Monday, November 5, 2012

Daily Report

Top Stories

 • Widespread gas shortages stirred fears among residents and disrupted some rescue and emergency services in New York and New Jersey November 1. – New York Times

3. November 1, New York Times – (New Jersey; New York) Gasoline runs short, adding woes to storm recovery. Widespread gas shortages stirred fears among residents and disrupted some rescue and emergency services November 1 as the New York region struggled to return to a semblance of normalcy after being ravaged by Hurricane Sandy, the New York Times reported November 1. Four days after the hurricane, the effort to secure enough gas for the region moved to the forefront of recovery work. The problems affected even New York City, where the Taxi Commission warned that the suddenly indispensable fleet of yellow cabs would thin significantly November 2 because of the fuel shortage. According to figures from the American Automobile Association, of the gas stations it monitors, roughly 60 percent of stations in New Jersey and 70 percent on Long Island were closed. At stations that were open, nerves frayed. Fights broke out November 1 at the block-long Hess station on 10th Avenue in Midtown Manhattan, forcing the Police Department to send three officers to keep the peace, a police official said. The police had to close two lanes of the broad thoroughfare to accommodate a line of customers stretching eight blocks, to 37th Street. The ports and refineries that supply much of the region‘s gas were shut down in advance of the storm and were damaged by it. That disrupted deliveries to gas stations that had power to pump the fuel. However, the bigger problem was that many stations and storage facilities remained without power. Politicians were scrambling November 1 to increase the supply of fuel — the Port of New York and New Jersey opened just enough to allow boats carrying gas to move, and the governor of New Jersey waived restrictions that make it harder for stations to buy gas from out-of-State suppliers. He said that the U.S. President sent 250,000 gallons of gas and 500,000 gallons of diesel fuel to the State through the Department of Defense, and he pledged to send more if needed. Source:

 • Nine more cases of fungal meningitis were reported from an outbreak tied to steroid medications shipped by a Massachusetts company, bringing the national total to 377 cases, U.S. health officials said November 1. – Reuters

27. November 1, Reuters – (National) Nine more cases of meningitis reported in outbreak. Nine more cases of deadly fungal meningitis were reported from an outbreak tied to steroid medications shipped by a Massachusetts company, bringing the national total to 377 cases, U.S. health officials said November 1. The Centers for Disease Control and Prevention (CDC) said Virginia revised down the number of deaths from three to two, reducing the national fatality total to 28. The CDC gave no reason for the revision. In addition to the 377 cases of meningitis, the CDC said there also were 9 reported cases of infections after a potentially contaminated steroid was injected into a joint such as a knee, hip, shoulder, or elbow, bringing the total number of infections nationwide to 386. The steroid was supplied by New England Compounding Center of Massachusetts, which faces multiple investigations. Health authorities said its facility near Boston failed to make medications in sterile conditions. Source:

• Hurricane Sandy will likely cost telephone and cable service providers hundreds of millions of dollars, with companies such as Verizon Communications and Cablevision Systems Corp. hit hardest, according to analysts. – Reuters

31. November 1, Reuters – (New York) Sandy caused ‘major damage’ to U.N. headquarters: Official. The United Nations (U.N.) headquarters suffered severe damage when Hurricane Sandy caused heavy flooding at the world body‘s Manhattan complex along the East River, the U.N. security chief said November 1. Sandy made landfall in New York City October 29. The storm surge from the East River also affected the United Nations, which remained shut from October 29-October 31. ―Tuesday morning it became evident that we had suffered pretty major damage in the United Nations,‖ the U.N. under-secretary-general for safety and security told reporters. ―The storm surge, which was higher than anyone predicted, came over the FDR Drive, came into the service drive at the 3B (basement) level of the United Nations, rose above our loading dock levels of the 3B and then started plummeting down into the lower levels of the United Nations,‖ he said. He said this caused problems with the U.N. complex‘s chilled-air plant, electrical operations, and communications. ―We are not back to full operations,‖ he said. ―We clearly have some damage to our communications systems.‖ The U.N. secretary-general‘s chief of staff said U.N. peacekeeping, humanitarian, and other operations worldwide were not affected by the impact Sandy had on United Nations headquarters in New York City. U.N. officials told reporters that they expected U.N. Web sites to be operational November 1, and that some were already functional. Many U.N. Web sites have been out of operation since October 29. Source:,0,3559583.story

 • The final repair bill for the Army Corps of Engineers‘ Omaha District totaled $360 million. Levee rehabilitation work came to $160 million and repairs to damages at the six mainstem dam projects totaled $200 million. – Glasgow Courier

