Tuesday, November 21, 2012

Daily Report

Top Stories

 • A Bristol Township, Pennsylvania man risked the lives of utility workers and police officers after he allegedly tried to steal copper cable used to provide safe walking amperage at a PECO facility, Phillyburbs.com reported November 20. – Phillyburbs.com

2. November 20, Phillyburbs.com – (Pennsylvania) Police: Suspected copper theft risked lives of PECO workers, police. A Bristol Township, Pennsylvania man risked the lives of PECO workers and police officers after he allegedly tried to steal copper cable used as a grounding safety measure, Phillyburbs.com reported November 20. Bristol Township police were also investigating two similar copper thefts at the PECO property the week of November 12 that resulted in more than $30,000 in damage. November 17, Bristol Township police and PECO employees were called to the property in the 7100 block of Mill Creek Road for a report of criminal trespassing, police said. Two men were seen running inside the power plant building. The two men allegedly cut and damaged copper cables that help protect PECO employees entering the site from being electrocuted by providing safe walking amperage on the property, police said. The utility’s repair crews began fixing the damaged cables and an initial damage estimate totaled more than $10,000 in damage, police said. The man was arraigned November 19 before a district judge on charges of criminal trespassing, conspiracy, theft, receiving stolen property, and related charges. Source: http://www.phillyburbs.com/news/local/courier_times_news/police-suspectedcopper-theft-risked-lives-of-peco-workers-police/article_2a80c608-6b6d-52fd-aa62-6f9becbfa96d.html

• Three weeks after Hurricane Sandy, four New York City hospitals remain closed for inpatients, leaving thousands of patients scrambling to find other medical centers for treatment. – Kaiser Health News

25. November 19, Kaiser Health News – (New York) 4 NYC hospitals still closed by Hurricane Sandy. Three weeks after Hurricane Sandy, four New York City hospitals remain closed for inpatients, leaving thousands of patients scrambling to find other medical centers to treat everything from broken bones to brain cancer, Kaiser Health News reported November 19. The closures of NYU Langone Medical Center, Bellevue Hospital Center, the Manhattan VA Medical Center, and Coney Island Hospital have meant more business for some nearby hospitals and an unwelcomed cost for others. Several of the hospitals taking in Sandy evacuees initially reported losing millions of dollars – with much of the shortfall the result of taking in Medicaid and uninsured patients from Bellevue and, in some cases, displaced nursing home residents. Source: http://www.medpagetoday.com/PublicHealthPolicy/GeneralProfessionalIssues/36013

• Four southern California men were charged with plotting to kill Americans and destroy U.S. targets overseas by joining al-Qa’ida and the Taliban in Afghanistan, federal officials said November 19. – Associated Press

29. November 20, Associated Press – (National; International) FBI: 4 Calif. men charged in alleged terror plot. Four southern California men were charged with plotting to kill Americans and destroy U.S. targets overseas by joining al-Qa’ida and the Taliban in Afghanistan, federal officials said November 19. The defendants, including a man who served in the U.S. Air Force, were arrested for plotting to bomb military bases and government facilities, and for planning to engage in “violent jihad,” an FBI spokeswoman said in a release. Federal authorities said the trio and the FBI’s confidential source bought airplane tickets the week of November 12 for flights from Mexico City to Istanbul, with plans to later continue to Kabul. Source: http://www.usatoday.com/story/news/nation/2012/11/20/calif-men-chargedterror-plot/1716215/

• Bomb threats closed multiple courthouses across Oregon November 19. All threats were found to be false, but the calls mirror others phoned in to government buildings across Washington and Nebraska this month. – Herald and News

31. November 19, Herald and News – (Oregon) Bomb threat evacuates courthouses. Bomb threats closed multiple courthouses across Oregon November 19, including the Klamath County Circuit Court and Lake County Circuit Court buildings. All threats were found to be false, according to the Oregon State Police. The Klamath County Government Center received a call reporting explosives were hidden in the basement and set to detonate in 25 minutes. Klamath County Undersheriff said many officers responded to the scene, including city police and sheriff’s deputies. Both the Klamath County Government Center and courthouse were evacuated until a bombsniffing dog could search each building. Oregon State Police said in a press release that 19 county courthouses and the Oregon Public Service Building in Salem received bomb threats made by phone. These calls mirror the eight reportedly phoned in across Washington State November 15 and nine reportedly made across Nebraska November 2. All of those calls were unfounded. Source: http://www.heraldandnews.com/members/news/frontpage/article_63778980-32d7-11e2-8a1d-001a4bcf887a.html


