Tuesday, November 13, 2012

I am proud to declare that the DHS Daily Report blog has been selected as one of the “Top 100 National Security Resources”, http://www.masterofhomelandsecurity.org/national-security.html, and from this day forward we will display their logo.

Daily Report

Top Stories

• A gasoline rationing plan that lets motorists fill up every other day went into effect in New York November 9, as utility crews made some progress erasing new outages that put thousands of homes and businesses in the dark in a region still reeling from Superstorm Sandy. – Associated Press

1. November 9, Associated Press – (Connecticut; New Jersey; New York) Gas rationing begins in NY as power outages abate. A gasoline rationing plan that lets motorists fill up every other day went into effect in New York November 9, as utility crews made some progress erasing new outages that put thousands of homes and businesses in the dark in a region still reeling from Superstorm Sandy. Police enforced the new system at filling stations in New York City and on Long Island as drivers turned out before dawn to line up for their rations. Gas was available to drivers with license-plate numbers ending in an odd number or a letter November 9. November 10, drivers with license plates that end in even numbers or zero could fuel up. Buses, taxis, and limousines, commercial vehicles, and emergency vehicles are exempt from the plan, as were people carrying portable gas cans. Only a quarter of the city's gas stations were open, the mayor said. Some were closed because they were out of power, others because they could not get fuel from terminals and storage tanks that could not unload their cargo. Snow blanketed several States from New York to New England and stymied recovery efforts from Superstorm Sandy as additional storm-weakened trees snapped and more power lines came down. The New York governor joined the calls for an investigation November 9, ripping the utilities as unprepared and badly managed. The utilities have said they are dealing with damage unprecedented in its scope and are doing the best they can. By November 9, there were more than 220,000 outages left in the New York area, mostly on Long Island, and about 250,000 in New Jersey. Almost all Connecticut residents had lights again, down from 625,000 at the storm's height. Source: http://wcfcourier.com/news/national/gas-rationing-begins-in-ny-poweroutages-persist/article_8d7c15fc-c103-5e33-a072-7f06bf94d27f.html

• Hundreds of millions of gallons of untreated or partially treated wastewater have flowed
into New Jersey's waterways since Superstorm Sandy, affecting 1.4 million residents in 48
towns, the Associated Press reported November 8. – Associated Press

28. November 8, Associated Press – (New Jersey) Sewage issues prompt call for NJ to curb water use. Hundreds of millions of gallons of untreated or partially treated wastewater have flowed into New Jersey's waterways since superstorm Sandy hit the week of October 29, creating what the State's governor called "a huge problem" November 8. Most of the wastewater is coming from the crippled Passaic Valley Sewerage Commission (PVSC) system, which suffered power outages and flooding from Sandy, the State Department of Environmental Protection (DEP) said. November 8, the governors office and the DEP urged the 1.4 million residents in 48 towns served by the PVSC to restrict water use to reduce stress on the system. Right after the storm, the PVSC system was releasing 500 million gallons of untreated wastewater and stormwater a day into Newark Bay, a DEP spokesman said. The PVSC, after restoring power and repairing some of the damage the weekend of November 2, has been pumping 250 million gallons of partially treated wastewater per day through its normal route into New York Harbor. Utilities are not allowed to dump untreated or partially treated water into waterways unless an emergency exists, the DEP spokesman said. The Middlesex County Utility Authority's (MCUA) wastewater treatment system also sustained damage and has been pumping about 65 million gallons of untreated wastewater per day into the Raritan River, MCUA's executive director said November 8. The DEP issued a water restriction advisory to the 38 towns and 797,000 customers of MCUA November 6. Source: http://www.timesunion.com/news/science/article/Residents-in-48-NJ-townsasked-to-reduce-water-use-4020252.php

• After 59 hang-up 9-1-1 calls in 2 days, police staked out and arrested a southern Nevada
man they think made more than 3,600 phantom emergency calls during the past year, the
Associated Press reported November 8. – Associated Press

