Tuesday, October 30, 2012
Daily Report
Top Stories
• The supply of gasoline, diesel, and jet fuel
into the East Coast almost completely stopped October 29, as Hurricane Sandy
forced the closure of two-thirds of the region's refineries, its biggest
pipeline, and most major ports. – Reuters
1.
October 29, Reuters – (National) Sandy
cuts E. Coast fuel supply; refiners, pipelines shut. The supply of
gasoline, diesel, and jet fuel into the East Coast ground almost to a halt
October 29, as Hurricane Sandy forced the closure of two-thirds of the region's
refineries, its biggest pipeline, and most major ports. Benchmark New York
harbor gasoline futures jumped as much as 11 cents a gallon, with traders
fearing that power outages and flooding could leave refiners struggling to
restore operations after the broadest storm ever to hit the United States. With
Sandy gaining strength as it nears the coast, refinery, pipeline, port, and
terminal operators shuttered or reduced operations, increasing the risk that
bottlenecks would keep supplies of motor and heating fuel from customers.
Colonial Pipeline, the nation's largest oil products pipeline that connects the
East Coast to Gulf Coast refiners, said it has shut down lines servicing
individual terminals along the Northeastern seaboard. Nearly 70 percent of the
region's refining capacity was on track to be idled. Source: http://www.reuters.com/article/2012/10/29/storm-sandy-refining-
idUSL1E8LS1OU20121029
• U.S. stock markets were to be closed for 2
consecutive days due to weather, NBC News reported October 29. The decision to
close financial markets for a second straight day October 30 was made during a
call between industry executives and regulators October 29, Reuters said. – NBC
News; Reuters; Associated Press See item 9
below in the Banking and Finance Sector
• Airline and ground transportation systems in
three major metropolitan areas shut down as Hurricane Sandy moved closer to the
East Coast, CNN reported October 29. More than 10 million public transit
commuters were without service. – CNN
15.
October 29, CNN – (National) Sandy
snarls travel along the East Coast. Airline and ground transportation
systems in three major metropolitan areas shut down as Hurricane Sandy moved
closer to the East Coast, CNN reported October 29. More than 10 million public
transit commuters were without service. There were more than 8,000 flight
cancellations as a result of the hurricane, according to FlightAware.com. Some
1,300 domestic and international flights were canceled October 28, according to
FlightAware, with more than 6,800 October 29 flights canceled. More than 2,500
October 30 flights were already canceled, according to FlightAware. That number
was expected to grow. US Airways announced the cancellation of all its October
30 operations at Philadelphia, Washington, Boston, and New York City airports.
All October 29 operations at New York and New Jersey's three major metro
airports were canceled, according to the Port Authority of New York and New
Jersey. The majority of flights were also canceled out of Dulles International
and Reagan National airports in the Washington, D.C. area, according to
Metropolitan Washington Airports Authority. All October 29 flights out of
Philadelphia International Airport were also canceled, an airport spokeswoman
said. Flights were suspended at Connecticut's Bradley International Airport as
well. New York's ubiquitous subway and bus services stopped October 28, and it
was unknown when service would be restored. The area's Metropolitan Transit
Authority Service, which also operates the Long Island Rail Road, Metro-North
Railroad, serving Westchester and Connecticut, and the city's Staten Island
Railway, suspended service on those three train lines. In New Jersey, the
suspension of all NJ Transit bus, rail, light rail, and Access Link service was
complete as of October 29. The Washington Metro system remained idle, and it
was unclear when bus service and rail service would be restored, the Washington
Metropolitan Area Transit Authority said. The 770,000 riders who use public
transit each day in the Philadelphia area were also impacted. Amtrak said it
was canceling almost all services on the eastern seaboard October 29. Bus lines
connected to those trains were also canceled. Source: http://www.cnn.com/2012/10/28/travel/tropical-weather-
transportation/index.html
• The South Carolina Department of Revenue's
Web site was hacked and millions of Social Security numbers and credit and
debit card numbers belonging to approximately 77 percent of South Carolina
residents were compromised, WIS 10 Columbia reported October 28. – WIS 10
Columbia
28.
