Monday, October 22, 2012
Daily Report
Top Stories
• Kolon Industries Inc. and several of its
executives and employees were indicted for allegedly engaging in a multi-year
campaign to steal trade secrets related to DuPont’s Kevlar para-aramid fiber
and Teijin Limited’s Twaron para-aramid fiber, officials announced October 18.
– U.S. Department of Justice
2.
October 18, U.S. Department of Justice –
(National; International) Top executives at Kolon Industries indicted for
stealing DuPont’s Kevlar trade secrets. Kolon Industries Inc. and several
of its executives and employees were indicted for allegedly engaging in a
multi-year campaign to steal trade secrets related to DuPont’s Kevlar
para-aramid fiber and Teijin Limited’s Twaron para-aramid fiber, the U.S.
Department of Justice announced October 18. The indictment seeks forfeiture of
at least $225 million in proceeds from the alleged thefts. “Kolon is accused of
engaging in a massive industrial espionage campaign that allowed it to bring
Heracron quickly to the market and compete directly with Kevlar,” said a U.S.
attorney. Headquartered in Seoul, South Korea, Kolon was indicted by a grand
jury in Richmond, Virginia. The indictment charges Kolon with one count of
conspiring to convert trade secrets, four counts of theft of trade secrets, and
one count of obstruction of justice. Kevlar is produced by E.I. du Pont de
Nemours and Company (DuPont), one of the largest chemical companies in the
United States. Source: http://www.fbi.gov/richmond/press-releases/2012/top-executives-at-kolon-industries-indicted-for-stealing-duponts-kevlar-trade-secrets
• HSBC blamed a distributed denial-of-service
(DDoS) attack for the downtime of many of its Web sites worldwide October 18. –
The Register See item 8 below
in the Banking and Finance Sector
• An offshore remittance company called
Caribbean Transfers financed a complex money-laundering ring that moved more
than $30 million in stolen Medicare money from south Florida into Cuba’s
banking system, federal authorities announced October 17. – Miami Herald
28. October
18, Miami Herald – (Florida; International) Laundering ring moved Medicare money
to Cuba bank, US officials say. An offshore remittance company called
Caribbean Transfers financed a complex money-laundering ring that moved more
than $30 million in stolen Medicare money from south Florida into Cuba’s
banking system, federal authorities said October 17. The revelation surfaced in
the widening case of a now-convicted check-cashing store owner who was first
believed to be at the center of the money-laundering scheme. It marked the
first time that investigators traced tainted Medicare proceeds to Cuba’s
State-controlled bank. Prosecutors filed new conspiracy charges against the
founder of the Caribbean-based company, who is at large, and two Miami-Dade
County men suspected of defrauding the taxpayer-funded Medicare program. The
latter defendants are accused of laundering their Medicare profits through the
convicted check-cashing store owner, who did business with Caribbean Transfers. The
new information about Caribbean Transfers, which prosecutors said is licensed
by the Cuban government, was disclosed during the bond hearing of one of the
Miami-Dade County men October 17. The U.S. attorney’s office said it has no
evidence that the Cuban government was involved in the laundering scheme, and
Cuban officials denied any involvement. Source: http://www.bellinghamherald.com/2012/10/18/2734149/laundering-ring-moved-medicare.html
• Kaspersky Labs is developing a secure
operating system for industrial control systems, the company’s chairman and CEO
said October 16. The new system aims to protect complex industrial systems that
have become the target of a variety of high-profile cyberweapons. – IDG News
Service
See
item 45 below in the Information Technology Sector
Details
Banking and Finance Sector
6. October
19, Associated Press – (Florida) 3rd person guilty in $39M Fla. mortgage fraud. A
third person pleaded guilty in federal court to taking part in a $39 million
mortgage fraud scheme involving a Fort Lauderdale, Florida condominium, the
Associated Press reported October 19. A man from New York City pleaded guilty
to mail and wire fraud conspiracy charges. Prosecutors said the man and six
other people recruited buyers for units at the condominium. They used false
mortgage applications and misrepresented the buyers’ credit standing in order
to get the loans. The group then diverted a portion of the mortgage proceeds
for their own use. Source: http://www.sfgate.com/news/crime/article/3rd-person-guilty-in-39M-Fla-mortgage-fraud-3963466.php
7. October
19, Associated Press – (Pennsylvania) Pa. developer charged with bank fraud. A
developer from Gladwyne, Pennsylvania, was charged with bank fraud for using
false information to get more than $13 million in loans from two banks. The
U.S. attorney’s office in Philadelphia said October 18 that the developer was
charged with bank and wire fraud and making false statements to banks. A U.S.
