Friday, December 14, 2012
Daily Report
Top Stories
• Federal investigators were looking into why
no alarms sounded when a massive natural gas explosion in West Virginia sent
flames as high as hilltops, engulfing homes and a large section of an
Interstate for more than an hour. – Associated Press (See item 2)
2. December
12, Associated Press – (West Virginia) Feds to probe why alarms failed in W.Va.
explosion. Federal investigators were looking into why no alarms sounded as
a massive natural gas explosion sent flames as high as hilltops, engulfing
homes and a large section of an Interstate for more than an hour. Investigators
with the National Transportation Safety Board planned to visit Columbia Gas
Transmission’s Charleston, West Virginia control room to try to learn why the
company’s alarm system failed, an agency spokesman said December 12. It took
Columbia approximately 64 minutes to manually stop the flow of gas to the pipe
about 15 miles away at Sissonville. The 20-inch transmission pipe exploded
December 11, destroying four homes, cooking a section of Interstate 77, a major
north-south commuting corridor that passes through the capital city, and
creating a crater 17 feet deep. The pipeline is part of a network that
primarily serves local utilities but also delivers gas to Georgia. NiSource
said the explosion affected one specific location “and does not affect the
safety or operation of any pipelines outside of that immediate area.” Nearly
15,000 miles of natural gas pipeline stretch across West Virginia. Federal
regulators said there have been 20 “significant” pipeline incidents involving
deaths, injuries, or major property damage in West Virginia in the past decade.
Source: http://www.google.com/hostednews/ap/article/ALeqM5jDDvauqeUrnnXXTwFnROtFTKwW3A?docId=60da760d8b924b909a1521bd948b4153
• Two people responsible for running a massive
identity theft ring in the South Bay area of San Diego were sentenced December
11 to prison. The pair ran a large-scale, sophisticated ID theft and mail theft
ring out of their home where they stole the identities of more than 1,500
individuals. – Examiner.com See
item 6 below in the Banking and Finance Sector
• Federal agents said December 12 they busted
a lucrative prescription drug scheme. Court records indicate the scheme was so
profitable that the doctor allegedly bragged he had stashed as much as $20
million and shipped money to Lebanon inside a storage container. – Detroit
News
17.
December 13, Detroit News – (Michigan)
Medical offices raided. Federal agents said December 12 they busted a
lucrative prescription drug scheme allegedly headed by the former Detroit
Metropolitan Airport CEO’s brother, the latest scandal to engulf the family. A
series of raids by FBI and U.S. Drug Enforcement Administration agents across
Oakland and Macomb counties played out as the FBI continued a wide-ranging
separate corruption probe of the former Detroit Metropolitan Airport CEO and
Wayne County government. Her brother is accused of writing prescriptions to
phony patients for powerful pain medication, billing for treatments to dead
patients, and pocketing $50,000 a month in a scheme involving his Warren-based
offices, Midwest Family Practice. He was charged with two felonies, appeared in
federal court, and was released on $10,000 bond. Court records indicate the
scheme was so profitable that the doctor allegedly bragged he had stashed as
much as $20 million, including more than $1 million cash at his Royal Oak home,
and shipped money to Lebanon inside a storage container. A second man was also
charged. Both face charges of unlawful distribution of a controlled substance
and health care fraud conspiracy. The federal probe dates to 2011. Source: http://www.detroitnews.com/article/20121213/METRO01/212130374/Medical-offices-raided-Mullin-s-brother-held?odyssey=mod|newswell|text|FRONTPAGE|p
• Twenty-nine county courthouses throughout
Mississippi received bomb threats December 12. The threats were similar to
those received in November in Nebraska, Oregon, Tennessee, and Washington. – Biloxi
Sun Herald
19.
December 13, Biloxi Sun Herald –
(Mississippi) Bomb threats called in to 29 county courthouses in
Mississippi. Twenty-nine county courthouses throughout Mississippi received
bomb threats December 12. Officials in the coastal counties said all south
Mississippi courthouses have been cleared for re-admittance December 13. The
executive director of the Mississippi office of the Department of Homeland
Security said 31 total threats were received in 29 counties. The threats were
similar to those received in November in Nebraska, Oregon, Tennessee, and
Washington. None of those threats were credible. Officials said the calls came
in to the circuit clerk’s offices. A George County official described the voice
as sounding recorded and said the caller’s number was blocked. The executive
director said Homeland Security is looking for the person responsible for the
calls. Source: http://www.sunherald.com/2012/12/12/4355810/bomb-threats-called-in-to-29-county.html
Details
Banking and Finance Sector
5. December
13, Bloomberg News – (New York; International) Tiger Asia admits guilt in $60
million court settlement. Tiger Asia Management LLC, a New York City-based
hedge fund, admitted illegally using inside information to trade Chinese bank
stocks and agreed to criminal and civil settlements of more than $60 million,
Bloomberg News reported December 13. The fund’s manager entered the guilty plea
for Tiger Asia in federal court in Newark, New Jersey, admitting it used
material nonpublic information by selling short shares of Bank of China Ltd.