October 28, WIS 10 Columbia – (South
Carolina) Millions of South Carolinians' Social Security numbers stolen from
State agency. The South Carolina Department of Revenue's Web site was
hacked and millions of social security numbers and credit and debit card
numbers belonging to approximately 77 percent of South Carolina residents were
compromised, WIS 10 Columbia reported October 28. State officials revealed that
someone in a foreign country gained access to the Web site and a server was
breached for the first time in late August. 387,000 credit and debit card
numbers and 3.6 million Social Security numbers were exposed. The Social
Security numbers were unencrypted. Of the credit cards, the vast majority are
protected by strong encryption deemed sufficient under credit card industry
standards, officials said. However, approximately 16,000 were unencrypted and
exposed. Officials found out about the breach October 10. October 16,
investigators uncovered two attempts to probe the system in early September,
and later learned that a previous attempt was made August 27. In mid-September,
two other intrusions occurred, and to the best of the department's knowledge,
the hacker obtained data for the first time. No other intrusions were
uncovered. October 20, the vulnerability in the system was closed and, to the
best of the department's knowledge, secured. The breach potentially affects
anyone who has paid taxes in South Carolina since 1998. Source: http://www.wbtv.com/story/19926154/social-security-breach-nikki-haley-
south-carolina-credit-cards-hacker
Details
Banking and Finance Sector
9. October
29, NBC News; Reuters; Associated Press – (New York; National) Hurricane
Sandy to keep stock markets shuttered Tuesday. For the first time since the
Great Blizzard of 1888, U.S. stock markets were to be closed for 2 consecutive
days due to weather, NBC News reported October 29. The decision to close
financial markets for a second straight day October 30 was made during a call
between industry executives and regulators October 29, Reuters said. The New
York Stock Exchange (NYSE) and the Nasdaq Stock Market both said they intended
to remain closed for business a second day. The bond market will also remain
closed. The NYSE shuttered its operations October 29 as Hurricane Sandy neared
landfall on the East Coast, bringing about the first unplanned shutdown since
the September 2001 terrorist attacks. "We intend to re- open our U.S.
markets on Wednesday ... conditions permitting; updates will be provided
tomorrow," the NYSE said in an email. All major U.S. stock and options
exchanges were closed October 29. Options and other exchange-based derivatives
would remain closed October 30 due to the storm. There had been plans to allow electronic trading to
go forward on the New York Stock Exchange October 29, but with all mass transit
shut down in and out of New York City's Manhattan area, the risks were
determined to be too great. A number of major U.S. companies postponed
quarterly earnings as financial markets shut down. Source: http://marketday.nbcnews.com/_news/2012/10/29/14778477-hurricane-sandy-to-keep-stock-markets-shuttered-tuesday?lite
10. October
29, The Register – (Texas; National) Hackers crack Texan bank, Experian credit
records come flooding out. Hackers managed to get login credentials for
Experian's credit scoring reports after they broke into the systems of Abilene
Telco Federal Credit Union in Abilene, Texas, in 2011, The Register reported
October 29. Crooks gained access to the bank's systems after hacking into an
employee's computer. The September 2011 breach allowed the hackers to get their
hands on login credentials for the bank's account with Experian, exposing the
details of millions to potential snooping in the process. A subsequent audit
revealed that the attackers had used the compromised account to download credit
reports on 847 people, obtaining Social Security numbers, dates of birth, and
financial data on individuals across the U.S. who had never held an account
with the small Texas bank. The breach is one of 86 incidents that have exposed
data stored by credit reference agencies to snooping since 2006. Hackers have
obtained this information not by going after the credit reference agencies directly
but by targeting banks, auto-loan firms, data brokers, police departments, and
other organizations that have access to the sensitive information, which can be
used by identity thieves to establish lines of credit under false names.