57. November 1, Glasgow Courier – (National) $56M awarded for dam repairs. The Army Corps of Engineers awarded the final round of contracts for repairs throughout the Missouri River basin following the flood of 2011, the Glasgow Courier reported November 1. The final repair bill for the Corps‘ Omaha District totaled $360 million. Levee rehabilitation work came to $160 million and repairs to damages at the six mainstem dam projects totaled $200 million. The work on 15 levee systems is expected to be complete by the spring of 2013. Completion of work on the dams will take a year or more. According to a release from the Omaha District, examples of repair work include spillway repairs, under seepage control systems, repairs to Corps-owned levees that were scoured during the flood, relief wells, retaining walls, toe drains, and other erosion repairs. Six projects totaling more than $56 million were awarded for construction at the Fort Peck Dam and power plant. The Fort Peck Project manager said several of the contracts were multi-year repairs scheduled for completion in 2015. Source:


Banking and Finance Sector

8. November 2, – (Michigan) Grand Rapids businessman to plead in $12 million mortgage fraud, federal records show. Court records showed the owner of the Grand Rapids, Michigan real-estate title agency Prime Title Services agreed to plead guilty in a $12 million mortgage scheme, reported November 2. He will plead guilty in U.S. District Court to conspiracy to commit wire fraud, according to the plea agreement. The man owned the real estate title company when he conspired with another person to defraud banks and title companies between 2002 and 2006, authorities said. He allegedly concealed from mortgage lenders and title companies prior liens and mortgages on properties that were owned and sold by the co-conspirator and one of his companies. He also failed to timely record new mortgages on properties owned by the co-conspirator and his company at Register of Deeds offices, the plea agreement said. Source:

9. November 2, City News Service – (California) Woman faces 30 years in $20 million mortgage fraud. A Washington woman pleaded guilty in federal court to spearheading a $20-million mortgage fraud scheme on about 30 properties in California‘s Orange, Riverside, and San Bernardino counties, City News Service reported November 2. The woman, who resides in Glenoma, Washington, pleaded guilty to one count of mail fraud, according to an assistant U.S. Attorney. The woman and several others conspired to fraudulently obtain loans by purchasing homes in the names of various straw buyers, according to prosecutors. She offered to pay the sellers substantially more than the asking price as long as they agreed to give her the difference, prosecutors said. The loan applications in the name of straw buyers she recruited inflated employment records, income, and assets. Bank statements and other documents were forged to back up the bogus information. She received more than $20 million in loans for about 30 properties in the three counties. The straw buyers defaulted on the loans, leading to foreclosure and losses of more than $11 million to the lenders, prosecutors said. Source:

10. November 1, WCMH 4 Columbus – (Ohio) Police arrest armed bank robbery suspect. An armed man that allegedly robbed a Cambridge, Ohio bank November 1 was in custody, and a bomb squad was called in to detonate what the suspect claimed was an explosive device. Cambridge police said the suspect walked into a U.S. Bank and handed the clerk a note demanding money. The suspect left with the cash, and was confronted by a Cambridge Police officer. The suspect said he had an explosive device, and the officer saw that he was armed with a handgun. The officer took the suspect into custody with the help of a retired Columbus Police officer who happened to be nearby. The suspect had two handguns on him at the time of the arrest, according to police. The item the suspect claimed to be an explosive device was secured and given to the bomb squad to be detonated. The contents of the device were collected, and they were being analyzed by the Ohio State Fire Marshal‘s Office. Source:

11. November 1, WBBM 2 Chicago – (Arizona; Florida) FTC sues robocallers over $30 million scam. The U.S. Federal Trade Commission (FTC) sued five robocall companies headquartered in Arizona and Florida for scamming individuals out of an estimated $30 million in two years, WBBM 2 Chicago reported November 1. According to the FTC, the companies would place automated calls to consumers offering ―cardholder services,‖ with an opportunity to reduce the interest rates on their credit cards. The firms Green Savers, Treasure Your Success, Ambrosia Web Design, A+ Financial Center, and Key One Solutions allegedly misled consumers into believing their credit card rates would be reduced. In calls from those companies, telemarketers allegedly charged the victims up-front fees ranging from a few hundred dollars to nearly $3,000, claiming the consumer would see greater savings on their credit card bills through lower rates. In some cases, the companies allegedly did not disclose the up-front fee at all. However, consumers saw no savings on their bills, and often found it difficult – if not impossible – to get a refund of the fee they paid. Source:

