Tuesday, October 23, 2012

Daily Report

Top Stories

 • Irish police caught a fugitive who was on the run for 3 years for $75m mortgage fraud in the United States, the Irish Central reported October 22. Irish police caught the suspect peddling drugs in Dublin. – Irish Central See item 8 below in the Banking and Finance Sector

 • Six employees of a Modesto, California bank were hospitalized October 19 after at least three of them broke out in hives shortly after a customer handed a bank teller money wrapped in a paper towel, authorities said. – Modesto Bee See item 11 below in the Banking and Finance Sector

 • Authorities in Jordan disrupted a major terrorist plot by al-Qa’ida-linked operatives to launch near-simultaneous attacks on multiple civilian and government targets, reportedly including the U.S. Embassy in the capital, Amman, Western and Middle Eastern officials said October 22. – Washington Post

20. October 22, Washington Post – (International) Jordan disrupts major al-Qaeda terrorist plot. Authorities in Jordan disrupted a major terrorist plot by al-Qa’ida-linked operatives to launch near-simultaneous attacks on multiple civilian and government targets, reportedly including the U.S. Embassy in the capital, Amman, Jordan, Western and Middle Eastern officials said October 21. The Jordanian government issued a statement describing the plot and saying that 11 people with connections to al-Qa’ida’s affiliate in Iraq have been arrested. The foiled attack, described as the most serious plot uncovered in Jordan since at least 2005, was viewed with particular alarm by intelligence agencies because of its sophisticated design and the planned use of munitions intended for the Syrian conflict — a new sign that Syria’s troubles could be spilling over into neighboring countries, the officials said. The alleged plotters are Jordanian nationals. The officials said the group had amassed a stockpile of explosives and weapons from Syrian battlefields and devised a plan to use military-style tactics in a wave of attacks across Amman. The scheme called for multiple strikes on shopping centers and cafes as a diversionary tactic to draw the attention of police and security officials, allowing other operatives to launch attacks against the main targets, which included government buildings and embassies. A Western official briefed on details of the plot confirmed that the heavily fortified U.S. Embassy in Amman was among the targets. The Jordanian government’s statement said its intelligence service had broken up a cell that had been planning the attacks since June, arresting 11 people described as “supporters” of al-Qa’ida in Iraq. The State Department had no immediate comment on the plot and declined to confirm or deny that the U.S. Embassy in Amman had been on the target list. Source: http://www.washingtonpost.com/world/national-security/jordan-disrupts-major-al-qaeda-terrorist-plot/2012/10/21/e26354b4-1ba7-11e2-9cd5-b55c38388962_story.html?hpid=z3

 • A suspect shot seven women — killing three of them — inside the Azana Salon and Spa in Brookfield, Wisconsin, while using flammable liquid to fuel a fire, CNN reported October 22. – CNN

35. October 22, CNN – (Wisconsin) Wisconsin police: After domestic violence arrest, suspect kills 3 — and himself. A suspect gunned down seven women, killing three of them, inside the same Azana Salon and Spa in Brookfield, Wisconsin, while using flammable liquid to fuel a fire, CNN reported October 22. The building’s sprinkler system helped subdue that small blaze, the Brookfield Police chief said. As for the suspect, he apparently died from a self-inflicted gunshot wound. Authorities were still working to identify the victims, including trying to determine whether one of them was the suspect’s wife. The first calls came into police about an active shooter across from the Brookfield Square Mall and near the Westmoor Country Club, all about 11 miles west of Milwaukee. Law enforcement officers from various agencies soon converged on the scene. They found smoke in the building from a fire believed to be started by the suspect. Inside too was a small propane tank. The police chief said it was not clear whether the suspect left it there or whether it had been left by contractors working on the building. Four gunshot victims also soon got out of the salon and were transported to a hospital in Milwaukee. That medical facility was locked down as the manhunt continued for the shooting suspect. Hours later, authorities found the suspect’s body and declared the event over. Authorities described a contentious recent history between the suspect and his wife. A restraining order against him was filed 4 days after an October 4 tire slashing, with a 4-year restriction being dictated October 18. Source: http://www.cnn.com/2012/10/21/us/wisconsin-shooting/index.html?hpt=ju_c2


