Thursday, November 29, 2012


Daily Report

 Top Stories

 • IT experts reported security flaws in pacemakers and defibrillators could be putting lives at risk, stating that many devices are not properly secured and therefore are vulnerable to hackers who may want to commit an act that could lead to multiple deaths, Homeland Security reported November 28. – Homeland Security News Wire

21. November 28, Homeland Security News Wire – (International) Pacemakers, other implanted devices, vulnerable to lethal attacks. IT experts reported security flaws in pacemakers and defibrillators could be putting lives at risk, stating that many devices are not properly secured and therefore are vulnerable to hackers who may want to commit an act that could lead to multiple deaths, Homeland Security reported November 28. The Sydney Morning Herald reported that a famous hacker hacked into a pacemaker in October at the Breakpoint security conference in Melbourne, Australia, and was able to deliver an 830-volt jolt to a pacemaker by logging into it remotely after hacking the device. He, however, did not reveal which models were vulnerable to hackers. The hack was possible because many implanted medical devices use wireless technology and authentication which uses a name and a password, which is the serial and model number of the device. According to the hacker, most medical devices are designed to be easy to access by a doctor who may need to change something quickly in case of an emergency. The hacker found secret commands that doctors use in order to send a “raw packet” of data over the airwaves to find any pacemaker or defibrillator in a specific range and have it respond with its serial and model number. The information allows a hacker to authenticate a device to receive data and perform commands, meaning they can send a command to jolt the heart of multiple devices and, in some cases, in a range of up to twelve meters. The U.S.Government Accountability Office released a report that highlighted problems with the security of medical devices, and called upon the Food and Drug Administration to ensure devices are secure from these attacks. Source: http://www.homelandsecuritynewswire.com/dr20121128-pacemakers-other-implanted-devices-vulnerable-to-lethal-attacks

 • The International Atomic Energy Agency said information stolen from one of its former servers was posted on a hacker Web site November 27, and it was taking “all possible steps” to ensure its computer systems and data were protected. – Reuters

6. November 27, Reuters – (International) U.N. atom agency says stolen information on hacker site. The U.N. nuclear watchdog said information stolen from one of its former servers had been posted on a hacker Web site November 27, and it was taking “all possible steps” to ensure its computer systems and data were protected. The stolen information was contained in a statement by a hacking group. The International Atomic Energy Agency (IAEA) said the theft concerned “some contact details related to experts working” with the Vienna-based agency but it did not say who might have been behind the action. A Western diplomat said the stolen data was not believed to include information related to confidential work carried out by the IAEA. The statement posted under the name “Parastoo” included a large number of email addresses. An IAEA spokeswoman said the agency “deeply regrets this publication of information stolen from an old server that was shut down some time ago”. “The IAEA’s technical and security teams are continuing to analyze the situation and do everything possible to help ensure that no further information is vulnerable,” she said. Source: http://www.reuters.com/article/2012/11/27/net-us-nuclear-iaea-hacking-idUSBRE8AQ0ZY20121127

 • Authorities said 30 Tennessee counties received false bomb threats to courthouses or other government buildings November 27, forcing evacuations while authorities conducted searches. – Associated Press

23. November 27, Associated Press – (Tennessee) 30 Tenn. courthouses receive bomb threats. Authorities said 30 Tennessee counties received false bomb threats to courthouses or other government buildings November 27, forcing evacuations while authorities conducted searches. A Tennessee Department of Safety and Homeland Security spokeswoman said no explosives were found and no arrests were made. A spokesman for the Tennessee Emergency Management Agency said the threats were made in phone calls to county clerk offices. In Memphis, police said an unknown woman called and said she had information that someone was going to blow up three buildings in the city, including the federal building and a post office. Tennessee became the fourth State in November to deal with widespread bomb hoaxes. Oregon, Nebraska, and Washington all had similar threats reported to courthouses. Source: http://www.necn.com/11/27/12/24-Tenn-courthouses-receive-bomb-threats/landing_nation.html?&apID=0892ed08ac484c09b1d222334911679c

