Tuesday, October 9, 2012


Daily Report

Top Stories

 • California had its largest single-day gasoline price spike in almost 5 years October 4, leading to long lines at the pump, gas shortages, and station closures. – Long Beach Press-Telegram

1. October 5, Long Beach Press-Telegram – (California) Gas shortage shutters Costco stations, prices skyrocket. California had its largest single-day gasoline price spike in almost 5 years October 4, leading to long lines at the pump, gas shortages, and even station closures. Experts said the price increases could continue for weeks and the average might even break the $5 mark. By October 4, at least five Los Angeles-area gas stations crossed the $5 per gallon mark, according to GasBuddy.com. A refinery closure, a contaminated pipeline, and the State’s strict pollution limits are all, in part, to blame, experts said. Gasoline inventories across the State are lower than they have been in more than 10 years. Gasoline station owners in southern California have stopped making wholesale purchases to fill underground tanks since the price of gas increased the week of October 1, said a spokesman with the California Independent Oil Marketers Association. Even the Costco discount store chain, which typically has some of the cheapest prices, is starting to run out or is seeing long lines at its pumps. Source: http://www.presstelegram.com/ci_21698765/gas-shortage-shutters-costco-stations-simi-northridge-and?source=rss_viewed

 • As many as 30 American banks have been targeted by a cybercrime gang that is recruiting botmasters for a large-scale coordinated attack to conduct fraudulent wire transfers, experts said. – ThreatPost See item 18 below in the Banking and Finance Sector

 • Federal authorities stopped Medicare payments to providers charged in a sweep that netted 91 people in 7 cities accused of $430 million in fraudulent billing schemes. – Insurance and Financial Advisor

36. October 5, Insurance and Financial Advisor – (National) Feds stop Medicare payments after 91 arrests for alleged false billings. Federal authorities have stopped Medicare payments to providers charged in a sweep that netted 91 people in 7 cities accused of $430 million in Medicare billing schemes. The Medicare Fraud Strike Force said operations in Miami, Los Angeles, Dallas, Houston, Brooklyn, New York, Baton Rouge, Louisiana, and Chicago led to the arrests, the largest health care fraud takedown on record, the U.S. Attorney General said October 4. Those arrested allegedly participated in schemes to submit claims to Medicare for treatments that either never happened or were not medically necessary. Patient recruiters, Medicare beneficiaries, and others received cash kick-backs for giving beneficiary information to providers so those providers could submit the false claims, according to court documents. The alleged fraud includes more than $230 million in home health care fraud, more than $100 million in mental health care fraud, and about $49 million in ambulance transportation fraud, the U.S. Attorney General said. Those charged include the owners and operators of 2 different hospitals, 1 in Miami and 1 in Houston, and 16 medical professionals, including 7 physicians, chiropractors, nurses, a psychologist, and a physical therapist. The defendants face various health care fraud charges, including conspiracy to commit health care fraud, health care fraud, violations of the anti-kickback statutes, and money laundering. The Department of Health and Human Services also suspended or took administrative action against 30 health care providers based upon what officials called credible allegations of fraud. HHS can suspend payments until the resolution of an investigation under the Affordable Care Act. Source: http://ifawebnews.com/2012/10/05/feds-stop-medicare-payments-after-91-arrests-for-alleged-false-billings/

 • The potential scope of the meningitis outbreak that has killed at least five people widened dramatically October 4 as health officials warned that hundreds, perhaps thousands, of patients who received steroid back injections in 23 States could be at risk. – Associated Press