attorney said the developer induced Boyertown-based National Penn Bank in 2007
and the former Wilmington Bank in 2008 to lend him $13 million on the basis of
fraudulent securities statements. His attorney said her client had already
admitted wrongdoing. Source: http://www.wfmj.com/story/19861077/pa-developer-charged-with-bank-fraud
8. October
19, The Register – (International) HSBC Web sites fell in DDoS attack last
night, bank admits. HSBC blamed a distributed denial-of-service (DDoS)
attack for the downtime of many of its Web sites worldwide October 18. Readers
told The Register that they were unable to reach the HSBC UK and First Direct
Web sites, leaving them unable to carry out Internet banking services. The
problems lasted for around 7 hours. In a statement, HSBC said attacks affected
customers worldwide, and reassured clients that sensitive account data was not
exposed by the attack. Security researchers analyzing the earlier attacks
quickly came to the conclusion that they were largely powered by botnet
networks of malware-infected PCs. An EMEA Solutions architect team lead at
Arbor Networks said: “Recent attacks have used what we call multi-vector
attacks, attacks which utilize a combination of volumetric, and application
layer attack vectors. What we are seeing here are TCP, UDP, and ICMP packet
floods combined HTTP, HTTPS, and DNS application layer attacks.” Source: http://www.theregister.co.uk/2012/10/19/hsbc_ddos/
9. October
19, KNSD 7 San Diego – (California) ‘Chubby
Bandit’ sought in robbery series. FBI investigators said the man known as
the ‘Chubby Bandit’ is responsible for five bank robberies and one attempted
robbery in San Diego County, KNSD 7 San Diego reported October 19.
Investigators said the first robbery happened October 9 at a US Bank branch in
Poway. October 11 a similar suspect description was reported in the robbery at
Chase Bank in Carlsbad. Officials said the same suspect attempted to rob a
Chase Bank October 13 in Solana Beach. Then he robbed a Wells Fargo Bank in
Encinitas October 15, and a US Bank in Carlsbad October 16. October 18, the
suspect is believed to have robbed a bank located inside a Rancho Bernardo
grocery store. The suspect used a demand note and made verbal demands, and also
verbally threatened and gestured to have a gun during his robberies officials
said. Source: http://www.nbcsandiego.com/news/local/Bank-Robbery-Chubby-Bandit-San-Diego-FBI-Suspect-174791171.html
10. October
19, Associated Press – (North Dakota; Arizona) Arizona pair due in ND court on bank
fraud charges. Two executives from a defunct Arizona mortgage lender were
due in a North Dakota federal court October 19 to hear charges against them
alleging that they swindled Bismarck, North Dakota-based BNC National Bank out
of at least $26 million. The two men are charged with conspiracy to commit bank
fraud and wire fraud, and court records indicated they might enter pleas during
the hearing. One was the CEO of American Mortgage Specialists Inc. (AMS) and
the other was the company’s vice president in charge of lending operations.
Authorities said AMS defrauded BNC by providing it with false financial
statements and other information about the status of loans the bank had
financed. A printout obtained by a BNC employee in April 2010 showed that few
loans at AMS remained to be sold, according to court documents. “The printout
revealed that approximately $565,000 of loans remained to be sold, rather than
the approximately $27 million of loans which were shown in BNC records as being
held for sale to investors,” a federal affidavit reads. “BNC ceased funding the
loans, and AMS closed its operations.” Source: http://www.sfgate.com/news/article/Arizona-pair-due-in-ND-court-on-bank-fraud-charges-3963573.php
11. October
18, Reuters – (International) Ally Financial latest US bank to face cyber
attacks. October 18, Ally Financial became the latest U.S. financial
institution to face a cyberattack. Bank of America, Wells Fargo, and other
banks in recent weeks have suffered so-called distributed denial-of-service
(DDoS) attacks in which hackers use a high volume of incoming traffic to delay
or disrupt customer Web sites. Regional bank BB&T and credit card issuer
Capital One confirmed disruptions earlier the week of October 15. A spokeswoman
for Ally said the bank was investigating the “unusual traffic” on its Web site.
