Friday, March 29, 2013
Complete DHS Daily Report for March 29, 2013
Daily Report
Top Stories
• European authorities arrested 44 individuals
involved in an alleged global credit card fraud network. – Help Net Security See item 5 below in the Banking and Finance Sector
• A train derailed and leaked up to 30,000
gallons of crude and authorities are investigating the incident which was the
first major spill during the expansion of crude shipment by rail in the U.S. – Reuters
9.
March 28, Reuters – (Minnesota) Minnesota
oil spill: Canadian train derails, spilling 30,000 gallons of crude in U.S. A
train operated by Canadian Pacific Railway Ltd. derailed and leaked up to
30,000 gallons of crude in western Minnesota. Authorities are investigating the
incident which was the first major spill during the massive expansion of crude
shipment by rail in the U.S. Source: http://www.huffingtonpost.com/2013/03/28/minnesota-oil-spill_n_2967118.html
• The U.S. Environmental Protection Agency
released a study indicating 55% of streams and river miles across the country
are in poor condition for aquatic life. – U.S. Environmental Protection
Agency
17.
March 26, U.S. Environmental Protection Agency –
(National) EPA survey finds more than half of the nation’s river and stream
miles in poor condition. The U.S. Environmental Protection Agency released
the results of a comprehensive study of the health of the country’s streams and
other water sources critical to feeding large bodies of water. The survey’s
results indicate 55% of the streams and river miles across the country are in
poor condition for aquatic life due to excessive levels of harmful elements
(nitrogen, phosphorous, mercury) and bacteria, along with increased human
disturbance. Source: http://yosemite.epa.gov/opa/admpress.nsf/0/26A31559BB37A7D285257B3A00589DDF
• A massive DDoS campaign targeting the Web
site of anti-spam organization Spamhaus reached 300 GB per second, illustrating
a new attack technique. – eWeek See item 26
below in the Information Technology
Sector
Details
Banking and Finance Sector
5. March 28, Help Net Security – (International) Global
credit card fraud network dismantled. Romanian and European authorities
coordinated the arrest of 44 individuals involved in an alleged global credit
card fraud network that compromised point-of-sale (PoS) devices in Europe and
created cards using stolen customer information from around the world. Source: http://www.net-security.org/secworld.php?id=14678
6. March 28, St. Louis Post-Dispatch – (Missouri) Reports
of credit-card fraud from Schnucks customers continue to grow. Authorities
in and around St. Louis County stated that they have received several reports
of credit card fraud from customers who recently shopped at Schnucks grocery
stores. Schnucks acknowledged the reports and is conducting an investigation.
Source: http://www.stltoday.com/business/local/reports-of-credit-card-fraud-from-schnucks-customers-continue-to/article_9e342beb-f0be-5202-88b0-41762e7a07a6.html
7. March 27, Detroit Free Press – (Michigan) Brighton
business owner convicted in investment scam. A Brighton Township
businessman was found guilty of defrauding around 440 investors of $50 million
in a fraudulent investment scheme through his company BBC Equities. Source: http://www.freep.com/article/20130327/BUSINESS06/130327074/Brighton-business-convicted-in-investment-scam
8. March 27, Courthouse News Service – (Illinois) FDIC
sues bank officers for $33 million. Six directors of the failed New Century
Bank were sued by the Federal Deposit Insurance Corporation for $33 million
over claims that they were grossly negligent in their duties and ignored
several warnings leading up to the bank’s 2010 collapse. Source: http://www.courthousenews.com/2013/03/27/56089.htm
Information Technology Sector
23.
March 28, Threatpost – (International)
Critical flaw threatens millions of BIND servers. A vulnerability in
BIND 9.7, 9.8, and 9.9 for Unix could allow attackers to knock DNS servers
offline or compromise applications running on them. BIND released a patch for
the vulnerability and recommended that users install it immediately. Source: http://threatpost.com/en_us/blogs/critical-flaw-threatens-millions-bind-servers-032813
24.
March 28, Network World –
(International) Evernote account used to deliver instructions to malware. Researchers
at Trend Micro identified a piece of malware dubbed “BKDR_VERNOT.A” that
receives instructions from and deposits stolen information to an Evernote
account to avoid detection. Source: http://www.networkworld.com/news/2013/032813-evernote-account-used-to-deliver-268178.html
25.
March 28, The H – (International) Many
S3 buckets leak corporate data. A researcher at Rapid 7 found sensitive
files exposed to the Internet in Amazon’s Simple Storage System (S3) cloud
service due to users improperly configuring the service. Source: http://www.h-online.com/security/news/item/Many-S3-buckets-leak-corporate-data-1832034.html
26.
March 27, eWeek – (International) Largest-ever
DDoS campaign demonstrates danger of new attack method. A massive
distributed denial of service (DDoS) campaign targeting anti-spam organization
Spamhaus reached 300 GB per second, illustrating how use of open recursive
resolvers can amplify the power of DDoS attacks. Source: http://www.eweek.com/security/largest-ever-ddos-campaign-demonstrates-danger-of-new-attack-method/
27.
March 27, Associated Press –
(International) Egypt: Divers caught while cutting Internet cable. Authorities
in Egypt arrested three individuals with diving gear as they attempted to cut a
major undersea Internet cable. Damage from the attempt slowed connections from
Egypt to India. Source: http://www.miamiherald.com/2013/03/27/3309991/egypt-divers-caught-while-cutting.html
Communications Sector
Nothing to
report
Department of Homeland Security
(DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday]
summary of open-source published
information
concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on
the
Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Contact Information
Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS
Daily Report Team at (703)387-2314
Subscribe to
the
Distribution List: Visit the
DHS Daily Open Source Infrastructure Report and follow
instructions to
Get e-mail updates when this information
changes.
Contact DHS
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
To report cyber infrastructure incidents or to
request information,
please contact US-CERT at soc@us-cert.gov or visit their Web
page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to
educate and
inform personnel engaged
in infrastructure protection. Further reproduction
or redistribution is subject to original copyright
restrictions. DHS provides no
warranty of ownership of the copyright,
or accuracy with respect to
the
original
source material.