Monday, October 1, 2012
Daily Report
Top Stories
• A Chinese national was charged in U.S. court
with trying to obtain large quantities of carbon fiber, a restricted high-tech
material used for military purposes. – Associated Press
11. September
27, Associated Press – (National) Chinese man charged in NYC carbon fiber sting. A
Chinese national was charged September 26 in U.S. court with trying to broker
an illegal deal for large quantities of carbon fiber, a restricted high-tech
material used for military purposes. Prosecutors refused to say where and when
he was arrested. The defendant made an appearance September 26 in federal court
in Brooklyn, New York, on charges he sought the material for a fighter jet in
China. A magistrate jailed him without bail. The defense attorney said his
client lives in Quanzhou and works for a company that uses carbon fiber in the
manufacturing of sports equipment. Authorities say higher-grade carbon fiber is
a key component in aerospace and nuclear engineering. That has raised fears
that the material could pose a risk if it falls into the hands of military foes
or terrorists, and made it the subject of tight Department of Commerce regulations.
A criminal complaint accuses the Chinese national of contacting two Taiwanese
accomplices, who already were under investigation in 2012, about buying
specialized carbon fiber without an export license. ―When I place the order, I
place 1 to 2 tons,‖ the Chinese national allegedly told one of the cohorts in a
conversation intercepted in July. The complaint says 1 ton costs about $2
million. An undercover U.S. agent posing as a seller of carbon fiber later
emailed the Chinese national, inviting him to the United States to meet about a
possible deal. August 10, the Chinese national told the agent he was the
middleman for a customer that ―needed a sample of the carbon fiber because it
would be used for the test flight of a ‗fighter plane‘ on Oct. 5, 2012,‖ the
complaint says. Source: http://www.businessweek.com/ap/2012-09-27/chinese-man-charged-in-nyc-carbon-fiber-sting
• U.S. Cyber Command‘s top intelligence
officer accused China of persistent efforts to pierce Defense Department
computer networks. – Reuters
39.
September 28, Reuters –
(International) U.S. Cyber Command officer says China is targeting Pentagon
computers. September 27, the U.S. Cyber Command‘s top intelligence officer
accused China of persistent efforts to pierce Defense Department computer
networks. He said a proposal was moving forward to boost the cyber command in
the U.S. military hierarchy. ―Their level of effort against the Department of
Defense is constant‖ while alleged Chinese attempts to steal corporate trade
secrets has been growing, the command‘s director of intelligence told Reuters
after remarks to a forum on the history of cyber threats. The Office of the
National Counterintelligence Executive, a U.S. intelligence arm, said in a
landmark report a year ago that ―Chinese actors are the world‘s most persistent
perpetrators of economic espionage.‖ ―It‘s continuing apace,‖ the top officer
said. ―In fact, I‘d say it‘s still accelerating.‖ He accused China of trying to
exfiltrate Defense Department secrets. Asked whether any classified U.S.
networks had been successfully penetrated — something not publicly known to
have occurred — he replied: ―I can‘t really get into that.‖ A spokesman for the
Chinese embassy did not immediately respond to a request for comment. In the
past Chinese officials have denied such accusations. Source: http://www.huffingtonpost.com/2012/09/27/samuel-cox-us-cyber-command-china_n_1921465.html?utm_hp_ref=technology
• U.S. intelligence agencies linked the attack
on the U.S. mission in Libya that killed the Ambassador and three other U.S.
officials to terrorism led by militants with ties to al-Qa‘ida. – Washington
Post
41. September
27, Washington Post – (International) Attack on U.S. Consulate in Libya determined
to be terrorism tied to al-Qaeda. U.S. intelligence agencies have
determined that the attack on the U.S. mission in Libya involved a small number
of militants with ties to al-Qa‘ida in North Africa but see no indication that
the terrorist group directed the assault, U.S. officials said September 27. The
determination reflects an emerging consensus among analysts at the CIA and
other agencies that has contributed to a shift among senior Presidential
administration officials toward describing the siege of U.S. facilities in
Benghazi as a terrorist attack. U.S. intelligence officials said the
composition of the militant forces involved in the assault has become clearer
and that analysts now think two or three fighters affiliated with al-Qa‘ida in
the Islamic Maghreb (AQIM) were involved. U.S. officials said a lesser-known Islamist
group, Ansar al-Sharia, played a much larger role in sending fighters and
providing weapons for the attack, which killed the U.S. Ambassador and three
other Americans. The intelligence picture assembled so far indicates militants
had been preparing an assault on the U.S. compound in Benghazi for weeks but
were so disorganized that, after the battle started, they had to send fighters
to retrieve heavier weapons. U.S. intelligence officials said they think the
attack was not timed to coincide with the September 11, 2001, anniversary.