37. November 8, Associated Press – (Nevada) Nevada man accused of making phantom 911 calls. After 59 hang-up 9-1-1 calls in 2 days, police staked out and arrested a southern Nevada man they think made more than 3,600 phantom emergency calls during the past year. A Henderson police spokesman said November 8 that detectives questioned the man before, but he always denied making the calls or blamed them on others using his phone. November 7, detectives confronted the man after watching him allegedly make a call to the city's 9-1-1 dispatch center. The police spokesman said he later told police his phone was broken and dialed 9-1-1 by itself. He is being held at the Henderson jail on 59 counts of unlawful use of an emergency phone number. Police said he could face 1 year in jail and a $2,000 fine on each charge. Source: http://www.timesunion.com/news/crime/article/Nevada-man-accused-ofmaking-phantom-911-calls-4021507.php

• Malware that disables computers and demands that hefty cash payments be paid to purported law-enforcement agencies before the machines are restored is extorting as much as $5 million from end-user victims, researchers said. – Ars Technica See item 44 below in the Information Technology Sector


Banking and Finance Sector

12. November 9, Reuters – (International) MoneyGram settles fraud allegations with DoJ. Payment transfer company MoneyGram International Inc said it reached a $100 million settlement with U.S. authorities related to suspected fraudulent transactions by some agents, Reuters reported November 9. The settlement also involves the appointment of an independent compliance monitor. The U.S. Attorney's Office for the Middle District of Pennsylvania and the U.S. Department of Justice had accused MoneyGram of aiding wire fraud and failing to implement an effective anti-money laundering program, the company said. MoneyGram did not provide details of the allegations, which relate to transactions by third-party agents in the United States and Canada from 2003 to early 2009. Source: http://www.reuters.com/article/2012/11/09/us-moneygram-fraudidUSBRE8A80WO20121109

13. November 8, Reuters – (New York; National) Longtime Madoff employee admits decades of fraud. One of Bernard L. Madoff Investment Securities LLC's longest serving employees pleaded guilty November 8 to falsifying records, a conspiracy that a prosecutor said began in the 1970s at the start of the multibillion-dollar Ponzi scheme. The man, a former controller, told a New York City federal court judge that for years he fudged the books on the company's founder's orders, but that at no point did he suspect the epic, decades-long fraud. The former controller, who signed a plea agreement with federal prosecutors, pleaded guilty to charges of conspiracy to commit securities fraud and falsifying documents. The man's son, another former employee, pleaded guilty in 2011 to criminal charges of bank fraud and charges that he reported people were employees so they could receive retirement benefits. The father joined the firm in 1964 and was the firm's first employee who was not a family member. Although he retired in 1998, he and his wife illegally remained on the payroll and received benefits but did not work. A prosecutor said that "as early as the mid 1970s" he had begun changing the financial records of accounts at the founder's direction. Source: http://www.chicagotribune.com/business/sns-rt-us-madoff-controllerpleabre8a804e-20121108,0,3089269.story

14. November 8, Chicago Sun-Times Media Wire – (Illinois) ‘Stringer Bell Bandit’ strikes another Chicago bank. A man dubbed the ―Stringer Bell Bandit‖ — named after a character from the TV series The Wire — robbed his fifth bank in past in Chicago in the past month, the Chicago Sun-Times Media Wire reported November 8. The most recent robbery happened at a Citibank on North LaSalle Street, police said. The man is also suspected of robbing a Citibank branch on West Adams Street October 10, a Citibank branch on West Washington Street October 17, a PNC Bank branch on West Monroe Street October 23, and a Fifth Third Bank branch on South Dearborn Street November 2, the FBI said. Weapons were not shown in the robberies, which were described as ‖non-takeover. Source: http://chicago.cbslocal.com/2012/11/08/stringer-bell-bandit-strikes-anotherchicago-bank/

