Wednesday, December 12, 2012
Daily Report
Top Stories
• HSBC agreed to pay a record $1.92 billion
fine to settle a multi-year probe by U.S. prosecutors after being accused of
failing to enforce rules designed to prevent the laundering of criminal cash,
Reuters reported December 11. – Reuters See item 6
below in the Banking and Finance Sector
• The Associated Press reported December 11
that New Jersey Transit trains sustained about $100 million in damage from
flooding during Hurricane Sandy after rail cars were stored in yards that
models showed an 80 to 90 percent chance of not flooding, even with a massive
storm bearing down on the region. – Associated Press
11.
December 11, Associated Press – (New
Jersey) NJ Transit chief: Train storage in storm ‘sound’. New Jersey
Transit’s executive director December 11 defended his decision to store rail
cars in Hoboken and Kearney to protect them during superstorm Sandy in October.
He told the State Assembly’s Transportation Committee that rail yards in the
two cities had never flooded before and that models showed an 80 to 90 percent
chance the yards would not flood even with a massive storm bearing down on the
region. It turned out the models were wrong, and NJ Transit trains sustained
about $100 million in damage from flooding in the two storage yards. He said
his agency is looking into places where rail cars and other equipment could be
kept dry in case of future storms. The storm in New Jersey hit commuter trains particularly
hard, shutting down key stations on the Port Authority Transportation Hub line
between New York and New Jersey and flooding cars. As a consequence, rail lines
across the State were still experiencing delays. A former official at the Long
Island Railroad and Conrail said the rail car destruction in New Jersey —
including damage to nearly one-fourth of its cars and locomotives — was largely
preventable. Source: http://www.seattlepi.com/news/article/NJ-Transit-chief-train-storage-decision-sound-4104197.php
• A New York medical doctor pleaded guilty to
an $11.7 million Medicare fraud scheme, admitting he exchanged spa services to
Medicare beneficiaries that allowed their numbers to be billed for services
never provided or not needed. – Insurance and Financial Advisor
21.
December 11, Insurance and Financial Advisor –
(New York) N.Y. doctor pleads guilty to $11.7M Medicare fraud scheme. A
Flushing, New York medical doctor pleaded guilty to his role in an $11.7
million Medicare fraud scheme, Insurance and Financial Advisor reported
December 11. Prosecutors said while president of URI Medical Service PC and
Sarang Medical PC, the doctor purportedly provided physical therapy and
electric stimulation treatment, and he admitted he exchanged spa services to
Medicare beneficiaries that allowed their numbers to be billed for services
never provided, or not needed. Source: http://ifawebnews.com/2012/12/11/n-y-doctor-pleads-guilty-to-11-7m-medicare-fraud-scheme/
• The Seattle Post-Intelligencer reported that
prosecutors added 33 charges against the central figures in a financial scandal
in Seattle Public Schools after auditors said in a new report they discovered
an additional $1.3 million that may have been spent incorrectly. – Seattle
Post-Intelligencer
24.
December 10, Seattle Post-Intelligencer –
(Washington) Figures in Seattle schools scandal face 33 new charges. Prosecutors
added 33 charges against the central figures in a financial scandal in Seattle
Public Schools, the Seattle Post-Intelligencer reported December 10. Two men
now face 42 charges of either first- or second-degree theft. King County
prosecutors originally charged the two men and a woman with stealing $250,000
from the Seattle schools program meant to encourage small firms to bid on
district projects. State auditors examining the small-business development program
found that $1.5 million in expenditures were questionable and that $280,000 was
paid for work that was not done or did not benefit Seattle Public Schools. This
fall auditors said in a new report that they may have turned up $1.3 million
more that may have been spent incorrectly. Source: http://www.seattlepi.com/mount-rainier/article/Figures-in-Seattle-schools-scandal-face-33-new-4105876.php
Details
Banking and Finance Sector
6. December
11, Reuters – (International) HSBC to pay $1.9 billion U.S. fine in
money-laundering case. HSBC has agreed to pay a record $1.92 billion fine
to settle a multi-year probe by U.S. prosecutors, who accused Europe’s biggest
bank of failing to enforce rules designed to prevent the laundering of criminal
cash, Reuters reported December 11. The U.S. Department of Justice (DOJ)
charged the bank with failing to maintain an effective program against money
laundering and conduct due diligence on certain accounts. It also charged the
bank with violating sanctions laws by doing business with customers in Iran,
Libya, Sudan, Burma, and Cuba. In an agreement with the DOJ, the bank will take
steps to fix the problems, pay a fine of $1.256 billion, and retain a
compliance monitor to resolve the charges through a deferred-prosecution
agreement. Including penalties imposed by other agencies, the bank’s fines
totaled $1.92 billion. HSBC also faces civil penalties, to be announced later
December 11. The settlement offers new information about failures at HSBC to
police transactions linked to Mexico, details of which were reported this
