Tuesday, November 20, 2012
Daily Report
Top Stories
• The federal government entered a record $497 million False
Claims Act judgment against the now-defunct Westland/Hallmark Meat Co., the
company that sparked the largest-ever meat recall after undercover abuse
footage was made public in 2008. – Food Safety News
12. November
18, Food Safety News – (National) Landmark settlement reached in Westland-Hallmark
Meat case. The now defunct Westland/Hallmark Meat Co. sparked the
largest-ever meat recall after undercover abuse footage was made public in 2008,
and now the company has sparked the largest-ever judgement for an animal abuse
case, Food Safety News reported November 18. The Humane Society of the United
States (HSUS) announced November 16 that it reached a partial settlement with two
of the nine defendants in its False Claims Act lawsuit and that the federal government
was entering a final judgement of $497 million against the company. While the
judgement is record-setting for an animal abuse case, the company will not actually
pay the full fine to the government. According to HSUS, “The full judgment – which
is the largest court judgment ever entered for animal abuse – cannot be
collected in light of Hallmark’s insolvency, and is intended to deter future
animal cruelty in the nation’s slaughterhouses.” Westland/Hallmark went out of
business after the abuse footage–which showed “downer” cows (animals unable to
walk) being dragged, violently prodded, and forklifted–caused national outrage.
As a supplier to the National School Lunch Program NSLP, the company had agreed
to follow strict animal welfare standards in its contract with the U.S.
Department of Agriculture. The litigation stems from the company failing to
live up to that contract. Downer cows are not legally allowed to enter the food
supply, in part because they are at increased risk for BSE, otherwise known as
mad cow disease. Non-ambulatory animals are also more likely to be contaminated
with fecal matter and disease-causing bacteria. The undercover abuse footage
prompted a 143 million pound ground beef recall; the vast majority of the meat was
already consumed by the time it was recalled. Source: http://www.foodsafetynews.com/2012/11/landmark-settlement-reached-inwestlandhallmark-meat-case/
• Human waste has been pouring into New York Harbor from the fifth
largest sewage treatment plant in the country since it was hit by Hurricane
Sandy, and the operator of the plant cannot predict when it will stop, WNBC 4
New York reported November 16. – WNBC 4 New York
21. November
16, WNBC 4 New York – (New York; New Jersey) Human waste continues to pour into NY
harbor after Sandy. Human waste has been pouring into New York Harbor from
the fifth largest sewage treatment plant in the country since it was hit by hurricane
Sandy, and the operator of the plant cannot predict when it will stop, WNBC 4 New
York reported November 16. A 12-foot surge of water swamped the Newark, New
Jersey plant that serves some three million people when Sandy struck October
29. The plant has pumped more than three billion gallons of untreated or
partially treated wastewater into local waterways since then. The executive
director of the Passaic Valley Sewerage Commission, only said “ASAP” when asked
about when repairs to the sprawling facility could be made. Until then, the
main outfall will continue dumping millions of gallons of partially treated
human waste a day. Pathogens in partially treated waste are a health hazard and
public safety threat, officials said. Fishing, crabbing, and shellfishing bans
in the New Jersey waters of the harbor will remain in effect, said a Department
of Environmental Protection spokesman. The New York City Department of environmental Protection also issued an
advisory to residents to avoid contact with the water.
• Police are searching for a gunman who they say used the same
weapon to kill three Brooklyn, New York shopkeepers since July. All three
victims were of Middle Eastern descent and their stores are within a 5-mile
radius. – CBS News; Associated Press
38. November
19, CBS News; Associated Press – (New York) Brooklyn serial
killer: Gunman sought in three shopkeeper slayings, NYPD says. Police are
searching for a gunman who they say used the same weapon to kill three
Brooklyn, New York shopkeepers since July, CBS News and the Associated Press
reported November 19. All three victims were of Middle Eastern descent. Their
stores are within a 5-mile radius, and none of them have surveillance cameras.
