Monday, November 19, 2012 

Daily Report

Top Stories

 • The Coast Guard was investigating a fire on an oil rig around 20 miles south of Grand Isle, Louisiana, in the Gulf of Mexico November 16. Eleven people were medevaced to local hospitals and two people were reported missing by the Coast Guard. – Business Insider

1. November 16, Business Insider – (Louisiana; International) Gulf of Mexico oil rig evacuated after fire. The Coast Guard was investigating a fire on an oil rig in the Gulf of Mexico, the Associated Press reported November 16. KHOU 2 Houston reported that the rig was no longer on fire. It is around 20 miles south of Grand Isle, Louisiana. A Coast Guard press conference said that they have not had any confirmation of deaths, but 11 people were medevaced to local hospitals, and 2 people were still missing. Twenty-eight gallons of product could have been released from the pipe, the Coast Guard believed. The rig is owned by Black Elk Energy, a relatively new, Houston-based company. Twenty-eight people were thought to have been onboard at the time of the mishap. A spokesperson for Black Elk told KHOU 2 Houston that preliminary reports suggested workers were doing maintenance on the platform and cut into a pipe that contained oil. This appears to have caused a fire or explosion. Associated Press reported that it is not a deepwater site like the Macondo well that blew in 2010 and caused the worst oil spill in U.S. history. Black Elk have also said the rig was not an oil producing platform at present. Black Elk said there was an oil sheen on the water but this appears to be due to the oil in the pipe cut by the workers. Source:

• A pilot received medical treatment after an Air Force F-22 Raptor fighter jet crashed on a Florida highway near Tyndall Air Force Base November 15. – Associated Press
9. November 15, Associated Press – (Florida) F-22 crashes on highway near Tyndall. An Air Force F-22 Raptor fighter jet crashed near a Florida Panhandle highway November 15, but the pilot was able to eject safely and there were no injuries on the ground, the military said. The single-seat stealth fighter, part of a program that has been plagued with problems, went down November 15 near Tyndall Air Force Base. The pilot received medical treatment and a section of Highway 98 that runs through the base was closed as rescuers responded. The crash was on Tyndall land and no one on the ground was hurt, said an Air Force spokeswoman for the base where F-22 pilots train. The cause of the crash was not clear, but the Air Force has been trying to address problems with the $190 million aircraft for several years. Source:

• Authorities said eight county courthouses around the State of Washington received bomb threats, forcing evacuations and police searches November 15. – Associated Press

34. November 15, Associated Press – (Washington) Several Washington State courthouses receive bomb threats. Authorities said eight county courthouses around the State of Washington received bomb threats, forcing evacuations and police searches. KOMO 4 Seattle reported that authorities do not know if the November 15 threats were coordinated. No devices were found at any of the courthouses. Threats were made to Thurston, Chelan, Douglas, Benton, Adams, Clark, Pacific, and Columbia counties. The Douglas County sheriff told the Wenatchee World that the Douglas County Commissioner's Office received a phone call warning them of a bomb in the courthouse. Authorities evacuated the courthouse and searched area, but did not find a bomb. Similar sounding calls were made to the other counties. Source:

• Researchers from have created proof-of-concept malware that allows attackers to gain access to and remotely control users' USB smart card readers, devices used for user identification and authentication. – Help Net Security See item 42 below in the Information Technology Sector


Banking and Finance Sector

10. November 16, U.S. Securities and Exchange Commission – (National) SEC charges J.P. Morgan and Credit Suisse with misleading investors in RMBS offerings. The U.S. Securities and Exchange Commission (SEC) November 16 charged J.P. Morgan Securities LLC and Credit Suisse Securities (USA) with misleading investors in offerings of residential mortgage-backed securities (RMBS). The firms agreed to settlements in which they will pay more than $400 million combined, and the SEC plans to distribute the money to harmed investors. The SEC alleges that J.P. Morgan misstated information about the delinquency status of mortgage loans that provided collateral for an RMBS offering in which it was the underwriter. J.P. Morgan was also charged for Bear Stearns' failure to disclose its practice of obtaining and keeping cash settlements from mortgage loan originators on problem loans that Bear Stearns had sold into RMBS trusts. According to the SEC's order against Credit Suisse, the firm similarly failed to accurately disclose its practice of retaining cash for itself from the settlement of claims against mortgage loan originators for problems with loans that Credit Suisse had sold into RMBS trusts and no longer owned. Credit Suisse also made misstatements in SEC filings about when it would repurchase mortgage loans from trusts if borrowers missed the first payment due. Source:

11. November 16, Help Net Security – (International) German police warns about Android banking Trojans. Following a string of complaints about fraudulent cash withdrawals, Germany's Berlin Police Department issued a warning for all Android users, telling them to carefully review any security update that is delivered to their smartphones, Help Net Security reported November 16. Users who opted to receive mTAN (mobile transaction authentication numbers) as an additional way to assure the security of their online banking transactions are especially targeted, since the fake security updates carry Zeus-in-the-Mobile (Zitmo). The malware in question is harmless if the criminals have not managed to infect the users' computer with the Zeus banking Trojan beforehand. The Windows-based Trojan is capable of injecting an additional form during the users' banking session, asking them to share their phone number and model. Armed with this information, the criminals send Zitmo masquerading as a security update to them. If the users install the "update", the criminals have access to the mTANs and are ready to perform illegal transactions. Source:

12. November 16, Brevard Times – (Florida; Georgia; South Carolina) Check cashing scheme targeted Publix in SC, FL, GA. The Florida Department of Law Enforcement Orlando Regional Operations Center charged nine individuals who were involved in an organized counterfeit check cashing scheme that resulted in losses of approximately $650,000 to Publix Supermarkets. The group targeted Publix Supermarkets in Florida, Georgia, and South Carolina. Authorities estimate the group cashed over 1,000 counterfeit checks. According to agents, and with the assistance of investigators with Publix, the 8-month investigation alleges that the suspected individuals worked together to manufacture and then distribute counterfeit payroll checks. Six of the individuals were in custody, while three remained at large. Officials asked for the public's assistance in locating the three fugitives. Source:

13. November 16, U.S. Federal Bureau of Investigation – (Pennsylvania) Philadelphia man convicted of securities fraud & insider trading scheme. A Philadelphia man was convicted November 16 of one count of securities fraud and one count of perjury in a case of insider trading that netted him approximately $292,000. Between July 14, 2008 and July 22, 2008, the man purchased shares of a publicly traded company based on non-public information he received from a fellow member of Alcoholics Anonymous immediately following a meeting the two had attended together. An executive with Philadelphia Consolidated Holding Corporation (PHLY) told the man that the company was in discussions with a potential acquirer. In the week following the executive’s disclosure, the man purchased 10,250 shares of PHLY stock for less than $39 per share. The day after he made his final purchase of PHLY stock, the company announced that it would be acquired by Tokio Marine in a cash deal by which shareholders would receive $61.50 per share of PHLY stock. Just days following the public announcement of the merger, he sold 4,750 shares of PHLY stock for $58.50 per share. After the merger's consummation, the man netted personal profits of approximately $292,000 from his unlawful PHLY trades. Source:

14. November 15, Reuters – (National) SEC finds problems in review of credit: raters. Some credit-rating agencies failed to disclose ratings method changes or were lax in following policies on timely downgrades of securities, according to a report issued by the U.S. Securities and Exchange Commission (SEC) November 15. The SEC summarized the results of its annual examination of raters, a requirement under the 2010 Dodd-Frank Act that called for greater scrutiny of ratings agencies following the 2007-2009 financial crisis. The largest ratings firms, Moody's Corp and Standard & Poor's, were criticized for helping to exacerbate the crisis by giving rosy ratings to subprime mortgage securities that quickly turned toxic. The SEC report did not name which firms had violations, but did distinguish between larger versus smaller credit-raters. The SEC's exams were conducted on site at all nine raters registered with the SEC. The SEC found that each of the larger raters and two smaller firms failed to follow their own methodologies and policies for determining ratings. Source:

15. November 15, Wall Street Journal – (National) SEC receives 3,000 tips in the past year. The U.S. Securities and Exchange Commission (SEC) said November 15 it received more than 3,000 tips through its whistleblower program in the past fiscal year. The SEC said the tips — 3,001 in all — came from all 50 States, Washington, D.C., Puerto Rico, and from 49 countries. It announced the findings in a report required by the Dodd-Frank Act on the activity of the SEC’s whistleblower office, which opened its doors in August 2011. “In just its first year, the whistleblower program already has proven to be a valuable tool in helping us ferret out financial fraud,” said the SEC chairman in a statement. ”When insiders provide us with high-quality road maps of fraudulent wrongdoing, it reduces the length of time we spend investigating and saves the agency substantial resources.” Under the program created by the Dodd-Frank Act, whistleblowers can receive a 10 to 30 percent reward if they provide original information that leads to a successful enforcement case netting a penalty of $1 million or more. Source:

16. November 15, Investment News – (Texas) Big wheel in hubcap business charged with real estate investment fraud. An Austin, Texas hubcap salesman turned real estate investment expert is scheduled to appear in court the week of November 19 for a plea agreement on charges of fraud and money laundering in an alleged $16 million real estate Ponzi scheme, Investment News reported November 15. The man, who sold his hubcap business, Wheel Master Inc., in 1997, got into real estate lending in 2001, working briefly for a company, Capital Funding, that put together loan packages for real estate developers. He launched his own business shortly thereafter, representing himself as an “experienced real estate bridge lender,” according to the documents. The scheme purported to be making short-term bridge loans to developers who would repay the loan from proceeds of a sale of the property or from long-term financing. The U.S. attorney for the Western District of Texas alleges that between 2005 and 2009, the man was operating a Ponzi scheme, paying off earlier investors with money from newer ones. Source:

For another story, see item 42 below in the Information Technology Sector
Information Technology Sector

41. November 16, Threatpost – (International) VMware security update fixes DoS, other vulnerabilities. Virtualization software maker VMware shipped a security update for its vSphere API November 15 that resolved a denial of service (DoS) vulnerability in ESX and ESXi, as well as adding a number of open source security updates to the ESX Service Console. The patch affects the following releases: VMware ESXi 4.1 without patch ESXi410-201211401-SG and VMware ESX 4.1 without patches ESX410-201211401-SG, ESX410-201211402-SG, ESX410-201211405-SG, and ESX410-201211407-SG. The advisory addresses an issue in VMware’s vSphere API that, if unpatched, could give unauthenticated users the ability to send maliciously crafted API requests and disable the host daemon. A successful exploit would hinder management activities but would not affect virtual machines running on the host. Source:

42. November 16, Help Net Security – (International) PoC malware for remote hijacking of USB smart readers. Researchers from have created proof-of-concept malware that allows attackers to gain access to and remotely control users' USB smart card readers. Smart cards (chip cards) are used for various purposes, among which are also user identification and authentication. Spanish and Belgian citizens already have an eID card that is used for identification, authentication, and for digital signing. Banks issue smart cards to customers who have opted for 2-factor authentication when accessing their online banking service, and many companies give them out to employees in order for them to be able to authenticate themselves when accessing the corporate network from a remote location. The malware works by installing on the victims' computer a special driver that shares the USB reader over TCP/IP, and another driver on the attacker's computer is able to translate that signal and make it look like the device is physically attached to his computer, Computerworld reports. The malware also has a keylogger component, making it possible for attackers to harvest any of the PINs or passwords that are used with the cards if the reader does not have its own keypad. Another current limitation of the malware is that the driver is not digitally signed and some OS will not accept unsigned software. Source:

Communications Sector

Nothing to report

Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site:

Contact Information

Content and Suggestions: Send mail to or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to

Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at or visit their Web page at v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.