Friday, December 14, 2012


Daily Report

Top Stories

 • Federal investigators were looking into why no alarms sounded when a massive natural gas explosion in West Virginia sent flames as high as hilltops, engulfing homes and a large section of an Interstate for more than an hour. – Associated Press (See item 2)

2. December 12, Associated Press – (West Virginia) Feds to probe why alarms failed in W.Va. explosion. Federal investigators were looking into why no alarms sounded as a massive natural gas explosion sent flames as high as hilltops, engulfing homes and a large section of an Interstate for more than an hour. Investigators with the National Transportation Safety Board planned to visit Columbia Gas Transmission’s Charleston, West Virginia control room to try to learn why the company’s alarm system failed, an agency spokesman said December 12. It took Columbia approximately 64 minutes to manually stop the flow of gas to the pipe about 15 miles away at Sissonville. The 20-inch transmission pipe exploded December 11, destroying four homes, cooking a section of Interstate 77, a major north-south commuting corridor that passes through the capital city, and creating a crater 17 feet deep. The pipeline is part of a network that primarily serves local utilities but also delivers gas to Georgia. NiSource said the explosion affected one specific location “and does not affect the safety or operation of any pipelines outside of that immediate area.” Nearly 15,000 miles of natural gas pipeline stretch across West Virginia. Federal regulators said there have been 20 “significant” pipeline incidents involving deaths, injuries, or major property damage in West Virginia in the past decade. Source: http://www.google.com/hostednews/ap/article/ALeqM5jDDvauqeUrnnXXTwFnROtFTKwW3A?docId=60da760d8b924b909a1521bd948b4153

 • Two people responsible for running a massive identity theft ring in the South Bay area of San Diego were sentenced December 11 to prison. The pair ran a large-scale, sophisticated ID theft and mail theft ring out of their home where they stole the identities of more than 1,500 individuals. – Examiner.com  See item 6 below in the Banking and Finance Sector

 • Federal agents said December 12 they busted a lucrative prescription drug scheme. Court records indicate the scheme was so profitable that the doctor allegedly bragged he had stashed as much as $20 million and shipped money to Lebanon inside a storage container. – Detroit News

17. December 13, Detroit News – (Michigan) Medical offices raided. Federal agents said December 12 they busted a lucrative prescription drug scheme allegedly headed by the former Detroit Metropolitan Airport CEO’s brother, the latest scandal to engulf the family. A series of raids by FBI and U.S. Drug Enforcement Administration agents across Oakland and Macomb counties played out as the FBI continued a wide-ranging separate corruption probe of the former Detroit Metropolitan Airport CEO and Wayne County government. Her brother is accused of writing prescriptions to phony patients for powerful pain medication, billing for treatments to dead patients, and pocketing $50,000 a month in a scheme involving his Warren-based offices, Midwest Family Practice. He was charged with two felonies, appeared in federal court, and was released on $10,000 bond. Court records indicate the scheme was so profitable that the doctor allegedly bragged he had stashed as much as $20 million, including more than $1 million cash at his Royal Oak home, and shipped money to Lebanon inside a storage container. A second man was also charged. Both face charges of unlawful distribution of a controlled substance and health care fraud conspiracy. The federal probe dates to 2011. Source: http://www.detroitnews.com/article/20121213/METRO01/212130374/Medical-offices-raided-Mullin-s-brother-held?odyssey=mod|newswell|text|FRONTPAGE|p

 • Twenty-nine county courthouses throughout Mississippi received bomb threats December 12. The threats were similar to those received in November in Nebraska, Oregon, Tennessee, and Washington. – Biloxi Sun Herald

19. December 13, Biloxi Sun Herald – (Mississippi) Bomb threats called in to 29 county courthouses in Mississippi. Twenty-nine county courthouses throughout Mississippi received bomb threats December 12. Officials in the coastal counties said all south Mississippi courthouses have been cleared for re-admittance December 13. The executive director of the Mississippi office of the Department of Homeland Security said 31 total threats were received in 29 counties. The threats were similar to those received in November in Nebraska, Oregon, Tennessee, and Washington. None of those threats were credible. Officials said the calls came in to the circuit clerk’s offices. A George County official described the voice as sounding recorded and said the caller’s number was blocked. The executive director said Homeland Security is looking for the person responsible for the calls. Source: http://www.sunherald.com/2012/12/12/4355810/bomb-threats-called-in-to-29-county.html