Instead, the officials said, the assault was set in motion after protesters
scaled the walls of the U.S. Embassy in Cairo as part of a protest of an
amateur anti-Islamic YouTube video. The State Department said September 27 that
it was pulling more American staff from the U.S. Embassy in Tripoli out of
concern for their safety. A State Department official described the reduction
as temporary and said the embassy was not being closed. Source: http://www.washingtonpost.com/world/national-security/attack-on-us-consulate-in-libya-determined-to-be-terrorism-tied-to-al-qaeda/2012/09/27/8a298f98-08d8-11e2-a10c-fa5a255a9258_story.html
• Adobe warned that an internal server with
access to its digital certificate code signing infrastructure was hacked by
―sophisticated threat actors‖ engaged in ―highly targeted attacks.‖ – ZDNet See item 46 below in the Information Technology Sector
• An employee fired from his job at a
Minneapolis company shot and killed the owner, three others, and wounded four,
before killing himself. – KARE 11 Minneapolis
50.
September 28, KARE 11 Minneapolis –
(Minnesota) Owner, UPS driver among those killed in Minneapolis workplace
shooting. Family members confirmed that the founder of a Minneapolis sign
company was among those dead after a deadly mass shooting September 27. A
United Parcel Service driver was also confirmed as one of the shooting
fatalities. Four others were rushed to a hospital. A hospital spokeswoman said
September 28 one of the injured was in critical condition, another was in
serious condition. A third person was treated and released. Current and former
employees on the scene said the shooter was an employee who reportedly was
fired earlier in the day. A police spokesman said the gunman killed four people
and injured four more, three men critically, before he turned the gun on
himself. Dozens of police squad cars and SWAT officers swarmed the residential
neighborhood on the city‘s north side after an employee called 9-1-1 to report
shots had been fired. The owner was a high profile small business owner who was
recently honored by being selected to travel to the White House for a seminar.
Source: http://www.kare11.com/news/article/992873/391/Owner-UPS-driver-among-those-killed-in-workplace-shooting
Details
Banking and Finance Sector
13. September
28, Bloomberg News – (National) BofA reaches $2.43 billion deal with investors
over Merrill. Bank of America Corp. agreed to a $2.43 billion settlement
with investors who suffered losses during its acquisition of Merrill Lynch
& Co., resolving one of the biggest legal battles to stem from the
takeover, Bloomberg News reported September 28. Bank of America faced
regulatory probes, investor lawsuits, and criticism from lawmakers after buying
Merrill in January 2009 for $18.5 billion without warning shareholders about
spiraling losses at the brokerage before they voted to approve the deal. Under
the settlement, Bank of America promised to overhaul corporate-governance
policies. Shareholders sued in 2009 claiming Bank of America failed to disclose
information about bonuses to Merrill employees and about the firm‘s financial
losses in the fourth quarter of 2008. Source: http://www.bloomberg.com/news/2012-09-28/bofa-reaches-2-43-billion-deal-with-investors-over-merrill-1-.html
14. September
27, Easton Express-Times – (Pennsylvania; New Jersey) ‘Silent
Bandit’ to plead guilty to robbing six area banks, his attorney says. A
Bethlehem Township, Pennsylvania man dubbed the ―Silent Bandit‖ signed
paperwork admitting he robbed six banks in Pennsylvania and New Jersey in an
almost 3-week span, according to his attorney, the Easton Express-Times
reported September 27. The man confessed to the spree that began April 3 and
ended when he was arrested April 19 by a Pocono Mountain Regional Police
following a robbery, the man‘s attorney said. Court records show he stole a
total of $12,534 from the six banks. The robber was labeled the ―Silent Bandit‖
by the FBI for allegedly passing a threatening note to tellers. According to
records, the man robbed the following banks in Pennsylvania: a KNBT in a Giant
grocery store in Bethlehem, a PNC Bank in a ShopRite grocery store in
Warminster, a QNB Bank in a Giant in Richland Township, and an ESSA Bank in a
Weis grocery store in Mount Pocono. In New Jersey, he robbed a PNC Bank in a
ShopRite in Marlton, and a PNC Bank in a ShopRite in Hopewell. Source: http://www.lehighvalleylive.com/breaking-news/index.ssf/2012/09/silent_bandit_to_plead_guilty.html
15. September
27, CSO Online – (International) As promised, hacktivists disrupt PNC Bank. PNC
Bank‘s Web site was disrupted September 27 by a group of hacktivists who have
also claimed responsibility for downing the sites of Wells Fargo and U.S. Bank
earlier the week of September 24. The latest attack was identical to the other
two in that hundreds of thousands of computers are used to overwhelm the sites‘