The last victim was killed at his store, She She, in Brooklyn’s Flatbush
section November 16. Police said that ballistics evidence connected the same
gun to the shooting deaths of two other Brooklyn shopkeepers over the summer of
2012. A clothing store owner was killed inside Valentino Fashion in Bay Ridge
July 6. Another victim was found dead August 2 at his Amazing 99 Cents Deal
shop in Bensonhurst. Source: http://www.cbsnews.com/8301-504083_162-57551667-504083/brooklynserial-killer-gunman-sought-in-three-shopkeeper-slayings-nypd-says/
• A suspect in Bolivar, Missouri, was accused of planning a movie
theater massacre at a
screening of the final “Twilight” movie after police were alerted
that he purchased 400
rounds of ammunition and two assault rifles for the planned
attack. – ABC News
42. November
16, ABC News – (Missouri) Cops stop alleged movie theater gun plot. A suspect
in Bolivar, Missouri, was accused of planning a movie theater massacre at a screening
of the final “Twilight” movie. He was charged November 16 with first degree assault,
making a terroristic threat, and armed criminal action after his mother alerted
police that he had purchased 400 rounds of ammunition and two assault rifles “very
similar to the ones in Aurora, Colorado, movie theater shooting,” according to probable
cause statement issued by the Bolivar Police Department. The suspect allegedly
told the police that he had already purchased a ticket for the November 18 screening
of “The Twilight Saga: Breaking Dawn — Part 2.” He said he also planned to
shoot up a nearby Wal-Mart store, according to the statement. He had previously
threatened to stab a Wal-Mart employee in 2009. Police characterized the
suspect as “being off his medication,” but he was able to purchase the rifles
November 12 and November 13. Source: http://abcnews.go.com/US/cops-stop-alleged-movie-theater-unplot/story?id=17742369#.UKph_K7kGok
Details
Banking and Finance Sector
9. November
17, Bloomberg News – (New York) Ex-Refco lawyer guilty of aiding $2.4 billion
fraud. Refco Inc.’s former outside lawyer whose 2009 fraud conviction was reversed
in January was again found guilty by a jury in federal court in New York City, Bloomberg
News reported November 17. Prosecutors claimed he helped Refco’s Chief Executive
Officer and other executives defraud investors of $2.4 billion. Jurors found the
lawyer guilty of one count of conspiracy and two counts each of securities
fraud, wire fraud, and filing false statements with the U.S. Securities and
Exchange Commission. The new trial had been granted by a U.S. appeals court,
which ruled that the judge in the first trial improperly instructed a
deliberating juror outside the presence of the accused’s lawyers. Prosecutors
at the second trial accused him of helping New York-based Refco’s management
hide transactions that concealed losses. ”Over and over and over again, [he]
ignored his duties as an officer of the court by actively participating in the
crimes of his client — telling blatant lies, falsifying important documents,
and concealing others,” a U.S. Attorney said in a statement. Source: http://www.businessweek.com/news/2012-11-16/ex-refco-lawyer-guilty-ofaiding-2-dot-4-billion-fraud
10. November
17, Orange County Register – (California) FBI: ‘Don’t Even Bandit’ robs bank in Fullerton. A man authorities
believe to be the “Don’t Even Bandit” is suspected of robbing a Chase bank
branch in Fullerton, California, November 16. A man walked into the bank
branch, handed a teller a note demanding money, and left with an undisclosed
amount of cash, police said. The robber is suspected of being the “Don’t Even
Bandit,” a FBI special agent said. The “Don’t Even Bandit” is believed to have
carried out at least six bank robberies in California, including a holdup at a
Bank of America in Garden Grove in early October. According to news reports, he
got his name after his threats to witnesses of earlier robberies included the
words “don’t even.” Source: http://www.ocregister.com/news/bank-378024-don-bandit.html
Information Technology Sector
31. November
19, The H – (International) Trojan uses Google Docs to communicate with its
control server. IT security firm Symantec discovered a trojan called Backdoor.Makadocs
that hides in Rich Text Format (RTF) and Microsoft Word documents and injects
malicious code via Trojan.Dropper. It uses the Google Docs service’s Viewer
feature to communicate with its command-and-control (C&C) server. Symantec
currently rates the trojan’s threat level as “very low”. In a post on its blog,
the company says that the carrier document appears to primarily target users in
Brazil. The malware transfers information such as the infected computer’s host
name and operating system. Symantec says that it has already been updated for
Microsoft’s newly released Windows 8 and Windows Server 2012 operating systems.
The unusual characteristic of the trojan is the use of Google Docs. Using the
viewer to contact the trojan’s C&C server prevents the data traffic between
the infected system and the C&C server from being discovered as Google Docs
connections are encrypted using HTTPS. However, the company added that Google
could prevent the viewer from being misused by implementing a firewall.
32. November
19, Associated Press – (National) Judge approves FTC’s $22.5M fine of Google. A
federal judge approved a $22.5 million fine to penalize Google for an alleged
privacy breach, rejecting a consumer-rights group’s plea for tougher punishment.
