Tuesday, November 6, 2012
Daily Report
Top Stories
• In the area's second significant leak, some 7,700 gallons of
fuel spilled from Phillips 66's Bayway refinery in Linden, New Jersey, after
Hurricane Sandy, the U.S. Coast Guard said November 5. – Reuters
1. November
5, Reuters – (New Jersey) Fuel spill reported at NJ refinery after
Sandy. Some
7,700 gallons of fuel spilled from Phillips 66's Bayway refinery in Linden, New
Jersey, after Hurricane Sandy, the U.S. Coast Guard said November 5, reporting
the second significant leak at the New York harbor oil trading hub. The spill was
reported after residents in nearby Bayonne, New Jersey, complained about diesel
fumes. It was not clear what type of fuel leaked from the refinery or what
measures were taken to contain it. A similar-sized spill was reported the week
of October 29 at Motiva Enterprise's Sewaren, New Jersey, terminal, which was
one of the hardest hit among the oil docks, tank farms, and truck depots that
dot the harbor and supply fuel to the New York City metropolis. It was unclear
whether the spill at Phillips 66's Bayway refinery would have any impact on
operations at the refinery, a major gasoline producer in the region. Source: http://af.reuters.com/article/commoditiesNews/idAFL1E8M56R020121105
• November 2, banks in the New Jersey shore towns were stocking up
on cash; six area banks suffered complete closures while seven others could not
be reached by regulators. – Dow Jones Newswires
11. November
2, Dow Jones Newswires – (New Jersey) Banks, customers struggle
in Sandy's wake. Banks in the New Jersey shore towns that took the brunt of
superstorm Sandy were stocking up on cash as tens of thousands of customers
were left largely without access to electronic payment methods such as credit
cards and online purchasing, the Dow Jones Newswires reported November 2. The
nearly 50 bank companies that operate in the region were plugging away at
serving them while assessing damage to branches and other facilities. Out of
300 banks with their headquarters in New Jersey and New York, 6 suffered
complete closures and 7 others could not be reached by regulators, the Federal
Deposit Insurance Corporation said. Bankers were reluctant to quantify cash
demands and inventories for security purposes, but generally said withdrawals
and branch activity were high. Meanwhile, businesses that receive payments in
cash, such as gas stations that were unable or unwilling to accept electronic
payments, were making large cash deposits. One bank in the area had not yet
been able to resume armored-car cash deliveries, and was limiting customer withdrawals
to $500. All the bank's ATMs were down because there was no Internet service.
The bank also began trying to determine the damage to retailers, motels, restaurants,
and homes comprising its loan portfolio. Federal bank regulators said they would
not criticize "prudent efforts" to change terms on loans to borrowers
affected by the storm. Regulators also said they did not expect to assess
penalties for missing regulatory data deadlines. Source: http://www.foxbusiness.com/news/2012/11/02/banks-customers-struggle-insandy-Wake/
• The recall of hundreds of drugs by Ameridose Llc., may be
exacerbating shortages for surgery and heart failure medicines. The Food and
Drug Administration said November 2 that they are working with other
manufacturers to ramp up production and may consider foreign suppliers. – Bloomberg
25. November
2, Bloomberg – (National) Ameridose recalls cause shortage of medicines. Regulators
said the recall of hundreds of drugs by Ameridose Llc., a compounding pharmacy
associated with the U.S. meningitis outbreak, may be exacerbating shortages of
medicines used for surgery and heart failure. The Food and Drug Administration
is working with other manufacturers to ramp up production and may consider
foreign suppliers, the FDA commissioner said November 2. The drugs Ameridose made
were already in short supply and include local anesthesias, muscle relaxers to
prevent movement during surgery, and high-dose diuretics to remove fluids during
congestive heart failure. "We have doubled the number of staff members who
work in drug shortage prevention and response," the commissioner said. Source:
http://www.star-telegram.com/2012/11/02/4384649/ameridose-recalls-causeshortage.Html
• Seven people were wounded when someone opened fire November 3 at
the Coastal Empire Fair in Savannah, Georgia. Police continued to search for
the gunman and investigators have not ruled out the possibility there was more
than one shooter. – Associated Press; CBS News
42. November
5, Associated Press; CBS News – (Georgia) Seven people
wounded during shooting at crowded Ga. fair, police say. Seven people were
wounded November 3 when someone opened fire at the crowded Coastal Empire Fair
in Savannah, Georgia. Police continued to search for the gunman, who was
described as wearing a dark jumpsuit, although investigators have not ruled out
the possibility there was more than one shooter. Several people were detained
and questioned, but they were all released by investigators. Police announced
no arrests November 4 and released no further information on what happened
