Friday, December 20, 2013



Complete DHS Daily Report for December 20, 2013

Daily Report

 • A large fire that broke out at a recycling facility located on a U.S. Environmental Protection Agency Superfund site in Hickman County, Tennessee, caused officials to evacuate surrounding schools and homes. – Associated Press

2. December 19, Associated Press – (Tennessee) Fire crews make progress in Tenn. industrial fire. A large fire that broke out December 18 at a plastics and metals recycling facility located on a U.S. Environmental Protection Agency Superfund site in Hickman County caused officials to evacuate students from four surrounding schools and nearby residents from homes due to concerns over two 1000-pound propane tanks on the property. Source: http://abcnews.go.com/US/wireStory/crews-evacuate-fire-tenn-superfund-site-21265135

 • Target confirmed reports that criminals stole the payment card information of around 40 million customers at stores across the U.S. – IDG News Service See item 4 below in the Financial Services Sector

 • A suspect known as the “Ball Cap Bandit” pleaded guilty to committing 11 bank robberies in north Alabama and Tennessee between February 2012 and March 2013. – AL.com See item 8 below in the Financial Services Sector

 • Researchers developed an attack method that can extract full 4096-bit RSA keys by using a microphone or cell phone to listen to the sound generated by a computer’s CPU operations. – Softpedia See item 22 below in the Information Technology Sector

Details

Financial Services Sector

4. December 19, IDG News Service – (National) Target says hackers likely accessed 40 million cards. Target confirmed December 18 reports that criminals stole the payment card information of around 40 million customers at stores across the U.S., possibly by tampering with card swiping machines. Investigators found that the breach may have lasted from November 28 to December 15. Source: http://www.computerworld.com/s/article/9244891/Target_says_hackers_likely_accessed_40_million_cards

5. December 19, Beaumont Enterprise – (Texas) Beaumont jury convicts man found with 158 fraudulent credit cards. An Ohio man was convicted of credit card fraud in Beaumont, Texas, December 18 after he was found in possession of 158 fraudulent credit cards and a card encoder during a traffic stop. Source: http://www.beaumontenterprise.com/news/article/Beaumont-jury-convicts-man-found-with-158-5078389.php

6. December 19, Softpedia – (International) ZeuS trojan variant targets accounts of BTC China customers. Trusteer researchers discovered a variant of the Zeus banking trojan that is designed to steal the login and one-time password information from customers of BTC China and other Bitcoin exchanges. Source: http://news.softpedia.com/news/ZeuS-Trojan-Variant-Targets-Accounts-of-BTC-China-Customers-410680.shtml

7. December 18, Reuters – (New Jersey) New Jersey sues Credit Suisse over mortgage securities. The attorney general of New Jersey filed a lawsuit December 18 against Credit Suisse, accusing it of misrepresenting the risk involved in more than $10 billion of residential mortgage-backed securities. Source: http://www.reuters.com/article/2013/12/18/us-creditsuisse-lawsuit-idUSBRE9BH0VO20131218

8. December 18, AL.com – (Alabama; Tennessee) ‘Ball Cap Bandit’ pleads guilty to 11 bank robberies in north Alabama, Tennessee during yearlong spree. A suspect known as the “Ball Cap Bandit” pleaded guilty December 18 to committing 11 bank robberies in north Alabama and Tennessee between February 2012 and March 2013, stealing more than $63,000. Source: http://blog.al.com/breaking/2013/12/ball_cap_bandit_pleads_guilty.html

9. December 18, Westerly Sun – (Rhode Island) First arrest made in credit card scam at Westerly restaurant. Police in Norwich reported that a woman was charged in connection with reports of payment card skimming at a restaurant in Norwich connected to at least 34 incidents of fraud. Police suspect that others were involved in a broader skimming operation. Source: http://www.thewesterlysun.com/news/policecourts/3177578-129/first-arrest-made-in-credit-card-scam-at-westerly-restaurant.html

Information Technology Sector

21. December 19, Help Net Security – (International) OpenX/Revive Adserver zero-day actively exploited in the wild. A researcher discovered a zero-day vulnerability in open-source advertising server OpenX Source that could allow an attacker to gain back-end access. The researcher reported that the vulnerability is being actively exploited in the wild. Source: http://www.net-security.org/secworld.php?id=16136

22. December 19, Softpedia – (International) Full 4096-bit RSA keys extracted by listening to the sound made by computers. Researchers reported in a paper that they developed an attack method that can extract full 4096-bit RSA keys by listening to the sound generated by a computer’s CPU operations. The sound can be picked up by dedicated microphones or by a phone. Source: http://news.softpedia.com/news/Full-4096-bit-RSA-Keys-Extracted-by-Listening-to-the-Sound-Made-by-Computers-410710.shtml

23. December 19, The Register – (International) Macbook webcams CAN spy on you – and you simply CAN’T TELL. Researchers confirmed that the webcams in MacBooks can be used to spy on users without an LED warning light being turned on. The researchers released a proof-of-concept demonstrating how the hardware interlock that normally ties camera and LED activation together can be disabled to allow independent operation of either. Source: http://www.theregister.co.uk/2013/12/19/apple_isight_webcam_led_hack/

24. December 18, Dark Reading – (International) Washington Post servers infiltrated, employee credentials stolen. The Washington Post confirmed that some of its servers were compromised by attackers who were able to access encrypted employee usernames and passwords. Source: http://www.darkreading.com/attacks-breaches/washington-post-servers-infiltrated-empl/240164882

Communications Sector

Nothing to report