Friday, October 5, 2012 



Daily Report

Top Stories
 • A blown fuse and a vehicle crash cut power to the heart of Corvallis, Oregon, for most of October 3, shutting down many schools and businesses, and creating big traffic problems. – Corvallis Gazette-Times

3. October 3, Corvallis Gazette-Times – (Oregon) Power outage affects heart of city most of workday. A blown fuse and a vehicle crash cut power to the heart of CorvalOregon, for most of October 3, and affected schools, businesses, and traffic. Among most impacted were businesses along Corvallis’ commercial district on Ninth Street,six schools, and Oregon State University, about 11,500 Pacific Power customers in aThe larger of two outages affected 10,864 customers in the core of the city and to thsouth and west, a Pacific Power spokesperson reported. Power was fully restored to customers after several hours. A separate power outage, affecting 780 residences in north Corvallis, was caused by a vehicle hitting a power pole. Workers restored powto those customers a few hours later. About 20 buildings at Oregon State University were left without power. Source: http://www.gazettetimes.com/news/local/power-outage-affects-heart-of-cityfor-most-of-workday/article_eb833e58-0d8b-11e2-acfc-001a4bcf887a.html

 • Health officials have traced an outbreak of rare fungal meningitis that has sickened dozens and killed 4 people to a Framingham, Massachusetts specialty pharmacy that distributes a steroid injection commonly used to treat back pain. – NBC News

33. October 4, NBC News – (National) Fungal meningitis death toll may rise. Health officials have traced an outbreak of rare fungal meningitis to a Framingham, Massachusetts specialty pharmacy that distributes a steroid injection commonly used to treat back pain, NBC News reported October 4. The pharmacy, which shipped 2,000 vials of the possibly contaminated steroid to one center in Tennessee alone, said it has recalled all of the product and is cooperating with federal officials, said the Associated Press. Doctors leading the investigation said they expect to find more cases, and if the pharmacy shipped product to many States, it is possible many more people across the country will become ill with the hard-to-treat infection. So far, 26 people have been diagnosed with fungal meningitis in 5 States and 4 of them have died. The Massachusetts health department said it was working with federal officials and said the New England Compounding Center had surrendered its license to operate. Source: http://vitals.nbcnews.com/_news/2012/10/04/14219550-fungal-meningitis-death-toll-may-rise?lite

 • More than 3 weeks after attacks in Benghazi killed the U.S. ambassador to Libya and three other Americans, sensitive documents remained only loosely secured in the wreckage of the U.S. mission. – Washington Post

38. October 3, Washington Post – (International) Sensitive documents left behind at U.S. diplomatic post in Libya. More than 3 weeks after attacks in Benghazi killed the U.S. ambassador to Libya and three other Americans, sensitive documents remained only loosely secured in the wreckage of the U.S. mission, offering visitors easy access to delicate information about American operations in Libya, the Washington Post reported October 3. Sensitive documents were among the items scattered across the floors of the looted compound when a Washington Post reporter and an interpreter visited October 3. No government-provided security forces are guarding the compound, and Libyan investigators have visited just once, according to a member of the family who owns the compound and who allowed the journalists to enter October 3. ―Securing the site has obviously been a challenge,‖ a deputy spokesman at the State Department said in response to questions about conditions at the Benghazi compound. ―We had to evacuate all U.S. government personnel the night of the attack. After the attack, we requested help securing the site, and we continue to work with the Libyan government on this front.‖ Source: http://www.washingtonpost.com/world/middle_east/sensitive-documents-left-behind-at-american-mission-in-libya/2012/10/03/11911498-0d7e-11e2-bd1a-b868e65d57eb_story.html

 • State dams’ officials said a lack of resources and manpower has prevented timely upgrades to thousands of high-hazard structures in urgent need of repairs. – Pew Center on the States

57. October 4, Pew Center on the States – (National) Dam inspectors fear the deluge. Extreme weather, shifting demographics, and the passage of time are teaming up to erode the condition of dams and increase the cost of their failure, often measured in millions of dollars and significant numbers of lives lost, the Pew Center of the States reported October 4. In 2011, States combined to employ just 422 full time workers to oversee 87,679 structures, averaging out to more than 200 per person. Of those dams, 11,388 were deemed ―high-hazard,‖ a category quantified differently across States but associated with the likelihood that a failure will lead to fatalities. ―They’re doing the best job they can. They just don’t have the resources,‖ said the executive director of the Association of State Dam Safety Officials. A 2009 study by the group estimated it would cost $16 billion to make the most urgent repairs over the next 12 years. When the Senate reconvenes following the election, it will be asked to consider reviving the 2006 National Dam Safety Act, a measure tacked onto a larger bill that has passed in the House. The $14 million yearly program, which expired in 2011, helped States retain staff, educate dam owners, and buy essential equipment. Since then, funding has trickled in from the Federal Emergency Management Agency, but it has fallen short of plugging the gap. Source: http://www.pewstates.org/projects/stateline/headlines/dam-inspectors-fear-the-deluge-85899420764