Banking and Finance Sector

6. November 20, Associated Press – (Georgia) Ga. insurance chief warns consumers after breach. The Georgia Insurance Commissioner confirmed that 28,467 households in the State could be affected by an online security breach involving Nationwide Insurance Co., the Associated Press reported November 20. He said the company notified him that a portion of its computer network was accessed illegally. The hackers gained unauthorized access to personal information of policyholders and applicants for policies. He said the company also committed to provide his office with evidence of written notice to everyone who could have been affected and to provide those people with free credit monitoring and identify theft protection for at least a year. Source: http://www.wtvm.com/story/20143612/ga-insurance-chief-warns-consumersafter-breach

7. November 20, Krebs on Security – (International) Beware card- and cash-trapping at the ATM. Security experts with the European ATM Security Team (EAST) say five countries in the region this year have reported card trapping incidents, Krebs on Security reported November 20. Such attacks involve devices that fit over the card acceptance slot and include a razor-edged spring trap that prevents the customer’s card from being ejected from the ATM when the transaction is completed. “Spring traps are still being widely used,” EAST wrote in its most recent European Fraud Update. “Once the card has been inserted, these prevent the card being returned to the customer and also stop the ATM from retracting it.” According to EAST, most card trapping incidents take place outside normal banking hours with initial fraudulent usage taking place within 10 minutes of the card capture (balance inquiry and cash withdrawal at a nearby ATM), followed by point-of-sale transactions. A twist on this attack involves “cash traps,” often claw-like contraptions that thieves insert into the cash-dispensing slot which are capable of capturing or skimming some of the dispensed bills. EAST also reports that one of the most common ways that ATM thieves are stealing cash recently involves jamming an oversized fork-like device into the cash dispenser slot to keep it open following a normal ATM transaction. Thieves in Europe reportedly used this method to steal more than a million Euros from French cash machines this year. Source: http://krebsonsecurity.com/2012/11/beware-card-and-cash-trapping-at-the-atm/

8. November 20, Associated Press – (International) UBS rogue trader guilty of fraud. A rogue trader who lost $2.2 billion in bad deals at Swiss bank UBS was sentenced to 7 years in prison November 20 after being convicted in what prosecutors called the biggest fraud case in U.K. banking history. The trader exceeded his trading limits and failed to cover his losses, allegedly faking records to hide his tracks at the bank’s London office. At one point, he risked running losses of up to $12 billion. Source: http://www.google.com/hostednews/ap/article/ALeqM5jEctqCa9X7T8oa_dmSaoy-0fP6jQ?docId=f8dc2b30cdad440898d48460b004f68f

9. November 19, Bloomberg News – (Texas; International) Stanford’s accountants guilty of hiding $7 billion fraud. Two former accounting executives were convicted of helping the Texas financier who ran Stanford International Bank Ltd. hide a Ponzi scheme that bilked investors of $7 billion, Bloomberg News reported November 19. A jury in federal court in Houston convicted Stanford’s ex-chief accounting officer, and its former global controller of conspiring to hide a fraud scheme built on bogus certificates of deposit at the Antigua-based bank. The two men are the last former Stanford executives to face criminal trial over the scheme. Prosecutors told jurors the accountants were among a handful of employees carefully tracking funds the company’s founder “sucked out” of the bank to finance risky private ventures. The founder was convicted in March of masterminding the fraud and stealing more than $2 billion of investor deposits to finance a lavish lifestyle. Source: http://www.businessweek.com/news/2012-11-19/stanford-s-accountants-guiltyof-hiding-7-billion-fraud

