Monday, September 17, 2012 

Daily Report

Top Stories

 • Three antiwar advocates targeted the Y-12 National Security Complex in Tennessee for infiltration after considering two other U.S. nuclear-weapons locations. The trio used open-source information to plot the unauthorized entry. – Global Security Newswire

8. September 14, Global Security Newswire – (Tennessee) Y-12 protesters mulled infiltrating New Mexico, Missouri nuclear sites: Report. A group of three antiwar advocates targeted the Y-12 National Security Complex in Tennessee for infiltration after considering two alternative U.S. nuclear-weapon locations, and the trio used open-source information to plot the unauthorized entry over a period of months, one of the trespassers said September 12 in comments reported by the Knoxville News Sentinel. The members of the antinuclear group Transform Now Plowshares infiltrated the Oak Ridge site’s ―Protected Area‖ July 28, where a facility holding large quantities of weapon-grade uranium is located. The three had enough time to allegedly pour out blood, put up signs, and paint on the sides of buildings before they were discovered and apprehended. The group’s final member to be freed from detention said the group also considered attempting entry at the Los Alamos National Laboratory in New Mexico and the Kansas City Plant in Missouri. Both installations house nuclear-weapon production facilities. Source:

 • Vaccine protection for children against pertussis wanes 5 years after they receive their last dose, which could be fueling large recent outbreaks, according to a new study. – Center for Infectious Disease Research and Policy

29. September 13, Center for Infectious Disease Research and Policy – (California; National) Outbreak study details waning protection from pertussis vaccine. The Center for Infectious Disease Research and Policy reported September 13 that a detailed look at California children during the State’s large pertussis outbreak in 2010 revealed that protection from the diphtheria, tetanus, and pertussis (DTaP) vaccine wanes 5 years after children receive their last dose, which could be fueling outbreaks. The findings come on the heels of a warning earlier this summer from the Centers for Disease Control and Prevention (CDC). The agency, along with State health department partners, found an unusual illness spike in 13- and 14-year-olds in Washington, which also raised the possibility of waning pertussis (whooping cough) vaccine protection. The United States was headed toward its worst pertussis year in decades, CDC officials said in July, and two States — Washington and Colorado — have declared epidemics. Source:

 • Two colleges, in North Dakota and Texas, were evacuated and classes were cancelled after they received bomb threats September 14. – Reuters

31. September 14, Reuters – (North Dakota; Texas; Indiana) Texas, North Dakota universities re-opened after bomb scares. The University of Texas at Austin allowed students back into the school’s buildings September 14 after officials earlier evacuated them due to a bomb threat called in by a man who said he was linked to al Qa’ida. Minutes after the University of Texas ordered an evacuation, North Dakota State University in Fargo issued its own warning about a bomb threat and told everyone to leave its buildings. North Dakota State was also eventually re-opened after an investigation. A third school, Valparaiso University in Valparaiso, Indiana, also issued a security warning September 14. ―An unspecific threat to campus was made through a graffiti message alluding to dangerous and criminal activity alleged to be carried out during the chapel break period on Friday,‖ said a posting on its Web site. The university said it had added additional security. Source:

 • Violent homegrown extremists are increasingly targeting law enforcement officers and are using public information to circumvent counter-terror tactics protecting them, according to a new bulletin. – Government Security News

36. September 14, Government Security News – (National) Law enforcement can become go-to targets for terrorists, bulletin warns. Violent homegrown extremists see U.S. law enforcement officers as targets in the face of tougher security at more fortified locations and have access to publicly available information to help them circumvent counter-terror tactics protecting officers, according to an unclassified bulletin by the National Counterterrorism Center (NCTC), Government Security News reported September 14. The bulletin was disseminated August 2, and said law enforcement entities are being identified by ―homegrown violent extremists (HVEs)‖ as strategic targets and targets of opportunity. The bulletin was posted on the Public Intelligence information site September 12, and stated the tactics used by undercover operations and other law enforcement to track domestic terror groups has created a feeling among a ―core element‖ of HVEs that sees such operations as persecution, reflecting an ―inherent aggression towards Islam‖. Law enforcement has used information and undercover operations to disrupt a ―a number of high-profile plots since 2009,‖ it said. It warned that public disclosure of law-enforcement operations in the media and in publicly available court documents can lead to officers being targets of plots. Source:

 • Enfal malware has infected hundreds of computers, targeting defense contractors, nuclear and energy employees, and government groups, researchers said. – Softpedia See item 41 below in the Information Technology Sector