Banking and Finance Sector

8. October 22, Irish Central – (California; International) Police catch US soldier fugitive on run over $75m mortgage fraud. Irish police caught a fugitive who has been on the run for 3 years for $75 million mortgage fraud in the U.S., Irish Central reported October 22. The former U.S. soldier will be deported back to the United States and into the custody of the FBI the week of October 22, the Irish Independent reported. Irish police caught him peddling drugs in Dublin. With an accomplice, he managed a finance company in Sacramento, California, and defrauded investors and mortgage companies of millions since 2006. They both vanished February 2, 2009. According to the Irish Independent, the former soldier traveled to Ireland with a false U.S. passport, and lived for a few years in rented apartments selling gold coins and precious metals over the Internet to reputable traders and dealers. He also later swapped his fake U.S. passport for a false Irish one under a synonym opened two bank accounts with Allied Irish bank through which flowed tens of thousands of euros. After the gold ran out, he turned to drug dealing to make ends meet. Source: http://www.irishcentral.com/news/Police-catch-US-soldier-fugitive-on-run-over-75m-mortgage-fraud-175220331.html

9. October 21, Associated Press – (Nebraska) Neb. trio gets prison time for investment scheme. Three people convicted October 17 in a fraudulent Nebraska investment scheme have been sentenced to prison and ordered to make restitution of more than $16.6 million. Two were the principals of First Americans Insurance Service, which had been under investigation since a 2009 bankruptcy filing; one worked for them. First Americans, incorporated in 1980, had touted services to American Indian tribes in more than 20 States before it failed. Prosecutors said they solicited investments from private lenders who were told that their money was backed by secure annuities. Instead of buying annuities, the three used the money to support their business and personal expenses. Source: http://www.sfgate.com/news/article/3-Nebraskans-sent-to-prison-for-investment-scheme-3961665.php

10. October 19, U.S. Federal Bureau of Investigation – (Illinois; International) Twin brothers indicted in $7.2 million commodities fraud scheme. Twin brothers who live in Russia were indicted on federal fraud charges for attempting to illegally turn a profit of $7.2 million through manipulative trades in currency futures using the CME Group’s electronic trading platform, the FBI announced October 19. The defendants allegedly engaged in matching trades using two different futures commission merchants in Chicago to obtain profits from one while not paying the corresponding losses to the other. They were each charged with 8 counts of wire fraud and 2 counts of commodities fraud in a 10-count indictment that was returned by a federal grand jury October 17 and announced October 19. Arrest warrants will be issued in the United States for both men. Source: http://www.loansafe.org/twin-brothers-indicted-in-7-2-million-commodities-fraud-scheme

11. October 19, Modesto Bee – (California) Hazmat scene at Modesto bank: 3 fall ill after man hands teller money. Six employees of a Chase Bank in Modesto, California, were hospitalized October 19 after at least three of them broke out in hives shortly after a customer handed a bank teller money wrapped in a paper towel, authorities said. The man gave a teller a “large amount of money” to deposit in his account, according to a police sergeant. Minutes later, the teller broke out with hives and had trouble breathing. She came into contact with two other employees, who then exhibited similar symptoms. The county’s Hazardous Materials Unit was called to the scene and the employees inside were isolated. Each employee was rinsed twice using fire hoses and then taken to hospitals. A fire department division chief said all six employees were improving that night. Two firefighters in “level A suits” entered the bank with sensitive equipment to test for gases, radiation, chemicals, and PH levels. They detected an unknown substance on the money, and at the teller’s window where it was deposited. Determining the nature of the substance will require further testing at a lab, the division chief said. The police sergeant said detectives believed they identified the man who brought the paper towel full of contaminated money to the bank, and an investigation into the case is ongoing. Source: http://www.modbee.com/2012/10/19/2420937/hazmat-scene-at-modesto-bank-3.html

Information Technology Sector

28. October 22, Help Net Security – (International) Increase in drive-by attacks and infected emails. In August and September, the research team from Eleven, a German email security provider, recorded a significant increase in malware sent via email. The most significant growth was reported for drive-by attacks in which emails link to manipulated Web sites that infect the users’ computers when opened in a browser. Between August and September, the number of such attacks increased more than 80-fold and their share of overall spam levels increased from 0.1 percent to 9.5 percent. However, that growth was not at the expense of “classic” malware email, which contains malware as an attachment: the number of malware emails increased by 119 percent in September and by 252.8 percent as compared to the same month in 2011. Virus outbreaks remained roughly at the previous month’s level (–5.7 percent), but increased by 50.5 percent in August. The plus was 186.4 percent as compared to September 2011. Source: http://www.net-security.org/malware_news.php?id=2299