inside the fairgrounds or what motivated the shootings. The police spokesman
said the victim believed to be most seriously wounded underwent surgery and was
listed in fair condition. None of the injuries were considered
life-threatening. Source: http://www.cbsnews.com/8301-504083_162-57544966-504083/seven-peoplewounded-during-shooting-at-crowded-ga-fair-police-say/
Details
Banking and Finance Sector
9. November
4, WGCL 19 Atlanta – (Georgia) Hall of Fame coach accused in Ponzi
scheme. A college
football Hall of Fame coach was charged in an $80 million Ponzi
scheme, WGCL 19 Atlanta
reported November 4. The former University of Georgia
coach is accused of
swindling millions from fellow coaches, sports commentators, and
athletes in purported
investments. He allegedly paid himself $14 million. The Securities
and Exchange Commission
(SEC) launched an investigation into allegations that the coach orchestrated a
Ponzi scheme for his own profit. "What was represented to investors was
that their money would be used to invest in loads, usually truck loads of unsold
merchandise from various chains that would then be resold at a profit. Often investors
were told that it was pre-sold and that there was little risk," a SEC
Associate Regional Director said. But the SEC investigation found very little
merchandise was ever purchased, making it impossible for the company to ever
pay out the returns that the coach promised. Source: http://www.cbsatlanta.com/story/19990120/hall-of-fame-coach-jim-donnanaccused-in-ponzi-scheme
10. November
4, KREX 5 Grand Junction – (Colorado) FBI searches for suspect
wanted in multiple Colo. bank robberies. The FBI joined the effort to catch
the suspect known as the "Clearinghouse Bandit", wanted in 11 bank
robberies from Denver to Colorado Springs, KREX 5 Grand Junction reported
November 4. The robberies occurred between August 1 and November 1. Seven were
in Denver, 3 were in Aurora, and 1 was in Colorado Springs. Multiple witness
accounts, as well as pictures, show the suspect carrying a "Publisher's
Clearing House" magazine. Source: http://www.krextv.com/news/around-the-region/FBI-Searches-for-Clearinghouse-Bandit-177122901.html
11. November
2, Dow Jones Newswires – (New Jersey) Banks, customers struggle
in Sandy's wake. Banks in the New Jersey shore towns that took the brunt of
superstorm Sandy were stocking up on cash as tens of thousands of customers
were left largely without access to electronic payment methods such as credit
cards and online purchasing, the Dow Jones Newswires reported November 2. The
nearly 50 bank companies that operate in the region were plugging away at
serving them while assessing damage to branches and other facilities. Out of
300 banks with their headquarters in New Jersey and New York, 6 suffered
complete closures and 7 others could not be reached by regulators, the Federal
Deposit Insurance Corporation said. Bankers were reluctant to quantify cash
demands and inventories for security purposes, but generally said withdrawals
and branch activity were high. Meanwhile, businesses that receive payments in
cash, such as gas stations that were unable or unwilling to accept electronic
payments, were making large cash deposits. One bank in the area had not yet
been able to resume armored-car cash deliveries, and was limiting customer withdrawals
to $500. All the bank's ATMs were down because there was no Internet service.
The bank also began trying to determine the damage to retailers, motels, restaurants,
and homes comprising its loan portfolio. Federal bank regulators said they would
not criticize "prudent efforts" to change terms on loans to borrowers
affected by the storm. Regulators also said they did not expect to assess
penalties for missing regulatory data deadlines. Source: http://www.foxbusiness.com/news/2012/11/02/banks-customers-struggle-insandy-wake/
12. November
2, Infosecurity – (International) New FakeToken Android banking Trojan steals
logins directly. A new variant of the ―FakeToken‖ financial attack on
Android devices has targeted customers of several banks in Europe this year,
warn security researchers, according to Infosecurity November 2. Unlike other
banking Trojans making the rounds, this new threat has no need to first infect
PCs to steal bank account passwords. According to analysis by a malware
researcher at McAfee Labs, a new version of the Android/FakeToken malware goes
back to basics: it is distributed through phishing emails pretending to be sent
by the targeted bank. This malware attack simulates the real Internet banking
site by asking for confidential information like personal email and phone
number, which is then used to initiate the mobile attack. Additionally, unlike
previous Trojan bankers for Android such as the first FakeToken version and Zitmo/Spitmo,
both authentication factors (Internet password and mTAN) are stolen directly
from the mobile device. The trojan also has other means of distribution,
including Web page injection and redirects that lead to a fake security app. Source:
http://www.infosecurity-magazine.com/view/29134/new-faketoken-androidbanking-trojan-steals-logins-directly/
