Tuesday, December 4, 2012
Daily Report
Top Stories
• The latest storm system to drench northern
California — the third to hit the area in less than a week — moved across the
region the weekend of December 1, toppling trees and knocking out electrical
service to tens of thousands of people. – Associated Press
1.
December 3, Associated Press – (California) Third
storm in a week drenches NorCal, flood warning issued in Solano. Across
northern California December 2, a powerful storm drenched the area with yet
another round of pounding rain and strong winds. The latest storm system — the
third to hit the area in less than a week — moved across the region the weekend
of December 1 and 2 dropping as much as an inch of rain per hour in some areas,
toppling trees and knocking out electrical service to tens of thousands of
people, officials said. In Solano County, the National Weather Service issued a
small stream flood advisory that remained in effect through December 3. The
National Weather Service warned that several rivers were in danger of topping
their banks. Flood warnings were in effect for the Napa and Russian rivers, two
rivers north of San Francisco with a history of flooding, as well as the
Truckee River, near Lake Tahoe. In bracing for the storm, city officials handed
out more than 8,000 sandbags and about 150 tons of sand. Around 94,000 people
from Santa Cruz to Eureka, including about 21,000 people in the San Francisco
Bay area, were without electricity December 2, said a Pacific Gas &
Electric (PG&E) spokesman. About 2,000 PG&E crews were working to try
to restore power. Wind gusts, recorded as high as 60 miles per hour in parts of
the Bay area, were blamed for knocking over a big rig truck as it drove over
the Richmond-San Rafael Bridge December 2. Tow crews had to wait for the winds
to subside later in the morning before they could remove the truck, officials
said. Train service on the Bay Area Rapid Transit was disrupted for about an
hour December 2 because of an electrical outage blamed on the weather. Source: http://www.thereporter.com/ci_22113711/third-storm-week-drenches-norcal-flood-warning-issued
• Federal authorities were hunting November 29
for more than 100 rifles stolen from a boxcar parked in an Atlanta train yard,
the Associated Press reported November 30. The weapons include assault rifles
that a Bureau of Alcohol, Tobacco, Firearms and Explosives spokesman described
as “AK-style.” – Associated Press
12.
November 30, Associated Press –
(Georgia) Atlanta train car robbery: Over 100 rifles stolen. Federal
authorities were hunting November 29 for more than 100 rifles stolen from a
boxcar parked in an Atlanta train yard, the Associated Press reported November
30. The weapons were taken from a CSX rail yard on the city’s northwest side in
mid-November, said a spokesman for the U.S. Bureau of Alcohol, Tobacco,
Firearms and Explosives (ATF). The weapons include assault rifles that the ATF
spokesman described as “AK-style.” The boxcar was parked at the CSX Tilford
Yard, about 4 miles northwest of downtown Atlanta. A spokesman for rail line
CSX Corp. said the Jacksonville, Florida-based company was cooperating with law
enforcement to recover the weapons and investigate the theft. The rifles were
stolen on or around November 12, authorities said. The Tilford Yard is one of
the company’s major rail yards in Georgia, according to the company’s website.
Source: http://www.huffingtonpost.com/2012/11/30/atlanta-train-car-robbery-rifles_n_2217171.html
• At least 42 people in 20 States have fallen
ill with Salmonella in the outbreak linked to peanut butter made by Sunland
Inc. in Portales, New Mexico, according to the U.S. Centers for Disease Control
and Prevention. The outbreak is believed to have ended, Food Safety News
reported November 30. – Food Safety News
22.
