Thursday, December 4, 2014



Complete DHS Report for December 4, 2014

My apologies for the delay in posting this report.  However, as of 2:15PM EST the full report at http://www.dhs.gov/dhs-daily-open-source-infrastructure-report had not been published.  My posting time will be within 30 minutes of when I gain access to same!

Daily Report

Top Stories

 · Westbound lanes of Interstate 24 north of Nashville, Tennessee, were closed for nearly 17 hours December 2 when 2 semi-trucks collided and burst into flames, killing both drivers. – WSMV 4 Nashville 

6. December 3, WSMV 4 Nashville – (Tennessee) 2 killed in fiery crash on I-24 W; interstate now open. Westbound lanes of Interstate 24 north of Nashville were closed for nearly 17 hours December 2 when 2 semi-trucks collided and burst into flames, killing both drivers. Source: http://www.wsmv.com/story/27523259/vehicle-fire-shuts-down-i-24-west-north-of-nashville

 · Southbound lanes for a stretch of the George Washington Memorial Parkway in Arlington and Fairfax counties in Virginia reopened to traffic December 3 after repair work was completed on a sinkhole that was discovered December 1. – Washington Post 

December 3, Washington Post – (Virginia) Highway officials try to find cause of sinkhole on George Washington Memorial Parkway. Southbound lanes for a stretch of the George Washington Memorial Parkway in Arlington and Fairfax counties reopened to traffic December 3 after repair work was completed on a sinkhole that was discovered December 1. Authorities are investigating what caused the sinkhole. Source: http://www.washingtonpost.com/blogs/dr-gridlock/wp/2014/12/02/southbound-gw-parkway-closed-because-of-sinkhole/

 · Two children and 1 adult were killed and 23 people were injured after 2 Knox County school buses collided on Asheville Highway in Knoxville, Tennessee, and shut down the roadway for 8 hours. – WBIR 10 Knoxville 

9. December 3, WBIR 10 Knoxville – (Tennessee) Police release names of victims killed in school bus crash. Two children and 1 adult were killed and 23 people were injured after 2 Knox County school buses collided on Asheville Highway in Knoxville December 2 and shut down the roadway for 8 hours as crews worked to clear the scene and reopen the road. Knox County School officials announced that both Chilhowee Intermediate and Sunnyview Primary schools would be closed December 3. Source: http://www.wbir.com/story/news/local/2014/12/02/several-students-hurt-in-accident-involving-2-buses/19790703/

 · Cylance researchers published a report on a suspected Iranian hacking group that has compromised a variety of targets including government and military systems, telecommunications companies, research facilities, airports, defense contractors, and utilities in a campaign dubbed Operation Cleaver. – The Register See item 16 below in the Information Technologies Sector

Financial Services Sector 

3. December 3, South Florida Business Journal – (Florida) Former TigerDirect executives plead guilty to fraud. Two former senior executives at Miami-based electronics retailer TigerDirect pleaded guilty December 2 to securities and tax fraud charges in a $9.5 million bribery scheme that involved kickbacks from suppliers and concealing taxable income. Source: http://www.bizjournals.com/southflorida/news/2014/12/03/former-tigerdirect-executives-plead-guilty-to.html

4. December 3, WVIT 30 New Britain – (Connecticut) Two men plead guilty in check fraud ring. Connecticut authorities reported that a New Haven man and a man from North Carolina pleaded guilty December 1 and December 2 to running a stolen check cashing ring that successfully cashed 37 altered checks totaling $104,070. Source: http://www.nbcconnecticut.com/news/local/Two-Men-Plead-Guilty-in-Check-Fraud-Ring-284566301.html

5. December 2, SC Magazine – (National) Unauthorized intruders gain access to ART Payroll database. Payroll service American Residuals and Talent (ART Payroll) notified current and former customers that unauthorized intruders were able to gain access to its Web application October 18 and determined November 10 that customers’ personal and financial information may have been accessed. The information included names, addresses, dates of birth, Social Security numbers, bank account information, and other information. Source: http://www.scmagazine.com/unauthorized-intruders-gain-access-to-art-payroll-database/article/386223/

For another story, see item 20 below from the Commercial Facilities Sector

20. December 3, Securityweek – (International) New "LusyPOS" malware uses Tor for C&C Communications. CBTS researchers analyzed a new variant of malware dubbed LusyPOS that leverages the Tor network to deploy a technique known as RAM scraping to collect payment card data from infected systems. The malware is similar to the ChewBacca variant which was used to steal payment data from several dozen retailers in the U.S. and other countries. Source: http://www.securityweek.com/new-lusypos-malware-uses-tor-cc-communications

Information Technology Sector

16. December 3, The Register – (International) Iranian CLEAVER hacks through airport security, Cisco boxen. Researchers with Cylance published a report on a suspected Iranian hacking group that has compromised a variety of targets including government and military systems, telecommunications companies, research facilities, airports, defense contractors, and utilities in a campaign dubbed Operation Cleaver. The researchers stated that the group compromised critical infrastructure assets and Cisco networking equipment but did not engage in manipulation of those systems. Source: http://www.theregister.co.uk/2014/12/03/operation_cleaver/

17. December 3, The Register – (International) Firmware update kills Lenovo Home Media Network HDDs. Here’s how to resurrect them. Lenovo stated that it was responding to customer reports of a firmware update causing its Home Media Network Hard Drive to fail to restart after installation of the update. Source: http://www.theregister.co.uk/2014/12/03/lenovo_firmware_drives/  18. December 2, Softpedia – (International) Lizard Squad announces DDoS attacks for Christmas time. Attackers claiming to be the Lizard Squad hacking group claimed responsibility for conducting a distributed denial of service (DDoS) attack against the Xbox Live network after users complained December 1 that they experienced issues connecting to the network. Source: http://news.softpedia.com/news/Lizard-Squad-Announces-DDoS-Attacks-for-Christmas-Time-466354.shtml  

For additional stories, see items 3 above from the Financial Services Sector and 20 below from the Commercial Facilities Sector

20. December 3, Securityweek – (International) New "LusyPOS" malware uses Tor for C&C Communications. CBTS researchers analyzed a new variant of malware dubbed LusyPOS that leverages the Tor network to deploy a technique known as RAM scraping to collect payment card data from infected systems. The malware is similar to the ChewBacca variant which was used to steal payment data from several dozen retailers in the U.S. and other countries. Source: http://www.securityweek.com/new-lusypos-malware-uses-tor-cc-communications

Communications Sector

See item 16 above in the Information Technology Sector