13. November
2, East Valley Tribune – (Arizona) Gilbert man, sons arrested on suspicion
of bank fraud, money laundering, ID theft at Chandler store. A father and
his two sons face federal charges following their arrests involving a $10
million money order scheme authorities said stemmed from a market in Chandler,
Arizona. The father and his sons were arrested on suspicion of conspiracy, bank
fraud, money laundering, and aggravated identity theft charges October 31
following a 46-count indictment by a federal grand jury, according to
Immigration and Customs Enforcement (ICE). The 46-count indictment alleges the
trio operated a money order fraud scheme from the Mama Mia Panaderia and
Market, which is owned by the father. According to the indictment, the father
contracted with Merchants Bank of California in order for the store to sell the
bank’s Unigram money orders. The store also maintained two business accounts
with Wells Fargo Bank. Beginning around May 2010, the trio is alleged to have
conspired to operate a scheme in which the store issued thousands of false,
worthless money orders, utilizing fictitious names. These false money orders were
then deposited into the Wells Fargo business accounts, thus artificially
inflating the account balances, so that funds were made available to pay Merchants
Bank for issuing the money orders. The indictment alleges that the
defendants issued and
deposited more than 10,000 false money orders totaling approximately $10
million. A portion of those funds were unlawfully withdrawn by the defendants
for their personal and business use. Source: http://www.eastvalleytribune.com/local/cop_shop/article_05bebe12-2544-11e2-9274-001a4bcf887a.html
14. November
2, KDVR 31 Denver – (Colorado) FBI looking for serial robber called ‘Brady Bunch
Bandit’. The FBI was asking for the public’s help in finding a man they have
dubbed the "Brady Bunch Bandit", who is responsible for robbing six
banks in the Denver metro area, KDVR 31 Denver reported November 2. According
to the FBI, the man robbed banks in Centennial and Aurora. The first robbery
happened at a Chase Bank September 1. The most recent robbery was at a TFC Bank
October 29 in Aurora. The FBI named the man the Brady Bunch Bandit because
witnesses said he resembles one of the male co-stars from the early 1970’s
American sitcom The Brady Bunch, a FBI spokesman said. Officials have said the
man will enter the bank and give the teller a demand note. He then flees on
foot, the spokesman said.
15. November
2, Softpedia – (International) Malware alert: Discover Card account notes. A
couple of malicious Discovery Card emails were making the rounds for several
days, attempting to trick recipients into clicking on links that point to
malware serving Web sites, Softpedia reported November 2. They both purport to
come from "Discover Account Notes." One of them informs recipients of
"detail changes" and the other one is entitled "Substantial
Information about your Discover Account." Source: http://news.softpedia.com/news/Malware-Alert-Discover-Card-Account-Notes-304055.shtml
Information Technology Sector
35. November
5, Softpedia – (International) Researchers find smishing vulnerability in Android,
all versions affected. Researchers from North Carolina State University identified
a smishing vulnerability that affects all versions of Android, including Jelly Bean,
Ice Cream Sandwich, Froyo, and Gingerbread. Smishing attacks are phishing attacks
that rely on SMS messages. They are often utilized by cybercriminals to steal information
from unsuspecting mobile phone users. According to an associate professor at
the university’s Department of Computer Science, the security hole can be
leveraged by an application to create fake arbitrary SMS messages. ―One serious
aspect of the vulnerability is that it does not require the (exploiting) app to
request any permission to launch the attack (In other words, this can be
characterized as a WRITE_SMS capability leak.),‖ he explained. Google was
informed of the vulnerability. The company promised to address the issue in a
future Android release. Source: http://news.softpedia.com/news/Researchers-Find-Smishing-Vulnerability-in-Android-All-Versions-Affected-Video-304464.shtml
36. November
5, Softpedia – (International) F-Secure releases Mobile Threat Report for Q3
2012. F-Security released its Mobile Threat Report for the third quarter of
2012. The study focuses on potentially unwanted software, the pieces of
spyware, and the pieces of malware that posed the greatest threat to mobile
phone users in the past 4 months. For Android, a number of 51.447 unique pieces
of malware were detected in the third quarter. Although Google introduced
Bouncer as an extra layer of security for Google Play, the number of malicious
samples still increased. Experts believe this increase is most likely caused by
the growth in Android smartphone adoption. As Crossbeam representatives
highlighted, it is not easy for mobile network operators to secure their
infrastructures when millions of new devices are added almost simultaneously.
The same must also be true for Web sites that host mobile phone applications.