bandwidth, said a security researcher for FireEye. The hactivists also claim to
be behind the distributed denial of service (DDoS) attacks the week of
September 17 against Bank of America and JPMorgan Chase, as well as U.S. Bank
September 26. PNC confirmed the attack. A spokesman told the Chicago Tribune
that the disruption affected some online customers. ―We are working to restore
full service to everyone,‖ he said. Based on the kind of traffic the FireEye
researcher saw, the banks‘ sites were being overwhelmed by requests from the
computers of supporters of the hacktivists. The group has used social networks,
including Google+, underground sites, and their own Web site to recruit
sympathizers. Source: http://www.csoonline.com/article/717493/as-promised-islamic-hacktivists-disrupt-pnc-bank
16. September
27, Help Net Security – (International) Fake Visa/Mastercard
‘Security incident’ notifications doing rounds. Bogus emails purportedly
sent by the Visa/Mastercard ―Identity Theft Department‖ are targeting the
cards‘ users by trying to convince them that a ―security incident‖ has put
their online banking and credit card credentials at risk, Help Net Security
reported September 27. Unfortunately for those users who click a link included
in the emails, the destination page is a phishing page. ―Although the fake form
is not hosted on a secure (https) site as all genuine online financial
transactions would be, the scammers have made an attempt to make the process
seem more authentic by providing a typical image based security code field,‖
Hoax-Slayer reported. ―Users who enter the requested details will then be taken
to further fake pages that request more financial and personal details. All
information submitted on the bogus form will be sent to online criminals and
used to make fraudulent transactions in the victim‘s name.‖ Source: http://www.net-security.org/secworld.php?id=13679
17. September
27, Bloomberg News – (International) Yakuza gang targeted with U.S. Treasury
Department sanctions. The U.S. Department of the Treasury said it imposed
sanctions on Japan‘s second-biggest Yakuza gang for its involvement in weapons
and drug trafficking, prostitution, fraud, and money laundering, Bloomberg News
reported September 27. The Tokyo-based Sumiyoshi-kai was targeted under an
executive order to combat transnational criminal organizations, the Treasury
said in a statement. Also sanctioned were the group‘s leader and his deputy.
The U.S. President identified the Yakuza syndicates as transnational criminal
organizations in July 2011 and the Treasury has already imposed sanctions on
the Yamaguchi-gumi, Japan‘s largest gang. Source: http://www.bloomberg.com/news/2012-09-28/yakuza-gang-targeted-with-u-s-treasury-department-sanctions.html
18. September
27, New York Times – (Massachusetts) Goldman to pay $12 million to settle S.E.C.
‘pay to play’ case. Goldman Sachs September 27 settled federal allegations
that one of its investment bankers curried favor with a public official to win
lucrative government contracts in Massachusetts. The bank struck a $12 million
settlement with the Securities and Exchange Commission (SEC) to resolve the
―pay to play‖ accusations without admitting or denying guilt. The banker who
was a vice president at the firm did not settle with the agency. The SEC‘s
order suggested the banker helped win government business for Goldman after
promoting his ties to the then-Massachusetts treasurer, who was indicted on
public corruption charges in April. The banker, the agency said, in essence ran
a campaign office for the former treasurer out of Goldman, acting as a
fund-raiser and speechwriter during work hours and using the company‘s email
system and phones. The campaigning, which spanned from 2008 to 2010, also led
the banker to indirectly contribute money to the former treasurer. During the
same period, the SEC said, the banker began soliciting public contracts for
Goldman, a conflict of interest that violates securities laws. Goldman
ultimately snared 30 ―prohibited‖ deals to help arrange Massachusetts bond
offerings. Source: http://dealbook.nytimes.com/2012/09/27/goldman-to-pay-12-million-to-settle-s-e-c-pay-to-play-case/
19. September
27, Lafayette Advertiser – (Louisiana) Reward offered for bank
robber’s arrest. The man who robbed a bank in Opelousas, Louisiana, earlier
in September is now considered a suspect in at least three other area
robberies, the Lafayette Advertiser reported September 27. It was believed the
suspect had started his crime spree in Opelousas, but a police chief said the
man is now considered a suspect in an unsuccessful bank robbery in Alexandria
as well. The latest robbery took place at a Regions Bank branch in Broussard
September 24. The other two robberies were at separate Whitney Bank locations,
the first in Opelousas and the second in Lafayette. An official with the New
Orleans FBI office said his agency also considered the crimes related and most
