Friday, March 29, 2013
   
Complete DHS Daily Report for March 29, 2013

Daily Report

Top Stories

 • European authorities arrested 44 individuals involved in an alleged global credit card fraud network. – Help Net Security See item 5 below in the Banking and Finance Sector

 • A train derailed and leaked up to 30,000 gallons of crude and authorities are investigating the incident which was the first major spill during the expansion of crude shipment by rail in the U.S. – Reuters

9. March 28, Reuters – (Minnesota) Minnesota oil spill: Canadian train derails, spilling 30,000 gallons of crude in U.S. A train operated by Canadian Pacific Railway Ltd. derailed and leaked up to 30,000 gallons of crude in western Minnesota. Authorities are investigating the incident which was the first major spill during the massive expansion of crude shipment by rail in the U.S. Source: http://www.huffingtonpost.com/2013/03/28/minnesota-oil-spill_n_2967118.html

 • The U.S. Environmental Protection Agency released a study indicating 55% of streams and river miles across the country are in poor condition for aquatic life. – U.S. Environmental Protection Agency

17. March 26, U.S. Environmental Protection Agency – (National) EPA survey finds more than half of the nation’s river and stream miles in poor condition. The U.S. Environmental Protection Agency released the results of a comprehensive study of the health of the country’s streams and other water sources critical to feeding large bodies of water. The survey’s results indicate 55% of the streams and river miles across the country are in poor condition for aquatic life due to excessive levels of harmful elements (nitrogen, phosphorous, mercury) and bacteria, along with increased human disturbance. Source: http://yosemite.epa.gov/opa/admpress.nsf/0/26A31559BB37A7D285257B3A00589DDF

 • A massive DDoS campaign targeting the Web site of anti-spam organization Spamhaus reached 300 GB per second, illustrating a new attack technique. – eWeek See item 26 below in the Information Technology Sector

Details

Banking and Finance Sector

5. March 28, Help Net Security – (International) Global credit card fraud network dismantled. Romanian and European authorities coordinated the arrest of 44 individuals involved in an alleged global credit card fraud network that compromised point-of-sale (PoS) devices in Europe and created cards using stolen customer information from around the world. Source: http://www.net-security.org/secworld.php?id=14678

6. March 28, St. Louis Post-Dispatch – (Missouri) Reports of credit-card fraud from Schnucks customers continue to grow. Authorities in and around St. Louis County stated that they have received several reports of credit card fraud from customers who recently shopped at Schnucks grocery stores. Schnucks acknowledged the reports and is conducting an investigation. Source: http://www.stltoday.com/business/local/reports-of-credit-card-fraud-from-schnucks-customers-continue-to/article_9e342beb-f0be-5202-88b0-41762e7a07a6.html

7. March 27, Detroit Free Press – (Michigan) Brighton business owner convicted in investment scam. A Brighton Township businessman was found guilty of defrauding around 440 investors of $50 million in a fraudulent investment scheme through his company BBC Equities. Source: http://www.freep.com/article/20130327/BUSINESS06/130327074/Brighton-business-convicted-in-investment-scam

8. March 27, Courthouse News Service – (Illinois) FDIC sues bank officers for $33 million. Six directors of the failed New Century Bank were sued by the Federal Deposit Insurance Corporation for $33 million over claims that they were grossly negligent in their duties and ignored several warnings leading up to the bank’s 2010 collapse. Source: http://www.courthousenews.com/2013/03/27/56089.htm

Information Technology Sector

23. March 28, Threatpost – (International) Critical flaw threatens millions of BIND servers. A vulnerability in BIND 9.7, 9.8, and 9.9 for Unix could allow attackers to knock DNS servers offline or compromise applications running on them. BIND released a patch for the vulnerability and recommended that users install it immediately. Source: http://threatpost.com/en_us/blogs/critical-flaw-threatens-millions-bind-servers-032813

24. March 28, Network World – (International) Evernote account used to deliver instructions to malware. Researchers at Trend Micro identified a piece of malware dubbed “BKDR_VERNOT.A” that receives instructions from and deposits stolen information to an Evernote account to avoid detection. Source: http://www.networkworld.com/news/2013/032813-evernote-account-used-to-deliver-268178.html

25. March 28, The H – (International) Many S3 buckets leak corporate data. A researcher at Rapid 7 found sensitive files exposed to the Internet in Amazon’s Simple Storage System (S3) cloud service due to users improperly configuring the service. Source: http://www.h-online.com/security/news/item/Many-S3-buckets-leak-corporate-data-1832034.html

26. March 27, eWeek – (International) Largest-ever DDoS campaign demonstrates danger of new attack method. A massive distributed denial of service (DDoS) campaign targeting anti-spam organization Spamhaus reached 300 GB per second, illustrating how use of open recursive resolvers can amplify the power of DDoS attacks. Source: http://www.eweek.com/security/largest-ever-ddos-campaign-demonstrates-danger-of-new-attack-method/

27. March 27, Associated Press – (International) Egypt: Divers caught while cutting Internet cable. Authorities in Egypt arrested three individuals with diving gear as they attempted to cut a major undersea Internet cable. Damage from the attempt slowed connections from Egypt to India. Source: http://www.miamiherald.com/2013/03/27/3309991/egypt-divers-caught-while-cutting.html

Communications Sector

Nothing to report


Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.


Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.