37. October 5, Associated Press – (National) Hundreds may be at risk in meningitis outbreak. The potential scope of the meningitis outbreak that has killed at least five people widened dramatically October 4 as health officials warned that hundreds, perhaps thousands, of patients who got steroid back injections in 23 States could be at risk. So far, 35 people in 6 States — Tennessee, Virginia, Maryland, Florida, North Carolina and Indiana — have contracted fungal meningitis, and 5 of them have died, according to the Centers for Disease Control and Prevention. All had received steroid shots for back pain, a highly common treatment. In an alarming indication the outbreak could get a lot bigger, Massachusetts health officials said the pharmacy involved, the New England Compounding Center of Framingham, Massachusetts, has recalled three lots consisting of 17,676 single-dose vials of the steroid, preservative-free methylprednisolone acetate. An unknown number of those vials reached 75 clinics and other facilities in 23 States between July and September, federal health officials said. Several hundred of the vials, maybe more, have been returned unused, one Massachusetts official said. But many other vials were used. At 1 clinic in Evansville, Indiana, more than 500 patients got shots from the suspect lots, officials said. At 2 clinics in Tennessee, more than 900 patients received shots. Clinics and medical centers rushed to contact patients who may have received the apparently fungus-contaminated shots. And the Food and Drug Administration urged doctors not to use any products at all from the Massachusetts pharmacy that supplied the suspect steroid solution. Source: http://vitals.nbcnews.com/_news/2012/10/05/14241074-hundreds-may-be-at-risk-in-meningitis-outbreak?lite

Details

Banking and Finance Sector

18. October 4, ThreatPost – (International) Cybercrime gang recruiting botmasters for large-scale MiTM attacks on American banks. A slew of major American banks may soon have to brace themselves for a large-scale coordinated attack bent on pulling off fraudulent wire transfers, ThreatPost reported October 4. RSA’s FraudAction research team has been monitoring underground chatter and has put together various clues to deduce that a cybercrime gang is actively recruiting up to 100 botmasters to participate in a complicated man-in-the-middle hijacking scam using a variant of the proprietary Gozi Trojan. This is the first time a private cybercrime group has recruited outsiders to participate in a financially motivated attack, said a cybercrime communications specialist for RSA FraudAction. The attackers are promising their recruits a cut of the profits, and are requiring an initial investment in hardware and training in how to deploy the Gozi Prinimalka Trojan. Also, the gang will only share executable files with their partners, and will not give up the Trojan’s compilers, keeping the recruits dependent on the gang for updates. With this kind of scale, banks could be facing up 30 times the number of compromised machines and fraudulent transfers as the average attack, if the campaign is successful. As many as 30 banks have been targeted, many of them well known and high profile. RSA said the gang is targeting American banks because of past success in beating their defenses, as well as a lack of two-factor authentication required for transfers. Source: http://threatpost.com/en_us/blogs/cybercrime-gang-recruiting-botmasters-large-scale-mitm-attacks-american-banks-100412

19. October 4, Austin American-Statesman – (Texas) ‘Trick or Treat Bandit’ strikes again. The man who robbed a north Austin, Texas bank October 4 has been nicknamed the ―Trick or Treat Bandit‖ and is believed to have robbed six other banks in the area since October 2009, detectives said. Police responded to a robbery call at the International Bank of Commerce branch. Officers said the man displayed a weapon, demanded money, and left the scene with an undisclosed amount of cash. The first robbery he is believed to be responsible for occurred October 6, 2009, at a Bank of America branch in north Austin, police said. Source: http://www.statesman.com/news/news/crime-law/blotter-trick-or-treat-bandit-strikes-again/nSTkz/

20. October 4, SecuringPharma.com – (National) Ten plead guilty in US fake credit card ring. U.S. attorneys have secured guilty pleas from 10 people accused of using fake credit cards and driver’s licenses to buy goods, SecuringPharma.com reported October 4. The accused are alleged to have used fake cards at Walmart, Target, and other retailers. Once purchased, the products, which included iPads and other electronic items, were put up for sale on eBay, the Birmingham News reported. Evidence of the operation was uncovered in May 2011 when a U.S. Secret Service agent bought an iPad from eBay. Investigators traced the iPad back to a Target store where it was allegedly purchased using a fake identity. To date, 10 people have been arrested, all of whom pleaded guilty. The investigation continues. A possible ringleader has yet to be arrested. Authorities allege the unnamed person directed the operation, with those arrested so far working in various lower roles. Source: http://www.securingindustry.com/security-documents-and-it/ten-plead-guilty-in-us-fake-credit-card-ring/s110/a1432/

