Wednesday, November 28, 2012
Daily Report
Top Stories
• The undamaged westbound side of New York’s
Ocean Parkway was reopened for 4.8 miles between Cedar Beach and Tobay Beach
November 26. The 15.5-mile long road sustained unprecedented damage during
Hurricane Sandy and has been closed since October 30. – Examiner.com
10.
November 26, Examiner.com – (New York)
Ocean Parkway reopens. The undamaged westbound side of New York’s Ocean
Parkway was reopened for 4.8 miles between Cedar Beach and Tobay Beach November
26. The 15.5-mile long road sustained unprecedented damage during Hurricane
Sandy and has been closed since October 30. Approximately 5 miles of the
eastbound section of the road and its protective sand dunes were severely
damaged; one-half mile of the roadway, and 1.6 miles of the sand dunes east of
Gilgo were completely destroyed. New York State Department of Transportation
(NYSDOT), the New York State Parks Recreation and Historic Preservation
(NYSOPRHP), and the Department of Environmental Conservation are working with
the Federal Highway Administration and the Army Corps of Engineers to develop a
coastal barrier protection roadway repair project to restore Ocean Parkway to
its pre-storm condition. NYSDOT and NYSOPRHP are also collaborating to design a
project to rebuild damaged lanes to the traffic circle in Robert Moses State
Park. New York State is examining options to strengthen those sections of the
protective sand dunes that were damaged to provide better stability and
resiliency to future storms. In addition to providing needed sand, the dredging
project will also make the Fire Island Inlet safe for commercial and
recreational boating. Source: http://www.examiner.com/article/ocean-parkway-reopens
• The U.S. Food and Drug Administration (FDA)
suspended Sunland Inc.’s operations November 26. The New Mexico food producer
is linked to Salmonella-tainted peanut butter that has sickened at least 41
people in 2012. – Reuters
15. November
26, Reuters – (National) FDA suspends peanut butter plant linked to
Salmonella outbreak. The U.S. Food and Drug Administration (FDA) suspended
Sunland Inc.’s operations November 26. The New Mexico food producer is linked
to Salmonella-tainted peanut butter that has sickened at least 41 people in
2012, the agency said in a statement. The FDA said a review of Sunland Inc.’s
product testing records showed that 11 product lots of nut butter tested
positive for Salmonella between June 2009 and September 2012. Between March
2010 and September 2012, a portion of eight product lots of nut butter
containing Salmonella was distributed by the company to consumers, the
organization said. Additionally, the FDA found the presence of Salmonella
during its inspection of the plant in September and October, both in samples
taken in food production areas and in food products themselves. In a November
15 statement the company said “at no time in its twenty four year history has
Sunland, Inc. released for distribution any products that it knew to be
potentially contaminated with harmful microorganisms.” Source: http://www.reuters.com/article/2012/11/27/usa-salmonella-peanuts-idUSL1E8MR00L20121127
• An attorney, an accountant, and two medical
administrators were convicted November 26 for their parts in a $154-million
insurance fraud scheme in which hundreds of healthy patients from across the
U.S. were recruited to undergo unnecessary and dangerous surgeries to
fraudulently bill insurance providers, Orange County, California prosecutors
said. – Los Angeles Times See item 5
below in the Banking and Finance Sector
• New York health officials asked the federal
government for almost a half-billion dollars worth of special Medicaid funding
for hospitals, nursing homes, and clinics affected by Sandy, WNYC 93.9 FM New
York City reported November 26. – WNYC 93.9 FM New York City
21.
