Friday, October 12, 2012


Daily Report

Top Stories

 • More people than previously thought received possibly tainted steroid injections and 14,000 patients could be at risk of contracting meningitis, health authorities said October 11. – Reuters

31. October 11, Reuters – (National) CDC says 14,000 people at meningitis risk amid call for criminal probe. Health authorities said October 11 that more people than previously thought received possibly tainted steroid injections and that some 14,000 patients could be at risk of contracting meningitis. The Centers for Disease Control and Prevention (CDC) said the number of people at risk, which is 1,000 higher than earlier estimated, was revised after consulting with health authorities. Fourteen patients have died from meningitis and 170 people have been infected, the CDC said in its latest update October 11. The number of infections rose by 33 since October 10, the CDC added. Florida reported a second death from meningitis and Indiana reported its first death from the outbreak. Meningitis cases have been confirmed in 11 States. State and federal officials are now investigating the New England Compounding Center, which distributed thousands of vials of a contaminated steroid. Five new cases were reported in Tennessee, which remained the hardest-hit State with 49 cases, the CDC said. October 11, Michigan totaled 39 cases, Virginia reached 30, and Indiana‘s count grew to 21 cases, according to the CDC. Source: http://www.reuters.com/article/2012/10/11/us-usa-health-meningitis-idUSBRE8970TQ20121011

 • The outbreak of West Nile disease in the United States moved closer to becoming the second worst on record October 10, with federal health authorities reporting 4,249 total cases of the virus-caused illness and 168 deaths. – Reuters
36. October 10, Reuters – (National) West Nile outbreak closer to being second worst in U.S. The outbreak of West Nile disease in the United States moved a step closer October 10 to becoming the second worst on record with federal health authorities reporting 280 cases of the virus-caused illness since October 8. There have now been 4,249 cases of West Nile recorded in 2012, according to the Centers for Disease Control and Prevention (CDC), 20 cases fewer than in 2006, the second-largest outbreak on record. The number of deaths rose by five to 168 since October 1, the CDC said. The pace of new cases of the disease has slowed since the summer of 2011. More than 70 percent of the cases have been reported in 8 States: Texas, Mississippi, Michigan, South Dakota, Louisiana, Oklahoma, Illinois, and California. Texas has been the hardest hit, recording close to 40 percent of the cases in the country, according to the CDC. Source: http://articles.chicagotribune.com/2012-10-10/lifestyle/sns-rt-us-usa-health-westnilebre89a03a-20121010_1_neuroinvasive-form-west-nile-outbreaks

 • A hacking attack on a Florida college compromised sensitive financial data of about 279,000 students and employees, and resulted in at least 50 cases of identity theft. – IDG News Service

39. October 10, IDG News Service – (Florida) Hackers steal thousands of student records from computers at Florida college. An information breach at a Florida college has compromised information of about 279,000 students and employees, the Florida Department of Education said October 10. In a statement October 8, Northwest Florida State College in Niceville said a breach of computer systems had compromised the personal data of 3,200 current and retired college employees. It was breached between May 21 to September 24 by outsiders, and the personal information of employees that was compromised included name, birth date, employee direct deposit bank routing and account number information, and Social Security number, the college said. By October 10, the college said the incident involved more than 3,000 employee records, about 76,000 Northwest College student records containing personal identification information, and another 200,000 records with names. At least 50 employees were hit by identity thefts as a result of the breach, the college president said in a memo to employees. Hackers accessed one folder with multiple files on the main server, and pieced together the information required for the identity theft by working between files, although no one file had a complete set of personal data on individuals, he said. ―We speculate this was a professional, coordinated attack by one or more hackers,‖ the president added. Source: http://www.computerworld.com/s/article/9232276/Hackers_steal_thousands_of_student_records_from_computers_at_Florida_college

 • Minneapolis is changing how it handles 9-1-1 calls weeks after the worst workplace shooting in Minnesota‘s history claimed seven lives. – WCCO 4 Minneapolis