Banks have stressed that customer accounts and information was not at risk, but
the attacks have highlighted the growing threat from hackers against U.S.
infrastructure. Source: http://www.nbcnews.com/technology/technolog/ally-financial-latest-us-bank-face-cyber-attacks-1C6557410
12. October
18, Bloomberg News – (New York; International) Hedge fund manager pleads guilty to
forex fraud. A hedge fund manager who fled the United States after being accused of
swindling clients admitted to running a scheme to cheat investors out of $5
million, Bloomberg News reported October 18. The man pleaded guilty to wire
fraud before a U.S. District Judge in Brooklyn, New York, prosecutors said in
an emailed statement. The man controlled foreign-currency hedge funds Century
Maxim Fund Inc. and AJR Capital Inc., and had faced mail-fraud, wire-fraud, and
money-laundering charges. The man was indicted in 2006 after fleeing the
country in 2005. He traveled to Mexico, Panama, and Poland, where he assumed a
false identity using a fraudulent Russian passport. He was arrested in Poland
in May 2011 and extradited to the United States in August. He also operated an
investment scheme while in Panama. He stole from more than 100 clients who gave
him $5 million in 2004 and 2005 to invest, prosecutors said. He gambled more
than $3 million at a casino in Connecticut, according to prosecutors. He told
the investors he would invest their money in the stock market and foreign
currency exchange market. He falsely said that he had a history of profitable
trading and that he would use a “stop-loss” mechanism to ensure that no trade
would lose more than 3 percent, the government said. Formerly of Staten Island,
New York, the manger fled the United States while on supervised release after
leaving prison in April 2003 for a conviction in a foreign-exchange scheme,
according to prosecutors. He pleaded guilty in that case after being extradited
from France. Source: http://www.businessweek.com/news/2012-10-18/hedge-fund-manager-efrosman-pleads-guilty-to-forex-fraud
13. October
18, U.S. Federal Bureau of Investigation – (Texas) Former
Houston attorney pleads guilty to $7.8M investment scheme. A former
attorney residing in Houston pleaded guilty to one count of wire fraud in
connection with his investment fraud scheme that victimized more than 20
investors of approximately $7.8 million, a U.S. attorney announced October 18.
During the past 10 years, the attorney held himself out to friends and
potential investors as being involved in the real estate investment business.
While he did conduct some legitimate business activity during this time period,
a substantial portion of the funds he solicited were simply part of a Ponzi
scheme he was operating in an effort to satisfy old debts and to fund his
personal lifestyle. In acknowledging his criminal conduct, the attorney
admitted to using a variety of ploys to perpetuate his Ponzi scheme, all of
which involved falsely representing to investors the existence or nature of
various real estate investment opportunities, accepting funds from investors
under such false pretenses, and then using the investor funds in a manner other
than as represented to investors. Source: http://www.loansafe.org/former-houston-attorney-pleads-guilty-to-7-8m-investment-scheme
14. October
18, Salt Lake Tribune – (Utah) FBI offers $5,000 reward for
‘Bundled Up Bandit’. Federal and local Utah law enforcement agencies are
offering a $5,000 reward for information leading to the arrest of a serial bank
robber known as the “Bundled Up Bandit,” the Salt Lake Tribune reported October
18. A FBI spokeswoman said that the suspect, known for wearing multiple layers
of concealing clothing, a knit cap, and sunglasses, is believed to have held up
three Utah banks in the past month. The most recent robbery happened October 17
when the suspect walked into a Bank of the West in Cottonwood Heights. Just
moments after the bank had opened, he handed a note to a teller demanding cash
— and claimed to have both a gun and a bomb. The teller handed over an unspecified
amount of cash and the suspect fled on foot. Source: http://www.sltrib.com/sltrib/news/55107400-78/bank-fbi-suspect-cash.html.csp
15. October
17, Bank Systems and Technology – (National) One in four
customers are card fraud victims, study finds. A new study looking at the
behavior and concerns of customers worldwide concerning card fraud was released
October 17 by payments solutions provider ACI Worldwide and the Aite Group, a
research firm. The 2012 fraud report, titled “Global Consumers React to Fraud:
Beware Back of Wallet,” found that 27 percent of global consumers had been hit
by credit card fraud over the past 5 years. Many of those who experienced fraud
turned to using cash, checks, or other cards more after receiving a replacement
card. The study found that 46 percent of customers who received a replacement
card because of a data breach or other fraud activity used the card less than
before. The study asked more than 5,200 customers in more than 17 countries
around the globe if they had experienced card fraud and how that had changed their
consumer behavior. The percentage of respondents who had experienced fraud in
the last 5 years stayed consistent with the 2011 report findings, but there was
a sharp increase in the number of respondents who had experienced fraud more
than once in the last 5 years. This year 14 percent of the respondents had been
victimized by fraudsters multiple times, compared to only 6 percent last year.