summer in a U.S. Senate probe. Between 2006 and 2010, HSBC ignored
money-laundering risks associated with certain Mexican customers and allowed at
least $881 million in drug trafficking proceeds, including proceeds from the
Sinaloa Cartel in Mexico and the Norte del Valle Cartel in Colombia, to be
laundered through the bank, according to the agreement. HSBC said it expected
to also reach a settlement with British watchdog the Financial Services
Authority. Source: http://www.reuters.com/article/2012/12/11/us-hsbc-probe-idUSBRE8BA05M20121211
7. December
11, BankInfoSecurity – (International) 5 banks targeted for new DDoS attacks. A
hacktivist group responsible for previous distributed denial of service (DDoS)
attacks against banks announced the “second phase” of its campaign, saying five
major U.S. banks will be the victims of new DDoS attacks starting the week of
December 10, BankInfoSecurity reported December 11. U.S. Bancorp, JPMorgan
Chase, Bank of America, PNC Financial Services Group, and SunTrust Banks are
the latest targets, according to the group, which announced its plans in a
December 10 Pastepin posting. Each of these five banks suffered DDoS attacks
during phase one of the hacktivist group’s campaign, which ran roughly from
mid-September to mid-October. During that period, the group claimed
responsibility for attacks on 10 major banks. Each institution was warned ahead
of time, but none was able to completely fend off the attacks, which caused
online banking outages of varying lengths. Source: http://www.bankinfosecurity.com/5-banks-targeted-for-new-ddos-attacks-a-5346
8. December
10, Softpedia – (International) Fraudsters are setting up bogus hotel
websites, experts find. Experts from security firm Bitdefender inform that
fraudulent hotel Web sites can help criminals in accomplishing various
malicious tasks, including identity theft and money laundering, Softpedia reported
December 10. In other cases, they might simply ask individuals who want to book
a room to pay a certain amount of money upfront. The fake Web sites usually
leverage the names and reputations of famous brands. Unlike phishing sites,
these fraud Web sites are not promoted via email or social media spam. Instead,
they are kept secret to ensure that the domain will not be seized by
authorities. Source: http://news.softpedia.com/news/Fraudster-Are-Setting-Up-Bogus-Hotel-Websites-Experts-Find-313528.shtml
9. December
10, U.S. Department of Justice – (National) Former Dallas
broker pleads guilty to defrauding investors through stock manipulation scheme.
A former Dallas securities broker pleaded guilty December 10 for his role
in a scheme to defraud thousands of investors through the manipulation of
publicly traded stocks that created $44 million in illegal proceeds. The broker
pleaded guilty in federal court in the Northern District of Oklahoma to one
count of money laundering for laundering $250,000 in proceeds from the fraud.
The broker was originally charged along with four other defendants in a
24-count indictment unsealed February 10, 2009. Prior to trial, he fled to
Costa Rica, where he remained until he was extradited to the United States in
May 2012. According to court documents and evidence presented at the 2010
trial, the defendants manipulated the stocks of three companies in a “pump and
dump” scheme in which they manipulated the publicly traded penny stocks. The
defendants and their nominees obtained significant profits by selling large
amounts of shares after they had artificially inflated the stock price. For
each of the three manipulated stocks, the co-conspirators’ sell-off caused
declines of the stock price and left legitimate investors holding stock of
significantly reduced value. Source: http://www.loansafe.org/former-dallas-broker-pleads-guilty-to-defrauding-investors-through-stock-manipulation-scheme
Information Technology Sector
27. December
11, Wired.com – (International) Google accidentally transmits self-destruct
code to army of Chrome browsers. Google’s Gmail service went down for about
20 minutes December 10, which coincided with widespread reports that Google’s
Chrome browser was also crashing. A Google engineer later confirmed the crashes
were affecting Chrome users who were using another Google Web service known as
Sync, and that Sync and other Google services were disrupted when Google misconfigured
its load-balancing servers. The engineer wrote that a problem with Google’s
Sync servers kicked off an error on the browser, which made Chrome abruptly
shut down on the desktop. ”It’s due to a backend service that sync servers
depend on becoming overwhelmed, and sync servers responding to that by telling
all clients to throttle all data types,” he said. That “throttling” messed up
things in the browser, causing it to crash. Source: http://www.wired.com/wiredenterprise/2012/12/google-bug/
28. December
11, Softpedia – (International) Stored XSS that allowed hackers to hijack
Tumblr blogs still unfixed. The stored cross-site scripting (XSS)
vulnerability that allowed hackers to hijack Tumblr blogs remains unfixed,
according to a security researcher. He explains that this vulnerability could
be utilized for numerous cybercriminal operations. The stored XSS could be used
for phishing, malware attacks, and even to spam users. The researcher also
reveals some interesting facts about this particular stored XSS security hole.