49. October 10, WCCO 4 Minneapolis – (Minnesota) After workplace shooting, Mpls. changes 911 procedures. The city of Minneapolis is making a change with how it deals with 9-1-1 calls. It comes almost 2 weeks after Minnesota‘s worst workplace shooting, WCCO 4 Minneapolis reported October 10. At least four people called 9-1-1 from the scene of Accent Signage and never got through to a dispatcher. In all, seven people died in that attack September 27, including the gunman. The day of the attack, there were six 9-1-1 operators working alongside seven dispatchers. September 27, there were 65 calls from 4 p.m. to 5 p.m. — 16 were related to the shooting. In the police report, two Accent employees said they called 9-1-1 and it just kept ringing. Police arrived on scene 5 minutes after the first call to 9-1-1. The average response time to a call is more than 8 minutes. Now instead of a continued ring, if a call cannot be answered in 10 seconds, the caller will hear a recorded message urging the caller to stay on the line if it is safe to do so. Source: http://minnesota.cbslocal.com/2012/10/10/after-workplace-shooting-mpls-changes-911-procedures/

 • Water level gauges installed on levees in New Orleans failed and did not provide accurate readings during Hurricane Isaac, officials said. – KVUE 8 New Orleans

69. October 10, WVUE 8 New Orleans – (Louisiana) Corps admits water level gauges failed during Isaac. As a Category 1, Hurricane Isaac beat up on New Orleans for longer than many expected. For the U.S. Army Corps of Engineers, Isaac provided a limited test of the multi-billion dollar investment in flood protection since Hurricane Katrina flooded the city 7 years ago. While the storm surge from Isaac did not match the new protection, the Corps admitted there were problems with sensors placed along the 17th Street Canal and other outfall canals ―There were four of the inside gauges that would come and go, and then a couple of them went out completely when we got to our maximum canal level,‖ the Corp‘s 17th Street Canal captain said of the six gauges. The outages were intermittent and often lasted just a minute, he added. The water level in the 17th Street Canal should remain at 6.5 feet or lower, according to the Corps. At one point during Isaac, there was a flawed reading of 8 feet. The Corps said sensor problems never put the community at risk. The canal captain added their investigation indicated some gauges were positioned too low. But he said raising them too high could also cause problems with their stability during a storm. He said the Corps is also looking at getting some additional gauges with a different type of technology. Source: http://www.fox8live.com/story/19788819/corps-admits-water-level-gauges

Details

Banking and Finance Sector

8. October 11, Softpedia – (National) Regions Bank website attacked by hackers. Hackers have once again kept their promise and launched a distributed denial-of-service (DDOS) attack against the Web site of Regions Financial Corp. October 10, they took aim at the site owned by SunTrust and October 11, they seemed to focus on the Regions Bank Web site. Regions representatives told Fox News that the organization was aware of the threats, and claimed they were ―taking every measure‖ to protect the company and customers. The site appeared to be experiencing some performance issues, but it seemed to be accessible from the United States. On the other hand, it was not accessible from a Romania IP, which might mean that certain IP address ranges were restricted in order to mitigate the attack. The hackers claimed that during the weekend of October 13 they will plan the next attacks. Source: http://news.softpedia.com/news/Regions-Bank-Website-Attacked-by-Izz-ad-Din-al-Qassam-Hackers-298767.shtml

9. October 11, Associated Press – (Florida) Feds in south Florida arrest 40 in ID theft-tax crackdown. Federal authorities in south Florida said they arrested 40 people in separate cases involving thousands of stolen identities used to commit tax fraud, the Associated Press reported October 11. A U.S. attorney said Miami has the highest identity theft rate in the nation at about 324 complaints for every 100,000 residents. Tthe city‘s rate of false income tax returns based on stolen identities is 46 times the national average. The 40 arrests announced October 10 were the latest under a new federal strike force in south Florida that includes the FBI, Internal Revenue Service, Secret Service, and others. The U.S. attorney said so far in 2012, 79 people were charged in cases involving nearly $40 million in fraudulent tax returns filed using stolen identities. Source: http://www.news-press.com/article/20121011/NEWS01/310110034/Feds-South-Florida-arrest-40-ID-theft-tax-crackdown?odyssey=tab|topnews|text|Home