likely the work of the same man. In all of the robberies, the suspect walked
into the bank and handed a note to a teller demanding money and saying he was
armed, though none of tellers reported seeing a weapon. After getting money
from the teller and removing the dye pack, the suspect is described as calmly
turning around and walking out of the bank. Source: http://www.theadvertiser.com/article/20120928/NEWS01/209280317/Reward-offered-bank-robber-s-arrest?nclick_check=1
Information Technology Sector
45. September
27, Threatpost – (International) Cisco patches numerous bugs in IOS, UCM. Cisco
released nine security advisories for various products, including eight for its
ubiquitous IOS operating system. Many of the vulnerabilities fixed in the patch
release were denial-of-service (DoS) flaws. None of them can give an attacker
the ability to run code remotely on affected machines. The one bulletin that does
not relate to IOS is for a vulnerability in the Cisco Unified Communications
Manager (UCM). That flaw is a DoS bug in the session initiation protocol (SIP)
implementation in UCM. SIP is used in a variety of products to help set up
voice and video calls on IP networks. Source: http://threatpost.com/en_us/blogs/cisco-patches-numerous-bugs-ios-ucm-092712
46. September
27, ZDNet – (International) Adobe code signing infrastructure hacked by
‘sophisticated threat actors’. September 27, Adobe warned that an internal
server with access to its digital certificate code signing infrastructure was
hacked by ―sophisticated threat actors‖ engaged in ―highly targeted attacks.‖
The compromise, which dates back to early July, led to the creation of at least
two malicious files that were digitally signed using a valid Adobe certificate,
according to Adobe‘s security chief. Although only two files were signed, the
hack effectively gave the attackers the ability to create malware masquerading
as legitimate Adobe software and signals a raising of the stakes in the world
of Advanced Persistent Threats (APTs). According to the security chief, one of
the two digitally signed malware files is a utility that extracts password
hashes from the Windows operating system. Source: http://www.zdnet.com/adobe-code-signing-infrastructure-hacked-by-sophisticated-threat-actors-7000004925/
47. September
27, SecurityWeek – (International) Building Android malware is trivial with
available tools. Because of readily available tools that enable even a
novice developer to create malicious mobile applications, users should be
cautious when downloading and installing mobile apps, especially from
non-official App Stores. Developing Android malware to harvest information is a
―trivial‖ task and possible using readily available tools, a security architect
and director at Kindsight Security Labs told SecurityWeek. He demonstrated how
to inject snippets of code into a legitimate Android application that infected
a mobile device with malware. The malware, when executed, connected with a
remote command-and-control center and transmitted data from the device. Source:
http://www.securityweek.com/building-android-malware-trivial-available-tools
48. September
27, Threatpost – (International) Analysis shows some URL shorteners often
point to untrusted Websites. In an analysis of 1.7 billion shortened URLs,
researchers at Web of Trust found that 8.7 percent of TinyURLs and 5 percent of
Bit.ly URLs led to sites that received poor ratings for ―trustworthiness‖ and
―child protection.‖ ―Certainly the URL shortening services do not intend to
point people to malicious websites,‖ said Web of Trust‘s CEO, ―but perhaps they
can do more to proactively protect their services from being exploited.‖ Web of
Trust goes on to point out that many countries‘ TLDs through which link
shortening services route traffic are loosely regulated and return suspicious
ratings for as many as 90 percent of the Web sites under their top level
domains. Source: http://threatpost.com/en_us/blogs/analysis-shows-some-url-shorteners-often-point-malicious-websites-092712
49. September
26, SecurityWeek – (International) Remote wipe flaw present in other Android
devices, not just Samsung. The security vulnerability that could fully wipe
Samsung Galaxy S III device appears to not be limited to just Samsung devices
after all, but affects most smartphones running older versions of Android.
While a security specialist‘s research focused on Samsung Galaxy S III phones,
he said the vulnerability was not limited to Samsung devices but affected a
wider pool of Android devices. The flaw appeared to originate in older versions
of Google‘s Android operating system, according to tests run by the Android
Police blog. Source: http://www.securityweek.com/remote-wipe-flaw-present-other-android-devices-not-just-samsung
For more stories, see items 15 and 16 above in the Banking and Finance Sector
Communications Sector
See
items 47 and 49
above in the Information Technology
Sector
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.