Monday, January 28, 2013


Daily Report

Top Stories

 • An oil rig fire, potentially due to a gas leak, in Roosevelt prompted an evacuation of the area, including nearby homes, January 22. Residents were transferred to a local motel. – Salt Lake Tribune (See item 1)

1. January 25, Salt Lake Tribune – (Utah) Oil rig fire forces evacuation near Roosevelt. An oil rig fire, potentially due to a gas leak, in Roosevelt prompted an evacuation of the area, including nearby homes, January 22. Residents were transferred to a local motel. Source: http://www.fireengineering.com/news/2013/01/25/oil-rig-fire-forces-evacuation-near-roosevelt.html

 • Sagging overhead power lines led to a delay for Amtrak and commuter trains traveling between Washington, D.C., and Baltimore January 25. – Associated Press (See item 9)

9. January 25, Associated Press – (Washington, D.C.; Maryland) Sagging overhead power lines disable Md. commuter train, lead to major Amtrak delays. Sagging overhead power lines led to a delay for Amtrak and commuter trains traveling between Washington, D.C., and Baltimore January 25. Source: http://www.washingtonpost.com/local/amtrak-says-overhead-power-line-problems-delay-dc-baltimore-service/2013/01/25/526b65ec-66fa-11e2-889b-f23c246aa446_story.html

 • The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned that a proof-of-concept exploit code was released that can brute force passwords to programmable logic controllers (PLC) before the vulnerability could be addressed by the manufacturer, Siemens. – Help Net Security See item 31 below in the Information Technology Sector

 • Numerous fires broke out across Massachusetts January 24 that left one victim dead, injured over three individuals, displaced dozens of residents, and caused several thousands of dollars in damages. – Boston Globe

35. January 25, Boston Globe – (Massachusetts) String of fires hits 7 communities across Mass. Numerous fires broke out across Massachusetts January 24 that left one victim dead, injured over three individuals, displaced dozens of residents, and caused several thousands of dollars in damages. Source: http://bostonglobe.com/metro/2013/01/25/string-fires-mass-leave-one-dead-many-displaced/QgL2hdFtuVkk6YAsghgN7L/story.html

Details

Banking and Finance Sector

4. January 24, The Register – (International) Brit mastermind of Anonymous PayPal attack gets 18 months’ porridge. Three members of the hacktivist group Anonymous were sentenced in the U.K. for their role in the “Operation Payback” distributed denial of service (DDoS) campaign against Visa, Mastercard, and PayPal in 2010. Source: http://www.theregister.co.uk/2013/01/24/uk_anonymous_hackers_sentencing_payback/

5. January 24, ABC News – (International) Capital One website disrupted, cyber protestors claim attack. Capital One acknowledged that its Web site was inaccessible to customers for a time January 24, and a hacktivist group that has previously attacked financial institution Web sites claimed credit for the disruption. Source: http://abcnews.go.com/blogs/headlines/2013/01/capital-one-website-disrupted-cyber-protestors-claim-attack/

6. January 24, Philidelphia Inquirer – (Pennsylvania) Montco man charged in “massive” mortgage fraud. A Montgomery County accountant was indicted along with over 11 others in a mortgage fraud scheme that involved more than $20 million in loans for residential properties. Source: http://articles.philly.com/2013-01-24/news/36529274_1_mortgage-fraud-straw-buyers-montco-man

7. January 24, Ashbury Park Press – (New Jersey) 2 Shore residents charged in $10 million mortgage fraud scheme. Nine New Jersey residents were charged in an alleged $10 million mortgage fraud scheme that used fraudulent transactions and documents to obtain loans for at least 15 properties. Source: http://www.app.com/article/20130124/NJBIZ/301240043/2-Shore-residents-charged-in-10-million-mortgage-fraud-scheme

Information Technology

29. January 25, Softpedia – (International) GitHub forced to disable search after exposing private SSH keys. GitHub disabled its new search function after it returned results that included private Secure Shell (SSH) keys used by several Web sites. Source: http://news.softpedia.com/news/GitHub-Forced-to-Disable-Search-After-Exposing-Private-SSH-Keys-324200.shtml

30. January 25, Help Net Security – (International) Cutwail botnet on spam rampage, delivers Cridex worm. The Cutwail/Pandex botnet has been rented by attackers seeking to infect users with the W32 Cridex worm, according to Symantec researchers. Source: http://www.net-security.org/malware_news.php?id=2386

31. January 25, Help Net Security – (International) SCADA password cracking code available. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned that a proof-of-concept exploit code was released that can brute force passwords to programmable logic controllers (PLC) before the vulnerability could be addressed by the manufacturer, Siemens. Source: http://www.net-security.org/secworld.php?id=14303

32. January 25, The H – (International) Chrome update closes holes and fixes mouse wheel issues. Google released Chrome 24.0.1312.56, which addresses five security vulnerabilities, three of which were rated as high severity. Source: http://www.h-online.com/security/news/item/Chrome-update-closes-holes-and-fixes-mouse-wheel-issues-1791381.html

33. January 24, IDG News Service – (International) Web server hackers install rogue Apache modules and SSH backdoors, researchers say. Researchers from Securi reported that a group of attackers using rogue Apache modules has been replacing Secure Shell (SSH) binary files in compromised servers with backdoored versions that collect user information and passwords from incoming and outgoing SSH connections. Source: http://www.networkworld.com/news/2013/012413-web-server-hackers-install-rogue-266121.html

Communications Sector

34. January 24, Hawaii News Now – (Hawaii) Hawaiian Telcom completes repairs after fiber optic cable intentionally cut. For the second time in about two weeks, a fiber optic cable was severed January 23 underneath a Hawaiian airport. Hawaiian Telecom restored service after several hours and authorities have a suspect in custody. Source: http://www.hawaiinewsnow.com/story/20668178/services-affected-after-fiber-optic-cable-intentionally-cut