Thursday, November 1, 2012 


Daily Report

Top Stories


Utility crews were assessing the damage and working to restore service to more than 2 million homes and businesses in New Jersey. The State‘s largest utility, Public Service Electric&Gas (PSE&G), said it has restored power to 30 percent of its 1.4 million customers who lost service. – Associated Press


3. October 31, Associated Press – (New Jersey) More than 2M in NJ without electricity. Utility crews were assessing the damage and working to restore service to more than 2 million homes and businesses in New Jersey. The State‘s largest utility, Public Service Electric & Gas (PSE&G), said it has restored power to 30 percent of its 1.4 million customers who lost service. Still, 900,000 PSE&G customers are without electricity. Jersey Central Power & Light reported outages for 954,283 customers, mainly in Monmouth and Ocean counties. Atlantic City Electric said 121,035 homes and businesses remain in the dark. Orange & Rockland Electric reported 53,822 customers without service.


Two of the biggest airports serving New York — John F. Kennedy (JFK) and New Jersey‘s Newark Liberty International — reopened ―on a very limited operational schedule‖ after losing power during the recent superstorm. – Associated Press


17. October 31, Associated Press – (New Jersey; New York) JFK, Newark airports reopen on limited schedule. Two of the biggest airports serving New York — John F. Kennedy (JFK) and New Jersey‘s Newark Liberty International — reopened. The first passenger flight to JFK arrived from Long Beach, California, October 31 with 150 passengers and the first flight into Newark was a FedEx plane. A Port Authority of New York and New Jersey spokesman said the two airports reopened ―on a very limited operational schedule.‖ Some terminals at Newark lost power during the superstorm, but electricity returned October 30. New York‘s LaGuardia Airport remained closed. Authorities were assessing the impact of the storm on the airport. Source: http://www.wboc.com/story/19961809/jfk-newark-airports-reopen-on-limitedschedule


Six New York City hospitals were forced to evacuate hundreds of patients October 30 after losing power at the height of Hurricane Sandy, according to the New York City mayor and other news reports. – Los Angeles Times


28. October 30, Los Angeles Times – (New York) Storm forces evacuation of hundreds of New York hospital patients. Six New York City hospitals were forced to evacuate hundreds of patients October 30 after losing power at the height of Hurricane Sandy, according to the New York City mayor and other news reports. New York City officials were coordinating with 53 healthcare facilities about water levels, staffing, and structural issues. New York Downtown Hospital and the Manhattan Veterans Affairs Hospital closed October 29 during the hurricane. NYU Langone Medical Center hospitals, including Tisch Hospital, were evacuated. Tisch Hospital staff and most of its 200 patients were evacuated after a backup generator failed, the Associated Press reported. At Coney Island Hospital in Brooklyn, officials decided to evacuate the facility when it was operating on a backup generator. Officials at Bellevue Hospital,
which lost power but remained open, monitored the hospital‘s energy needs while it ran on backup power.


Telecommunications companies told federal regulators that Hurricane Sandy knocked out 25% of wireless cell towers and a quarter of cable services in 10 States. A small number of 9-1-1 call centers were also affected. – USA Today See item 42 below in the Communications Sector


Details

Banking and Finance Sector

10. October 31, Associated Press – (Illinois) Ill. man guilty in $48 million bank fraud. A suburban Chicago man has pleaded guilty to defrauding a bank of more than $48 million as part of two failed condominium projects in Chicago‘s Loop, the Associated Press reported October 31. The U.S. Department of Justice said the man pleaded guilty to a single count of bank fraud. Authorities said a co-defendant remains a fugitive and believed to be outside the United States. According to the man‘s plea, between 1993 and 2003 he and the co-defendant borrowed money from the former CIB Bank based in part on fraudulent purchase contracts on two buildings that inflated the buildings‘ worth. The bank lost the money. Source: http://www.sfgate.com/news/crime/article/Ill-man-guilty-in-48-million-bankfraud-3995201.php

11. October 31, Reuters – (International) Barclays hit by fresh U.S. investigations. Barclays, already rocked by an interest rate rigging scandal, unveiled new U.S. regulatory investigations into the bank‘s financial probity October 31. Following investigations in the U.K. over its dealings with Qatari investors, Barclays said the U.S. Department of Justice and Securities and Exchange Commission were probing whether its relationships with third parties who help it win or retain business are compliant with U.S. laws. The bank is under investigation by Britain‘s financial regulator and fraud prosecutor into payments to Qatari investors after it raised billions of pounds from the Gulf state 5 years ago to save it from taking a taxpayer bailout. Barclays also said that the U.S. Federal Energy Regulatory Commission (FERC) could be close to fining it over an investigation into the manipulation of power prices in the western United States from late 2006 until 2008. FERC could notify the bank of proposed penalties as early as October 31, and Barclays said it would ―vigorously defend this matter. The investigation was first announced in April, alleging the bank took substantial electricity market positions to move daily index settlements. Source: http://www.reuters.com/article/2012/10/31/us-barclays-resultsidUSBRE89U0C420121031