Source: http://www.banktech.com/one-in-four-customers-are-card-fraud-vic/240009173
Information Technology Sector
38. October
19, ZDNet – (International) ‘Major interruption’ at GitHub as attackers
launch DDoS. Code sharing repository GitHub was hit by a distributed denial-of-service
(DDoS) attack, causing major disruptions to its services. GitHub began
investigating the issue at 1:05 p.m. PST, and by 1:33 p.m. PST, alerted its
community to the attack. By 3:52 p.m. PST, it rectified the issue and reported
everything was operating normally. GitHub wrote on its status page that it was
looking into implementing “additional mitigation strategies to harden ourselves
against future attacks.” GitHub also experienced a series of DDoS attacks in
February, and like those previous attacks, no one is claiming responsibility
for this latest disruption. Source: http://www.zdnet.com/major-interruption-at-github-as-attackers-launch-ddos-7000006030/
39. October
19, Softpedia – (International) US election-related news planted in malicious
airline emails to avoid spam filters. Malicious emails purporting to come
from airline companies are not new. They inform the recipient that a ticket has
been purchased using their credit card and point to an attached file for
additional details. However, the more recent airline scams come with a twist.
In an effort to evade spam filters, the cyber criminals started adding
legitimate-looking text to the end of the email. This text would look highly
suspicious if they appeared at the end of an airline notification, so the
crooks set the font to white to make it invisible. Although the recipient does
not see anything, spam filters do, and considering that the topic is related to
the upcoming U.S. presidential elections, the anti-spam mechanisms might view them
as legitimate and let the email pass through to the user’s inbox. Source: http://news.softpedia.com/news/US-Election-Related-News-Planted-in-Malicious-Airline-Emails-to-Avoid-Spam-Filters-300721.shtml
40. October
19, Softpedia – (International) MUSTAN malware avoids infecting certain files
to hide its presence. Trend Micro experts analyzed a piece of malware
called PE_MUSTAN.A, a threat believed to be connected to the old WORM_MORTO.SM.
The malicious element is interesting not just because of the way it spreads
from one computer
to the other, but also because of the mechanisms it uses to stay hidden.
Researchers found that MUSTAN spreads throughout networks via the Remote
Desktop Protocol by brute forcing weak passwords. “If certain user name and
password combinations are in use, the malware will be able to gain access and
start infecting files on the new system. This behavior is similar to
WORM_MORTO,” a Trend Micro senior threat response engineer explained. Once it
infects a computer, the malware uses all the available drives, network shares,
and the Remote Desktop Protocol in order to spread. It infects all .exe files,
except for the ones located in folders such as “Common Files,” “Internet
Explorer,” “Messenger,” “Microsoft,” “Movie Maker,” “Outlook,” “qq,”
“RECYCLER,” “System Volume Information,” “windows,” and “winnt.” It is believed
the .exe files from these folders would cause application crashes if they were
infected, and thus reveal the malware’s presence. That is why MUSTAN avoids compromising
the files from these locations. Source: http://news.softpedia.com/news/MUSTAN-Malware-Avoids-Infecting-Certain-Files-to-Hide-Its-Presence-300650.shtml
41. October
19, Softpedia – (International) Fake Lookout Mobile Security update steals
files from Android users. Lookout recently warned customers about an
application on Google Play that mimicked an update for their Android
application. Experts from TrustGo analyzed the threat after the malicious
element was removed from the online store. According to researchers, once
installed on an Android smartphone, the malware — Trojan!FakeLookout.A — was
capable of stealing SMS and MMS messages and uploading them to a remote server
via FTP. The trojan also sent its controllers a list of the files present on the
device’s SD card. Based on this list, cyber criminals could upload specific
files. TrustGo experts accessed the FTP server on which the stolen files were
stored and they found not only SMS messages but also some video files. The
server, apparently located somewhere in Colorado, also hosts a malicious Web
Site designed to drop a backdoor trojan. This Web Site serves the malware to
Windows users and also to ones running Mac OS and Linux operating systems.
Depending on the OS, the site drops a different trojan. The malware found on
Google Play is just a part of a larger attack. Judging by the complexity of the
campaign, it is likely the cybercriminals who orchestrate it will somehow
resurrect the Android trojan and disguise it as another legitimate-looking app.