The rebuke resolves allegations that Google duped millions of Web surfers using
the Safari browser into believing their online activities could not be tracked
by the company as long as they did not change the browser’s privacy settings.
That assurance was posted on Google’s Web site earlier this year, even as the
Internet search leader was inserting computer coding that bypassed Safari’s
automatic settings and enabled the company to peer into the online lives of the
browser’s users. The U.S. Federal Trade Commission concluded that the
contradiction between Google’s stealth tracking and its privacy assurances to
Safari users violated a vow the company made in another settlement with the
agency in 2011. Google had promised not to mislead people about its privacy
practices. Source: http://www.boston.com/business/technology/2012/11/19/judge-approves-ftcfine-google/aR6ovDPNRs0upay1mIDCGP/story.html
33. November
19, Help Net Security – (International) Google Chrome app grabs identities,
forges blogs in victims’ name to promote scam. A Google Chrome app that
promises to change the color of Facebook accounts instead nabs authentication cookies
and generates dozens of blogs registered to the victims’ Gmail address, Bitdefender
warns. Once the malicious app is installed from Google’s Chrome Web Store, it
starts displaying a large Google Ads banner redirecting users to a “work from home
scam.” When clicking the sign-up link, users are redirected to a fraudulent Web
site. The blogs generated under the email address of the victims, which are
used in further disseminating the scam, have registered a large number of hits
among users in the United States, the United Kingdom, Germany, Spain, Romania,
and other countries. The app can also post wall messages on the victims’
account. The messages use friend tagging to convince the victim’s friends to
visit the blog domains. Each time the app posts on a users’ timeline, it links
to one of the auto-generated blogs to avoid blacklisting. According to
Softpedia, the app in question - “Modify Your Facebook Color” - has been
downloaded from the Play Store by over 38,000 users. Source: http://www.netsecurity.org/secworld.php?id=13977&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader
34. November
19, IDG News Service – (International) Hackers break into two FreeBSD Project
servers using stolen SSH keys. Hackers compromised two servers used by the FreeBSD
Project to build third-party software packages. Anyone who has installed such
packages since September 19 should completely reinstall their machines, the project’s
security team warned. Intrusions on two machines within the FreeBSD.org cluster
were detected November 11, the FreeBSD security team said November 17. The two
compromised servers acted as nodes for the project’s legacy third-party package
building infrastructure. The incident only affected the collection of
third-party software packages distributed by the project and not the operating
system’s “base” components, such as the kernel, system libraries, compiler, or
core command-line tools. The FreeBSD security team believes the intruders
gained access to the servers using a legitimate SSH authentication key stolen
from a developer, and not by exploiting a vulnerability in the operating
system. The package sets currently available for all versions of FreeBSD have
been validated and none of them have been altered in any way, the team said.
35. November
19, Threatpost – (International) Facebook enabling HTTPS by default for North
American users. Facebook the week of November 19 will begin turning on secure
browsing by default for its millions of users in North America. The change will
make HTTPS the default connection option for all Facebook sessions for those
users, a shift that gives them a good baseline level of security and will help
prevent some common attacks. Facebook users have had the option of turning on
HTTPS since early 2011 when the company reacted to attention surrounding the
Firesheep attacks. However, the technology was not enabled by default and users
had to manually make the change in order to get the better protection of HTTPS.
Now, users will have to manually turn HTTPS off if they do not want it, a
distinction that is a major change, especially for Facebook’s massive user
base, which has become a major target for attackers.
Source: http://threatpost.com/en_us/blogs/facebook-enabling-https-default-northamerican-users-111912
Communications Sector
36. November
19, Radio Ink – (Ohio) Two charged with stealing copper from Radio One. Federal
authorities in Cleveland charged a man and a woman with the malicious destruction
of federally-licensed communications lines under the domestic terrorism provision
of the law, Radio Ink reported November 19. The Radio One Cleveland chief engineer
said the copper was stolen from WJMO 1300 AM Cleveland. He said thieves pulled
up the four-inch copper strap surrounding all four antenna tuning units (dog houses)
and disconnected all 480 ground radials in the process. The indictment charges that
August 17 or August 18, the man and woman unlawfully entered the property of Radio
One and willfully and maliciously destroyed and removed copper material from four
radio-station towers situated on the property. Emergency repairs cost nearly $11,000
while permanent repairs will cost an estimated $125,000, according to the indictment.
Source: http://www.radioink.com/Article.asp?id=2576604&spid=24698
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.