Tuesday, October 2, 2012 

Daily Report

Top Stories

 • Millions of pounds of unexploded bombs dumped in the Gulf of Mexico by the U.S. government after World War II pose a significant risk to offshore drilling, according to Texas oceanographers. – Reuters

5. September 28, Reuters – (National) Unexploded bombs lurk in U.S. offshore oil patch: Experts. Millions of pounds of unexploded bombs dumped in the Gulf of Mexico by the U.S. government after World War II pose a significant risk to offshore drilling, according to Texas oceanographers, Reuters reported September 28. The United States, along with other governments, dumped munitions and chemical weapons in oceans from 1946 until the practice was banned in the 1970s by U.S. law and international treaty, said a Texas A&M University professor of oceanography. As technological advances allow oil companies to push deeper into the waters of the Gulf of Mexico, these forgotten hazards pose a threat as the industry picks up the pace of drilling after BP Plc‘s deadly Macondo well blowout in 2010. Unexploded ordnance has been found in the offshore zone known as Mississippi Canyon where the Macondo well was drilled. The Bureau of Ocean Energy Management will auction 38 million acres of oil and gas leases in the central gulf in March. The U.S. government designated disposal areas for unexploded ordnance off the Atlantic and Pacific coasts, as well as in the Gulf of Mexico. However, nearly 70 years after the areas were created, no one knows exactly how much was dumped, or where the weapons are, or whether they present a danger to humans or marine life. In 2011, BP shut its Key Forties crude pipeline in the North Seas for 5 days while it removed a 13-foot unexploded German mine found resting next to the pipeline that transports up to 40 percent of the United Kingdom‘s oil product. Source: http://news.yahoo.com/unexploded-bombs-lurk-u-offshore-oil-patch-experts-173754705.html

 • The U.S. Air Force is investigating severed wires found during scheduled maintenance on a Joint Surveillance Target Attack Radar System aircraft at Northrop Grumman in Lake Charles, Louisiana. – Associated Press

11. October 1, Associated Press – (Louisiana) How did wires get cut on military plane? The U.S. Air Force is investigating severed wires found during scheduled maintenance on a Joint Surveillance Target Attack Radar System aircraft at Northrop Grumman in Lake Charles, Louisiana, the Associated Press reported October 1. The Lake Charles American Press quoted a Robins Air Force Base spokeswoman in Georgia as saying the Air Force and Northrop Grumman are working together to learn how the wires were cut. A company spokesman said Northrop Grumman is supporting the Air Force in the investigation. Source: http://www.sacbee.com/2012/10/01/4869264/how-did-wires-get-cut-on-military.html

 • The hackers who claimed credit for cyberattacks that disrupted the online operations of several U.S. banks the week of September 24 had technical capability greater than the typical hacktivist, said a security expert. – CSO Online See item 18 below in the Information Technology Sector

 • A report said employees at Amtrak, the nation‘s largest passenger rail carrier, failed drug and alcohol tests at a 51 percent higher rate than the industry average. – CNN

22. October 1, CNN – (National) Report: Amtrak employees failing drug, alcohol tests at alarming rate. A report blasts Amtrak, the nation‘s largest passenger rail carrier, for dangerously overlooking drug and alcohol use by its employees, CNN reported October 1. The report released September 27, an internal audit by Amtrak‘s Office of Inspector General, says drug and alcohol use by employees has steadily risen since 2006. The majority of employees who failed drug tests were reported to have tested positive for cocaine and marijuana, according to the report. Amtrak‘s employees failed drug and alcohol tests at a staggering 51 percent higher rate than the rail industry average, the report says. Amtrak officials estimated that they have spent $1.5 million to screen employees in 2012 alone, but employees have exceeded industry averages failing drug tests in each of the past 5 years. Federal regulations requiring railroad companies to implement drug and alcohol testing were put in place after a deadly 1987 Amtrak collision with a freight train in Chase, Maryland. In that accident, investigators concluded that a Conrail freight train engineer was under the influence of marijuana and ran three signals before colliding with the passenger train, killing 16. The report suggested many ways Amtrak could prevent employees from showing up to work drunk and on illegal drugs. The recommendations include increasing the frequency of drug and alcohol testing, reviewing results and comparing them to industry averages, demonstrating that drug and alcohol control is a priority for Amtrak senior management, improving the physical observation of employees, and increased training of supervisors. Source: http://www.cnn.com/2012/09/28/travel/amtrak-drug-alcohol-tests/index.html