The smartphone markets of Russia and China have grown considerably and experts
say that this expansion has ―also been notable for the proliferation of less secure
third-party apps markets, which are popular with users for various reasons. This
factor may also account for the increasing number of malicious samples seen
this quarter,‖ the report reads. In total, a number of 42 new malware families
and new variants of existing families were spotted. Source: http://news.softpedia.com/news/F-Secure-Releases-Mobile-Threat-Report-for-Q3-2012-304439.shtml
37. November
5, The H – (International) Malware disguised as an MMS message. Cybercriminals
are currently spreading malware by sending a large number of email messages
purporting to be from Vodafone's MMS gateway. These emails have the subject
"You have received a new message" and claim that the recipient has
been sent a picture message over MMS from a Vodafone customer. The Vodafone
email address used and the supposed telephone number sending the messages
varies; even the country code is changed based on the location being targeted.
The messages say that a picture message is in the attached
"Vodafone_MMS.zip" file. However, once unzipped, it only contains an
executable named "Vodafone_MMS.jpg.exe" that will install malware
onto a victim's system when launched. According to VirusTotal, the malware is
currently only detected by just 8 of 44 anti-virus programs used by the online
virus scanner service. An analysis of the file in a sandbox leaves no doubts
about its malicious intentions: among other things, it copies itself to
C:\Documents and Settings\All Users\svchost.exe and then hides itself under
SunJavaUpdateSched to launch when Windows first boots. Source: http://www.h-online.com/security/news/item/Malware-disguised-as-an-MMSmessage-1743608.html
38. November
5, The Register – (International) More VMware secret source splattered across
Internet. VMware confirmed that the source code for old versions of its ESX
technology was leaked by hackers the weekend of November 3, but played down the
significance of the spill. The visualization company said November 4 that the
exposed portions of its hypervisor date back to 2004, and the leak follows the
disclosure of VMware source code in April. "It is possible that more
related files will be posted in the future," VMware's director of platform
security explained. "We take customer security seriously and have engaged
our VMware Security Response Center to thoroughly investigate." He said
customers who apply the latest product updates and patches, in addition to
following system hardening guidelines, should be protected against attacks
developed in the wake of the code leak. Source: http://www.theregister.co.uk/2012/11/05/vmware_source_code_leak/
39. November
3, Softpedia – (International) Hackers use malware to steal photos, blackmail
users. Experts identified an piece of malware whose main goal is to steal
all the picture files from an infected computer and upload them to a remote FTP
server. .JPG, .JPEG, and .DMP file can contain information cybercriminals can
use for identity theft, blackmail, or targeted attacks. This is probably why
the main goal of the TSPY_PIXSTEAL.A malware identified by Trend Micro is to
steal these types of files from infected computers. TSPY_PIXSTEAL.A scans the
affected machine for the aforementioned files and copies them all into its own
directory. When this task is complete, it connects to an FTP server and uploads
the first 20,000 files.
Source: http://news.softpedia.com/news/Hackers-Use-Malware-to-Steal-Photos-Blackmail-Users-304183.shtml
40. November
2, The Register – (National) One in seven North American home networks full of
malware. One in seven home networks in North America are infected with
malware, a recent study reveals. Half the threats detected during the third
quarter of 2012 were made up of spam-distributing zombies or banking trojans,
while the remainder were mostly adware and other lesser threats, according to
the study by Kindsight Security Labs. The study was based on data gathered from
the security firm' service provider customers. Consumers most commonly get
infected with malware after visiting Web sites contaminated with exploit kits
via drive-by attacks. Kindsight names the ZeroAccess botnet as among the worst
menaces to Internet safety. ZeroAccess was the most active botnet in the third
quarter, with more than 2 million infected users worldwide with 685,000 in the
United States alone. Source: http://www.theregister.co.uk/2012/11/02/malware_infestation_us_survey/
Communications Sector
41. November
4, ZDNet – (National) Verizon, AT&T networks more than 95 percent working
post-Sandy. Verizon, the country's largest cellular network by subscribers,
and AT&T, the second largest, said November 4 that their networks are close
to being fully operational on the East Coast, days after Hurricane Sandy hit
more than 10 States. While many remain without Internet access and have no
estimate as to when their service will resume, cellular networks are beginning
to operate semi-normally across major metropolitan areas. AT&T said nearly
97 percent of its cell masts in Sandy-hit regions are now operational. Also,
more than 90 percent of its cell masts in New York City are running again, up
from 80 percent November 1. Verizon said 98.1 percent of cell masts in the
Northeast are now working, and that voice and text messaging overages will be
credited to Verizon cellular subscribers in New York City and New Jersey. Sandy
knocked out 25 percent of the country's wireless companies' cell sites in the
States affected by the storm, the Federal Communications Commission said October
30.
Source: http://www.zdnet.com/verizon-at-and-t-networks-more-than-95-percentworking-post-sandy-7000006852/
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.