Wednesday, December 10, 2014



Complete DHS Report for December 10, 2014

Daily Report

Top Stories

 • Officials are investigating after 6 people were killed when an executive jet crashed into a Gaithersburg, Maryland home December 8 and burst into flames, destroying 2 homes and damaging 3 others in the neighborhood. – Reuters: Chicago Tribune
7. December 9, Reuters; Chicago Tribune – (Maryland) Mom, children among 6 dead after jet crashes into Maryland home. Officials are investigating after the pilot, 2 passengers, and 3 others were killed when an executive jet crashed into a Gaithersburg, Maryland home December 8 and burst into flames. The fire destroyed two homes and damaged three others in the neighborhood. Source: http://www.chicagotribune.com/news/nationworld/chi-maryland-plane-crash-20141208-story.html

 • Repairs to a main break in Annapolis, Maryland, took more than 12 hours after it failed due to external corrosion December 6 and released an estimated 89,000 gallons of wastewater. – WBAL 1090 AM Baltimore
13. December 7, WBAL 1090 AM Baltimore – (Maryland) Wastewater overflow reaches Chesapeake Bay. Repairs to a 10-inch main break in Annapolis, Maryland, took more than 12 hours after it failed due to external corrosion December 6 and released an estimated 89,000 gallons of wastewater. Crews recovered nearly 72,000 gallons of the overflow while approximately 17,000 gallons reached Chesapeake Bay. Source: http://www.wbal.com/article/111316/2/wastewater-overflow-reaches-chesapeake-bay

 • Kaspersky Lab researchers identified a piece of malware targeting Linux systems associated with the Turla advanced persistent threat (APT) group (also known as Uroburos or Snake) that is based on the cd00r proof-of-concept backdoor. – Securityweek See item 18 below in the Information Technology Sector

 • The Association of National Advertisers and researchers with White Ops found that around 25 percent of video ads and 11 percent of display ads online are viewed by automated bots set up by cyber criminals to inflate Web site audiences. – Reuters See item 19 below in the Information Technology Sector

Financial Services Sector

3. December 9, Bloomberg News – (International) Deutsche Bank sued by U.S. over alleged tax scheme. Federal charges were filed against Deutsche Bank December 8 seeking $190 million in taxes, interest, and penalties for the bank’s alleged use of three underfunded shell companies to evade U.S. taxes. Source: http://www.bloomberg.com/news/2014-12-08/deutsche-bank-sued-by-u-s-over-alleged-tax-scheme.html

4. December 8, Reuters – (Massachusetts) TD Bank settles Massachusetts data breach probe, to pay $625,000. TD Bank agreed December 8 to a settlement with the State of Massachusetts to pay $625,000 and improve security practices to resolve a probe of a 2012 data breach that exposed the personal information of more than 260,000 customers. The incident was caused by the loss of unencrypted back-up tapes in March 2012 and Massachusetts officials stated that the bank was too slow in reporting the breach to authorities in October. Source: http://www.reuters.com/article/2014/12/08/torontodominion-massachusetts-settlement-idUSL1N0TS1H320141208

5. December 8, Cleveland Plain Dealer – (Ohio) Federal fraud charges filed against Copley man for $17 million Ponzi scheme with 70 victims. A Copley Township man who was a co-owner and operator of KGTA Petroleum Ltd., was charged December 8 for allegedly operating the company as a Ponzi scheme, defrauding 70 investors of around $17 million between 2010 and 2014. The man and others, including three PrimeSolutions Securities Inc. representatives, also allegedly failed to file appropriate documentation with the U.S. Securities and Exchange Commission for the company. Source: http://www.cleveland.com/court-justice/index.ssf/2014/12/federal_fraud_charges_filed_ag.html

6. December 6, Tulsa World – (National) Former Arrow CEO indicted on 23 counts of bank, tax fraud. The former CEO of nationwide trucking company Arrow Trucking Co., pleaded guilty December 5 in federal court in Texas for allegedly conspiring with others to defraud the Internal Revenue Service and a Utah bank of $24 million in a fraud and tax evasion scheme that operated in 2009. The former CFO of the company previously pleaded guilty December 4 to tax fraud and bank fraud charges. Source: http://www.tulsaworld.com/news/investigations/former-arrow-ceo-doug-pielsticker-indicted-on-counts-of-bank/article_3ed83e3a-a1ff-5758-b080-e3b6e8928a03.html

For another story, see item 20 below in the Information Technology Sector

Information Technology Sector

18. December 9, Securityweek – (International) Newly discovered ‘Turla’ malware targets Linux systems. Kaspersky Lab researchers identified a piece of malware targeting Linux systems associated with the Turla advanced persistent threat (APT) group (also known as Uroburos or Snake) that is based on the cd00r proof-of-concept backdoor and is capable of hidden network communications, remote management, and arbitrary remote command execution. Previous versions of Turla malware have targeted Windows systems in government agencies, military groups, educational institutions, pharmaceutical companies, and other targets in more than 45 countries. Source: http://www.securityweek.com/newly-discovered-turla-malware-targets-linux-systems

19. December 9, Reuters – (International) Fraud from bots represents a loss of $6 bln in digital advertising. The Association of National Advertisers and researchers with White Ops released a report December 9 which found that around 25 percent of video ads and 11 percent of display ads online are viewed by automated bots set up by cyber criminals to inflate Web site audiences. The researchers stated that such fraud could cost advertisers an estimated $6.3 billion in the next year. Source: http://www.reuters.com/article/2014/12/09/advertising-fraud-study-idUSL1N0TS19220141209

20. December 9, Softpedia – (International) POODLE attack also affects some TLS implementations. A researcher with Google reported that certain implementations of Transport Layer Security (TLS) with an SSL 3.0 decoding function can be exploited through POODLE attacks to decrypt sensitive information. The researcher identified the vulnerability in older versions of Network Security Services (NSS) as well as in Web sites administered by Bank of America with load balancing devices from A10 Networks and F5 Networks. Source: http://news.softpedia.com/news/POODLE-Attack-Also-Affects-Some-TLS-Implementations-466944.shtml

21. December 9, Help Net Security – (International) Info on millions of AliExpress customers could have been harvested due to site flaw. A security researcher identified and reported a flaw in the AliExpress online marketplace that could have allowed a logged-in user to exploit an insecure direct object reference vulnerability to view other users’ names, addresses, and phone numbers. Alibaba, parent company of AliExpress, closed the vulnerability after the researcher’s report. Source: http://www.net-security.org/secworld.php?id=17741

22. December 8, Softpedia – (International) Yik Yak flaw de-anonymizes user, allows control over account. SilverSky researchers identified and reported a vulnerability in the Yik Yak anonymous social media platform for iOS that could allow an attacker to discover the identity of a user and take over their account due to the Flurry advertising tool sending the app’s secure ID used by the app in the place of a password without encryption. The researchers reported the issue to Yik Yak and a patch was released in December. Source: http://news.softpedia.com/news/Yik-Yak-Flaw-De-anonymizes-User-Allows-Control-Over-Account-466877.shtml

Communications Sector

23. December 6, Las Vegas Review-Journal – (Nevada) Channel 13 fined over so-called ‘special reports’. Journal Broadcasting Corp., was ordered to pay a $115,000 penalty by the U.S. Federal Communications Commission (FCC) December 6 in a settlement after its television station KTNV 13 Las Vegas represented paid ads as “special reports” in 2009 failing to disclose the reports were actually paid advertisements, which violated the FCC’s sponsorship identification rule. Source: http://www.reviewjournal.com/news/las-vegas/channel-13-fined-over-so-called-special-reports