10. October 11, WHNS 21 Greenville – (National) Feds make 2nd arrest in councilman’s Ponzi scheme. Federal agents arrested a second man October 9 in connection with a Ponzi scheme that bilked investors out of $60 million. Investigators said Atlantic Bullion and Coin, a company run by a former Anderson County, South Carolina councilman, duped more than 900 investors across 25 States into thinking they were buying silver and making big profits. They said the councilman never bought any precious metals and was paying investors‘ lofty dividends with other investors‘ money. He pleaded guilty in July to two counts of mail fraud as part of a plea deal. October 9, FBI agents arrested another man in connection with the same scheme. He was charged with conspiracy to commit mail fraud. According to an indictment, the man worked with the councilman to defraud investors of nearly $3.5 million. An attorney has taken possession of the assets of Atlantic Bullion and Coin. He will liquidate the assets and distribute the proceeds to the victims of the scheme. Source: http://www.foxcarolina.com/story/19789355/feds-arrest-another-arrest-in-ex-councilmans-ponzi-scheme

11. October 10, Fox News – (National) SunTrust the latest victim in cyber attack saga. SunTrust seemed to be the latest bank targeted with a denial of service attack October 10 in a chain of cyber attacks that hit Capital One October 9 and other major Wall Street institutions in September. The hacking group in a blogpost October 8 said it would target Capital One October 9, regional bank SunTrust October 10, and Regions Financial October 11. A handful of users reported on Twitter and SiteDown.co they were having issues accessing SunTrust‘s e-banking Web site. That is different from some of the earlier attacks where customers could not access the main customer Web site altogether. When attempting to log on, some customers complained of receiving one of two error messages: ―Server Unavailable‖ or ―Server is too busy‖. ―We have seen increased traffic today and have experienced some intermittent service availability,‖ a SunTrust spokesperson said. October 9, SunTrust said that it was ―aware of the threat‖ and was working to mitigate any disruption to clients should an attack occur. The group threatened to pursue more cyber attacks the week of October 15 and has long said it will not stop until a video mocking the Islam religion first posted to YouTube is removed from the Internet. Source: http://www.foxbusiness.com/technology/2012/10/10/suntrust-may-be-latest-victim-in-cyber-attack-saga/

For another story, see item 39 above in Top Stories

Information Technology Sector

51. October 11, IDG News Service – (International) Firefox 16 removed from installer page after vulnerability found. Mozilla temporarily removed Firefox 16 from the current installer page after it found a security vulnerability in the new version of its browser, it said October 10. The vulnerability could allow a malicious site to potentially determine which Web Sites users have visited and have access to the uniform resource locator (URL) or URL parameters, the director of security assurance at Mozilla said. Mozilla does not however have any information that the vulnerability is currently being ―exploited in the wild,‖ he added. It is working on a fix and planned to ship updates October 11. Source: http://www.computerworld.com/s/article/9232278/Firefox_16_removed_from_installer_page_after_vulnerability_found

52. October 11, Softpedia – (International) Facebook develops ‘extensive system’ to fix phone number leakage issue. A security researcher recently demonstrated that he could collect a large number of usernames and phone numbers from Facebook customers by leveraging a privacy flaw. Initially Facebook representatives said there was nothing they could do about it, highlighting the fact that ―it‘s a feature, not a bug.‖ However, after the media picked up on the researcher‘s findings, Facebook ―developed an extensive system‖ to prevent the misuse of the search functionality. The expert confirmed a mitigation mechanism was established — the accounts of users who try to look up a wide range of phone numbers are suspended for 24 hours. Source: http://news.softpedia.com/news/Facebook-Develops-Extensive-System-to-Fix-Phone-Number-Leakage-Issue-298583.shtml

53. October 10, IDG News Service – (International) A better reason to avoid Huawei routers: Code from the ‘90s. A security researcher has a more compelling reason to avoid routers from Huawei Technologies than fears about their ownership. While the company blasted for its opaque relationship with China‘s government in a U.S. intelligence report released October 8, a bigger worry for some is what is inside its routers. ―The code quality is pretty much from the ‗90s,‖ said the researcher, who analyzed the software inside Huawei‘s home and enterprise routers, and runs Recurity Labs, a security consultancy. He will speak October 11 at the Hack in the Box security conference and discuss the vulnerabilities he and a fellow researcher disclosed earlier in 2012 along with an overview of Huawei‘s security. When the researcher began looking at Huawei‘s routers, the firm did not have a prominent product security team, he said. However, since he and his colleague detailed vulnerabilities in the firmware of Huawei‘s AR18 series routers, which are meant for homes, and its AR29 series routers, intended for small enterprises, at the Defcon conference in July, ―they seem to be trying to ramp up product security in a visible way right now,‖ he said. Source: http://www.computerworld.com/s/article/9232229/A_better_reason_to_avoid_Huawei_routers_Code_from_the_90s