 • A Texas hotel claimed to have suffered multiple burglaries stemming from flaws in a common type of electronic lock, exploits for which were demonstrated at this year’s Black Hat hacking conference, the Register reported November 27. – The Register

33. November 27, The Register – (Texas) Hotel blames burglaries on hacked Onity card locks. A Texas hotel claimed to have suffered multiple burglaries stemming from flaws in a common type of electronic lock, exploits for which were demonstrated at this year’s Black Hat hacking conference, the Register reported November 27. The Hyatt hotel in Houston’s Galleria complex told Forbes that its guests suffered a string of break-ins in September, and that it identified the hacking of its Onity locks as the method used. The suspect was arrested for the break-ins and has helped the police with their inquiries. The hotel owners said they became aware of the issue with Onity locks in August and were working with the company on a fix when the thefts took place. At the time of the Black Hat presentation, Onity called the hack “unreliable, and complex to implement,” but it appears not too complex for others to imitate. So far Onity has offered two workarounds – covering up the data port with screws that are difficult to remove, or replacing the entire circuit board of the lock, which the manufacturer wants hotels to pay for themselves. Source: http://www.theregister.co.uk/2012/11/27/hotel_onity_locks_hacked/

Details

Banking and Finance Sector

7. November 28, WBBM 2 Chicago – (Illinois) ‘Stringer Bell Bandit’ robs Citibank branch in Loop. Authorities are now linking a bank robbery in Chicago’s Loop area November 26 to the Stringer Bell Bandit — a man who allegedly robbed six other banks in seven attempts since October. The bandit — named after a character from the TV series The Wire — allegedly robbed the Citibank branch at 111 West Jackson Boulevard, according to the FBI’s Bandit Tracker Web site. He allegedly passed a note to the teller demanding cash, then fled on foot. No weapon was displayed. The Stringer Bell bandit allegedly struck the same bank November 13, according to the FBI. Source: http://chicago.cbslocal.com/2012/11/28/stringer-bell-bandit-robs-citibank-branch-in-loop/

8. November 27, IDG News Service – (International) Romanian authorities dismantle cybercrime ring responsible for $25M credit card fraud. Romanian law enforcement authorities dismantled a criminal group that stole credit card data from foreign companies as part of an operation that resulted in fraudulent transactions totaling $25 million, IDG News Service reported November 27. Officers from the country’s organized crime police working with prosecutors from the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) executed 36 search warrants and arrested 16 individuals suspected of being members of the credit card fraud ring. According to DIICOT, the group’s members gained unauthorized access to computer systems belonging to foreign companies that operate gas stations and grocery stores, and installed computer applications designed to intercept credit card transaction data. The applications were configured to store the captured data locally for later retrieval, upload it automatically to external servers, or send it to email addresses controlled by the gang’s members, the agency said. The stolen credit card information was then sold or used to create counterfeit cards. The group opened several IT services companies in Romania and used them for the specific purpose of building and maintaining a computer infrastructure that would support its criminal operation. A spokeswoman confirmed that the companies targeted by the fraud ring were not from Romania, but declined to name them or reveal in which countries they operate because the investigation is ongoing. Source: http://www.computerworld.com/s/article/9234057/Romanian_authorities_dismantle_cybercrime_ring_responsible_for_25M_credit_card_fraud

9. November 27, U.S. Commodity Futures Trading Commission – (Connecticut) CFTC says Connecticut resident ran $5.4M Ponzi scheme. The U.S. Commodity Futures Trading Commission (CFTC) November 27 announced the filing of a civil enforcement action charging a Branford, Connecticut man with operating a commodity pool Ponzi scheme that solicited approximately $5.4 million from at least 50 people to invest in a commodity pool named First Financial, LLC. The man allegedly misappropriated at least $900,000 of pool participants’ funds, using the funds to pay personal expenses and purchase gifts. The CFTC complaint also charges him with failing to register as a Commodity Pool Operator (CPO) of First Financial. According to the complaint, from at least January 2007 and continuing until September 13, 2012, the man, in order to entice prospective participants, guaranteed monthly and yearly returns of 1 percent to 15 percent on investments in the pool. Of the $5.4 million solicited from pool participants, at least $900,000 was misappropriated, approximately $1.32 million was lost trading futures in accounts in the name of First Financial, and $3.17 million was paid out to certain pool participants as fictitious “profits” or returns of principal, according to the complaint. The man allegedly admitted to one pool participant that he was operating a Ponzi scheme. To falsely assure pool participants that their funds were safe in the pool’s trading accounts, he allegedly fabricated trading account statements from First Financial and from futures commission merchants. Source: http://www.futuresmag.com/2012/11/27/cftc-says-connecticut-resident-ran-54m-ponzi-schem?t=managed-funds