Banking and Finance Sector

13. October 1, Cherry Hill Courier-Post – (Pennsylvania; New Jersey) Glassboro man pleads guilty to loan fraud. A Glassboro, New Jersey man, who owns more than 300 rental properties in Philadelphia, pleaded guilty October 1 to two counts of loan fraud. The man pledged almost 200 homes to secure a pair of loans worth some $10 million, but he did not have clear title to the properties, said the U.S. attorney‘s office. He also inflated the value of rents and forged leases, the federal prosecutor said. He obtained the loans in 2007 and defaulted a year later. Authorities said he borrowed more than $3 million from East River Bank and Polonia Bank, and more than $6.6 million from Republic First Bank. Source: http://www.courierpostonline.com/article/20121001/NEWS/310010022/Glassboro-man-pleads-guilty-loan-fraud?odyssey=nav|head

14. October 1, Los Angeles Times – (National) American Express to refund $85 million to credit card customers. American Express Co. agreed to refund $85 million to 250,000 customers and pay $27.5 million in civil penalties after federal and State regulators found numerous violations of consumer protection laws. Among the alleged infractions were misleading some people who signed up for the company‘s Blue Sky credit card program into believing they would get a $300 payment they never received, charging improper late payments, and deceiving customers about the benefits of paying off old debts, the regulators said. The agency was among several regulators that conducted the investigation, which involved three American Express subsidiaries — American Express Centurion Bank, American Express Travel Related Services Co., and American Express Bank. Source: http://www.latimes.com/business/money/la-fi-mo-american-express-refund-fine-credit-card-20121001,0,238756.story

15. September 29, KABC 7 Los Angeles – (California) ‘Desperate Bandit’ robs US Bank in Placentia. A serial bank robber, dubbed by the FBI as ―The Desperate Bandit,‖ struck again at a U.S. Bank in Placentia, California, September 28. He presented the teller a note stating that he was armed, but no weapon was seen. He fled the scene with an undisclosed amount of cash. Authorities said that in previous bank robberies, his note said, ―I am desperate.‖ The suspect has robbed five banks, including one in Chino August 8, and another in Anaheim Hills September 5. September 14 he struck two banks, one in Tustin and one in Corona. Source: http://abclocal.go.com/kabc/story?section=news/local/orange_county&id=8829329

16. September 29, San Antonio Express-News – (Texas; International) U.S. agents try to seize $1.2 million more in probe of ex-Mexican treasurer. Federal authorities are trying to keep more than $1.2 million in a brokerage account of a Texas company linked to a former treasurer of neighboring Coahuila state, Mexico, as part of a money-laundering investigation, the San Antonio Express-News reported September 29. The money is in a JP Morgan Chase Bank brokerage account in the name of Peninsula South Padre I LLC. Public records list as a company manager a man who was detained in February with the former Coahuila treasurer by sheriff‘s deputies in east Texas, only to be let go by federal authorities. The company is also listed as the owner of a pair of commercial properties in Brownsville that federal authorities are trying to seize. The forfeiture case was the latest development in a series of attempts by law enforcement to seize an additional $6.5 million in bank accounts, and a dozen properties in San Antonio, South Padre Island, and the Rio Grande Valley, worth $20 million. Prosecutors have said in court documents that the properties were purchased with laundered money. Source: http://www.mysanantonio.com/news/local_news/article/U-S-agents-seize-1-2-million-more-in-probe-of-3903644.php

17. September 28, New York Times – (National) Ex-SAC analyst pleads guilty in insider trading conspiracy. A onetime technology industry analyst at SAC Capital Advisors pleaded guilty September 28 to insider trading, the fourth former SAC employee to admit to illegal trading while employed at the fund. Federal prosecutors contend that several SAC members were part of a seven-person conspiracy — a ―circle of friends‖ — that earned about $62 million in illegal gains trading on secret tips from executives at publicly traded technology companies. The former analyst was the fifth person to plead guilty and cooperate with the government. SAC has been a focus of federal authorities since the government began its crackdown on insider trading at hedge funds in 2007. Source: http://dealbook.nytimes.com/2012/09/28/ex-sac-analyst-pleads-guilty-in-insider-trading-conspiracy/