12. November 1, Associated Press – (Rhode Island) Ex-Red Sox star accused of fraud in Rhode Island. Rhode Island‘s economic development agency sued a former Red Sox pitcher and some of its former officials November 1, saying they misled the State into approving a loan guarantee to the pitcher‘s failed video game company. The collapse of the company, 38 Studios, is likely to leave the State on the hook for $100 million. Among other things, the lawsuit said executives at 38 Studios — as well as the former executive director of the agency and others — knew the company would run out of money by 2012, but concealed that knowledge from the agency board. Source:

13. October 30, Associated Press – (California) LA County man arrested in $49M investment scam. Federal prosecutors arrested a Los Angeles County man on charges he ran a $49 million fraudulent investment scheme, the Associated Press reported October 30. A U.S. attorney spokesman said the man, the CEO and co-owner of Technology for Telecommunication and Multimedia, Inc., was arrested without incident at his home on 12 counts of wire fraud and other crimes. He is accused of bilking investors with false promises that his day-trading would bring them substantial profits, that their money was safe, and could be returned on request. However, prosecutors said he used investor funds to pay for his family‘s expenses and gambling, in addition to making bad trades. He also allegedly provided the FBI with fraudulent documentation. Source:

Information Technology Sector

38. November 2, The H – (International) Apple releases iOS 6 and Safari security updates. Apple released updates for iOS 6, which include security fixes. The iOS 6.0.1 update includes security fixes for the kernel, passcode locking, and WebKit. The WebKit issues were also fixed in an update of the Safari Web browser for Mac OS X. The kernel flaw allowed maliciously crafted applications to bypass the Address Space Layout Randomization (ASLR) system and discover kernel addresses. The passcode lock problem allowed anyone with physical access to a device to gain access to the new Passbook application‘s passes which could have included tickets, boarding passes, or vouchers. The two WebKit holes both opened up the possibility of a malicious Web site either terminating the application or running arbitrary code; one involved the checking of JavaScript arrays and the other was a use-after-free issue with SVG images. Source:

39. November 2, IDG News Service – (International) Firefox to force secure connections for selected domains. Mozilla introduced a pre-loaded list of domains for Firefox that only can be connected to securely in order to help protect the privacy and security of users. To force secure connections between the browser and a server, Mozilla uses HTTP Strict Transport Security (HSTS), a mechanism used by servers to indicate that the connecting browser must use a secure connection, according to a Mozilla developer. When the browser connects to an HSTS server for the first time though, the browser does not know if it should use a secure connection because it never received a HSTS header from that host. ―Consequently, an active network attacker could prevent the browser from ever connecting securely (and even worse, the user may never realize something is amiss),‖ the developer said, adding that setting up the connection that way still leaves it vulnerable to attacks. As a workaround for that problem, Mozilla added a list to Firefox with domains that the browser should only connect to securely by default. Source:

40. November 2, The H – (International) Speculation over Facebook access via Google index. According to a report on HackerNews, until recently, a special Google search query returned numerous Facebook links permitting access to other users‘ accounts. The links contain a token which automatically logs into someone else‘s Facebook account. The search results are also reported to have contained links providing access to other users‘ email addresses. The links appear to have come from notification emails sent out by Facebook in response to events. The emails contain a direct link to the relevant event on Facebook. To make it easier for users to log in, Facebook includes the user‘s email address in the link URL. This is then entered into the relevant field on the login page automatically and users need only enter their password — and even this can be omitted if they are already logged in. In some cases, Facebook also uses links containing tokens which log users in without requiring a password. This is not a security problem in itself, since Facebook sends these emails directly to the account owner. The problem arises when these links fall into the wrong hands. It is currently unclear how they were indexed by Google. A Facebook employee hypothesized that the notification emails may have been made publicly available for reasons such as the use of a throwaway email site, access to which does not require a password. He also stated that Facebook has deactivated token-based logins in response to the issue. Google also appears to have taken action, with the links in question having largely vanished from its search results. Source:

41. November 1, Network World – (International) Security research labels over 290,000 Google Play Android apps as ‘high-risk’. One-quarter of more than 400,000 Android applications examined in the Google Play store pose security risks to mobile-device users, according to new research. Security vendor Bit9 categorized these Android apps as ―questionable‖ or ―suspicious‖ because they could gain access to personal information to collect GPS data, phone calls or phone numbers, and much more after the user granted ―permission‖ to the app. ―You have to say ‗yes‘ to the application or it won‘t run,‖ pointed out Bit9‘s CTO. Games, entertainment, and wallpaper apps especially seem to want to grab data, even though their functions would seem to have little direct use for it. Bit9 notes this does not mean these apps are malware per se, but they could do damage if compromised because the user has granted so much permission. Source:

