Thursday, June 5, 2014




Complete DHS Report for June 5, 2014

Daily Report

Top Stories

 • Federal authorities from Mobile, Alabama, arrested a Washington, D.C.-area woman June 3 for allegedly making more than $900,000 worth of fraudulent claims to the Gulf Coast Claims Facility related to the 2010 Gulf of Mexico oil spill. – AL.com

2. June 3, AL.com – (Washington, D.C.; Alabama) Washington-area woman charged with $900,000 BP oil spill fraud in Mobile. Federal authorities from Mobile, Alabama, arrested a Washington, D.C.-area woman June 3 for allegedly making more than $900,000 worth of fraudulent claims to the Gulf Coast Claims Facility related to the 2010 Gulf of Mexico oil spill. The suspect is accused of helping prepare over 100 fake claims in the names of other people and using her personal bank account to deposit checks written to individuals whose names were used. Source: http://blog.al.com/live/2014/06/washington-area_woman_charged.html

 • Researchers identified a new family of point-of-sale (PoS) and Web browser malware known as Soraya that has compromised thousands of payment cards. – Securityweek See item 6 below in the Financial Services Sector

 • Health officials reported that an estimated 18,000 gallons of untreated sewage spilled into Hanamaulu stream in Lihue, Hawaii, June 3 after manhole overflowed due to a blocked sewer line. – Hawaii News Now

19. June 3, Hawaii News Now – (Hawaii) 18,000 gallons of untreated sewage spills into Kauai stream. Health officials reported that an estimated 18,000 gallons of untreated sewage spilled into Hanamaulu stream in Lihue June 3 after manhole overflowed on the east side of Kapaia Bridge due to a blocked sewer line. The public was advised to stay out of Hanamaulu Stream and Hanamaulu Bay while authorities worked to clear the blocked line and stop the overflow. Source: http://www.hawaiinewsnow.com/story/25685289/kauai-crews-work-to-contain-sewage-spill

 • Six businesses in downtown Pueblo, Colorado, were destroyed or damaged June 3 when a fire broke out in an office supply store, then spread to surrounding businesses. – KKTV 11 Colorado Springs

28. June 4, KKTV 11 Colorado Springs – (Colorado) Six businesses damaged or destroyed in massive Pueblo fire. Six businesses in downtown Pueblo, Colorado, were destroyed or damaged June 3 when a fire broke out in an office supply store, then spread to surrounding businesses. Fire officials temporarily evacuated a nearby parking garage as a precaution and warned against being within a two-block radius of the fire due to risks posed by the fire’s smoke. Source: http://www.kktv.com/home/headlines/Massive-Fire-Burning-In-Downtown-Pueblo-261766901.html

Financial Services Sector

5. June 4, Charleston Post and Courier – (South Carolina) FDIC sues to collect $9.2M from ex-officers, directors of failed Charleston bank. The Federal Deposit Insurance Corporation (FDIC) filed a lawsuit June 2 against seven former directors of the failed Atlantic Bank & Trust based in Charleston, seeking over $9.2 million in damages it claims were absorbed when the FDIC took over ownership of the bank in June 2011. Source: http://www.postandcourier.com/article/20140604/PC05/140609748/1010/fdic-sues-to-collect-92m-from-ex-officers-directors-of-failed-charleston-bank

6. June 3, Securityweek – (International) Soraya malware mixes capabilities of Zeus and Dexter to target payment card data. Researchers with Arbor Networks identified a new family of point-of-sale (PoS) malware known as Soraya that is capable of performing memory scraping techniques similar to the Dexter PoS malware as well as intercepting Web browser data similar to the Zeus trojan. The researchers found that thousands of payment cards have been compromised by the malware, mostly originating from financial institutions in the U.S. and Puerto Rico. Source: http://www.securityweek.com/soraya-malware-mixes-capabilities-zeus-and-dexter-target-payment-card-data

7. June 3, KPRC 2 Houston – (Texas) 2 men charged with planting skimming devices on Houston ATMs. Two men were arrested June 3 and charged with allegedly placing 35 skimming devices on 10 Capital One ATMs in the Houston area between November 2013 and June 2014. U.S. Secret Service agents alleged that the pair captured payment card information belonging to 375 customers. Source: http://www.click2houston.com/news/2-men-charged-with-planting-skimming-devices-on-houston-atms/26318086

8. June 3, Los Angeles Times – (California) ‘Hypnotist Bandit’ linked to bank robberies in San Gabriel Valley. Police and FBI agents linked a suspect known as the “Hypnotist Bandit” to three bank robberies in the San Gabriel Valley since May 27, including two robberies in the same day June 3. Source: http://www.latimes.com/local/lanow/la-me-ln-hypnotist-bandit-20140603-story.html

9. June 3, U.S. Securities and Exchange Commission – (New York) SEC charges Albany, N.Y.-based investment adviser with defrauding clients. The U.S. Securities and Exchange Commission filed an emergency enforcement action June 3 against an Albany-based investment adviser for allegedly using his firm, The ELIV Group LLC, to fraudulently raise over $8.8 million from around 80 investors by misrepresenting the performance and safety of the investments. The SEC alleges that the firm has had consistent investment losses and that its owner has withdrawn client funds for personal use. Source: http://www.sec.gov/News/PressRelease/Detail/PressRelease/1370541977904

Information Technology Sector

25. June 4, The Register – (International) New software nasty encrypts Android PHONE files and demands a ransom. Researchers at ESET identified a new piece of Android ransomware known as Android/Simplocker that encrypts victims’ data and demands a ransom via the MoneXy service. The malware is controlled by a command and control server hosted within the TOR network. Source: http://www.theregister.co.uk/2014/06/04/android_simplocker_file_scrambling_ransomware/

26. June 3, Threatpost – (International) GnuTLS patches critical remote code execution bug. GnuTLS released a patch for the open source cryptographic library May 28 that closes a critical remote execution vulnerability which could allow an attacker to trigger a buffer overflow and cause a server to crash or potentially execute arbitrary code. Source: http://threatpost.com/gnutls-patches-critical-remote-code-execution-bug

27. June 3, Securityweek – (International) Report examines how attackers mask threat activity. Palo Alto Networks released their latest Application Usage and Threat Report June 2, which found that attackers continue to use common sharing applications such as email and social media to initiate multi-phased attacks, among other findings. Source: http://www.securityweek.com/report-examines-how-attackers-mask-threat-activity

See another story in the Financial Services Sector, item 6 above

Communications Sector

Nothing to report