15. November 8, U.S. Securities and Exchange Commission – (Louisiana) SEC charges Baton  Rouge-based investment adviser with hiding losses from mortgage-backed securities investments. The U.S. Securities and Exchange Commission (SEC) November 8 charged a hedge fund manager in Baton Rouge, Louisiana, with defrauding investors by hiding $32 million in losses suffered during the financial crisis from investments tied to residential mortgage-backed securities (RMBS). The SEC alleges that the man and his firm Commonwealth Advisors Inc. caused the hedge funds they managed to buy the lowest and riskiest tranches of a collateralized debt obligation (CDO) called Collybus. They sold mortgage-backed securities into the CDO at prices they had obtained 4 months earlier while knowing that the RMBS market had declined precipitously in the meantime. As the CDO investments continued to perform poorly, the man instructed Commonwealth employees to conduct a series of manipulative trades between the hedge funds they advised (called cross-trades) in order to conceal a $32 million loss experienced by one of the funds in its Collybus investment. He and Commonwealth lied to investors about the amount and value of mortgage-backed assets held in the hedge funds, and they created phony internal documents to justify their false valuations. He and employees under his direction also continued to cross-trade and create false gains to conceal their losses. Source: http://www.sec.gov/news/press/2012/2012-222.htm

16. November 8, U.S. Securities and Exchange Commission – (California) SEC charges executives and auditor of electronic game card company with fraud. The U.S. Securities and Exchange Commission (SEC) November 8 charged three executives with repeatedly lying to investors about the operations and financial condition of an Irvine, California-based company that purported to sell credit card-size electronic games. The SEC also charged the company’s independent auditor with facilitating the scheme. The SEC alleges that the company's chief executive officer (CEO) and chief financial officer (CFO) orchestrated a scheme in which Electronic Game Card Inc. (EGMI) enticed investors by claiming to have millions of dollars in annual revenue, hold millions of dollars in investments, and own an off-shore bank account worth more than $10 million. In reality, many of the company’s purported contracts were phony, the purported investments were merely in entities affiliated with the two executives, and the bank account did not exist. As a result of EGMI’s false claims, the company’s outstanding common stock was once valued as high as $150 million. EGMI is now bankrupt and its stock is worthless. The SEC charged the company’s outside auditor — certified public accountant — with repeatedly issuing clean audit opinions about EGMI based on reckless and deficient audit work. Also charged is a man who later replaced the CEO and ignored many red flags about the accuracy of the company’s public statements and the integrity of the former CEO and CFO. He provided false information during conference calls with analysts and investors. Source: http://www.sec.gov/news/press/2012/2012-223.htm

17. November 8, Associated Press – (Idaho; California) AK-47 Bandit' hits Rexburg credit union. The FBI said a robber who held up a Rexburg, Idaho credit union with an AK-47 rifle November 6 likely has hit other banks elsewhere in the country. The federal law enforcement agency released photos from the heist at the East Idaho Credit Union showing the man brandishing an assault rifle. Officials said the man is also known as the "AK-47 Bandit" and is suspected in robberies including a holdup in California in February in which he wounded a police officer. The subject entered the Rexburg bank wearing a mask, black gloves, a black coat with a hood, and baggy jeans during the robbery. After ordering employees into a vault, he was seen driving in a dark blue sedan on South Yellowstone Highway. Source: http://seattletimes.com/html/localnews/2019640318_apidak47bandit.html

Information Technology Sector

39. November 9, Softpedia – (International) Joomla 3.0.2 and 2.5.8 available for download, security fixes included. The Joomla Project released Joomla 3.0.2 and Joomla 2.5.8. Both variants come with a number of improvements, including fixes for security issues. In Joomla 3.0.2, a medium priority cross-site scripting (XSS) vulnerability that affected the language search component was fixed. In the 2.5.8 version of Joomla, nine tracker issues were fixed, along with a clickjacking vulnerability caused by ―inadequate protection. Source: http://news.softpedia.com/news/Joomla-3-0-2-and-2-5-8-Available-for-Download-Security-Fixes-Included-305842.shtml

