Friday, September 14, 2012

Complete DHS Daily Report for September 14, 2012

Daily Report

Top Stories

• U.S. nuclear arms operations face greater defensive vulnerabilities and a higher potential for accidents due to how federal agencies oversee contractors that manage atomic sites, a new report found. – Global Security Newswire

7. September 13, Global Security Newswire – (National) DOE, NNSA management faults bolster nuclear risks, auditors warn. Nuclear arms operations in the United States face greater defensive vulnerabilities and a higher potential for accidents as a result of shortcomings in how the Energy Department and the National Nuclear Security Administration oversee the private firms that manage atomic complex sites, the U.S. Government Accountability Office (GAO) said in a report published September 12. The Energy Department has moved to strengthen efforts against potential atomic mishaps in response to both historical and newer hazardous events, but personnel at scientific facilities and elsewhere have suggested the management initiatives are overextended and unnecessarily meddlesome, auditors wrote in the document. The department responded by scaling back internal rules, but Congressional investigators in April said the effort’s achievements were uncertain due to a failure to assess the degree to which older rules had interfered with activities, the GAO officials said. Source:

• The U.S. Secretary of State took strong steps September 13 to distance the U.S. Government from a movie that has sparked protests and violence throughout the Muslim world, and has spread to at least five countries. – Washington Post

23. September 13, Washington Post – (International) Protests sweep through Muslim world despite U.S. appeal for calm. The U.S. Secretary of State took strong steps September 13 to distance the U.S. Government from a movie that has sparked protests and violence throughout the Muslim world. In Tripoli, Libya, authorities said a number of people suspected of involvement in an attack on the U.S. Consulate in Benghazi that killed the U.S. Ambassador and three other U.S. officials were detained by security forces. September 13, in Sanaa, Yemen, hundreds of demonstrators converged on a usually sealed-off street in front of the U.S. Embassy for a protest that also turned violent, witnesses said. A State Department spokeswoman said there had been ―a small breach of the compound perimeter but no breach of embassy buildings‖ in Sanaa. She said Yemeni security forces were ―in the process of restoring order‖. Smaller anti-American protests were reported in Iran and Bangladesh. In Dhaka, the Bangladeshi capital, about 100 demonstrators burned an American flag September 13 and chanted slogans. They called for more protests September 14 and said the U.S. Embassy could be the target. Bangladeshi police said security at the embassy was being enhanced. In Tehran, anti-American protesters gathered outside the Swiss Embassy, which represents U.S. interests in Iran. Source:

• The developer of the Blackhole exploit kit released a new version that makes it more difficult to blacklist URLs pointing to Web sites containing malware, security experts said. – CSO Online See item 31 below in the Information Technology Sector

• At least $3 million in damage was done to businesses, homes, streets, and a dike, after heavy rains caused an earthen dike to collapse, sending a three-foot wall of water into Santa Clara, Utah. – Salt Lake Tribune

39. September 12, Salt Lake Tribune – (Utah) S. Utah flooding causes millions in damage, but no one was hurt. The aftermath of flooding from a failed southwestern Utah earthen dike that caused an estimated $600,000 in damage to Santa Clara, Utah strip mall businesses, the Salt Lake Tribune reported September 12. Businesses in the Town Square strip mall sustained heavy damage, as nearly 3 feet of water built up on the parking lot and then seeped inside front doors September 11. ―The water’s gone, but now we have about 3 inches of mud to clean up,‖ the strip mall owner said. Santa Clara city officials were just beginning damage assessments as homeowners and volunteers started cleanup September 12, the day after heavy rains overwhelmed an earthen dike and sent a 2-3 foot wall of water into dozens of homes and businesses. The city manager said the Washington County community estimated at least $3 million in damage to the dike, road surfaces and sidewalks alone. That figure is likely to grow significantly once residential and business damages are added to the tab. ―Right now we have 31 homes and 12 businesses flooded,‖ the city manager said. Source:


Banking and Finance Sector

8. September 13, Softpedia – (International) Visa to introduce point-to-point encryption service to payment terminals. At the end of August, Visa revealed its plans to introduce a new point-to-point encryption (P2PE) service called Visa Merchant Data Secure, Softpedia reported September 13. The service — which will be made available at the beginning of 2013 — will aim at securing payment terminals and other critical systems across the industry. The P2PE technology will allow merchants to protect sensitive cardholder information by encrypting data within the payment-processing environment. The encryption keys will be guarded by Visa, the gateway, or the firm that acquires the service. According to a member of the Visa Risk Group, the new service is not required yet, but it is a tenet of the PCI Data Security Standard. Source:

9. September 13, KTLA 5 Los Angeles – (California) Bank manager’s boyfriend arrested in fake bomb robbery. A man was arrested in connection with a bank robbery in Los Angeles during which the manager said she was kidnapped and forced to rob her own bank while wearing what she thought was a bomb, KTLA 5 Los Angeles reported September 13. The man was taken into custody the day after the September 5 heist. He was charged with conspiracy and robbery. There were unconfirmed reports that he was romantically involved with the bank manager. Police did not release any further details, saying the investigation was ongoing. Source:,0,986798.story

10. September 12, Inland Valley Daily Bulletin – (California) Ten arrested in loan modification scam. Ten people who allegedly preyed on homeowners’ fears due to the housing market crisis were arrested by federal agents September 12 after they were linked to a loan modification scam that authorities say bilked thousands of distressed homeowners out of at least $7 million. The alleged scam, which investigators said made false promises and guarantees of the group’s ability to provide homeowners loan modifications, was run out of 21st Century Real Estate Investment Corp. in Rancho Cucamonga, California, according to a news release from the U.S. attorney office in Los Angeles. More than 4,000 people were victimized by the scammers between June 2008 and December 2009, authorities said. 21st Century made false promises and guarantees about the group’s ability to modify loans with mortgage lenders, falsely claimed that it was operating a U.S. government-sponsored program, and instructed home owners to cease communication with mortgage lenders and instead go through the company, the indictment alleged. The suspects were arraigned September 12 in court on nine felony counts, including five counts of mail fraud, three counts of wire fraud, and one count of conspiracy. Each count in the indictment carries a maximum penalty of 20 years of imprisonment. Source:

11. September 12, Associated Press – (Kansas; Oklahoma) Feds charge 7 in $132 million investment scheme. The federal government indicted seven men who allegedly cheated investors out of $132 million with false promises and phony reports about companies that leased drilling rigs and related businesses, the Associated Press reported September 12. The U.S. attorney’s office in Wichita, Kansas, announced the indictment. The defendants are charged with mail fraud, wire fraud, and money laundering, among other counts. Six of the men were residents of Kansas, and one of Oklahoma. Source:

12. September 12, Los Angeles Times – (California) Robbery suspects toss cash into air during pursuit. A pair of bank robbery suspects September 12 led cops on a bizarre, dangerous pursuit in Los Angeles, hurling fistfuls of stolen cash from their car in a failed getaway bid that sent hundreds of people scrambling into the path of oncoming police cars as they lunged after the flying bills. Four armed men held up a Bank of America branch and fled in a SUV that was reported stolen hours earlier, police said. Shortly after a police pursuit began, two of the men bailed from the vehicle but were taken into custody, said a spokesman for the sheriff’s department. As the men sped through congested neighborhoods, one suspect threw loose bills from the vehicle’s window. As he continued tossing the money in intermittent bursts, people in the area took to the curbs. The suspect waited until the car reached corners with large gatherings of people before sending more plumes of bills out the window, seemingly to maximize the number of people who would scramble into the street. Sheriff’s deputies were forced to slow and swerve to avoid hitting people. With so many people following their escapade, the streets became congested with cars and pedestrians. As they tried to navigate along a clogged street, the SUV became trapped behind a truck. Sheriff’s deputies then swarmed the vehicle and pulled the suspects out. Source:,0,6072960.story

13. September 11, WWBT 12 Richmond – (Virginia) Police search for woman accused in 4 Chesterfield bank robberies. Chesterfield, Virginia police are searching for a serial bank robber who threatened a clerk with a bomb during her most recent heist, WWBT 12 Richmond reported September 11. Investigators said the woman’s crime spree has spanned more than a month and, in most cases, she wears a disguise. Covered in a scarf and sunglasses July 12 at a Wells Fargo Bank, investigators said she passed a teller a note demanding money. Police said she struck two other banks on that same road in August. August 6, the woman concealed her face in a robbery at the Bank of Southside Virginia. A week later, she is accused of donning a wig in a hold up at the Virginia Commonwealth Bank. ―In the first three (bank robberies) she displayed a firearm. She didn’t threaten anyone with a firearm, but she made it clear that she had a firearm,‖ said a Chesterfield police lieutenant. In the most recent robbery, investigators said the suspect brought in a suspicious-looking package and told employees it was a bomb September 7 at the Virginia Credit Union. Source:

14. September 11, WFOR 4 Miami – (Florida) Pembroke Pines police arrest suspect in multiple bank robberies. Multiple law enforcement agencies were set to announce the arrest of a suspect they believed is responsible for at least four bank robberies in south Florida and other States, WFOR 4 Miami reported September 11. The robber wore a polo shirt in most of the heists he is accused of pulling off. He also used disguises including a dark wig. Pembroke Pines police, Miramar police, and the FBI assisted in the arrest of the suspect. Law enforcement said the robber allegedly struck a Wells Fargo in Pembroke Pines as well as a Chase Bank in Miramar September 11. The other two bank robberies connected to the suspects happened at a Bank Atlantic August 29, and at a Chase Bank September 4. A police captain said when officers took the suspect down, he had on a bulletproof vest and was carrying a weapon. Source:

15. September 10, Associated Press – (Georgia; International) Counterfeit bills from South America flooding US. Counterfeit money smuggled into the United States from Peru is continuing to find its way to Georgia, the Associated Press reported September 10. The bills are being smuggled from South America a year after authorities broke up a ring that flooded the Athens, Georgia area with the fake money, the Athens Banner-Herald reported. Details of the South American counterfeiting scheme were revealed when a man pleaded guilty the week of September 3 in court in Athens on a charge of possession of counterfeit currency. Peru has become the world’s counterfeiting capital, the Banner-Herald reported. Peruvian counterfeiters produce about 17 percent of all fake currency circulating in the United States, authorities said. Source:

For another story, see item 33 below in the Information Technology Sector

Information Technology Sector

31. September 13, CSO Online – (International) Blackhole creator releases stealthier exploit kit. The developer of the Blackhole exploit kit has released a new version that makes it more difficult to blacklist URLs pointing to Web sites containing malware. Blackhole version 2.0 was introduced September 11 on the Russian site Malware don’t need Coffee. The toolkit, which is popular among cyber criminals, contains many new features meant to avoid detection from antivirus software. Other improvements include support for Windows 8 and unspecified mobile platforms. Security experts said the most interesting new feature was the ability to generate short-term, random URLs pointing to malicious Web sites or hijacked sites that contain hacker-installed malware. Because the URLs keep changing, it is difficult for search engines, site owners, and security firms to identify malicious pages. Source:

32. September 13, The H – (International) Apple closes more than 160 security holes in iTunes. The latest update to the Windows version of Apple’s iTunes media player closes an alarming number of security holes. According to the company, iTunes 10.7 for Windows addresses 163 vulnerabilities, all of which are in the WebKit browser engine used by the media player to display HTML-based pages in its iTunes Store. Apple noted these security issues could be exploited by an attacker to inject and execute arbitrary code on a victim’s system. Source:

33. September 13, The Register – (International) Microsoft seizes Chinese dot-org to kill Nitol bot army. Microsoft disrupted the emerging Nitol botnet and more than 500 additional strains of malware by taking control of a rogue .org Web site. The company’s Operation b70 team discovered criminals were selling computers loaded with counterfeit software and malware — including malware that takes control of each machine to carry out orders from the Nitol central command server. Operation b70 uncovered the industrial-scale scam during an investigation into insecure supply chains. Microsoft blames corrupt but unnamed resellers in China. Computers in the Nitol botnet would communicate with a command server whose DNS was provided by Chinese-run, which has been linked to malicious activity since 2008. Microsoft investigators also discovered that other servers using, which offers its services for free, harbored more than 500 different strains of malware across more than 70,000 sub-domains. These variants included key-stroke loggers and banking trojans. Source:

34. September 12, Softpedia – (International) Researchers notice increase in pay-per-install schemes targeting Android devices. Security firms continually reiterate that malware designed for mobile devices is far less profitable for cyber criminals than malware designed for desktop computers. However, recent investigations show mobile malware is becoming more and more profitable. ESET experts discovered a considerable increase in the number of pay-per-install campaigns that threaten Android owners. Source:

35. September 12, Dark Reading – (International) The data-annihilation attack is back. The data-destroying Shamoon malware and recent wave of aggressive targeted attacks against utilities in the Middle East should serve as a wake-up call for all types of organizations to be prepared for a whole other aspect of a breach — losing data and systems to destructive hacks. Data-destruction attacks are not new, but have been rare in the past decade or so as financially motivated cyber crime and cyber espionage have been at the forefront of threats mainly focused on monetizing stolen information. Hacktivists, meanwhile, have employed data-wiping from time to time, but not in the volume or mass approach that Shamoon can accomplish. Shamoon is already being re-purposed for attacking additional victims: Seculert has already discovered several Shamoon variants. Source:

For another story see item 8 above in the Banking and Finance Sector

Communications Sector

See item 34 above in the Information Technology Sector

Department of Homeland Security (DHS)

DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site:

Contact Information

Content and Suggestions: Send mail to or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List: Send mail to

Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure

Coordinating Center at or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at or visit their Web page at v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.