18. September 28, CSO Online – (International) Bank attackers more sophisticated than typical hacktivists, expert says. The hackers who said they were behind cyberattacks that disrupted the online operations of several U.S. banks the week of September 24 had technical firepower that went beyond the typical hacktivist, said one security expert. Experts debated the methods used in cyber-assaults on Wells Fargo, U.S. Bank, and PNC Bank, each struck on separate days, CSO Online reported September 28. The senior security evangelist at Akamai said the banks‘ Web servers were hit by as much as 65 gigabits of traffic per second, roughly as much as 60 times greater than the typical denial of service attack launched by hactivists. Also, the attackers used a single toolkit in building the programs that sent mostly junk data over the Internet to the banks‘ servers, he said. Hactivists typically use multiple toolkits running programs spread across compromised computers and systems of sympathizers. The attack traffic Akamai confronted was ―fairly uniform,‖ he said. ―This does not happen with a hacktivist mob.‖ A security researcher for FireEye who monitored the attack traffic has said he believes it was generated on hundreds of thousands of computers, many of which were likely owned by sympathizers of the attackers recruited through Web sites and social networks. He stuck by his people-powered theory, but agreed the attackers could have used a combination of servers and personal computers, some compromised and some belonging to sympathizers. Source: http://www.csoonline.com/article/717603/bank-attackers-more-sophisticated-than-typical-hacktivists-expert-says

19. September 28, San Gabriel Valley Newspapers – (California) FBI seeks ‘Don’t Even’ bandit for bank robberies in San Gabriel Valley, Inland Empire. A September 27 bank robbery in Rosemead, California, was the work of a serial bandit linked to at least five bank robberies and attempted robberies throughout Los Angeles and San Bernardino counties, officials said September 28. In addition to the robbery at a Bank of the West branch, the ―Don‘t Even Bandit‖ is also sought in connection with four other bank robberies in Alhambra, Covina, Fontana, and Ontario dating back to August 27, FBI officials said. ―He got his name based on witnesses describing that his verbal demands included the threatening language, ‗don‘t even,‘ ‖ a FBI spokeswoman said. In all five crimes, the bandit‘s tactics were similar. In addition to verbally demanding cash, the robber passes a teller a note. No weapon was seen during the crimes, however because of the violent nature of bank robbery, the FBI spokeswoman said the suspect is considered ―armed and dangerous.‖ Source: http://www.pasadenastarnews.com/ci_21654351/fbi-seeks-dont-even-bandit-bank-robberies-san

20. September 28, WINK 11 Fort Myers – (Florida; National) 80 fraudulent credit cards found in suspect’s vehicle. Lee County, Florida sheriff deputies arrested a man September 27 on counterfeit credit card trafficking charges after finding 80 fraudulent credit cards and 32 gift cards in his car after a traffic stop, along with a credit card scanner. Fifteen of the cards were confirmed to have stolen credit card information programmed onto them. A computer check revealed the man had been arrested in New York, New Jersey, Indiana, and Connecticut on fraudulent credit card charges. Source: http://www.winknews.com/Local-Florida/2012-09-28/80-fraudulent-credit-cards-found-in-suspects-vehicle#.UGYJQJjA-NA

21. September 28, Richmond Times-Dispatch – (Virginia) Petersburg man accused of impersonating CIA officer in bank robbery scheme. A federal grand jury indicted a man September 27 on charges of impersonating a Central Intelligence Agency (CIA) officer and using that role to recruit others to rob banks in northern Virginia. The man faced charges of impersonating a government official and three counts of attempted bank robbery, the U.S. attorney‘s office said in a news release. According to the indictment, the man allegedly pretended to be an employee and officer of the CIA and solicited others to rob banks on behalf of the U.S. government. In June, he was alleged to have directed the attempted robbery of one bank in Fairfax County and of two banks in Alexandria, according to the indictment. Source: http://www2.timesdispatch.com/news/2012/sep/28/petersburg-man-accused-impersonating-cia-officer-b-ar-2242235/

Information Technology Sector

51. October 1, Softpedia – (International) Brute force attack can break PINs of Cisco CallManager accounts, researcher finds. While performing a review of Cisco‘s Unified Communications Manager (CallManager), a software-based call-processing system, a security researcher found a way to break the PINs of registered accounts by performing a brute force attack. ―When looking at the phone handset configuration, some URLs are set to allow the handset to retrieve Personal Address Book details or access the Fast Dials. That caught my attention and I immediately pointed my web proxy to those URLs, forgetting about the handset interface,‖ the expert explained. The researcher noticed the handset itself is actually performing simple GET HTTP requests to the CallManager to initiate the log-in sequence. The response contains a ―sid‖ token which is needed to perform the brute force attack. Since it is not possible to perform a userID enumeration, the attack is done with an application such as Burp. Source: http://news.softpedia.com/news/Brute-Force-Attack-Can-Break-PIN-of-Cisco-CallManager-Researcher-Finds-295989.shtml

