third-largest botnet, a cluster of infected computers used by cyber criminals to send spam to millions of people. Grum, computer security experts said, was responsible for roughly 18 percent of global spam, or 18 billion spam messages a day. Computer security experts blocked the botnet’s command and control servers in the Netherlands and Panama July 17. However, later that day, Grum’s architects set up seven new command and control centers in Russia and Ukraine. FireEye, a computer security company in California, said it worked with its counterparts in Russia and with SpamHaus, a British organization that tracks and blocks spam, to take down those command and control centers the morning of July 18. Source:
For more stories, see items 3, above in Top Stories and 16 in the Banking and Finance Sector

Communications Sector

See items 42, 43, and 45 above in the Information Technology Sector