Details

Banking and Finance Sector

5. December 13, Bloomberg News – (New York; International) Tiger Asia admits guilt in $60 million court settlement. Tiger Asia Management LLC, a New York City-based hedge fund, admitted illegally using inside information to trade Chinese bank stocks and agreed to criminal and civil settlements of more than $60 million, Bloomberg News reported December 13. The fund’s manager entered the guilty plea for Tiger Asia in federal court in Newark, New Jersey, admitting it used material nonpublic information by selling short shares of Bank of China Ltd. and China Construction Bank Corp. Tiger Asia agreed to forfeit $16.3 million to resolve the criminal case. Tiger Asia Management, its manager, Tiger Asia Partners LLC, and a former head trader also will pay $44 million to settle a U.S. Securities and Exchange Commission lawsuit filed December 12. Tiger Asia used inside information received through private placement offerings to engage in short selling of the two banks, the agency said. A U.S. District Judge placed Tiger Asia on probation for one year. He said the $16.3 million represents the total illicit gain in the criminal case for the trades in December 2008 and January 2009. Source: http://www.businessweek.com/news/2012-12-12/tiger-asia-management-hedge-fund-said-to-plan-guilty-plea

6. December 12, Examiner.com – (California) Big identity theft ring broken in San Diego. Two people responsible for running a massive identity theft ring in the South Bay area of San Diego were sentenced December 11 to prison, according to a San Diego County district attorney. The two individuals were arrested in July. The pair were found guilty of various felonies, including conspiracy, ID theft, receiving stolen property, and burglary. The pair ran a large-scale, sophisticated ID theft and mail theft ring out of their home where they stole the identities of more than 1,500 individuals. Much of the personal information was believed to have come from stolen real estate files. The prosecutor’s press release stated that investigators found numerous items involved in the ID theft scheme at the defendants’ home including computers, printers, dozens of stolen credit cards, card scanners and readers, lists describing how to make counterfeit IDs, mail, and stolen briefcases. Also found handwritten binders with detailed personal identifying information of the victims’, credit card numbers, and credit information applied for by defendants in their names. “These individuals were sophisticated enough to know the local agency thresholds on the amount of money that would require an open investigation. Using this knowledge, they stayed under this dollar amount to avoid law enforcement detection,” said the Chula Vista chief of police. Source: http://www.examiner.com/article/big-identity-theft-ring-broken-san-diego

7. December 12, KBAK 29 Bakersfield – (California) Sisters, teen arrested for alleged card skimming at banks. Four suspects were arrested December 11 for allegedly implanting debit card skimming devices at multiple California banks. Bakersfield police were called by Chase bank security, who said they found a card skimmer and unauthorized video camera at their ATM. Police used the bank’s security cameras to get a description of one of the suspects, and detectives used that video to link that suspect to similar offenses in the San Bernardino area. While conducting surveillance in the area of the bank, detectives saw the suspect in a nearby grocery store. They followed him to a vehicle occupied by three more suspects, police said. All four suspects tried to run away when police made contact, but only one was successful. The two sisters and the man were arrested after detectives found additional skimming devices, computers, numerous counterfeit and stolen credit cards, narcotics, and two loaded and stolen handguns in their rental car. A 16-year-old suspect was also taken to juvenile hall. Source: http://www.bakersfieldnow.com/news/local/Sisters-teen-arrested-for-alleged-card-skimming-at-banks-183194791.html

8. December 12, Krebs on Security – (International) New findings lend credence to Project Blitzkrieg. ”Project Blitzkrieg,” a brazen Underweb plan for hiring 100 botmasters to fuel a blaze of ebanking heists against 30 U.S. financial institutions in the Spring of 2013, was met with skepticism from some in the security community after news of the scheme came to light in October. But new research suggests the crooks who hatched the plan were serious and have painstakingly built up a formidable crime machine in preparation for the project. Krebs on Security reported December 12. McAfee said it tracked hundreds of infections from the Gozi Prinimalka trojan since Project Blitzkrieg was announced in early September. vorVzakone, the miscreant who posted the call-to-arms, also posted a number of screen shots that he said were taken from a working control panel for the botnet he was building. According to RSA Security, the botnet consisted of systems infected with Gozi Prinimalka, a closely-held, custom version of the powerful password-stealing Gozi banking trojan. In an analysis to be published December 13, McAfee said it was able to combine the data in those screen shots with malware detections on its own network to correlate both victim PCs and the location of the control server. It found that the version of the Prinimalka trojan used in the attack has two unique identifiers that identify what variant is being deployed on infected computers. McAfee said that all of the systems it identified from the screen shots posted by vorVzakone carried the Campaign ID 064004, which was discovered in the wild on April 14. A threat researcher at McAfee said the company’s analysis indicates that Project Blitzkrieg is a credible threat to the financial industry and appears to be moving forward. The researcher posits that vorVzakone most likely intended to hire botmasters who already had access to substantial numbers of login credentials for the U.S. financial institutions targeted in the scheme. Several banks were indicated on a target list, including Bank of America, Capital One, and Suntrust, but many of the targets are in fact investment banks, such as American Funds, Ameritrade, eTrade, Fidelity, OptionsExpress, and Schwab. Source: http://krebsonsecurity.com/2012/12/new-findings-lend-credence-to-project-blitzkrieg/

