Thursday, March 28, 2013   

Complete DHS Daily Report for March 28, 2013

Daily Report

Top Stories

 • Two individuals were convicted for their involvement in a $142 million mortgage and securities fraud scheme. – Riverside Press-Enterprise See item 14 below in the Banking and Finance Sector

 • A teenager intentionally set a fire that damaged a section of a Parkway and repairs are estimated to cost $500,000. – WNCN 9 Goldsboro

18. March 26, WNCN 9 Goldsboro – (North Carolina) Cary teen charged with half-million dollar fire. A teenager intentionally set a fire that damaged a section of North Carolina‟s Cary Parkway and repairs are estimated to cost $500,000. A portion of westbound lanes on the Cary Parkway has been closed until repairs are made. Source: http://www.wnct.com/story/21800131/cary-police-charge-17-year-old-with-starting-fire-that-damaged-culvert

 • A nursing home manager and its affiliate allegedly provided unnecessary physical, occupational, and speech therapy to several facilities and will pay $2.7 million for False Claims Act violations. – Legal Newsline

25. March 25, Legal Newsline – (Tennessee) Nursing home to pay $2.7M for false claims act violations. Grace Healthcare, LLC and their affiliate, Grace Ancillary Services LLC settled allegations that they violated the False Claims Act by submitting or causing submission to the Medical and TennCare/Medicaid programs for $2.7 million. Allegedly the nursing home manager and its affiliate provided unnecessary physical, occupational, and speech therapy to several facilities to meet their goal for Medicare revenue from 2007 to June 2011. Source: http://legalnewsline.com/news/federal-government/240374-nursing-home-to-pay-2-7m-for-false-claims-act-violations

 • A County Jail is being forced to turn away non-violent offenders due to overcrowding and officials are considering releasing some dangerous felons to help mitigate the problem. – KIRO 7 Seattle

28. March 26, KIRO 7 Seattle – (Washington) Overcrowding at Skagit County Jail becoming public safety problem. Skagit County Jail is being forced to turn away non-violent offenders due to overcrowding and officials are considering releasing some dangerous felons to help mitigate the problem. Source: http://www.kirotv.com/news/news/overcrowding-skagit-county-jail-becoming-public-sa/nW5BH/

Details

Banking and Finance Sector

6. March 27, Softpedia – (International) “Dump Memory Grabber” malware steals data from ATMS and POS systems. Researchers from Group-IB identified malware dubbed “Dump Memory Grabber” that can infect point of sale (PoS) devices and ATMs, steal customer account information, and send the information to a remote server. The malware has already taken information from some U.S. bank customers. Source: http://news.softpedia.com/news/Dump-Memory-Grabber-Malware-Steals-Card-Data-from-ATMs-and-POS-Systems-340758.shtml

7. March 27, Boston University Daily Free Press – (Massachusetts) Malware involved in Blanchard‟s credit card fraud. Blanchard‟s Liquors found malware in its point of sale (PoS) software at a store in Boston after customers complained of fraudulent charges, prompting an investigation from local and federal authorities. Source: http://dailyfreepress.com/2013/03/27/malware-involved-in-blanchards-credit-card-fraud/

8. March 27, Parsippany Patch – (New Jersey) „Dapper Bandit‟ faces 8 years for bank robberies. The man known as the “Dapper Bandit” pleaded guilty March 26 to four bank robberies and one attempted robbery in New Jersey. Source: http://parsippany.patch.com/articles/warren-man-pleads-guilty-to-bank-robberies

9. March 27, Bloomberg News – (National) U.S. charges two in $27 million insider-trading scheme. A former Foundry Networks executive and a hedge fund analyst were charged in federal court for allegedly trading on insider information and netting $27 million in illicit gains. Source: http://www.bloomberg.com/news/2013-03-26/u-s-charges-two-in-27-million-insider-trading-scheme.html

10. March 26, Wired.co.uk – (International) Five arrested in £1.7 million malware bank scam. Authorities in Slovenia arrested five individuals for allegedly participating in a bank fraud scam that used remote administration tools (RATs) and keyloggers to make illegal funds transfers from several small and medium-sized businesses totaling around $2.57 million. Source: http://www.wired.co.uk/news/archive/2013-03/26/slovenian-bank-fraud