21. October 3, U.S. Federal Deposit Insurance Corporation – (National) Fraudulent e-mails claiming to be from the FDIC. The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent emails that have the appearance of being sent from the FDIC, according to a notice released October 3. While the emails exhibit variations in the ―Subject‖ lines, the messages are similar. They all make reference to the suspension of recipient’s ability to conduct transfers via ACH and/or wire transfer. The emails then encourage recipients to install a software update by clicking on a link provided. They then say that functionality will be restored once the software update is installed. The emails and the link provided are fraudulent. Recipients should consider the intent of these emails to load malicious software on the recipient’s computer, or to collect personal or confidential data. Recipients should not click on the link provided. The FDIC does not send unsolicited emails to consumers or business account holders. Source: http://content.govdelivery.com/bulletins/gd/USFDIC-55ee11

For another story, see item 36 above in Top Stories

Information Technology Sector

44. October 5, Help Net Security – (International) Trojan disguised as image delivered via Skype messages. A spamming campaign that surfaced in the last few days is being propagated via compromised Skype accounts. The offered links do not lead to an image, but to a malicious executable (skype_02102012_image.exe) posing as one. ―Running the file will cause it to self delete and the infected PC will begin making DNS requests to a number of URLs, including a .pl, a .com and a .kz - we also saw references to IRC channel names in the network traffic and are investigating further,‖ said a researcher from GFI. Source: http://www.net-security.org/malware_news.php?id=2285

45. October 5, Softpedia – (International) Adobe revokes code signing certificate for software signed after July 10, 2012. October 4, Adobe revoked the compromised code signing certificate that was used to sign several malicious applications. Updates signed with a new certificate were issued. The revoked certificate was used to sign software code after July 10, 2012. According to Adobe, the Windows platform and three Adobe AIR applications – Acrobat.com desktop services, Adobe Story AIR applications, and Adobe Muse – for both Windows and Mac are affected. Source: http://news.softpedia.com/news/Adobe-Revokes-Code-Signing-Certificate-for-Software-Signed-After-July-10-2012-297123.shtml

46. October 4, Computerworld – (International) Microsoft to patch 20 bugs next week in month of Office updates. Microsoft announced October 4 it would deliver 7 security updates, 1 critical, to patch 20 vulnerabilities in Office, SharePoint Server, SQL Server, Windows, and other parts of its product lineup. The one update pegged critical, Microsoft’s highest threat ranking, will tackle bugs in all supported versions of Office on Windows. The other six updates were labeled ―important,‖ the next-most-serious rating in the firm’s scoring system. There was no update scheduled for Internet Explorer, which Microsoft addressed in September when it rushed out an emergency patch to stymie active attacks exploiting a bug in the browser. The September 21 ―out-of-band‖ update also included patches for several additional vulnerabilities, which were originally slated to ship the week of October 8. Security experts tapped the critical Office update as the one to plan to deploy as soon as possible. Source: http://www.computerworld.com/s/article/9232068/Microsoft_to_patch_20_bugs_next_week_in_month_of_Office_updates

47. October 4, Help Net Security – (International) Bogus Skype password change notifications lead to phishing. Bogus emails supposedly sent by Skype are targeting users of the popular VoIP service, saying their Skype password was ―successfully changed.‖ Users who have not recently initiated the password change themselves are in danger of believing their account is being hijacked and following the offered links. Those that do will be faced with a spoofed Skype login page that sends the entered login credentials to the scammers behind the phishing attempt. Users are advised to always log into the legitimate online services only via the official login page. Source: http://www.net-security.org/secworld.php?id=13728

For more stories, see items 18 above in the Banking and Finance Sector and 48 below in the Communications Sector

Communications Sector

48. October 2, Newark Star-Ledger – (New Jersey) Sun outages October 4th through the 12th will interrupt cable service. The note Optimum customers in Edison, New Jersey, received October 2 stated ―Between October 4 and October 12, 2012, you may notice a very brief interruption in TV service due to Sun Outages.‖ Twice a year, at the Spring and Fall Equinox, satellite downlink sites in the Northern Hemisphere experience reception interruptions due to the transition of the sun. Reception interruptions span a period of about 10 days as the sun aligns directly above the satellite and the downlink antenna. Interference gradually increases through the transit time period, peaks, and then subsides as the transit period ends. The start and end dates of the sun outage cycle for any geographical location determines the severity of the interference on any given day. Millions of customers in New Jersey could be affected by these outages. Source: http://www.nj.com/middlesex/index.ssf/2012/10/sun_outages_october_4th_throug.html

For more stories, see items 44 and 47 above in the Information Technology Sector


Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.


Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.