and China Construction Bank Corp. Tiger Asia agreed to forfeit $16.3 million to
resolve the criminal case. Tiger Asia Management, its manager, Tiger Asia Partners
LLC, and a former head trader also will pay $44 million to settle a U.S.
Securities and Exchange Commission lawsuit filed December 12. Tiger Asia used
inside information received through private placement offerings to engage in
short selling of the two banks, the agency said. A U.S. District Judge placed
Tiger Asia on probation for one year. He said the $16.3 million represents the
total illicit gain in the criminal case for the trades in December 2008 and
January 2009. Source: http://www.businessweek.com/news/2012-12-12/tiger-asia-management-hedge-fund-said-to-plan-guilty-plea
6. December
12, Examiner.com – (California) Big identity theft ring broken in San Diego. Two
people responsible for running a massive identity theft ring in the South Bay
area of San Diego were sentenced December 11 to prison, according to a San
Diego County district attorney. The two individuals were arrested in July. The
pair were found guilty of various felonies, including conspiracy, ID theft,
receiving stolen property, and burglary. The pair ran a large-scale,
sophisticated ID theft and mail theft ring out of their home where they stole
the identities of more than 1,500 individuals. Much of the personal information
was believed to have come from stolen real estate files. The prosecutor’s press
release stated that investigators found numerous items involved in the ID theft
scheme at the defendants’ home including computers, printers, dozens of stolen
credit cards, card scanners and readers, lists describing how to make
counterfeit IDs, mail, and stolen briefcases. Also found handwritten binders
with detailed personal identifying information of the victims’, credit card
numbers, and credit information applied for by defendants in their names.
“These individuals were sophisticated enough to know the local agency
thresholds on the amount of money that would require an open investigation.
Using this knowledge, they stayed under this dollar amount to avoid law
enforcement detection,” said the Chula Vista chief of police. Source: http://www.examiner.com/article/big-identity-theft-ring-broken-san-diego
7. December
12, KBAK 29 Bakersfield – (California) Sisters, teen arrested for
alleged card skimming at banks. Four suspects were arrested December 11 for
allegedly implanting debit card skimming devices at multiple California banks.
Bakersfield police were called by Chase bank security, who said they found a
card skimmer and unauthorized video camera at their ATM. Police used the bank’s
security cameras to get a description of one of the suspects, and detectives
used that video to link that suspect to similar offenses in the San Bernardino
area. While conducting surveillance in the area of the bank, detectives saw the
suspect in a nearby grocery store. They followed him to a vehicle occupied by
three more suspects, police said. All four suspects tried to run away when
police made contact, but only one was successful. The two sisters and the man
were arrested after detectives found additional skimming devices, computers,
numerous counterfeit and stolen credit cards, narcotics, and two loaded and
stolen handguns in their rental car. A 16-year-old suspect was also taken to
juvenile hall. Source: http://www.bakersfieldnow.com/news/local/Sisters-teen-arrested-for-alleged-card-skimming-at-banks-183194791.html
8. December
12, Krebs on Security – (International) New findings lend
credence to Project Blitzkrieg. ”Project Blitzkrieg,” a brazen Underweb
plan for hiring 100 botmasters to fuel a blaze of ebanking heists against 30
U.S. financial institutions in the Spring of 2013, was met with skepticism from
some in the security community after news of the scheme came to light in October.