November 26, WNYC 93.9 FM New York City –
(New York) NY seeks Medicaid funds for State’s Sandy-affected healthcare
providers. New York health officials asked the federal government for
almost a half-billion dollars worth of special Medicaid funding for hospitals,
nursing homes, and clinics affected by Sandy, WNYC 93.9 FM reported November
26. Much of the money is to repair damaged buildings and equipment, but some is
also intended to compensate places that either have closed and lost patients,
or stayed open and received evacuees. The $427 million application is for up to
three weeks of special funding. Close to $200 million of that would be for
hospitals, with the rest going to nursing homes, clinics, housing for the
mentally ill and disabled, substance abuse centers, and medical transportation
companies. State officials estimated more than 5,000 patients were displaced by
Sandy, and they say healthcare facilities have experienced more than a billion
dollars worth of physical damage and lost income. Source: http://www.wnyc.org/articles/wnyc-news/2012/nov/26/state-seeks-medicaid-funding-sandy/
Details
Banking and Finance Sector
5. November
26, Los Angeles Times – (California; National) Four convicted in
$154-million medical insurance fraud. An attorney, an accountant, and two
medical administrators were convicted November 26 for their parts in a
$154-million insurance fraud scheme in which hundreds of healthy patients from
across the U.S. were recruited to undergo unnecessary and dangerous surgeries
to fraudulently bill insurance providers, Orange County, California prosecutors
said. A jury found the four defendants guilty of charges related to revenue and
tax fraud for the massive scheme. Each of the four also faces at least 100
additional felony counts because the court has broken the scheme into multiple
cases because of its size, prosecutors said. Those additional charges include
conspiracy, paying for referrals, grand theft, insurance fraud, making false
and fraudulent claims, and filing a false tax return. A number of other
defendants, including three doctors, previously pleaded guilty to charges
related to conspiracy and insurance fraud. Employees of Unity Outpatient
Surgery Center in Buena Park were named as participating in the fraud, which
recruited 2,841 healthy people from across the country to receive unnecessary
surgeries in exchange for money or low-cost cosmetic surgery. Source: http://latimesblogs.latimes.com/lanow/2012/11/4-convicted-medical-insurance-fraud.html
6. November
26, Sarasota Herald-Tribune – (Florida) Mortgage banker
pleads guilty in flipping fraud case. Shortly after being indicted for bank
fraud, a former Sarasota, Florida mortgage banker pleaded guilty to conspiring
to make false statements to a federally insured lender, the Sarasota
Herald-Tribune reported November 26. He was the 20th person to be indicted in
the massive flipping fraud scheme masterminded by two former Sarasota real
estate agents that borrowed over $200 million from local banks. In 2006 and
2007, the banker made at least 19 home equity loans to members of the
conspiracy. In both cases, one of the real estate agents forged the names of
his relatives on the loan applications and the banker notarized the fraudulent
signatures, the plea agreement states. Eighteen members of the conspiracy have
been sentenced thus far and more indictments are expected. Source: http://insiderealestate.heraldtribune.com/2012/11/26/mortgage-banker-pleads-guilty-in-flipping-fraud-case/
7. November
26, The Register – (International) Claimed $400m Google buyout is fake, ICOA
boss warns. Wireless hotspot provider ICOA appeared to fall victim to what
looks like a classic pump-and-dump stock scam after a fake press release
announcing that Google had paid $400 million to buy the company, The Register
reported November 26. A press release posted on PRweb announced the purported
deal and caused heavy trading in the firm’s shares. However, the company’s
Chief Financial Officer confirmed that the story was not true. “It’s a false
release,” he stated. “The [U.S. Securities and Exchange Commission] SEC has
been notified.” ICOA is firmly in the penny share category, with shares trading
on the OTC Pink sheets for fractions of a cent. Nevertheless, the press release
more than quadrupled the share price, and at its peak over 500 million shares
were traded, indicating that someone made off with at least $200,000 in profit.
Source: http://www.theregister.co.uk/2012/11/26/icoa_google_buyout_fake/
8. November
26, Detroit Free Press – (Michigan; National) Michigan AG charges
Georgia woman with racketeering in ‘robo-signing’ mortgage fraud scheme. Michigan’s
attorney general announced November 26 that he is filing a criminal charge against
the former executive of a Georgia-based document processing firm where workers
allegedly forged close to a million signatures on home mortgage documents
nationwide, including more than 1,000 signatures for Michigan mortgages. The
former president of DocX of Alpharetta, Georgia, was to be charged in Kent
County, Michigan with racketeering for what the attorney general described as
having orchestrated a vast mortgage document “robo-signing” scheme. Earlier
this month the woman agreed to plead guilty in Missouri to felony counts of
forgery and perjury and a misdemeanor count of making a false declaration. She
also pleaded guilty in U.S. District Court in Florida to conspiracy to commit
mail and wire fraud. The attorney general said that from 2006 through 2009, the
woman directed her employees to fraudulently sign various bank officials’ names
on mortgage documents. The attorney general said arrangements are presently
being made for the woman to surrender to Michigan authorities. Source: http://www.freep.com/article/20121126/BUSINESS/121126038/Michigan-AG-announces-racketeering-charged-forged-signature-case
Information Technology Sector
26. November
27, Help Net Security – (International) Go Daddy says DNS
records hijacking was due to phishing. Go Daddy’s director of information
security operations stated November 26 that the compromise of domain name
system (DNS) records at Go Daddy hosted Web sites the week of November 19 was
due to phishing and not a vulnerability in the My Account or DNS management
systems. The DNS records were compromised so that malware peddlers could
redirect victims to malicious sites hosting the Cool exploit kit and ultimately
leading to ransomware. “Go Daddy has detected a very small number of accounts
have malicious DNS entries placed on their domain names. We have been