9. December 12, Federal Bureau of Investigation – (Illinois) Former owner of Rockford mortgage company charged in scheme to defraud investors. The former owner, CEO, and president of Commercial Mortgage and Finance Co. in Rockford, Illinois, was indicted December 12 by a federal grand jury. The man was charged with 17 counts of mail fraud, one count of wire fraud, and one count of securities fraud, in connection with a scheme to defraud investors in Commercial Mortgage, a scheme which exposed investors to losses of $20 million. According to the indictment, the man raised capital for his business by selling installments known as Promissory Notes and Certificates of Participation to investors. The indictment alleges that he concealed from the investors the fact that Commercial Mortgage had a negative net worth that steadily increased during the years that he owned the company. The indictment also charges that he concealed from the investors the fact that Commercial Mortgage was operated as a Ponzi scheme, with money received from the sales of new Promissory Notes being used to pay principal and interest owed on older Promissory Notes. According to the indictment, this fraud scheme took place from August 1997 through October 8, 2008. The indictment also charges that the man made specific false statements to several of the investors. Source: http://www.loansafe.org/former-owner-of-rockford-mortgage-company-charged-in-scheme-to-defraud-investors

Information Technology Sector

23. December 13, Softpedia – (International) Changeup malware alert: You have received a secure message. Security firms have recently started warning users about a new variant of the Changeup malware. In order to spread this malicious element, cybercriminals have launched a new spam campaign. When they described the attack, researchers from Symantec revealed that the fake notifications, entitled “You have received a secure message,” apparently originating from financial institutions, were used. According to Hoax Slayer, there are several variants of these emails making the rounds. Some of them claim to come from Bank of America or Australia’s Commonwealth Bank, while others purport to come from networking provider Cisco. Source: http://news.softpedia.com/news/Changeup-Malware-Alert-You-Have-Received-a-Secure-Message-314433.shtml

24. December 12, Network World – (International) IE exploit can track mouse cursor - even when you’re not in IE. A vulnerability affecting Internet Explorer versions 6 through 10 could make it possible for a hacker to monitor the movements of a user’s mouse, even if the browser window is minimized. According to Web analytics firm Spider.io, this means that passwords and PINs could be captured by a canny thief if they are typed on a virtual (on-screen) keyboard. Additionally, it is already being exploited by two display advertising networks, the company said, though it did not name them in its statement. ”As long as the page with the exploitative advertiser’s ad stays open - even if you push the page to a background tab or, indeed, even if you minimize Internet Explorer - your mouse cursor can be tracked across your entire display,” Spider.io said. The company added that, while the problem has been acknowledged by the Microsoft Security Research Center, there are apparently no immediate plans for a patch. Spider.io also published the technical details of the exploit, which involves the browser’s global Event object. Source: http://www.networkworld.com/news/2012/121212-microsoft-ie-exploit-265036.html

Communications Sector

25. December 12, Gaithersburg Gazette – (Maryland) Verizon accident leaves some Poolesville residents without phone, Internet service. Poolesville, Maryland residents lost Internet and phone service December 11. The cause, according to a Verizon spokesperson, was a construction accident. “A contractor who was doing some work for us damaged one of our copper cables,” he said. The contractor was doing prep work in advance of the work the company needs to do to install FiOS in the area. By December 12 service was still not restored. Source: http://www.gazette.net/article/20121212/NEWS/712129356/1022/verizon-accident-leaves-some-poolesville-residents-without-phone&template=gazette


Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.


Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.