12. October 31, New York Times – (New York) After Hurricane Sandy, stock exchanges prepare to open. Despite the damage from Hurricane Sandy, New York City‘s Wall Street is preparing to open for business October 31. After closing the stock and bond markets for two days, the New York Stock Exchange (NYSE), Nasdaq, and other trading platforms were set to resume normal operations, following nonstop meetings and extensive testing of their systems. The exchanges want to get up and running as soon as possible to serve their clients and show they can operate in difficult conditions. A long delay could frustrate investors and damage their image. The New York Exchange and Nasdaq said their systems were ready to resume operations. But some firms that trade on the exchanges continued to face problems in the aftermath of the storm. In preparation, the New York Exchange created an emergency response team, and roughly 30 staff members have been sleeping at the Lower Manhattan headquarters. October 30, the exchange conducted trial runs with financial firms to detect potential bugs. As the markets prepared to go back online, exchange officials and regulators braced for technical problems. The Securities and Exchange Commission spent much of October 30 walking the exchanges through checklists that aim to detect potential mishaps.

13. October 31, Help Net Security – (International) Bank of America customers under phishing attack. The phishing ―account suspended‖ warning purportedly sent by Bank of America‘s Cardmember Services is hitting inboxes once again, Help Net Security reported October 31. ―During our usual security enhancement protocol, we observed multiple login attempt error while login in to your online banking account,‖ the email reads. ―We have believed that someone other than you is trying to access your account for security reasons, we have temporarily suspend your account and your access to online banking and will be restricted if you fail to update.‖ According to PhishTank, the offered link takes potential victims to a very realistically spoofed Bank of America login page. The fake Web page has since been made unavailable. However, the URL in the email can be easily changed to point to another page,

14. October 30, American Banker – (New York) Citi to close storm-damaged Wall Street building for „weeks‟. One of Citigroup‘s downtown New York City offices damaged by Hurricane Sandy will be closed for weeks, the company said October 30. Our facility at 111 Wall Street experienced severe flooding and will be out of commission for several weeks,‖ a chief executive wrote in a memo to employees. ―We are still assessing when other sites that were not damaged, including 388 and 390 Greenwich Street, can reopen.‖ Continued power outages, lack of mass transportation, and mandatory evacuation orders make decision-making difficult, he wrote. For the time being, Citi will rely on back-up sites and work-from-home strategies.

15. October 30, Internal Revenue Service; U.S. Department of Justice – (Texas) Jury finds Alvin man guilty on bank fraud charges. A federal jury convicted a man of conspiracy to commit bank fraud and nine counts of bank fraud involving loans totaling more than $39 million in the Houston area, a United States Attorney announced October 30. The government presented evidence at trial that from July 2004 and continuing through September 2007, the man, along with his co-conspirators, participated in a scheme to defraud financial institutions insured by the Federal Deposit Insurance Corporation and residential mortgage lenders. The man would locate condominium units from a builder or developer. He would then set up trust accounts with names similar to the condominiums through which the title to pass. Co-defendants would recruit straw buyers with good credit to act as borrowers in applications for residential mortgage loans to purchase one or more of the properties, which would ultimately go into foreclosure because of the failure to pay the loans. The loss from the scheme was determined to be more than $20 million. Source: http://www.yourhoustonnews.com/pearland/news/jury-finds-alvin-man-guiltyon-bank-fraud-charges/article_3eeb7197-9869-5e20-bfa3-74e0b8bf8b19.html

Information Technology Sector

36. October 31, Help Net Security – (International) Can the Nuclear exploit kit dethrone Blackhole? The author of the Nuclear exploit pack recently released version 2.0. He/she advertises it on his/her own page, likely linked to from a number of underground forum entries. As evidenced from the page, the exploit pack is currently being used in several malicious campaigns, which end up delivering information stealing trojans and ransomware onto the compromised computers. However, what differentiates this offer from others is that the cybercriminal is determined not to be blamed for the criminal actions performed by his/her customers, and he/she tries to achieve this by introducing Terms of Service (TOS) that everyone must agree to before using the kit. According to a researcher, the Nuclear exploit pack‘s TOS forbid actions that violate the law of the Russian Federation, acquisition of traffic using spam emails, iFrame-based traffic acquisition practices, testing the software on public services such (VirusTotal and others), offering Cybercrime-as-a-Service business services using the kit, and developing an affiliate program using the exploit kit. The kit also lacks operational security features which would make the campaigns harder to detect and analyze. Source: http://www.net-security.org/malware_news.php?id=2308

37. October 31, Softpedia – (International) Multiplatform Jacksbot malware spotted in the wild. Several weeks ago, security researchers from Intego issued a report about a new Java  backdoor trojan called Jacksbot. At the time, the threat was considered lowrisk because no computers were infected with it. Now, however, Trend Micro experts said they spotted the trojan in the wild. Since it is a Java application, Jacksbot can target not only Windows systems, but also Mac, Linux, and any other OS that supports the Java Runtime Environment (JRE). So far, experts found it on only two computers — one in Malaysia and one in Australia. Considering that one of Jacksbot‘s capabilities is to steal Minecraft passwords, it is believed that this might also have something to do with the way it is spread. A threat response engineer at Trend Micro claims that Jacksbot can be considered a remote access trojan (RAT) because it is capable of taking control of computers, and allow its master to execute various ―backdoor commands. Although it can run on any platform that supports JRE, it appears that the backdoor mainly focuses on Windows. Experts say the developers might be experimenting for a multiplatform malware, but for the time being, judging by its code, it only works properly on Windows.