identifying affected customers and reversing the malicious entries as we find
them. Also, we’re expiring the passwords of affected customers so the threat
actors cannot continue to use the accounts to spread malware,” the director
said. He advised customers located in the U.S. and Canada to enable two-step
authentication to help protect their accounts and prevent this from happening
to them. Source: http://www.net-security.org/malware_news.php?id=2334&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader
27. November
27, Softpedia – (International) PlugX RAT developers release new version,
become more confident. The PlugX Remote Administration Tool (RAT) has been
around for quite some time and, according to researchers, its developers
continue to improve it. The latest version comes with some interesting changes
in terms of logging activity. Kaspersky Lab Experts reveal that a new version,
which was landing in the inboxes of a company, shows that the developers are
becoming more confident in their work. The old variant contained numerous lines
of code designed to process potential errors. The new version does not contain
this logging function. Experts believe that this demonstrates the fact that the
author trusts that the code flow runs successfully. It is likely that the cyber
criminals have managed to infect a large number of computers, which allowed
them to properly test their malicious tool. Now that they are done checking the
new version, they are probably ready to move forward in development. Source: http://news.softpedia.com/news/PlugX-RAT-Developers-Release-New-Version-Become-More-Confindent-310014.shtml
28. November
27, Softpedia – (International) Piwik.org hacked, attacker adds malicious
code to installation files. Piwik.org, the official Web site of the free
software Web analytics system for PHP/MySQL webservers, was hacked. The
attacker planted a piece of malicious code inside the .zip file containing
Piwik 1.9.2. According to Piwik representatives, the incident affects only
users who updated or installed Piwik 1.9.2 on November 26 between 15:43 UTC and
23:59 UTC. Customers who believe they might be impacted are advised to check
for a piece of malicious code at the end of the Loader.php file located in the
Core directory. If the code is present, they must back up config.ini.php,
delete the Piwik directory, and download a clean version from piwik.org. The
hacker gained access to the company’s servers by leveraging a
vulnerability in a
WordPress plugin. “The website Piwik.org is running WordPress and got
compromised, because of a security issue in a WordPress plugin. As far as we
know, the Piwik software does not have any exploitable security issue,” the
Piwik team wrote. Fortunately, since the Web site does not track any Web
analytics data from users, no personal or sensitive data was obtained by the
attacker. Piwik is currently working on implementing new mechanisms to avoid
such incidents from occurring in the future. Source: http://news.softpedia.com/news/Piwik-org-Hacked-Attacker-Adds-Malicious-Code-to-Installation-Files-310082.shtml
29. November
26, Dark Reading – (International) Evolving DDoS attacks force defenders to
adapt. In the past, attackers using distributed denial-of-service (DDoS)
attacks to take down Web sites or network servers typically adopted one of two
tactics; flooding the site with a deluge of data or overwhelming an application
server with seemingly valid requests. Yet increasingly, attackers are using a
hybrid approach, using multiple vectors to attack. The attacks that hit
financial firms in September and October, for example, often used a massive
flood of data packets that would overwhelm a victim’s network connection, while
a much smaller subset of traffic would target vulnerable applications
functions, consuming server resources. The one-two punch is potent. Many
financial firms thought they had the defenses in place to defeat such attacks
but had problems staying accessible during the onslaught. Companies prepared to
handle application-layer attacks or smaller volumetric attacks could not handle
the 20Gbps or more that saturated their Internet connection. A recent report
from network-security firm Prolexic found that the average attack bandwidth
increased to nearly 5Gbps, with 20Gbps attacks quite common. In a year, the
average volume of attacks had doubled, the firm found. Source: http://www.darkreading.com/security-services/167801101/security/perimeter-security/240142616/evolving-ddos-attacks-force-defenders-to-adapt.html
30. November
26, Help Net Security – (International) DIY mass iFrame
injecting Apache module sold online. A Webroot researcher recently spotted
an Apache 2.x module for automated mass iFrame injection being sold in an
underground market advertisement. “The Apache 2.x based stealth module is
capable of inserting and rotating iFrames on all pages at a particular website
hosted on the compromised server. The process will only work with a
cookie+unique IP in an attempt by the cybercriminal behind the kit to make the
process of analyzing the module harder to perform. The module would also not
reveal the iFrame URL to search engines, Google Chrome and Linux users, as well
as local IP,” he shares, adding that this makes it virtually impossible for a
webmaster to remove the infection from their Web site. The module is for sale
for $1,000, and in order to incite buyers, the seller offers statistics that
apparently prove that the return on investment is good. The seller also reveals
in the ad that the module has already been successfully use in a number of
security incidents across the globe. Source: http://www.net-security.org/malware_news.php?id=2332&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader
For more stories, see items 7 above in the Banking and Finance Sector
Communications Sector
31.
November 27, Softpedia – (Nevada) 4
Las Vegas news Web sites disrupted by DDOS attacks. Over the weekend of
November 24, four news Web sites owned by Greenspun Media Group – vegasinc.com,
vegasdeluxe.com, lasvegassun.com, and lasvegasweekly.com – were disrupted after
being hit by a distributed denial-of-service (DDOS) attack. The servers that
hosted the Web sites were overwhelmed by the large number of packets going
their way, causing the Web sites to experience outages for several hours, the
Las Vegas Sun reported. Currently, the sites are back online and Greenspun
Media Group representatives have notified authorities. Source: http://news.softpedia.com/news/4-Las-Vegas-News-Websites-Disrupted-by-DDOS-Attacks-310139.shtml
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.