November 30, Food Safety News –
(National) Final case count on peanut butter Salmonella outbreak hits 42. At
least 42 people in 20 States have fallen ill with Salmonella in the outbreak
linked to peanut butter made by Sunland Inc. in Portales, New Mexico, according
to the U.S. Centers for Disease Control and Prevention. The outbreak is
believed to have ended, Food Safety News reported November 30. One new case was
reported in North Carolina since the previous update November 8. The outbreak
was first reported in September after a number of patients fell ill with
Salmonella that was traced back to Trader Joe’s Valencia Peanut Butter,
manufactured by Sunland. The U.S. Food and Drug Administration suspended the
registration of Sunland November 26 to prevent it from selling its products
anywhere in the U.S. until proving they are produced safely. It was the first
time the agency has used that authority since being granted with the passing of
the federal Food Safety Modernization Act in January 2011. Source: http://www.foodsafetynews.com/2012/11/final-case-count-on-peanut-butter-salmonella-outbreak-hits-42/
• A town in northwest Louisiana was evacuated
November 30, and State Police were starting a criminal investigation of a
company after finding about 6 million pounds of explosive material used in howitzers
they said was stored illegally. – Associated Press
29. December
3, Associated Press – (Louisiana) La. town evacuates; police relocate explosives. A
town in northwest Louisiana was evacuated, November 30, and State police were
starting a criminal investigation of a company after finding about 6 million
pounds of explosive material used in howitzers they said was stored illegally.
Boxes and small barrels of the M6 artillery propellant were found both outdoors
and crammed into unauthorized buildings leased by Explo Systems Inc. at Camp
Minden, the former Louisiana Army Ammunitions Plant, a State Police
superintendent said December 2. Police were evacuating the town of Doyline.
About half the town’s 800 residents left November 30. The company’s “careless
and reckless disregard made it unsafe for their own employees, for
schoolchildren in Doyline, for the town of Doyline,” a State Police official
said. The company is located on a portion of the former ammunition plant’s
15,000 acres that is leased for commercial use. Other sections are used for
National Guard training. Company officials could not be reached December 2.
Source: http://www.wsvn.com/news/articles/national/21009223761427/la-town-evacuates-police-relocate-explosives/
Details
Banking and Finance Sector
4. December
2, Chicago Sun-Times – (Illinois) ‘Stringer Bell Bandit’ in custody. The
‘Stringer Bell Bandit’ — who allegedly robbed or tried robbing at least 10
Chicago banks since October — is in custody, according to the FBI’s Bandit
Tracker Web site, the Chicago Sun-Times reported December 2. Among the banks
allegedly robbed by the bandit was a Citibank branch November 26. He allegedly
passed a note to the teller demanding cash and then ran on foot. The bandit
allegedly struck the same bank November 13, according to the FBI. That same
day, he also attempted a bank robbery at a Chase branch, but for some reason he
fled without grabbing any cash, authorities claimed. According to the FBI, the
man is also suspected of robbing a Bank of America branch October 1; a Citibank
branch October 17; a PNC Bank branch October 23; a Fifth Third Bank branch
November 2; a Citibank branch November 8; and a Harris Bank branch November 16.
Source: http://www.suntimes.com/news/16771485-418/stringer-bell-bandit-in-custody.html
5. December
1, Associated Press – (California) ‘Tiger Bandit’ linked to 6 Calif. bank
robberies. The FBI said a suspected robber dubbed the Tiger Bandit may be
connected to six southern California bank heists in eight days, the most recent
taking place at a U.S. Bank branch in Lomita November 30. A FBI spokeswoman
said the suspect got his name because he was caught in surveillance photos
wearing a Detroit Tigers baseball cap. He is also linked to bank robberies in
Santa Monica, Huntington Beach, Marina del Rey, Long Beach, and Cerritos since
November 23. The suspect demands cash in various denominations. Investigators
believe there is a possibility that the Tiger Bandit may actually be two men
working together who dress similarly. Source: http://www.mercurynews.com/breaking-news/ci_22106014/tiger-bandit-linked-6-calif-bank-robberies
6. December
1, Associated Press – (North Dakota) Guilty pleas entered in ND mortgage fraud
case. Two people charged in the case of a defunct Arizona mortgage lender
accused of swindling Bismarck, North Dakota-based BNC National Bank out of
about $27 million pleaded guilty, the Associated Press reported December 1. The
former director of accounting with American Mortgage Specialists Inc. (AMS) and