Information Technology Sector

26. November 28, Softpedia – (International) Fake Angry Birds Star Wars hides Android trojan. GFI Labs experts have identified an application on a Russian Web site that is promoted as Angry Birds Star Wars, but is actually a piece of malware known as Boxer. Boxer is a threat that has been around for quite some time. It is highly popular among cybercriminals because it helps them make a considerable profit by sending SMSs from the compromised smartphone to premium rate numbers. GFI’s VIPRE Mobile detects the threat as Trojan.AndroidOS.Generic.A. Experts advise users to download Android apps only from trusted locations such as Google Play.

27. November 28, Help Net Security – (International) Malicious ads lead to fake browser updates. StopMalwertising warns of an upswing of “Your browser is out of date” trick used to infect computers with malware. The scam starts with malicious ads leading to pages able to detect which browser users use and serve them with a fake notification about them needing to update their browser. The landing page was initially located on securebrowserupdate.com, but has since been removed. These served pages have the look and the feel of the legitimate browsers’ sites they are trying to impersonate. According to Trend Micro, French, U.S., and Spanish users are among the most targeted/gullible. “Instead of an update, users download a malware detected as JS_DLOADR.AET, which was found capable of changing the downloaded binary to have a different payload,” Trend Micro researchers shared. “The malicious JavaScript, in turn, downloads TROJ_STARTPA.AET and saves it as {Browser Download Path}\install.exe. Based on our initial analysis, the Trojan modifies the user’s Internet Explorer home page to http://{BLOCKED}rtpage.com, a site that may host other malicious files that can further infect a user’s system.” Source: http://www.net-security.org/malware_news.php?id=2337&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader

28. November 27, Help Net Security – (International) Hardcoded account in Samsung printers provides backdoor for attackers. The U.S. Computer Emergency Readiness Team (US-CERT) issued an alert warning users of Samsung printers and some Dell printers manufactured by Samsung about the presence of a hardcoded account that could allow remote attackers to access an affected device with administrative privileges. This privileged access could also be used to change the device configuration, access sensitive information stored on it (credentials, network configuration, etc.), and even to mount additional attacks through arbitrary code execution, US-CERT claims. The hardcoded account is present in all printers released before October 31, 2012. Samsung said that a patch will be pushed out “later this year.” Source: http://www.net-security.org/secworld.php?id=14020&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader

29. November 27, Krebs on Security – (International) Java zero-day exploit on sale for ‘five digits’. Miscreants in the cyber underground are selling an exploit for a previously undocumented security hole in Oracle’s Java software that attackers can use to remotely seize control over systems running the program, KrebsOnSecurity has learned. The flaw, currently being sold by an established member of an invite-only Underweb forum, targets an unpatched vulnerability in Java JRE 7 Update 9, the most recent version of Java (the seller says this flaw does not exist in Java 6 or earlier versions). According to the vendor, the weakness resides within the Java class “MidiDevice.Info,” a component of Java that handles audio input and output. “Code execution is very reliable, worked on all 7 version I tested with Firefox and MSIE on Windows 7,” the seller explained in a sales thread on his exploit. It is not clear whether Chrome also is affected. Source: http://krebsonsecurity.com/2012/11/java-zero-day-exploit-on-sale-for-five-digits/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+KrebsOnSecurity+(Krebs+on+Security)&utm_content=Google+Reader

For more stories, see items 6 and 21 above in Top Stories and 8 above in the Banking and Finance Sector

Communications Sector

Nothing to report


Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.


Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.