38. October 31, Softpedia – (International) SQL Injections and DDoS attacks: Most popular topics on hacker forums. Security solutions provider Imperva released the result of its 13th Hacker Intelligence Initiative report, which is based on the analysis of some highly popular hacker forums, including one that is considered to be one of the largest, with 250,000 members. According to experts, the most discussed topics on hacker forums are SQL Injection and distributed denial-of-service (DDoS) attacks, both occupying 19 percent of the discussion volume. It is believed SQL Injection is a favorite attack vector because many of the security solutions deployed by organizations do not even know how to identify such attacks. Another hot topic among hackers is represented by social networks. That is because these Web sites are not only an important source of information, but they also provide the means to make a profit. Facebook is the most discussed (39 percent), followed by Twitter (37 percent), and Myspace (15 percent). Google+ and LinkedIn show up in only 5 percent and 4 percent, respectively, of the social media-related threads. Source: http://news.softpedia.com/news/SQL-Injections-and-DDOS-Attacks-Most-Popular-Topics-on-Hacker-Forums-303268.shtml

39. October 31, The H – (International) Plone CMS vulnerable to privilege escalation and code execution. The Plone Foundation warned users that there are multiple vulnerabilities in its open source Plone content management system as well as the Zope toolkit. According to the security advisory, these security holes could be exploited by an attacker for privilege escalation, allowing them to bypass certain security restrictions, or to execute malicious arbitrary code on a system. While specific details about the vulnerabilities, which are rated as ―highly critical‖ by security specialist Secunia, are being withheld for the time being, the developers strongly recommend that administrators take certain steps in order to protect their sites. These include making sure that installations are running with the minimum required privileges, using an
intrusion detection system to monitor resources for unauthorised changes, and monitoring system logs for unusual activity. The Foundation says that a majority of these problems were found as part of audits by the project‘s security team, but some were also reported by users. All supported versions of the software are said to be affected. Patches to close the holes will be released November 6. Source: http://www.h-online.com/security/news/item/Plone-CMS-vulnerable-toprivilege-escalation-and-code-execution-1740709.html

40. October 31, The H – (International) Trojan bargain with Windows 8 support. Cybercriminals have already started to devlelop malware for Windows 8. For example, on a Google-hosted site, a ―Remote Administration Tool‖ called Xtreme RAT, which is already Windows-8-compatible, is available with free updates included. The tool includes, among other functions, a keylogger which can store the recorded keystrokes to any FTP server and can capture passwords from all major browsers. Xtreme RAT can also transmit the screen contents to the ―admin‖ and tap Web cameras and microphones. The developer advertises that his tool can trick Data Execution Prevention (DEP) and that the latest version works with the so-called Cryptem — special programs that change executable files to impede detection by antivirus

For another story, see item 13 above in the Banking and Finance Sector

Communications Sector

41. October 30, Computerworld – (National) Storm forces Internet hubs to run on generator power. Two buildings in lower Manhattan, New York, that serve as major network hubs for the U.S. are operating on generator power, due to Hurricane Sandy, Computerworld reported October 30. Telecom companies use the buildings, known as carrier hotels to interconnect networks to allow data sharing and users of one network to connect with those of another. Thus, the two buildings are critical to the nation‘s infrastructure. Hundreds of domestic and international network connections are made at these two buildings. The close proximity to network resources turned the buildings into major data center locations. When Con Edison shut off power in lower Manhattan October 29 to protect equipment from storm flooding, it triggered generator backups for the two buildings. The generator is currently powering the facilities.

42. October 30, USA Today – (National) FCC: 25% of cell towers, broadband down in 10 States. Telecommunications companies told federal regulators that Hurricane Sandy knocked out 25% of wireless cell towers and a quarter of cable services in 10 States. A ―very small,‖ but unspecified, number of 9-1-1 call centers have also been affected, but emergency calls are being rerouted, the Federal Communications Commission (FCC) chairman told reporters October 30. Neither the telecom firms, which voluntarily reported the figures, nor the FCC estimated how many wireless and cable customers were affected. However, the FCC chief warned that service would likely get worse before it gets better. Further disruptions are expected as the storm moves west and north or if cell towers running on backup generators go down before electrical power is restored. Utility companies estimated that between 7 million and 8 million customers did not have power. Verizon Wireless, AT&T, Sprint Nextel, and T-Mobile USA all reported service problems, as did Cablevision Systems, Comcast, and Time Warner Cable. Source: http://www.usatoday.com/story/news/nation/2012/10/30/hurricane-sandywireless-cellphone-outage/1669921/


Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.


Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.