Banking and Finance Sector

11. September 14, Associated Press – (Oklahoma; National) ‘Bucket List Bandit’ caught in Okla. after crime spree. An FBI agent said a suspect dubbed the ―Bucket List Bandit, who is believed to be responsible for bank robberies in nine States, was arrested in Oklahoma City September 13. The FBI nicknamed the robber the ―Bucket List Bandit‖ after he allegedly told a Utah bank teller he had only 4 months to live. A warrant charged the man with robbing the Huntingdon National Bank branch in Erie, Pennsylvania, September 10. It said a confidential informant gave the FBI his name and birth date. Authorities then reviewed surveillance video and found an ―obvious likeness‖ to him during robberies in Missouri, Colorado, Arizona, Idaho, Utah, North Carolina, Tennessee, and Illinois. Source:

12. September 14, Asbury Park Press – (New Jersey) Freehold Twp. man charged in bank fraud. A Freehold Township, New Jersey man was one of eight people charged September 13 by federal authorities with conspiracy to commit bank fraud and money laundering as part of a more than $30 million mortgage fraud scheme. Authorities said the man was part owner of Woodbridge-based Premiere Mortgage Services. Through his company, fraudulent documents of ―straw buyers‖ were submitted to financial institutions asserting the buyers had more assets and income than they actually did, according to authorities. When the financial institutions approved the mortgages, he and others split the proceeds, authorities said. The properties went into foreclosure, defrauding the banks and other companies of millions. Two Brazilian nationals involved in the scheme remain at large. Source:

13. September 14, Associated Press – (International) Prosecutor: UBS trader accused of $2.3 billion fraud ‘caused chaos,’ risked bringing down bank. A senior trader at the Swiss bank UBS was a ―master fraudster who lost his bank $2.3 billion, imperiling its very existence through risky deals and deceit in a bid to improve his status, bonus, and job prospects, prosecutors said September 14. A prosecution lawyer told a British jury that the man lied to his employer, invented clients, and breached the bank’s safeguards against high-risk trading between 2008 and 2011. The man was a senior equities trader with the bank in London when he was arrested in September 2011 after UBS discovered irregularities in trading records. He pleaded not guilty to two counts of fraud and two counts of false accounting. The fraud wiped $4.5 billion, or 10 percent, off the share price of Switzerland’s biggest bank. Source:

14. September 12, KABC 7 Los Angeles – (California) ‘$5K Bandit’ robs same Los Alamitos bank 3 times in 14 months. A knife-wielding suspect robbed a US Bank branch in Los Alamitos, California, for the third time in 14 months September 11, police said. The suspect, dubbed the ―$5K Bandit‖ by the FBI, entered the bank branch, demanded money from tellers, and threatened them with a large butcher knife. The suspect jumped over the bank counter with the knife in his hand. The amount of money stolen was not disclosed. Source:

Information Technology Sector

39. September 14, The Register – (International) Smartmobe Wi-Fi blabs far too much about us, warn experts. Smartphones leak far more personal information about their users than previously imagined, according to new research. Security researchers at Sensepost were able to track and profile users and their devices by observing the phones’ attempts to join Wi-Fi networks. The researchers created their own distributed data interception framework that profiled mobile devices, laptops, and their users in real-time. Smartphones tend to keep a record of Wi-Fi base stations their users previously connected to, and often poll the airwaves to see if a recognized network is within reach. Although this is supposed to make joining wireless networks seamless for users, it also makes it easy for the researchers to link home addresses and other information to individually identifiable devices. Source:

40. September 14, The H – (International) Manipulated data causes BIND DNS servers to crash. An advisory from the Austrian national Computer Emergency Readiness Team (CERT) warns that the free DNS server BIND, which is maintained by the Internet Systems Consortium, contains a security vulnerability that allows attackers to crash it using specially crafted data records. The Austrian national CERT explains that sealing off a server from the outside is not sufficient to protect it against an attack. Apparently, a name server query could, for example, be triggered by an email, causing the server to load the specially crafted record. That the query appears to come ―from the inside‖ offers no protection. Source:

41. September 14, Softpedia – (International) 874 systems from 33 countries infected with Enfal malware, researchers find. The Enfal malware — best known for its involvement in the LURID targeted attacks — is still causing a lot of damage. Researchers said 874 computers from 33 different countries were infected with a new version of the malicious trojan. An analysis of the command and control (C&C) servers shows that most of the current victims reside in countries such as Vietnam, Russia, and Mongolia. Other affected countries appear to be China (29 infections), Philippines (11 infections), the United States (19 infections), India, and some Middle Eastern States. The main targets seem to be government organizations, military and defense contractors, nuclear and energy sectors, Tibetan communities, and the space and aviation industry, researchers from Trend Micro noted. According to experts, the attacks start with a cleverly designed email that carries malicious attachments. The attachment, a document named Special General Meeting.doc, carries a trojan that exploits a vulnerability in Microsoft Office to drop a backdoor onto the infected computer. Once the trojan is on a system, the malware communicates with its designated C&C server, allowing the cyber criminals to take complete control of the machine. The modifications made to the traditional variant indicate the campaign designers are trying to bypass security mechanisms such as network monitoring and intrusion detection systems. Source:

42. September 13, Threatpost – (International) Research shows half of all Androids contain known vulnerabilities. About half of all Android phones contain at least one vulnerability that could be used to take control of the device, according to new research. Duo Security, which launched a free vulnerability scanning application for Android in the summer of 2012, said their preliminary data from users shows a huge number of the devices are vulnerable to at least one of all known Android flaws. The X-Ray app from Duo scans Android devices for a set of known vulnerabilities in a variety of the Android releases. Many of them are flaws attackers have used in the last few months. The main issue with Android security and patches is that each carrier is responsible for pushing out new versions of the operating system to its users, and they all do it on random timelines. Also, users do not have to upgrade, so there is a good chance many users are running older, vulnerable versions of Android at any given time. Source:

43. September 13, Threatpost – (International) Google updates Chrome for Android, fixes several vulnerabilities. Google issued a security update for its Chrome operating system on Android devices, resolving seven medium-risk vulnerabilities. On the Google Chrome Blog, a software engineer wrote that the update strengthens Chrome for Android’s sandbox technology as well as resolving seven other moderate bugs. The fix is available for users of Android 4.0 (Ice Cream Sandwich) and 4.1 (Jelly Bean). Source:

44. September 13, IDG News Service – (International) ‘CRIME’ attack abuses SSL/TLS data compression feature to hijack HTTPS sessions. The ―CRIME‖ attack announced the week of September 3 exploits the data compression scheme used by the Transport Layer Security (TLS) and SPDY protocols to decrypt user authentication cookies from HTTPS traffic, one of the attack’s creators confirmed September 13. The ―CRIME‖ attack was developed by two security researchers who plan to present it the week of September 17 at the Ekoparty security conference in Buenos Aires, Argentina. The week of September 3, the researchers revealed that CRIME abuses an optional feature present in all versions of TLS and Secure Sockets Layer (SSL) — the cryptographic protocols used by HTTPS. However, they declined to name the feature at that time. Source:

45. September 12, Threatpost – (International) Scammers exploit Apple iPhone release with accessory offers. With the release for Apple’s new iPhone 5 coming soon, scammers are exploiting the vast anticipation for the device. The interest in the unreleased product is so wide that among the first iPhone 5 mass spam campaigns is one attempting to push accessories for the device rather than the more ambitious route of offering the recipients a chance at acquiring the device itself. Source:

For another story, see item 46 below in the Communications Sector

Communications Sector

46. September 13, Green County Record – (Virginia) Greene County customers lose CenturyLink service. About 6,000 CenturyLink customers in Greene County, Virginia, lost phone and Internet service for several hours September 13, after a utility crew accidentally cut a fiber-optic line at U.S. 33 Business and the Stanardsville Bypass. Homes, businesses, and the Greene County 9-1-1 dispatch center were knocked offline. The CenturyLink’s vice president for Virginia confirmed the incident and said the cut involved workers not affiliated with the company. The Greene County sheriff said emergency calls were rerouted to Charlottesville and county staff used cell phones and other unaffected land lines to field non-emergency calls during the service interruption. The CenturyLink vice president said all service was expected to be restored September 13. Source:

47. September 13, KPCC 89.3 FM Pasadena – (California) Sprint, Verizon, AT&T sign $12 million settlement over 2007 Malibu Canyon fire. California utility regulators settled a dispute with three telecommunication companies over responsibility for a wildfire in Malibu in 2007, KPCC 89.3 FM Pasadena reported September 13. When Santa Ana winds swept through Malibu Canyon in October 2007, they knocked over three utility poles. Those poles sparked a fire that burned nearly 4,000 square acres. It destroyed 14 structures and three dozen cars. Cell phone firms had antennas on the poles, or shared pole ownership with other telecommunication companies. The California Public Utilities Commission investigated whether these five companies contributed to the fire by unsafely mounting equipment there. The settlement resolves liability for three companies: Sprint, Verizon, and AT&T. Together, those companies will pay $12 million in equal shares. About $7 million will go to the State’s general fund. The rest will go into a new utility pole inspection fund. The commission is still investigating two more companies, Southern California Edison and NextG. Regulators said the settlement can help deter other utilities that maintain electronic equipment in wildland or fire-prone areas. Source:

For more stories, see items 39, 42, 43, and 45 above in the Information Technology Sector

Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site:

Contact Information

Content and Suggestions: Send mail to or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to

Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at or visit their Web page at v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.