42. November 1, Softpedia – (International) Phishers steal email account credentials with shady ‘Windows Update’ site. A group of cybercriminals is attempting to gather Yahoo!, Gmail, Windows Live, AOL, and any other email account credentials. According to GFI Labs experts, the thieves set up a phishing page on a Web site called microsofts(dot)us. When users visit this site, most likely after clicking on links received via spam, they are presented with a message that reads: ―Your computer is out of date and risk is very high. To update your windows installation records you are required to choose your email address below.‖ After victims provide their email addresses and associated passwords, they are presented with a page that contains instructions on how to update Windows. The instructions are not malicious, but at this point, the user‘s credentials are stored in a database controlled by the cybercriminals. The site is currently flagged as being malicious by browsers and security solutions providers, and the Web page in question was removed. However, users are still advised to be cautious since the phishers can easily relocate the page. Source:

43. November 1, – (International) Cyber criminals look to exploit interest in Windows 8. Two cyber threats targeting early adopters of Microsoft‘s recently launched Windows 8 operating system were recently discovered. Trend Micro detected the TROJ_FAKEAV.EHM malware and a phishing email scam targeting Windows 8 customers October 31. The malware is reportedly hosted and spread via a number of malicious sites. It infects machines by displaying a fake scanning result window that aims to dupe its victims into purchasing a bogus antivirus program for Windows 8. The phishing email looks to fool users into handing over sensitive data, such as their email address and password, by masquerading as a fake, free Windows 8 download offer. Source:

44. October 30, IDG News Service – (International) Lack of abuse detection allows cloud instances to be used like botnets. Some cloud providers fail to detect and block malicious traffic originating from their networks, which provides cybercriminals with an opportunity to launch attacks in a botnet-like fashion, according to a report from security consultancy firm, Stratsec. Researchers from the company reached this conclusion after performing a series of experiments on the infrastructure of five ―common,‖ but unnamed, cloud providers. The experiments involved sending different types of malicious traffic from remotely controlled cloud instances (virtual machines) to a number of test servers running common services such as HTTP, FTP, and SMTP. Source:

Communications Sector

45. November 2, Atlanta Journal-Constitution – (Georgia) Police: CNN bomb threat was extortion attempt. Police continued to investigate a bomb threat and extortion plot called in November 2 to the CNN Center in Atlanta. Police received a call from a person claiming to have planted a chemical bomb somewhere on the campus of the Atlanta landmark, the Atlanta Police captain told reporters. ―He threatened to detonate that bomb, and demanded $15,000 and I believe an airline ticket out of town,‖ he said. Police closed down roads surrounding the CNN Center and an adjacent hotel while teams went floor-by-floor searching for any suspicious items that might be an explosive. Neither building was evacuated. After an hour and a half police completed the search without finding anything and reopened the roads. ―He called the Zone 1 precinct‖ in west Atlanta, the captain said — the CNN Center is in Atlanta Police Zone 5 downtown. ―He also called CNN security and made the same threat.‖ ―He made a comment that he was wanted by the federal government for some sort of RICO violation,‖ he said. Police are still trying to determine the motive for the call. Source:

46. November 1, Torrington Register Citizen – (Connecticut) Some customers find CPTV knocked out by Sandy. Hurricane Sandy left some TV viewers without access to Connecticut Public Television (CPTV), the Torrington Register Citizen reported November 1. Over-the-air (antenna) viewers of WEDW 49 Stamford or WEDY 65 New Haven found only darkness on those digital channel slots since the storm blew through the area earlier the week of October 29. A CPTV spokeswoman said the station signals were victims of power outages at the transmitters. ―As soon as they restore power, those channels will come back on,‖ she said November 1. Source:

47. November 1, Reuters – (National) Sandy seen costing telco, cable hundreds of millions of dollars. Hurricane Sandy will likely cost telephone and cable service providers hundreds of millions of dollars, with companies such as Verizon Communications and Cablevision Systems Corp. hit hardest, according to analysts, Reuters reported November 1. The storm could end up costing cable and telephone network operators $550 million to $600 million in clean-up and repair costs, according to a Barclays analyst. Along with Cablevision and Verizon, Time Warner Cable, and the wireless operations of AT&T Inc. and Sprint Nextel were included in the analyst‘s estimate. Source:

Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site:

Contact Information

Content and Suggestions: Send mail to or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to

Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at or visit their Web page at v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.