54. October 10, Softpedia – (International) Experts warn users to beware of ‘Apple ID Cancelled’ phishing scam. Cybercriminals are once again out to acquire Apple customers‘ IDs with the aid of a malicious spam campaign that is designed to lure users to a phishing Web site. The emails, entitled ―Apple ID Cancelled,‖ inform the recipient that ―Your Apple ID has been temporarily suspended! Somebody else just tried to sign in into your Apple account from another IP address. Please re-confirm your identity today or your account will be suspended due to concerns we have for the safety and integrity of the Apple Community. Please click here to Activate your Apple ID [link].‖ Websense experts reveal that users who click on the link are taken to a page that replicates the legitimate My Apple ID site with a log-in form. However, customers who provide their credentials and select the ―Sign In‖ button are not actually logging in to Apple‘s services, but instead are providing their credentials to cyber criminals. Source: http://news.softpedia.com/news/Experts-Warn-Users-to-Beware-of-Apple-ID-Cancelled-Phishing-Scam-298468.shtml

55. October 10, Threatpost – (International) Deluge of election-related spam, threats begins. In the wake of the presidential debate the week of October 1, a wave of malicious, election-tinged spam began to hit Internet users. According to a Websense researcher, the spam email messages that look as if they are trying to gauge users‘ interest in the candidates are leading to sites hosting the BlackHole Exploit kit code. The post claims attackers are using thousands of emails containing malicious .pdf, .jar, and .exe files to dupe users into compromising their systems. The post shows a fake email allegedly sent by ―CNN Breaking News,‖ yet the links lead to a site hosting obfuscated BlackHole exploit kit 2.0 code. Source: http://threatpost.com/en_us/blogs/deluge-election-related-spam-threats-begins-101012

For more stories, see items 8 and 11 above in the Banking and Finance Sector, 39 above in the Top Stories and 57 below in the Communications Sector

Communications Sector

56. October 11, Jackson Hole News & Guide – (Wyoming) After three silent days, KHOL returns to the air. A power outage on Rendezvous Mountain in Wyoming, blew out a piece of KHOL 89.1 FM Jackson‘s transmitter over the weekend of October 6, putting the community radio station off the air for 3 days. The damaged piece of equipment had to be sent back to its manufacturer, repaired, and returned to Jackson, the station president said. The power went out October 7 on the tower the station uses to transmit its signal. The power came back on October 8, but the station still did not get its signal back. A piece of the transmitter, called an exciter, had blown out. The station summoned its engineer to check the equipment, and the part was shipped for repairs and then sent back. By October 10, the signal was back up. Source: http://www.jhnewsandguide.com/article.php?art_id=9114

57. October 11, Purdue Exponent – (Indiana) Damaged wires are cause of problems with AT&T services. Any problems experienced with West Lafayette, Indiana‘s AT&T phone services since October 5, should be alleviated by the end of the week of October 8, according to a city official. The West Lafayette public works director and engineer said the issues with AT&T landline, Internet, and cellphone services began after fiber optic and telephone wires were cut during a construction project October 5. The general manager of Frontier Communications in Lafayette said 1,500-4,300 pairs of wire have been restored already, and 2,700 pairs were still out of service. Additionally, 1,100 customers‘ landlines were still being affected by the damage. Cellphone service, however, was restored October 6. Source: http://www.purdueexponent.org/campus/article_0cd8e030-6912-52f9-a03c-7d4b37c36ef7.html

58. October 10, Sacramento Bee – (California) Software problem knocks Clear Channel-owned stations off air. The technical problem that knocked several California Clear Channel-owned stations from the radio airwaves October 10 was traced to a software problem, a local spokesman for the media company said. Engineers at Clear Channel responded and got the stations back on the air as quickly as possible. The disruption lasted roughly 2 hours. Source: http://www.sacbee.com/2012/10/10/4898933/clear-channel-stations.html


Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.


Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.