10. November 19, Associated Press – (Rhode Island) RI men who scammed terminally ill in $30M investment fraud plead guilty mid-trial. Two men accused of stealing the identities of terminally ill people to reap $30 million from insurance companies and brokerage houses pleaded guilty November 19 in Providence, Rhode Island, several days into their trial. An estate planning lawyer and philanthropist who was the CEO of Estate Planning Resources, and his former employee, each entered guilty pleas in U.S. District Court to single counts of wire fraud and conspiracy, ending the trial that began the week of November 12 and was expected to last up to 3 months. Prosecutors said the CEO and his employee took out variable annuities and so-called “death-put” bonds that would pay out when a person died. Authorities said they lied to terminally ill people to get personal information that was used to purchase bonds and annuities in their names without consent. Source: http://www.washingtonpost.com/business/ri-men-who-scammed-terminally-illin-30m-investment-fraud-plead-guilty-mid-trial/2012/11/19/1ecadeb8-325f-11e2-92f0-496af208bf23_story.html

11. November 19, Associated Press – (New Jersey; International) NJ-based executives with Celgene, Sanofi-Aventis charged in insider trading scheme. Executives at two leading drug companies were among six people arrested November 19 and charged with insider trading in what federal prosecutors said was a five-year-long scheme that netted more than $1 million. Among those charged were the director of financial reporting at Celgene Corp., a biotech drug maker based in Summit, New Jersey; and a man who held a similar position at Sanofi-Aventis, a France-based pharmaceutical company with U.S. headquarters in Bridgewater. Along with a high school friend of the first man, who was a marketing executive with Stryker Corp., a medical technology company, they passed privileged information on their companies’ merger and acquisition plans, financial results, and regulatory applications to others who would make stock trades based on the information, according to the criminal complaint. Insider trading was alleged to have occurred prior to several deals, including Celgene’s purchase of Pharmion, and Celegene’s acquisition of Abraxis. Source: http://www.washingtonpost.com/business/nj-based-executives-with-celgenesanofi-aventis-charged-in-insider-trading-scheme/2012/11/19/ce767aec-3279-11e2-92f0-496af208bf23_story.html

12. November 19, U.S. Securities and Exchange Commission – (Georgia; National) SEC halts prime bank scheme in Georgia. The U.S. Securities and Exchange Commission (SEC) November 19 charged the operators of a long-running prime bank scheme with defrauding at least 220 investors in more than 20 States of $15 million. It also is seeking an emergency court order to freeze the operators’ assets for the benefit of investors. The SEC alleges that a man who lives in Florida, and a woman, a former Georgia resident who now lives in California, raised $15 million from investors, primarily in Georgia. The man portrayed himself as the “U.S. Director” of a secret European trust that had the power to create money and claimed to have appointed the woman as a “U.S. Regional Director” for the trust. The two led investors to believe that they could receive 38 percent annual interest on loans to the trust, provided they abide by the trust’s strict rules requiring secrecy. However, investor money was instead used to merely pay other investors, the hallmark of a Ponzi scheme. The SEC’s complaint also names as relief defendants two entities that the man controls — MSC Holdings USA LLC, and MSC Holdings Inc. — and another entity controlled by the woman — MSC GA Holdings LLC. The SEC believes the three firms may have received ill gotten assets from the fraud that should be returned to investors. Source: http://www.sec.gov/news/press/2012/2012-236.htm

13. November 19, Wall Street Journal – (Delaware) First Bank of Delaware loses charter over AML problems. First Bank of Delaware was stripped of its State charter to operate and the bank was penalized $15 million by federal regulators for failing to implement an effective anti-money laundering compliance program, the Wall Street Journal reported November 19. The bank, based in Wilmington, Delaware, settled with the Federal Deposit Insurance Corp. and the U.S. Department of the Treasury’s Financial Crime Enforcement Network, which together found that First Bank failed to implement an effective compliance program with internal controls designed to report evidence of money laundering or other suspicious activity. First Bank also settled charges with the U.S. Department of Justice (DOJ) related to the same misconduct. The DOJ alleged that the bank, from 2009 to 2011, violated the Financial Institutions Reform, Recovery and Enforcement Act by originating withdrawals on behalf of fraudulent merchants, causing money to be taken from the bank accounts of consumers. The bank established direct relationships with several fraudulent merchants and third-party payments processors working with additional fraudulent merchants, the DOJ alleged. It originated hundreds of thousands of debit transactions against consumers’ bank accounts, using “remotely-created checks,” a type of transaction the DOJ said is widely known to be used by fraudulent companies. The DOJ alleged that First Bank knew, or at least turned a blind eye, to the fact that the authorization for the withdrawals was obtained by fraud. Source: http://blogs.wsj.com/corruption-currents/2012/11/19/first-bank-of-delawareloses-charter-over-aml-problems/