Source: http://www.theregister.co.uk/2012/10/29/credit_report_data_breach_worries/
11. October
27, Imperial Valley News – (California; Nevada) Fourteen charged in
million-dollar ‘gone in 60 seconds’ bank fraud. Fourteen individuals were
charged following a FBI-led investigation into the theft of over $1 million
from Citibank using cash advance kiosks at casinos located in southern
California and Nevada. According to an indictment unsealed October 26, the
defendants stole the money by exploiting a gap which required multiple
withdrawals all within 60 seconds in Citibank’s electronic transaction security
protocols. According to court documents, a defendant recruited conspirators who
were willing to open multiple Citibank checking accounts. He then supplied his
co-defendants with "seed" money, which was deposited into the
recently opened accounts. After the money was deposited into the checking
accounts, he and his conspirators would travel to nearly a dozen casinos in
California and Nevada. When inside the casino, the conspirators used cash
advance kiosks at casinos to withdraw several times the amount of money
deposited into the accounts, by exploiting the Citibank security gap they
discovered. As part of the alleged scheme, the defendants kept both their
deposits and withdrawals under $10,000 in order to avoid federal transaction
reporting requirements and conceal their fraud. Source: http://www.imperialvalleynews.com/index.php/news/california-news/2126-
fourteen-charged-in-million-dollar-gone-in-60-seconds-bank-fraud.html
12. October
27, Bay Area Newsgroup – (California) Campbell: 'Beanie Bandit'
arrested in connection with six South Bay bank robberies. A man suspected
of being the "Beanie Bandit'' who robbed six South Bay area, California
banks was arrested October 26 after officers tracked him down and stopped his car,
police said. Campbell police arrested the man after finding money and clothing
in his home that was seen in the surveillance videos. He is suspected of
robbing the six bank branches between August 24 and October 12. Two banks in
Campbell, two in Sunnyvale, one in San Jose, and one in Los Gatos were hit.
Sunnyvale police said that during the October 12 robbery at a Bank of America
branch, the robber had given the teller a note stating that he was armed with a
gun, but no weapon was seen. Source: http://www.mercurynews.com/campbell/ci_21869883/campbell-beanie-bandit-arrested-connection-six-south-bay
13. October
26, U.S. Securities and Exchange Commission – (California; National) SEC
charges Silicon Valley executive for role in Galleon insider trading scheme. The
Securities and Exchange Commission (SEC) October 26 charged a Saratoga,
California former senior executive at a Silicon Valley technology company for
illegally tipping a convicted hedge fund manager with nonpublic information
that allowed the Galleon hedge funds to make nearly $1 million in illicit
profits. The SEC alleges that the former senior executive tipped the hedge fund
manager in December 2006 with confidential details from internal company
reports indicating that Xilinx Inc. would fall short of revenue projections it
had previously made publicly. The tip enabled the hedge fund manager to engage
in short selling of Xilinx stock to illicitly benefit the Galleon funds. The
executive tipped the manager, who was a close friend, at a time when the
executive had his own substantial investment in Galleon funds and was in
discussions with the manager about prospective employment at Galleon. The
executive was hired at Galleon in May 2007. The executive agreed to pay more
than $1.75 million to settle the SEC’s charges. Source: http://www.sec.gov/news/press/2012/2012-216.htm
14. October
26, U.S. Securities and Exchange Commission – (Colorado) SEC charges
Denver-based insurance executive with insider trading. The Securities and
Exchange Commission (SEC) October 26 charged an insurance company CEO with
insider trading based on confidential information he obtained in advance of a
private investment firm acquiring a significant stake in a Denver-based oil and
gas company. The SEC alleges that the CEO learned from a Delta Petroleum
Corporation insider that Tracinda was planning to acquire a 35 percent stake in
Delta Petroleum for $684 million. The CEO subsequently purchased Delta
Petroleum stock and highly speculative options contracts. He tipped several
others, encouraging them to do the same, including a pair of relatives. After
Tracinda’s investment was publicly announced, Delta Petroleum’s stock price
shot up by almost 20 percent. The CEO and his tippees made more than $161,000
in illegal trading profits. The U.S. Attorney’s Office for the District of
Colorado also announced a parallel criminal action against the CEO. Source: http://www.sec.gov/news/press/2012/2012-217.htm
Information Technology Sector
33. October
29, Help Net Security – (International) Privacy-invading module
found in thousands of apps on Google Play. An advertising module embedded
into over 7,000 "free" fake versions of legitimate Android
applications that can be found on Google Play is actively harvesting personal
and mobile use information from unsuspecting users, warned a Trend Micro senior
threat researcher. She detected one such app after downloading by mistake a
fake Flash Player from Google's official Android market and getting warned
about its malicious nature by her company's own mobile security app. After