But new research suggests the crooks who hatched the plan were serious and have
painstakingly built up a formidable crime machine in preparation for the
project. Krebs on Security reported December 12. McAfee said it tracked
hundreds of infections from the Gozi Prinimalka trojan since Project Blitzkrieg
was announced in early September. vorVzakone, the miscreant who posted the
call-to-arms, also posted a number of screen shots that he said were taken from
a working control panel for the botnet he was building. According to RSA
Security, the botnet consisted of systems infected with Gozi Prinimalka, a
closely-held, custom version of the powerful password-stealing Gozi banking
trojan. In an analysis to be published December 13, McAfee said it was able to
combine the data in those screen shots with malware detections on its own
network to correlate both victim PCs and the location of the control server. It
found that the version of the Prinimalka trojan used in the attack has two
unique identifiers that identify what variant is being deployed on infected
computers. McAfee said that all of the systems it identified from the screen
shots posted by vorVzakone carried the Campaign ID 064004, which was discovered
in the wild on April 14. A threat researcher at McAfee said the company’s
analysis indicates that Project Blitzkrieg is a credible threat to the
financial industry and appears to be moving forward. The researcher posits that
vorVzakone most likely intended to hire botmasters who already had access to
substantial numbers of login credentials for the U.S. financial institutions
targeted in the scheme. Several banks were indicated on a target list,
including Bank of America, Capital One, and Suntrust, but many of the targets
are in fact investment banks, such as American Funds, Ameritrade, eTrade,
Fidelity, OptionsExpress, and Schwab. Source: http://krebsonsecurity.com/2012/12/new-findings-lend-credence-to-project-blitzkrieg/
9. December
12, Federal Bureau of Investigation – (Illinois) Former owner of
Rockford mortgage company charged in scheme to defraud investors. The
former owner, CEO, and president of Commercial Mortgage and Finance Co. in
Rockford, Illinois, was indicted December 12 by a federal grand jury. The man
was charged with 17 counts of mail fraud, one count of wire fraud, and one
count of securities fraud, in connection with a scheme to defraud investors in
Commercial Mortgage, a scheme which exposed investors to losses of $20 million.
According to the indictment, the man raised capital for his business by selling
installments known as Promissory Notes and Certificates of Participation to
investors. The indictment alleges that he concealed from the investors the fact
that Commercial Mortgage had a negative net worth that steadily increased during
the years that he owned the company. The indictment also charges that he
concealed from the investors the fact that Commercial Mortgage was operated as
a Ponzi scheme, with money received from the sales of new Promissory Notes
being used to pay principal and interest owed on older Promissory Notes.
According to the indictment, this fraud scheme took place from August 1997
through October 8, 2008. The indictment also charges that the man made specific
false statements to several of the investors. Source: http://www.loansafe.org/former-owner-of-rockford-mortgage-company-charged-in-scheme-to-defraud-investors
Information Technology Sector
23. December
13, Softpedia – (International) Changeup malware alert: You have received a
secure message. Security firms have recently started warning users about a
new variant of the Changeup malware. In order to spread this malicious element,
cybercriminals have launched a new spam campaign. When they described the
attack, researchers from Symantec revealed that the fake notifications,
entitled “You have received a secure message,” apparently originating from
financial institutions, were used. According to Hoax Slayer, there are several
variants of these emails making the rounds. Some of them claim to come from
Bank of America or Australia’s Commonwealth Bank, while others purport to come
from networking provider Cisco. Source: http://news.softpedia.com/news/Changeup-Malware-Alert-You-Have-Received-a-Secure-Message-314433.shtml
24. December
12, Network World – (International) IE exploit can track mouse cursor - even when
you’re not in IE. A vulnerability affecting Internet Explorer versions 6
through 10 could make it possible for a hacker to monitor the movements of a
user’s mouse, even if the browser window is minimized. According to Web
analytics firm Spider.io, this means that passwords and PINs could be captured
by a canny thief if they are typed on a virtual (on-screen) keyboard.
Additionally, it is already being exploited by two display advertising
networks, the company said, though it did not name them in its statement. ”As
long as the page with the exploitative advertiser’s ad stays open - even if you
push the page to a background tab or, indeed, even if you minimize Internet
Explorer - your mouse cursor can be tracked across your entire display,”
Spider.io said. The company added that, while the problem has been acknowledged
by the Microsoft Security Research Center, there are apparently no immediate
plans for a patch. Spider.io also published the technical details of the
exploit, which involves the browser’s global Event object. Source: http://www.networkworld.com/news/2012/121212-microsoft-ie-exploit-265036.html
Communications Sector
25.
December 12, Gaithersburg Gazette –
(Maryland) Verizon accident leaves some Poolesville residents without phone,
Internet service. Poolesville, Maryland residents lost Internet and phone
service December 11. The cause, according to a Verizon spokesperson, was a
construction accident. “A contractor who was doing some work for us damaged one
of our copper cables,” he said. The contractor was doing prep work in advance
of the work the company needs to do to install FiOS in the area. By December 12
service was still not restored. Source: http://www.gazette.net/article/20121212/NEWS/712129356/1022/verizon-accident-leaves-some-poolesville-residents-without-phone&template=gazette
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.