For instance, victims of attacks that exploit this vulnerability do not have to
be logged in to Tumblr. Also, the bug could be used to spread a malicious
payload because when an entry is reblogged, the payload is also included in the
new post. Furthermore, arbitrary JavaScript can be executed in the victim’s
browser from a remote location. Source: http://news.softpedia.com/news/Stored-XSS-That-Allowed-Hackers-to-Deface-Tumblr-Blogs-Still-Unfixed-313829.shtml
29. December
11, V3.co.uk – (International) Researchers warn of malware attack from
WordPress exploit. Security experts are warning webmasters over a series of
attacks targeting the WordPress and Joomla publishing platforms. The Sans
Institute said that it has received reports of multiple exploit attempts on the
platforms. The compromised sites are then injected with code which redirects to
a third-party site. A Sans blogger and president of security firm Bambenek
Consulting said that the attacks were particularly interesting for their method
of attempting to exploit pages en masse by targeting servers. “The interesting
thing to note is that it doesn’t seem to be a scanner exploiting one
vulnerability but some tool that’s basically firing a bunch of Joomla and
Wordpress exploits at a given server and hoping something hits,” he explained.
Sans said that the compromised sites are used to redirect users to an attack
site which tries to infect users with a phony antivirus package. Source: http://www.v3.co.uk/v3-uk/news/2230978/researchers-warn-of-malware-attack-from-wordpress-exploit
30. December
11, Threatpost – (International) Kelihos update includes new TLD and USB
infection capabilities. The Kelihos botnet is now relying on double
fast-flux domains to spread spam and malware. According to an analysis from a
researcher at abuse.ch, Kelihos has also switched top-level domains, moving to
.ru from .eu. More insidious, however, is that it now has the ability to spread
via removable drives such as USB storage devices. Once this latest update of
Kelihos infects a computer, it connects with a .ru domain hosting its command
and control looking for updates. The .ru domain is double fast-flux hosted, the
researcher said. Once an updated version of Kelihos is sent to the infected
machine, it will infect any removable drives attached to the computer by
exploiting the same vulnerability as Stuxnet. The switch to .ru domains happened
during the summer, according to the report, and the attackers have a lengthy
list of sites from which to send new binaries updating the botnet, all of which
are registered to REGGI-RU, a registrar in Russia. The botnet operators,
however, are using a registrar in the Bahamas to register the name server
domains providing DNS resolution to the Russian domains hosting malware.
Kelihos boasts up to 150,000 spambots per day. Source: http://threatpost.com/en_us/blogs/kelihos-update-includes-new-tld-and-usb-infection-capabilities-121112
31. December
11, CNET News – (International) Nokia engineer: Here’s how to hack Windows 8
games. A Nokia engineer posted an explanation on how the “use of innate
Windows 8 security attack vectors” can allow a person with admittedly advanced
knowledge to “compromise Windows 8 games revenue stream.” The hack, which can
be completed in five multipart steps, does not necessarily highlight a security
flaw that would leave users vulnerable. Instead, the hack shows the way in
which hackers can get a paid game for free because of inherent flaws in the way
in which apps are stored and handled by Windows 8. Source: http://news.cnet.com/8301-10805_3-57558423-75/nokia-engineer-heres-how-to-hack-windows-8-games/?part=rss&subj=news&tag=2547-1_3-0-20
32. December
10, Bloomberg News – (International) Facebook restored after site maintenance
disrupted some access. Facebook said it fixed an outage that left some
users unable to access its social network while the company made a change to
the site’s infrastructure December 10. ”We made a change to our DNS
infrastructure, and that change resulted in some people being temporarily
unable to reach the site,” a Facebook spokeswoman said in an emailed statement.
“We detected and resolved the issue quickly, and we are now back to 100
percent.” Source: http://www.businessweek.com/news/2012-12-10/facebook-restored-after-site-maintenance-disrupted-some-access
33. December
10, The H – (International) Only 15% of known malware caught by Android
4.2’s verifier. A researcher at North Carolina State University found that
only 15 percent of known malware samples tested on Android 4.2’s new app
verification service were detected. The researcher loaded 1260 malware samples
from the Android Malware Genome Project onto 10 Android 4.2 devices. Of the
1260 samples only 193 were detected as malware. The researcher also performed a
test comparing Google’s verification against a range of ten different existing
anti-virus applications through VirusTotal, looking at randomly selected
malware samples from each malware family. The anti-virus applications run by
VirusTotal ranged in efficacy from 100 percent to 51 percent, but the Android
App verification system scored only 20.4 percent. The researcher noted that the
app verification service uses a fragile mechanism of verifying SHA1 values from
the app and package name to determine whether a package is dangerous or
potentially dangerous. He also notes that the verification system relies on the
server component, leaving the client-side of the system completely without
detection capabilities. Source: http://www.h-online.com/security/news/item/Only-15-of-known-malware-caught-by-Android-4-2-s-verifier-1765724.html
Communications Sector
Nothing to
report.
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.