consulting with a colleague from the Mobile Application Reputation team, she
discovered the extent of the problem: apart from pushing ads onto the users,
the adware module inside the app also sends information such as device ID, OS
version, IP address, and the user's phone number, GPS location, account
information, calendar, and browser bookmarks to the servers of the company that
created the module. This particular ad module compromises the users' privacy
and their devices' usability. It was found in over 7,000 free apps offered on
Google Play. "80% of them are still available, and at least 10% of them
have been downloaded more than one million times," the researcher warned,
and added that the Web of Trust community believes the company that created the
module is also involved in phishing and scamming users. Source: http://www.net-security.org/secworld.php?id=13860
34. October
29, Help Net Security – (International) Malware authors turn to
simpler detection evasion techniques. Symantec researchers discovered two
new, less- technical approaches malware developers are using to evade automated
threat analysis. The first consists of making malware run only if it detects
mouse movement or clicking. The second involves inserting delays between the
execution of the various malware subroutines. The rationale behind the first
test is that automated threat analysis systems do not use the mouse, while
regular computer users do. The lack of this movement signals to the malware
that it is probably being run in a sandbox. The rationale behind the subroutine
execution delays — often spanning over 20 minutes for each — is that given the
number of files the system must test, it usually spends only a small amount of
time on each file, and chances are the file will be categorized as harmless and
discarded before the first subroutine is even run. Source: http://www.net-security.org/malware_news.php?id=2307
35. October
29, The H – (International) Ubuntu 11.04 reaches its end of life. An
Ubuntu release manager announced that Ubuntu 11.04, code-named "Natty
Narwhal," reached its end of life October 28. This means that no new
updates, including security updates and critical fixes, will be made available
for version 11.04 of Canonical's Linux distribution. Released in April 2011,
Natty Narwhal was based on the 2.6.82.2 Linux kernel and was the first version
of Ubuntu to replace the GNOME Shell with Unity as its default desktop
environment. Firefox 4.0, version 3.3.2 of the LibreOffice productivity suite,
and Banshee 2.0 were among the bundled default applications. Users still running Ubuntu
11.04 are advised to upgrade to version 11.10 "Oneiric Ocelot" or
later in order to continue receiving updates. Those wanting to upgrade to the
current Long Term Support edition, Ubuntu 12.04, or the most recent standard release,
Ubuntu 12.10 "Quantal Quetzal," will need to upgrade in multiple
steps, first upgrading to 11.10 and then the subsequent versions. Source: http://www.h-online.com/security/news/item/Ubuntu-11-04-reaches-its-end-of-life-1738365.html
36. October
27, Softpedia – (International) Users lured to Blackhole exploit kit with
bogus 'Your Photos' LinkedIn emails. According to Sophos experts, one of
the latest plots by cybercriminals to lure users to a Blackhole exploit
kit-infested Web site involves send out fake LinkedIn emails entitled “Your
Photos” in an attempt to trick them into opening an attached .htm file. The
notification reads: ”Hi, I have attached your photos to the mail (Open with
Internet Explorer).” Once the file, called “Image_DIG[random number].htm” is
opened, a ”please wait a moment” message is displayed. In the meantime, in the
background, the victim is redirected to a Blackhole exploit Web site that is
designed to serve malware. The malicious .htm file is detected as
Mal/JSRedir-M. Source: http://news.softpedia.com/news/Users-Lured-to-BlackHole-Exploit-Kit-With-
Bogus-Your-Photo-LinkedIn-Emails-302569.shtml
37. October
27, The H – (International) Critical security holes closed in Firefox 16
and Thunderbird 16. Mozilla released a Firefox 16.0.2 update for its
browser to close recently discovered critical security holes. Three problems,
assigned CVE-2012-4194, CVE-2012-4195, and CVE-2012-4196 were addressed in the
updates. The flaws also affect Thunderbird 16 to a more limited extent, but a
Thunderbird 16.0.2 update was released. Enterprise ESR versions of the browser
and email client are also affected; a 10.0.10 update for Firefox ESR and
Thunderbird ESR were also released along with a 2.13.2 update of SeaMonkey. The
flaws are centered on the Location object, which now has its security
increased. A researcher discovered that the true value of window.location could
be shadowed which could have enabled a cross-site-scripting (XSS) attack in
conjunction with some plugins. A Mozilla security researcher found that using
CheckURL on window.location could be forced to return the wrong calling
document, also enabling an XSS attack; there was also a possibility of
arbitrary code execution via any add-on that interacted with page content.
Finally, a researcher from the PROSECCO research team at INRIA found that it
was possible to inject properties into the Location object, exposing it to
cross-origin reading. Source: http://www.h-online.com/security/news/item/Critical-security-holes-closed-in-
Firefox-16-and-Thunderbird-16-1737891.html
Communications Sector
Nothing to
report.
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.