Information Technology Sector

35. November 20, The H – (International) Nintendo’s Wii U Miiverse accidentally hacked. Shortly after the Nintendo Wii U was released in North America, Trike, a user on the NeoGAF forums, gained access to the debug menu for Miiverse, the social network for Wii U players. Trike says he got access to the debug menu by pressing the X button while hovering the cursor over the exit button. The debug menu allowed him a look into admin lists, where he could have even changed administrators’ passwords. To the delight of many users, he was also able to get an idea of games that will probably be released in the future because he was able to see forums that had already been set up for yet to be announced games. The vulnerability appears to have been fixed quickly. Nintendo later confirmed that the incident was not a hoax to UK gaming site CVG, but claimed the menu accessed was a “mock up” which has now been removed. Source: http://www.h-online.com/security/news/item/Nintendo-s-Wii-U-Miiverseaccidentally-hacked-1753062.html

36. November 20, V3.co.uk – (International) Researchers warn of ‘Cool’ exploit platform. Users are being warned of the emergence of a new and popular malware exploit kit, dubbed ‘Cool’, which allows an attacker to remotely target security vulnerabilities in order to perform ‘drive by’ malware installations. Researchers said that in addition to serving up attacks, the tool is also able to perform more sophisticated functions, including scanning for browser and operating system and detecting potentially vulnerable plug-ins. According to two F-Secure researchers, Cool bears a strong resemblance to the Blackhole malware kit. The duo noted that a number of the attack targets, techniques, and updates displayed by Cool match that of Blackhole. The researchers pointed out that when new vulnerabilities are disclosed, Blackhole and Cool often show updates at similar times and target many of the same vulnerable components and versions. The F-Secure researchers also noted a resemblance between the two attack kits at the coding level, performing similar functions and operations when carrying out attacks. They noted that when attacking components such as Flash, the two kits even go so far as to use the same file names and code. Source: http://www.v3.co.uk/v3-uk/news/2225876/researchers-warn-of-cool-exploitplatform

37. November 20, The H – (International) Opera 12.11 fixes high-severity vulnerability. The recent 12.11 release of Opera’s Web browser addresses a high severity security vulnerability that could have allowed a remote attacker to execute arbitrary code on a victim’s system. According to the company, the problem in previous versions of the browser was caused by an error when handling HTTP responses that caused a heap-based buffer overflow. For an attack to be successful, a victim must first visit a maliciously crafted site. The update also closes a low-severity security hole that could have been used to detect what files a user has on their machine. Non-security-related changes include fixes for several issues related to the SPDY networking protocol, a problem that prevented Google’s Gmail email service from loading, and a crashing bug under Mac OS X. Opera advises all users to upgrade to the latest version. Source: http://www.h-online.com/security/news/item/Opera-12-11-fixes-high-severityvulnerability-1753773.html

38. November 19, Dark Reading – (International) Israel draws ire of Anonymous. As the fierce airstrikes between Israel and Hamas-led forces in the Gaza Strip rage on, another battle fought by volunteer cyberwarriors from around the world is striking out at Israel. Israeli officials  November 18 said there have been more than 44 million hacking attempts against its government Web sites since the Gaza air strikes first began November 14. A few hundred attempts are made each day, they said, including cyberattack attempts against the defense, prime minister, president, and Foreign Ministry Web sites. Most of the attacks appear to be defacements and distributed denial of service (DDoS) attacks, but some also include data dumps posted online, according to reports. Some 88 Web site defacements were posted on Pastebin. Israel’s finance minister said that just one hack was successful on a Web site that resulted in about 10 minutes of downtime, but he would not name the site. Source: http://www.darkreading.com/advanced-threats/167901091/security/attacksbreaches/240142355/israel-draws-ire-of-anonymous.html

Communications Sector

Nothing to report

Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.

Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.