52. September 29, Softpedia – (International) Mobile ‘visual malware’ able to reconstruct 3D model of victim’s environment. Researchers from the Naval Surface Warfare Center and Indiana University created a piece of ―visual malware‖ called PlaceRaider that is able to create an accurate 3D model of the user‘s indoor environment by taking pictures and collecting data from other sensors. The model created by PlaceRaider does not only contain the big picture, but also the objects present in the environment, which could be anything from credit cards, financial documents, information from computer monitors, and other sensitive data. Source: http://news.softpedia.com/news/Mobile-Visual-Malware-Able-to-Construct-3D-Model-of-Victim-s-Environment-295554.shtml

53. September 28, Army Times – (International) MoH, DSC recipients’ Social Security numbers exposed. A defense contractor‘s data breach left vulnerable the U.S. Army‘s most highly decorated soldiers when a comprehensive awards database — including Social Security numbers — was available online, Army Times learned. The exposed database contains 31 Social Security numbers for 6 Medal of Honor recipients and 25 Distinguished Service Cross recipients since September 11, 2011. The database, which contains 518 records of award recipients, appeared to have been accessed online by an employee of Brightline Interactive, a creative services firm in Alexandria, Virginia. The database was closed to the public after Army Times notified Army officials, who notified the contractor of the breach. Source: http://www.armytimes.com/news/2012/09/army_breach1_092812w

54. September 28, Softpedia – (International) Expert finds XSS flaw on eBay after bypassing ‘filtering mechanisms’. eBay listed a security researcher in its hall of fame after the expert managed to identify a ―very unusual‖ non-persistent cross-site scripting (XSS) vulnerability. ―There was a WAF/IPS in place which was filtering out the html and JavaScript being embedded into the page. I managed to bypass the filtering mechanism of eBay and was able to run my html code and JavaScript,‖ the expert explained. To demonstrate his findings, he published a proof-of-concept (PoC) video in which he details how he managed to bypass the filter. The researcher claims he also identified high-risk vulnerabilities on Web sites owned by Adobe and Apple. The PoCs for these particular security holes will be released as soon as the companies address the problems. Source: http://news.softpedia.com/news/Expert-Finds-XSS-Flaw-on-eBay-After-Bypassing-Filtering-Mechanisms-295397.shtml

55. September 28, Computer Weekly – (International) Phishing attacks cast wider nets in businesses. Phishing attacks are moving from targeting a few key employees in businesses to much wider groups of employees, according to corporate security awareness training company PhishMe. ―Once they are in, attackers are using what they learn about the environment to attack bigger groups,‖ said the company‘s vice-president of product management and services. Some organizations are seeing phishing campaigns targeted at up to 250 employees at a time, but using slightly different fake emails to avoid detections systems, he told Computer Weekly. Phishing attacks are also moving away from using attachments because of greater awareness among corporate users about the potential dangers of email attachments. Instead, they are using emails about topical or local events likely to be of general interest to just about anyone in the organization. Source: http://www.computerweekly.com/news/2240164139/Phishing-attacks-cast-wider-nets-in-businesses

For more stories, see items 17 and 18 above in the Banking and Financial Services Sector
Communications Sector

56. September 28, Beckley Register-Herald – (West Virginia) 4 accused of copper theft arrested. Four Wyoming County, West Virginia residents were arrested September 27 in connection with the copper theft earlier the week of September 24 that left about 1,300 people without phone service, according to the sheriff. One man was charged with grand larceny, felony destruction of property, and theft resulting in loss of phone service, which is also a felony, the sheriff said. The rest of the suspects were charged with grand larceny, felony destruction of property, and theft resulting in loss of phone service. The four were caught after trying to sell the copper to a recycling center in Raleigh County. The State police were notified and the vehicle was stopped a short time later with the copper still in the vehicle. Bond was set at $100,000 each. All four were remanded to Southern Regional Jail. Source: http://www.register-herald.com/local/x1241986982/4-accused-of-copper-theft-arrested

For another story, see item 51 above in the Information Technology Sector

Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.

Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.