Source: http://news.softpedia.com/news/Fake-Lookout-Mobile-Security-Update-Steals-Files-from-Android-Users-300603.shtml
42. October
19, The H – (International) Encryption found insufficient in many Android
apps. Researchers discovered catastrophic conditions when analyzing Android
applications that use encryption: more than 1,000 of the 13,500 most popular
Android apps showed signs of a flawed and insecure implementation of the
SSL/TLS encryption protocol. Tests performed on 100 selected apps confirmed that
41 of them were vulnerable to known attacks. The researchers harvested users’
bank and credit card details as well as the access tokens for their Facebook,
Twitter, email accounts, and messaging services. The vulnerabilities the
researchers found can be divided into 2 categories: 20 apps simply accepted any
certificate, while the other 21 did check whether the certificate carried a
valid signature, but did not verify whether it was issued to the correct name.
This allowed the security experts to fool the anti-virus software with a valid
certificate for its own server. Source: http://www.h-online.com/security/news/item/Encryption-found-insufficient-in-many-Android-apps-1732847.html
43. October
19, The H – (International) Microsoft and Secunia warn of FFMpeg
vulnerabilities. Microsoft provided details of several critical
vulnerabilities in older versions of FFmpeg’s open source video codec tools and
libraries; these could allow an attacker to execute arbitrary code on a system
by getting users to open a specially crafted media file. This would execute the
malicious code with the same permissions as the user. Another issue reported by
Secunia could have the same effect. For the Microsoft flaws, all versions of
FFmpeg up to and including 0.10 are vulnerable, while for the Secunia issue,
versions up to and including 0.11.2 are affected. The Microsoft-discovered
vulnerabilities are present in the libavcodec library which suffers from memory
corruption when parsing ASF, QuickTime, and Windows Media Video files. Source: http://www.h-online.com/security/news/item/Microsoft-and-Secunia-warn-of-FFMpeg-vulnerabilities-1732963.html
44. October
18, BBC News – (International) French hacker ‘admits app fraud’ in Amiens. A
hacker admitted to spreading a virus via smartphone applications that defrauded
thousands of victims after he was arrested in the city of Amiens in northern
France. Prosecutors said he stole tiny sums from 17,000 people, amassing about
$650,000 since 2011. Working from his parents’ home, he snared victims with
free downloads designed to look like original apps, they said. However, in the
background, the apps worked to steal money via hidden transactions. It appears
smartphones that use Google software were the most susceptible, according to a
BBC correspondent in Paris. Once the fake applications were downloaded, the
virus sent a text message without the user’s knowledge to a premium-rate number
the hacker set up. There were also programs that sent him the log-on codes for gaming
and gambling Web sites to which the victims subscribed. Source: http://www.bbc.co.uk/news/world-europe-19994944
45. October
17, IDG News Service – (International) Kaspersky to develop a secure OS for
industrial control. Russian security firm Kaspersky Lab is developing a
secure operating system for industrial control systems (ICS), the company’s
chairman and CEO said October 16. The new system aims to protect complex
industrial systems that have become the target of a variety of high-profile
cyberweapons such as Stuxnet, Duqu, Flame, and Gauss. Most control systems were
not created with security in mind, which is the reason that most information
exchange protocols in supervisory control and data acquisition (SCADA) systems
and programmable logic controllers (PLCs) require no user identification or
authorization. Kaspersky plans to build the operating system with the help of
ICS vendors and users and use entirely new code. To be fully secure, the core
must be fully verified to not permit vulnerabilities or dual-purpose code. The
kernel also needs to contain a very bare minimum of code, and that means that
as much code as possible, including drivers, needs to be controlled by the core
and be executed with low-level access rights, according to the analysis by the
Lab. Source: http://www.computerworld.com/s/article/9232483/Kaspersky_to_develop_a_secure_OS_for_industrial_control
Communications Sector
46.
October 18, County 10 – (Wyoming) Strong
winds knock down a Wyoming.com tower in eastern Fremont County. The October
16 wind storm that blew through Fremont County, Wyoming, knocked out one of
Wyoming.com’s service towers. The company’s vice president said the tower that
fell was near Shoshoni and served the Town of Shoshoni and parts of the rural
Missouri Valley area. Internet service to those customers was interrupted by
the fall. The director of Sales, Marketing, and Public Policy said a return of
service date to affected customers has not yet been determined. He added that
the company had to essentially rebuild the tower. Source: http://county10.com/2012/10/18/strong-winds-knock-down-a-wyoming-com-tower-in-eastern-fremont-county/
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.