Wednesday, December 19, 2012


Daily Report

Top Stories

 • About 22,000 people across Amador and Calaveras counties in California lost electricity due to a power outage, according to a Pacific Gas & Electric Co. spokeswoman. – Associated Press

1. December 17, Associated Press – (California) Thousands in Sierra foothills without power. About 22,000 people across Amador and Calaveras counties in California lost electricity due to a power outage, according to a Pacific Gas & Electric Co. spokeswoman. Source: http://www.fresnobee.com/2012/12/17/3104865/thousands-in-sierra-foothills.html

 • The Nuclear Regulatory Commission stated that a Japanese company did not confirm that tubes being used in a generator mock-up matched specifications for tubing fixed in generators at a California nuclear power plant. – Associated Press

2. December 18, Associated Press – (California; International) Feds: Mitsubishi using wrong test equipment for San Onofre nuclear plant. The Nuclear Regulatory Commission stated that a Japanese company did not confirm that tubes being used in a generator mock-up matched specifications for tubing fixed in generators at a nuclear power plant in California. Source: http://www.scpr.org/news/2012/12/18/35293/feds-mitsubishi-using-wrong-test-equipment-flawed-/

 • A “verified” vendor on one of the most active underground online fraud forums is selling and shipping pre-hacked wireless Verifone point-of-sale devices that record customers’ card data and PINs. – Krebs on Security  See item 5 below in the Banking and Finance Sector

 • After two spills this year released an approximate 26 million gallons in untreated sewage into local waterways, Georgia environmental regulators fined the city of Atlanta $113,000 for failing to detect broken pipes. – Atlanta Journal-Constitution

20. December 17, Atlanta Journal-Constitution – (Georgia) Atlanta faces $113,000 State fine for two massive sewage spills. After two spills this year released an approximate 26 million gallons in untreated sewage into local waterways, Georgia environmental regulators fined the city of Atlanta $113,000 for failing to detect broken pipes. Source: http://www.ajc.com/news/news/local/atlanta-faces-113000-state-fine-for-two-massive-se/nTYZp/

 • The owner of Health Care Solutions Network Inc. plead guilty December 17 for fraudulently billing Medicare and the Florida Medicaid program approximately $28 million over a span of 8 years. – U.S. Department of Justice

22. December 18, U.S. Department of Justice – (Florida) Leader of $63 million mental health fraud scheme pleads guilty in Miami. The owner of Health Care Solutions Network Inc. plead guilty December 17 for fraudulently billing Medicare and the Florida Medicaid program approximately $28 million over a span of 8 years. Source: http://www.enewspf.com/latest-news/police-reports/39220-leader-of-63-million-mental-health-fraud-scheme-pleads-guilty-in-miami.html

Details

Banking and Finance Sector

5. December 18, Krebs on Security – (International) Point-of-Sale skimmers: No charge...yet. A “verified” vendor on one of the most active underground online fraud forums is selling and shipping pre-hacked wireless Verifone point-of-sale devices that record customers’ card data and PINs. Source: http://m.krebsonsecurity.com/2012/12/point-of-sale-skimmers-no-charge-yet/

6. December 18, Bloomberg News – (New York) Hedge fund managers convicted of insider-trading scheme. A federal jury in New York found a Level Global Investors LP co-founder and a former Diamondback Capital Management LLC portfolio manager guilty of securities fraud and conspiracy for insider trading which netted the two more than $72 million. Source: http://www.bloomberg.com/news/2012-12-17/hedge-fund-managers-convicted-of-insider-trading.html

7. December 17, IDG News Service – (International) Improved Carberp malware targets U.S. banks. The creators of the Carberp banking trojan are now selling an upgraded version of the malware and custom scripts that allow the trojan to target U.S. online banking customers, researchers from Group-IB reported. Source: http://www.computerworld.com/s/article/9234809/Improved_Carberp_malware_targets_U.S._banks

8. December 17, U.S. Securities and Exchange Commission – (International) SEC charges Germany-based Allianz SE with FCPA violations. Allianz SE, a German insurance and asset management company, settled to pay over $12.3 million in U.S. Securities and Exchange Commission (SEC) chargers after the SEC claimed they violated provisions of the Foreign Corrupt Practices Act. Source: http://www.sec.gov/news/press/2012/2012-266.htm

Information Technology Sector

36. December 18, Help Net Security – (International) Android botnet spreads SMS spam. Security researchers detected widespread SMS spam campaigns designed to infect users’ devices and draw them into a mobile botnet so send out more spam. Researchers from Lookout named the trojan “SpamSoldier” and warned that it could results in thousands of spam SMS messages on the network level. Source: http://www.net-security.org/malware_news.php?id=2363

37. December 17, Threatpost – (International) WordPress pingback vulnerability could lead to DDoS attacks. A pingback vulnerability in the popular WordPress blogging platform could be exploited for use in distributed denial of service (DDoS) attacks and to leak information, according to Acunetix. The vulnerability can be exploited through WordPress’s XMLRPC API, where attackers could reconfigure internal routers and use the hosts to participate in DDoS attacks. Source: http://threatpost.com/en_us/blogs/wordpress-pingback-vulnerability-could-lead-ddos-attacks-121712

Communications Sector

Nothing to report


Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.


Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.