Details

Banking and Finance Sector

13. October 2, U.S. Department of Justice – (New York; National) Residential Mortgage-Backed Securities Working Group members announce first legal action. The Residential Mortgage Backed Securities (RMBS) Working Group members October 2 announced their first legal action since the working group formation earlier this year. In his role as a co-chair of the RMBS Working Group, the New York attorney general filed a Martin Act lawsuit against J.P. Morgan Securities LLC (formerly known as Bear Stearns & Co. Inc.), JP Morgan Chase Bank N.A., and EMC Mortgage LLC (formerly known as EMC Mortgage Corporation) for making fraudulent misrepresentations and omissions to promote the sale of RMBS to investors. According to the lawsuit, the defendants deceived investors as to the care with which they evaluated the quality of mortgage loans packaged into residential mortgage-backed securities prior to Bear Stearns & Co’s collapse in early 2008, incurring losses that have totaled about $22.5 billion. The lawsuit is the first legal action from the RMBS Working Group, a State-federal task force created by the U.S. President earlier this year to investigate those responsible for misconduct contributing to the financial crisis through the pooling and sale of RMBS. Source: http://www.justice.gov/opa/pr/2012/October/12-opa-1196.html

For another story, see item 47 below in the Information Technology Sector

Information Technology Sector

45. October 4, The H – (International) New Oracle hacks revealed. At the DerbyCon 2.0 conference, two security experts presented a range of attacks, some of which were previously unknown, on Oracle databases and SQL servers; they even released suitable tools to exploit them at the same time. In ―Hacking the Oracle Client,‖ one of the researchers demonstrated that, although Oracle saves the user name and password for a database connection in encrypted form in the client’s main memory, this data remains in memory after the session ends, and can easily be decrypted. A trojan, for example, could exploit this to harvest plain-text passwords from the client, which was demonstrated by the ocioralog meterpreter extension. The experts also demonstrated how Oracle connections can be hijacked and exploited. Due to the unpatched TNS poisoning security vulnerability, the experts’ approach works with any standard Oracle database, unless special security measures for the TNS listener are in place. The presented pytnsproxy TNS proxy, combined with a suitable Metasploit module called tnspoison, allows unauthenticated attackers to sniff-out or modify the connections to the database; arbitrary SQL commands can even be sent using the TNS proxy. Source: http://www.h-online.com/security/news/item/New-Oracle-hacks-revealed-1723371.html

46. October 3, Threatpost – (International) Some Wordpress themes, thousands of sites open to XSS vulnerability. A number of Wordpress themes being distributed by the developer Parallelus are vulnerable to cross-site scripting (XSS) attacks, reports said. Themes, bits of PHP, and HTML code that alter the look and functionality of sites are usually installed via Wordpress’ dashboard tool or by FTP. According to a Finnish product security professional and pentester, the XSS vulnerabilities lie in the Unite, Salutation, Intersect, and Traject themes. The themes cost around $30-$60 for a regular license on Themeforest.net, a Wordpress theme marketplace. The security professional noted that not all of the themes and templates associated with Parallelus are vulnerable, but thousands of sites — personal and business — could be affected. Source: http://threatpost.com/en_us/blogs/some-wordpress-themes-thousands-sites-open-xss-vulnerabilities-100312

47. October 3, Help Net Security – (International) Malicious spam campaign targets QuickBooks users. Intuit-themed malicious spam campaigns appear every few months, given that the company’s tax preparation, accounting, financial management, and billing software and services are extremely popular in the United States and Canada. The latest one, spotted by GFI Software, tries to attract the users of Intuit’s QuickBooks — accounting software marketed to small business owners — with an offer of free shipping when ordering tax forms. For the recipients who click on them, the embedded links lead not to the ordering form, but to a page that shows a ―Connecting to server...‖ message and eventually redirects them to another page hosting the Blackhole exploit kit. Source: http://www.net-security.org/malware_news.php?id=2282

48. October 2, V3.co.uk – (International) Blackhole responsible for a third of drive-by download attacks. According to new research, malware created using the Blackhole toolkit can be found on nearly one third of all malicious Web links circulating in the wild. A team comprised of researchers at Google, the International Computer Science Institute, and several leading U.S. universities warned that so-called drive-by downloads are becoming cyber criminals’ attack of choice. The team studied more than 77,000 malicious URLs identified using Google’s Safe Browsing — a tool Google uses to identify sites carrying malicious payloads. They then attempted to analyze the code these sites were dispensing, analyzing the malware being distributed and the tools used to create it. Nearly half of all Web pages serving exploits were based on two toolkits: Blackhole and Incognito. Source: http://www.v3.co.uk/v3-uk/the-frontline-blog/2214082/blackhole-responsible-for-a-third-of-driveby-download-attacks

For another story, see item 49 below in the Communications Sector

Communications Sector

49. October 4, Quincy Patriot-Ledger – (Massachusetts) Phone, internet service restored in Braintree. Phone and Internet service in Braintree, Massachusetts, was restored October 4 after a severed fiber in Quincy knocked out service for hundreds of residents through most of October 3. A spokeswoman for the Braintree Electric Light Department, said a ―major fiber cut‖ in Quincy disrupted service for about 3,200 Internet customers and close to 2,000 phone customers early October 3. Phone service was restored by the evening October 3, but Internet service remained off-line for many residents until October 4. Source: http://www.patriotledger.com/topstories/x383194682/Braintree-phones-back-on-Internet-still-out


Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.


Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.