an independent auditor were among four people charged in federal court. Two AMS
executives pleaded guilty earlier to conspiracy to commit bank fraud and wire
fraud. Authorities said AMS defrauded the bank by providing it with false
financial statements and other information about the status of loans the bank
had financed. Source: http://www.wahpetondailynews.com/article_8019725a-3bca-11e2-b5bb-001a4bcf887a.html
7. November
30, Kansas City Business Journal – (Missouri) Grand jury
indicts Liberty woman in $5M mortgage fraud. A Liberty, Missouri woman was
indicted by a federal grand jury November 28 for her role in a $5 million
mortgage fraud scheme. According to the indictment, she helped people buy homes
with no money down by filling out false and fraudulent applications. She
allegedly pocketed $400,000 from loan proceeds and fees in the scheme. She was
charged with five counts of bank fraud, two counts of wire fraud, and one count
of money laundering. She was also charged with obstruction of justice for
allegedly destroying documents sought in the investigation. Additionally, she
was charged with theft of government property. The indictments claim she
received almost $79,000 in Social Security disability payments to which she was
not entitled. Source: http://www.bizjournals.com/kansascity/news/2012/11/30/grand-jury-indicts-liberty-woman-in.html
8. November
30, Rockford Register-Star – (Illinois) Rock River Valley’s Alpine
Bank hit with security breach. Alpine Bank, the largest financial
institution in Rock River Valley, Illinois, notified some customers that
hackers gained access to Social Security and bank account numbers in September,
the Rockford Register-Star reported November 30. The Alpine Bank president and
CEO said that September 1 someone “gained access to customer information in a
database which was located on a Web server managed by a third party that Alpine
Bank contracted with for Web hosting services.” The information on the server
was encrypted, but a forensic expert notified the bank that personal
information was at risk despite the encryption. The president and CEO said so
far the bank was not aware of any attempts to misuse the personal information
stored in the database. Still, the bank notified affected customers to warn
them to take extra steps to monitor their identity, credit, and financial
accounts. Alpine Bank is offering those customers one year of credit monitoring
at no cost. Source: http://www.rrstar.com/blogs/alexgary/x1156349536/Alpine-Bank-hit-with-security-breach
9. November
30, Associated Press – (Connecticut) Conn. investment industry executive pays $1.4M
to settle federal insider trading charges. A Westport, Connecticut
investment industry executive paid $1.4 million to settle insider trading
charges, federal regulators said November 30. The executive, who founded
investment advisory firm Compass Group Management, gained access to nonpublic
information at an Internet site where bidding companies could learn more about
the financial condition of Patriot Capital Funding Group before its sale, the
U.S. Securities and Exchange Commission (SEC) said. For access to the data,
Compass Group had to agree to keep information confidential, which prohibited
employees from buying Patriot Capital stock. The executive still purchased
shares soon after Compass Group gained access to the confidential information
and bought even more stock after he learned that Compass Group’s bid was what
he described as “waaaaay off” compared with bids from other companies,
regulators said. Patriot Capital’s share price more than doubled after a merger
was publicly announced, and the executive realized more than $676,000 in illegal
profits, the SEC said. Source: http://www.washingtonpost.com/business/conn-investment-industry-executive-pays-14m-to-settle-federal-insider-trading-charges/2012/11/30/7a02ff9c-3b13-11e2-9258-ac7c78d5c680_story.html
For
another story, see item 36 below in the Information
Technology Sector
Information Technology Sector
33. December
3, Softpedia – (International) Dockster Mac malware planted on website
dedicated to Dalai Lama. Researchers from security firm F-Secure have
identified a new Mac malware planted on a Web site dedicated to Dalai Lama. The
malicious element, Dockster, uses a Java-based exploit which leverages the same
vulnerability as Flashback. Once it finds itself on a computer, Dockster drops
a backdoor identified as Backdoor:OSX/Dockster.A, which allows the attacker to
download arbitrary files and log keystrokes. According to experts, the latest
versions of Mac OS X are not affected by this malware. Furthermore, internauts
who have disabled their Java browser plugins should also be safe. Mac users are
not the only ones who should refrain from visiting the Web site. Researchers
reveal that it also hosts a Windows payload identified as Trojan.Agent.AXMO.