29. October 22, Softpedia – (International) Cybercriminals found to sell access to servers housed by Fortune 500 companies. Security professionals often warn about the risks posed by using the Remote Desktop Protocol (RDP) service without making sure that it is properly secured. As it turns out, cybercriminals are relying on the servicto compromise machines and sell access to them via underground markets. A security journalist discovered a Russian Web site called dedicatexpress(dot)com, which claims to sell access to around 17,000 computers from all around the world. It appears these machines were compromised because their owners failed to set strong RDP passwords,allowing the attackers to easily take them over. Dedicatexpress(dot)com offers its services to anyone who is willing to contact the owner via instant messaging and pay aregistration fee of $20. Source: http://news.softpedia.com/news/Cybercriminals-Found-to-Sell-Access-to-Servers-Housed-by-Fortune-500-Companies-301104.shtml

30. October 20, Softpedia – (International) Second DDoS attack hits GitHub, some repositories temporarily unavailable. A second distributed denial-of-service (DDoS)attack has hit the popular code repository GitHub. This one came only hours after a similar cyberattack forced the site’s services to go offline. “Pages is currently being hitwith a DoS attack. We’re working to mitigate the attack,” GitHub representatives wroton the status page. The incident caused “a small percentage” of repositories to become unavailable while a fileserver pair was being recovered. It appeared they were unable timplement the additional cyberattack mitigation strategies they mentioned after they stabilized the site’s performance October 18. The first attack disrupted the site for around 1 1/2 hours and the second one caused an outage that lasted for approximately hours. It is uncertain if the attacks are related in any way, but starting with October 14, GitHub representatives reported experiencing problems each day. Source: http://news.softpedia.com/news/Second-DDOS-Attack-Hits-GitHub-Some-Repositories-Temporarily-Unavailable-300890.shtml

31. October 19, Softpedia – (International) Experts develop malware that’s capable of bypassing antivirus solutions. Security researchers developed a USB dropper/spreadecapable of bypassing all of the popular commercial antivirus products utilized by Internet users worldwide. The antivirus programs that currently exist are designed to identify threats based on their signatures or on their behavior. Normally, if the malwargets by one system, the other one should detect it. However, researchers demonstrated there is a way to create malicious elements that can spread from one computer to the other without being detected. A security researcher specialized in reverse engineering and software security created a virus whose behavior is not cataloged by any antivirus solution as being malicious. The purpose of this test malware was to copy a presumablmalicious file to a USB drive and create an autorun.inf file on the targeted device without being detected. The “malicious element” would constantly search for the presence of removable disks. If one is found, it would be scanned to determine if it is already infected. If it is not, the autorun.inf file and a malicious executable would be copied onto it. Source: http://news.softpedia.com/news/Experts-Develop-Malware-That-s-Capable-of-Bypassing-Antivirus-Solutions-300747.shtml

32. October 18, Ars Technica – (International) Demo of ‘serious’ networking vulnerabilities cancelled at HP’s request. A presentation at the Toorcon 14 security conference October 20 was to highlight risks posed by gear from H3C and Huawei. A researcher identified security vulnerabilities in network equipment from Huawei and H3C, details he planned to publish at the conference. Two days earlier, H3C’s owners, HP, contacted the researcher by voicemail and email asking him to refrain from doing so. The researcher discovered the vulnerabilities in July and reported them in August, roughly in parallel with another researcher’s presentation on vulnerabilities in Huawei routers at Defcon. The first researcher assessed his independently discovered vulnerabilities as critical and planned to present workarounds enabling affected users to mitigate the risks in his presentation. Source: http://arstechnica.com/security/2012/10/demonstration-of-serious-networking-vulns-cancelled-at-hps-request/

Communications Sector

33. October 22, Computerworld; IDG News Service – (International) Huawei gear is secure, say U.S. network service providers. Responding to a congressional report warning U.S. businesses not to buy equipment from Huawei Technologies or ZTE, three U.S.-based telecommunications companies that use Huawei products said they take strong precautions to safeguard their networks, Computerworld reported October 22. The report, by the House Permanent Select Committee on Intelligence, said the possibility that the two Chinese companies have ties to the Chinese government raises the prospect that China is using their gear to conduct electronic espionage. After the report was issued, three Huawei customers — Clearwire, Cricket Communications, and Level 3 Communications — defended their choices. The Chinese government slammed the congressional report. A Commerce Ministry spokesman said in a statement that the report “was based on subjective suspicions and inaccuracies” and made “groundless accusations against China.” Source: http://www.computerworld.com/s/article/9232579/Huawei_gear_is_secure_say_U.S._network_service_providers?

Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.

Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.