11. March 26, IDG News Service – (International) Wells Fargo warns of ongoing DDOS attacks. Wells Fargo stated that their Web site was coming under distributed denial of service (DDoS) attacks March 26, but that most customers were not affected. Source: http://www.cso.com.au/article/457405/wells_fargo_warns_ongoing_ddos_attacks/

12. March 26, Forbes – (International) Fed hits Citi over money laundering problems. The Federal Reserve ordered Citi to improve its money laundering detection compliance after finding inadequate controls, but did not choose to fine the bank. Source: http://www.forbes.com/sites/halahtouryalai/2013/03/26/fed-hits-citi-over-money-laundering-problems/

13. March 26, Help Net Security – (International) European ATM Security Team on fraud losses. The European ATM Security Team (EAST) released its first European Fraud Update of 2013, finding that ATM fraud losses are migrating away from EMV Chip areas, with the U.S. the top location for these losses. It also noted significant increases in cash trapping incidents at ATMs. Source: http://www.net-security.org/secworld.php?id=14656

14. March 25, Riverside Press-Enterprise – (California) Fraud trial: Guilty verdicts in multimillion-dollar Ponzi case. Two individuals were convicted March 25 for their involvement in the $142 million Stonewood mortgage and securities fraud scheme in California. Source: http://www.pe.com/business/business-headlines/20130325-fraud-trial-guilty-verdicts-in-multimillion-dollar-ponzi-case.ece

Information Technology Sector

30. March 27, Threatpost – (International) Attackers shifting to delivering unknown malware via FTP and Web pages. A report by Palo Alto Networks found that malware that goes undetected by antivirus programs has shifted primarily to Web-based exploits rather than email-based exploits, with 94 percent coming from Web browsing or Web proxies. Source: http://threatpost.com/en_us/blogs/new-report-confronts-unknown-malware-problem-032613

31. March 27, Threatpost – (International) U.S. and Russia --not China-- lead list of malicious hosting providers. According to Host Exploit‟s quarterly World Hosts Report, the U.S. and Russia ranked as the countries with the highest number of malicious hosting providers. Source: http://threatpost.com/en_us/blogs/us-and-russia-not-china-lead-list-malicious-hosting-providers-032713

32. March 27, Softpedia – (International) American indicted for helping Anonymous with DDOS attacks on Koch Industries. A Wisconsin man was charged for allegedly aiding an Anonymous group in distributing denial of service (DDoS) attacks against Web sites owned by Koch Industries in 2011. Source: http://news.softpedia.com/news/American-Indicted-for-Helping-Anonymous-With-DDOS-Attacks-on-Koch-Industries-340780.shtml

33. March 26, Dark Reading – (International) Honeypot stings attackers with counterattacks. A researcher outlined in a paper how he set up a „honeypot‟ to catch attackers and enabled the honeypot to install a backdoor agent on attackers‟ computers via a Java applet as a research experiment, revealing information on them. Source: http://www.darkreading.com/threat-intelligence/167901121/security/attacks-breaches/240151740/honeypot-stings-attackers-with-counterattacks.html

34. March 26, Threatpost – (International) LinkedIn patches XSS and CSRF vulnerabilities. Professional social network LinkedIn fixed cross-site scripting (XSS) and cross-site request forgery (CSRF) issues on elements of its Web site that were reported in January and March. Source: http://threatpost.com/en_us/blogs/linkedin-patches-xss-and-csrf-vulnerabilities-032613

35. March 26, Network World – (International) Dirty smartphones: Devices keep traces of files sent to the cloud. University of Glasgow researchers found that remnants of files uploaded to cloud services from smartphones are left on the devices, potentially allowing hackers to access the files or gain access to cloud services. Source: http://www.networkworld.com/news/2013/032613-dirty-smartphones-268114.html

36. March 26, Threatpost – (International) Google fixes 11 flaws in Chrome. Google released the newest version of its browser, Chrome 26, which contains security patches closing 11 vulnerabilities. Source: http://threatpost.com/en_us/blogs/google-fixes-11-flaws-chrome-032613

Communications Sector

37. March 25, All Access – (Illinois) Illinois stations return to air after fire in old transmitter building. Three radio stations returned to the air March 23 after a March 22 fire destroyed the transmission cables and the transmitter building which housed them. Two of the three stations returned at low power, one of which will require 30 days to reach full power and 60 days for the AM signal. Source: http://www.allaccess.com/net-news/archive/story/116684/illinois-stations-return-to-air-after-fire-in-old-



Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.


Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.