The site is not the official Dalai Lama Web site, but it has been around since
2009/2010. Source: http://news.softpedia.com/news/Dockster-Mac-Malware-Planted-on-Website-Dedicated-to-Dalai-Lama-311499.shtml
34. December
3, Softpedia – (International) Sophos releases technical paper on BlackHole
exploit kit. A Sophos Labs researcher released a technical paper that
details the notorious BlackHole exploit kit. The paper details the evolution of
BlackHole, its source code, the control panel, encryption, and its origins.
According to the researcher, there is evidence to support the theory that the
exploit kit was developed in Russia. The default time zone of the installation
is hardcoded to Europe/Moscow, the user interface language default is set to
Russian, and the date format is set to Little Endian, which is different than
the one utilized in the U.S. or China. Furthermore, the English user interface
text is less correct than the one in the Russian interface. Source: http://news.softpedia.com/news/Sophos-Releases-Technical-Paper-on-BlackHole-Exploit-Kit-311408.shtml
35. December
3, The H – (International) Season’s gr3371ng5 - hacker releases exploits
for MySQL and SSH. The hacker who goes by the name KingCope released
several exploits December 2, some of which date back to 2011. The exploits
mostly target the now-Oracle-owned MySQL open source database, but the SSH
servers by SSH Communications Security and FreeSSHd/FreeFTPd are also at acute
risk. The MySQL exploits do, however, require a legitimate database connection
to execute injected code. Exploits such as “mysqljackpot” then, for example,
misuse the connection’s “file privilege” to provide the attacker with shell
access at system privilege level. The hacker also describes a hole that allows
attackers to trigger a database crash and another hole that enables them to
find valid user names. Apparently, both holes can be exploited to bypass the
password check and log in with an arbitrary password. With SSH’s Tectia server,
the exploit description says that attackers can modify a legitimate user’s
password by calling input_userauth_passwd_changereq() before logging in. In
case of the FreeSSHd/FreeFTPd server, all that appears to be required is to
ignore a refusal message by the server and declare the session to be open at the
right time. All the exploit has to do is add an extra call to the existing
ssh_session2() function of the regular openssh client. Source: http://www.h-online.com/security/news/item/Season-s-gr3371ng5-hacker-releases-exploits-for-MySQL-and-SSH-1761125.html
36. December
1, eWeek.com – (International) Microsoft can retain control of Zeus botnet
under federal court order. A federal court granted Microsoft permission to
keep two major Zeus banking fraud botnets down for the next two years to allow
more time to clean up trojan-infected computers. Microsoft won the court order
November 28 to allow the company and its financial-services partners to
continue to administer command-and-control servers for two Zeus botnets that
had been shut down by the company’s legal and technical campaign in March. The
motion for a default judgment, which was granted by the U.S. District Court in
the Eastern District of New York, gives Microsoft and the National Automated
Clearing House Association (NACHA) an injunction that allows the companies to
keep the two Zeus botnets and their associated domains disabled for another 24
months. The original takedown, codenamed Operation b71, seized
command-and-control servers in Pennsylvania and Illinois and disrupted the
online-fraud networks. “This additional time will allow Microsoft to continue
to work with Internet service providers and Computer Emergency Response Teams
(CERTs) to clean those computers that are still infected with the malware,” the
senior attorney for Microsoft’s Digital Crimes Unit said in an email interview.
Source: http://www.eweek.com/security/microsoft-can-retain-control-of-zeus-botnet-under-federal-court-order/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+RSS/eweeksecurity+(eWEEK+Security)&utm_content=Google+Reader
Communications Sector
37. December
1, Port Townsend & Jefferson County Leader – (Washington) Cell,
Internet, phone service disruption caused when communication cable nicked by
dump truck. A dump truck disrupted cell phone, landline phone, and Internet
connections in Port Townsend, Washington, and other parts of East Jefferson
County December 1. It also knocked out access to local law enforcement and
emergency services, bank ATMs, and credit card machines. According to a
CenturyLink crew chief in Jefferson County, more than 144 fiberoptic splices
must be made before communications are running again. Representatives said that
repairs should be completed by December 1. Source: http://www.ptleader.com/main.asp?SectionID=36&SubSectionID=55&ArticleID=32606
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.