Monday, October 15, 2012 

Daily Report

Top Stories

 • Nine men — including four former Duke Energy employees — stole copper wiring from the utility in Ohio and sold it to recycling centers in northern Kentucky for about 4 years, federal prosecutors said. – Cincinnati Enquirer

2. October 12, Cincinnati Enquirer – (Ohio; Kentucky) 9 indicted in copper thefts from Duke; 4 are ex-workers. Federal prosecutors said nine men — including four former Duke Energy employees — stole copper wiring from the utility in Ohio and sold it to recycling centers in northern Kentucky. The men were indicted by a federal grand jury October 11, with conspiring to transport goods in interstate commerce, transporting stolen goods in interstate commerce, receiving stolen goods, and conspiracy to launder money. A former Duke maintenance and construction supervisor conspired with former co-workers to take copper wiring from Duke job sites and transport it to Kentucky, according to federal prosecutors. The crimes took place from 2006 to November 2010, according to a spokesman for the U.S. Attorney for the Eastern District of Kentucky. Duke workers were supposed to take excess copper wire from construction sites to the utility‘s recycling plant in Cincinnati. Instead, the men sold it for cash to metal recycling facilities in Boone, Campbell, and Kenton counties and divided the proceeds. Source:|mostpopular|text|FRONTPAGE&nclick_check=1

 • U.S. financial institutions should expect to become the targets of cyberattacks seeking to intercept wire transfers to steal funds from their customers‘ bank accounts, according to a report released by security firm RSA. – Softpedia See item 12 below in the Banking and Finance Sector

  A school bus carrying 40 children was knocked on its side near Victorville, California, October 11 when a U-Haul truck backed into it. Sixteen students and the bus driver were injured, authorities said. – Associated Press

18. October 11, Associated Press – (California) 17 hurt in Victorville, Calif., school bus crash. A school bus carrying 40 children was knocked on its side October 11 when a U-Haul truck backed into it, injuring 16 students and the bus driver, authorities said. The crash occurred as the children were being taken home from Galileo Academy in Victorville, California, about 60 miles northeast of Los Angeles. Two of the children had ‗‗serious but non-life threatening‘‘ injuries and were taken to a medical center, said a spokeswoman for San Bernardino County fire. Ten others were also transported to hospitals. The remaining four were treated and released at the scene, said a California Highway Patrol officer. One of the children seriously injured suffered a laceration to the head, and the other possibly had a broken leg, he said. Parents were contacted by school and transportation officials, and came to the scene of the accident to pick up their children. Source:

  Federal health officials notified 12,000 of the approximately 14,000 people who may have received contaminated steroid shots responsible for a meningitis outbreak. But they said patients would have to watch for symptoms of the deadly infection for months. – Associated Press

33. October 12, Associated Press – (National) Meningitis outbreak growing, 14 people dead. Federal health officials have tracked down 12,000 of the roughly 14,000 people who may have received contaminated steroid shots in the nation‘s growing meningitis outbreak, warning October 11 that patients will need to keep watch for symptoms of the deadly infection for months. Of the 170 people sickened in the outbreak, all but one had a rare fungal form of meningitis after receiving suspect steroid shots for back pain, the Centers for Disease Control said. The other case is an ankle infection discovered in Michigan; steroid shots also can be given to treat aching knees, shoulders or other joints. Fungus has been found in at least 50 vials of an injectable steroid medication made at a specialty compounding pharmacy in Massachusetts, investigators said. Health authorities have not yet said how they think the medication was contaminated, but they have ruled out other suspects — other products used in administering the shots — and the focus continues to be on that pharmacy, the New England Compounding Center. Compounding pharmacies traditionally supply products that are not commercially available, unlike the steroid at issue in the outbreak. And a Massachusetts Department of Public Health doctor said it appears the company violated state law governing those pharmacies, which are not supposed to do large-scale production like a drug manufacturer. Instead, they are supposed to produce medication for patient-specific prescriptions, she said. Idaho became the 11th State to report at least one illness. The others are Florida, Indiana, Maryland, Michigan, Minnesota, New Jersey, North Carolina, Ohio, Tennessee, and Virginia. Source:|topnews|text|Home