40. November 9, The Register – (International) Windows 8, Surface slabs already need critical security patch. Microsoft will release critical updates for Windows 8 and other software on November's Patch Tuesday the week of November 12. The upgrades will arrive within weeks of the Windows 8 launch at the end of October. All supported versions of the Windows operating system from XP SP3 up to and including Windows 8 and Windows Server 2012 will need patching to close three security holes that enable hackers to execute malicious code remotely on vulnerable systems. The fourth critical patch will address a vulnerability in Internet Explorer 9 on Windows 7, Vista, and Server 2008. Two of the updates for November will also patch Windows 8 RT as used in Microsoft's new Surface tablet laptop. Microsoft's security experts also lined up an "important" update that corrects a remote-code execution bug in Excel in Microsoft Office 2010, 2007, and 2003. A sixth update, labelled "moderate" in severity, prevents information leaking from Windows Vista, 7, and Server 2008. Source: http://www.theregister.co.uk/2012/11/09/nov_patch_tuesday_pre_alert/

41. November 9, The Register – (International) Bloke flogged $1.2m of pirated Microsoft gear on eBay, say Feds. A man from Atlanta, Michigan, was charged with selling counterfeit Microsoft software valued at more than $1.2 million. He is accused of five counts of criminal copyright infringement and one count of mail fraud over the alleged resale of pirated software sourced from east Asia. According to his charge sheet, the man unlawfully distributed Microsoft Office 2003 Professional and Microsoft Windows XP Professional by purchasing dodgy copies of the products from China and Singapore, and then sold the software through auctions on eBay. He allegedly made at least $140,000 through selling more than 2,500 copies of Microsoft programs between May 2008 and September 2010 before he was arrested. If convicted, he faces up to 45 years in prison and $1.5 million in fines. Source: http://www.theregister.co.uk/2012/11/09/ebay_counterfeit_ms_software_prosecution/

42. November 8, ZDNet – (International) Twitter user passwords reset after accounts breached. An unknown number of Twitter users received a genuine email from the company warning they should change their password as soon as possible. However, a Twitter spokesperson told ZDNet that the email was sent to a wider group of users than intended. In the email, the microblogging company noted: "Twitter believes that your account may have been compromised by a website or service not associated with Twitter. We've reset your password to prevent others from accessing your account." It remains unclear how many users were affected by the password reset email or what caused the mass emailing of Twitter's users. A post November 7 noted that in some cases when "large numbers of Twitter accounts have been hijacked," the company sends out these emails en masse; even sending messages to accounts that may not have been affected by any hack or hijack to err on the side of caution. Source: http://www.zdnet.com/twitter-user-passwords-reset-after-accounts-breached-7000007108/

43. November 8, Softpedia – (International) Experts find DOM-based XSS vulnerability in Google.com. Security researchers from Minded Security identified a document object model (DOM)-based cross-site scripting (XSS) vulnerability on Google.com. The security hole was identified with the aid of DOMinatorPro — a runtime JavaScript DOM XSS analyzer. According to the researchers, DOMinatorPro revealed a piece of code in googleadservices.com /pagead/landing.js which used invalidated input to build the argument for two "document.write " calls. They found that the buggy JavaScript was utilized by google.com/toolbar/ie/index.html (both HTTP and HTTPS). "[This] means that one more time a (almost) 3rd party script introduces a flaw in the context of an unaware domain," a researcher from Minded Security explained. He suggested a workaround, but Google decided to address this issue by removing the problematic script altogether. Source: http://news.softpedia.com/news/Experts-Find-DOM-Based-XSS-Vulnerabilityin-Google-com-305585.shtml

44. November 8, Ars Technica – (International) Mushrooming ransomware now extorts $5 million a year. Malware that disables computers and demands that hefty cash payments be paid to purported law-enforcement agencies before the machines are restored is extorting as much as $5 million from end-user victims, researchers said. The estimate, contained in a report published November 8 by researchers from antivirus provider Symantec, is being fueled by the mushrooming growth of so-called ransomware. Once infected, computers become unusable and often display logos of local law-enforcement agencies, along with warnings that the user has violated statutes involving child pornography or other serious offenses. The warnings then offer to unlock the computers if users pay a fine as high as $200 within 72 hours. The report identified at least 16 different ransomware versions spawned by competing malware gangs. Many are completely different families of malware, rather than multiple variants of the same family, and most have their own unique behavior. Source: http://arstechnica.com/security/2012/11/mushrooming-growth-of-ransomwareextorts-5-million-a-year/

Communications Sector

Nothing to report

Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.

Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.