Banking and Finance Sector

12. October 12, Softpedia – (International) Experts: Banks should review authentication procedures to prevent trojan attacks. According to a report released by security firm RSA, U.S. financial institutions should expect to become the targets of cyberattacks. The firm was not referring to the recent distributed denial-of-service (DDOS) attacks launched by hackers, but the campaign called Project Blitzkrieg, Softpedia reported October 12. Project Blitzkrieg is said to rely on a trojan called Gozi Prinimalka to intercept wire transfers made by the banks‘ customers with the purpose of emptying their accounts. To ensure success, the initiators want to target 30 unnamed banks with the help of 100 botmasters that could help in sustaining the attacks. Researchers from information security firm Solutionary once again highlighted that this operation leverages the weak state of security surrounding financial institutions, especially those from the United States. ―Solutionary highly recommends banks review authentication procedures for wire transfers‖ a research analyst at Solutionary‘s Security Engineering Research Team explained. The expert warned that directly or indirectly this campaign will result in a DDOS attack and regular users, as well as the targeted firms, should be prepared to handle it. That is because the botnets utilized in massive DDOS attacks often composed of work or home computers. Source:

13. October 12, Rochester Democrat and Chronicle – (New York) 4 charged in bank robbery spree. Four people are facing felony charges in connection with five recent bank robberies in Monroe County, New York suburbs, the Rochester Democrat and Chronicle reported October 11. The four were all charged with second-degree robbery, Monroe County sheriff‘s deputies announced. All four people are accused of participating in five bank robberies in five communities since September 22. The group is accused of robbing an M&T Bank and a Chase Bank October 9; a Bank of America October 3; and two Chase Bank branches September 22 and 29. Source:|head&nclick_check=1

14. October 12, Traders Magazine – (National) SEC automating analysis of suspicious trading patterns. The Chairman of the Securities and Exchange Commission (SEC) said October 11 that the SEC is upgrading its investigative technology so it can identify ―suspicious trading patterns and relationships among multiple traders and across multiple securities.‘‘ She told the 2012 New England Securities Conference that the SEC will use ―newly-developed analytics‖ to spot abuses. A new Market Abuse Unit has spearheaded the analysis project for the Division of Enforcement. With the tool, ―staff are able to search across this database to recognize suspicious trading patterns and identify relationships and connections among multiple traders and across multiple securities, generating significant enforcement leads and investigative entry points,‘‘ according to the enforcement‘s division director. The agency also has put in place an Aberrational Performance Inquiry team that focuses on identifying hedge fund managers that may be engaging in fraudulent practices. The agency is also using an ―e-discovery‖ system to make wide searches of data produced for the agency by the securities industry to find ―needles that might have been missed or overlooked.‘‘ That system will be integrated with other tools, including technology that allows phonetic searches of voice recordings, to find leads. Source:

15. October 11, WIBC 93.1 FM Indianapolis – (National) FBI Seeking ‘Ray Bandit’. Federal authorities are looking for a bank robber they are calling the ―Ray Bandit‖ who has held up at least 10 banks across the Midwest, WIBC 93.1 FM Indianapolis reported October 11. A FBI official said the suspect hit his tenth bank in Omaha, Nebraska, October 10, and suspects he may be a resident of Illinois or Iowa. The suspect is often in disguise and usually wears wide-brimmed hats, Ray Ban-type sunglasses, a beard, and band aids or thimbles on his fingers. The suspect‘s robberies began in July and have been in banks based in grocery stores — two in Wisconsin, one in Iowa, six in Illinois, two in Indiana, and officials believe he may be behind one in Nebraska. Source:

Information Technology Sector

45. October 12, The H – (International) Firefox 16 re-released fixing multiple vulnerabilities. The latest version of Firefox, version 16, returned to Mozilla‘s servers with the release of Firefox 16.0.1 after the discovery of vulnerabilities caused the organization to remove the just-released update for the Web browser from circulation. Mozilla described the problem as that of a malicious Web site being able to potentially determine the URLs and parameters used and suggested downgrading to Firefox 15.0.1, despite the numerous critical bugs fixed in Firefox 16. October 10, a security researcher posted a proof-of-concept, which demonstrated that Firefox 16 was insecure with its location variables, allowing an attacker to open a window pointing at part of another site, wait for that site to redirect the window to a ―logged in‖ page, and then retrieve the new location and data. Accessing the location information should normally be prevented by the browser‘s ―Same Origin‖ policy. Mozilla‘s advisory said a similar but separate critical flaw was found in Firefox 16, Firefox ESR 10.0.8, SeaMonkey 2.13, Thunderbird 16, and Thunderbird ESR 10.0.8 and earlier, which not only disclosed the location object, but, in Firefox 15 and earlier, had the potential for arbitrary code execution. Firefox 16.0.1 closes both holes. These were not the only holes fixed in 16.0.1; another security advisory said developers also identified two of the top crashing bugs in the browser engine and that these bugs showed signs of having corrupted memory. Mozilla concluded that it could be possible to exploit these holes to execute code. Source:

46. October 11, Computerworld – (International) New security threat at work: Bring-your-own-network. Even as IT pros wrestle with the bring-your-own-device (BYOD) trend, corporate security is being further complicated by another emerging trend: bring your own network (BYON). BYON is a byproduct of increasingly common technology that allows users to create their own mobile networks, usually through mobile wireless hotspots. Security professionals say BYON requires a new approach to security because some internal networks may now be as insecure as consumer devices. An attorney with the law firm Much Shelist said BYON represents a more dangerous threat to data security than employees who bring their own smartphones or tablets into the office. ―The network thing blows this up completely, because it takes the data out of the network the company protects,‖ he said. Source:

47. October 11, Softpedia – (International) ‘I will use a bomb to destroy an airplane,’ computer virus says on victim’s behalf. Japanese police arrested three people, accusing them of making online death threats. Later, however, investigators determined that a piece of malware may have actually posted the threats on their behalf. One of the suspects was detained after posting a message on a government site threatening to commit mass murder in a shopping area. An airline company was threatened via email that its planes would be bombed, a similar message was sent to the kindergarten attended by the children of the royal family, and a discussion board post mentioned blowing up a famous shrine. Authorities are investigating the connection between the malware and the threats, but security researchers reveal that the trojan in question, Backdoor.Rabasheeta, is capable of performing such tasks. Source:

48. October 10, SecurityWeek – (International) Google, Yahoo DNS diverted after breach at .ie domain registrar. The Irish version of Google and Yahoo went offline October 9 when perpetrators changed the sites‘ Domain Name Server (DNS) records. An ―unauthorized access‖ ―security incident‖ resulted in the DNS nameserver records for two ―high profile .ie domains‖ to be changed, the IE Domain Registry (IEDR) stated. IEDR identified the two domains as and in a separate statement, and identified the affected registrar as MarkMonitor. IEDR worked with MarkMonitor to correct the problem, but it is not clear how the unauthorized access happened. One possibility is that MarkMonitor‘s log-in details for the IEDR registrar‘s console was socially engineered, according to the statement. Source:

49. October 9, Business Insurance – (International) Average insurance cost per data breach rises to $3.7M: Study. The average insurance cost per computer data breach incident increased from $2.4 million in 2010 to $3.7 million in 2011, according to a new NetDiligence study. Based on claims submitted in 2011 for incidents between 2009 and 2011, the average number of records exposed decreased 18 percent to 1.4 million, according to the study. A typical breach ranged from $25,000 to $200,000 in insurance costs. Legal damages stemming from data breaches represented the bulk of insurance costs, at an average of $582,000 for legal defense costs and an average of $2.1 million in settlements costs, compared with $500,000 and $1 million, respectively, in 2010. Source:

For more stories, see items 12 and 14 above in the Banking and Finance Sector

Communications Sector

See item 46 above in the Information Technology Sector

Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site:

Contact Information

Content and Suggestions: Send mail to or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to

Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at or visit their Web page at v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.