Tuesday, April 14, 2015



Complete DHS Report for April 14, 2015

Daily Report

Top Stories

 · Miami officials reported April 9 that 42 individuals were charged in connection to various schemes in which the suspects allegedly used thousands of stolen identities to try to collect about $22 million in tax refunds and other benefits. – Miami Herald See item 4 below in the Financial Services Sector

 · Authorities arrested and charged a Kansas man April 10 for planning a suicide bomb attack against the Fort Riley military base in an alleged plan to support the Islamic State (ISIS). – CBS News; Associated Press

18. April 10, CBS News; Associated Press – (Kansas) Kansas man accused of suicide plot at Army base. Authorities arrested and charged a Kansas man April 10 for planning a suicide bomb attack against the Fort Riley military base in an alleged plan to support the Islamic State (ISIS), after the suspect attempted to arm what he thought was a 1,000-pound bomb inside a van near the base. Federal prosecutors claimed that the suspect met with an undercover FBI agent in October 2014 and expressed extremist views and a desire to attack American soldiers. Source: http://www.cbsnews.com/news/john-booker-army-recruit-in-kansas-accused-of-trying-to-support-isis/

 · U.S. and European agencies along with private security firms collaborated with Interpol to disrupt the Simda botnet by seizing 14 command and control (C&C) servers throughout the Netherlands, U.S., Poland, Luxembourg, and Russia. – Securityweek See item 21 below in the Information Technology Sector

 · U.S. Department of Agriculture officials announced April 9 that $73 million will be invested to rehabilitate and assess about 150 dams in 23 States to consider structural integrity, flood damage protection, and water supply improvements. – U.S. Department of Agriculture

31. April 9, U.S. Department of Agriculture – (National) USDA invests in critical dam rehabilitation and assessment projects in 23 states. U.S. Department of Agriculture officials announced April 9 that $73 million will be invested to rehabilitate and assess about 150 dams in 23 States to consider structural integrity, flood damage protection, and water supply improvements. Source: http://www.usda.gov/wps/portal/usda/usdahome?contentid=2015/04/0092.xml&contentidonly=true

Financial Services Sector

3. April 10, Mount Pleasant Morning Sun – (Michigan) Mt. Pleasant woman admits opening fake accounts, stealing cash at Alpena bank. A former branch manager and personal banker at Citizens Bank in Alpena pleaded guilty to embezzlement and filing false tax returns April 9 after a U.S. Internal Revenue Service investigation revealed that she allegedly stole over $300,000 from 2010 – 2011 by opening bank accounts in fictitious names and transferred funds to them from certificates of deposit held by elderly and deceased customers. Source: http://www.themorningsun.com/general-news/20150410/mt-pleasant-woman-admits-opening-fake-accounts-stealing-cash-at-alpena-bank

4. April 9, Miami Herald – (National) Feds bust 40 suspects in ID theft-fraud takedown in South Florida. Miami officials reported April 9 that 42 individuals were charged in connection to various identity-tax refund, credit card, debit card, and Social Security fraud schemes in which the suspects allegedly used thousands of stolen identities to try to collect about $22 million in tax refunds and other government benefits from the U.S. Department of the Treasury, Florida, and other States. The suspects were paid out $3.2 million through the schemes. Source: http://www.miamiherald.com/news/local/crime/article17932964.html

Information Technology Sector

21. April 13, Securityweek – (International) Law enforcement, security firms team up to disrupt Simda botnet. U.S. and European agencies along with private security firms collaborated with Interpol to disrupt the Simda botnet by seizing 14 command and control (C&C) servers throughout the Netherlands, U.S., Poland, Luxembourg, and Russia. The malware is usually delivered via exploit kits (EK) and is often used for the distribution of malware and potentially unwanted applications (PUA), and has infected over 770,000 computers worldwide over the past 6 months. Source: http://www.securityweek.com/law-enforcement-security-firms-team-disrupt-simda-botnet

22. April 12, IDG News Service – (International) Chinese hacker group among first to target networks isolated from internet. FireEye released findings in a technical report that identify a hacker group called Advanced Persistent Threat (APT) 30 as one of the first to target air-gapped networks with malware that has infected defense-related clients’ systems worldwide, utilizing custom-made malware components with worm-like capabilities that can infect removable drives such as USB sticks and hard drives. Source: http://www.networkworld.com/article/2909093/chinese-hacker-group-among-first-to-target-networks-isolated-from-internet.html

23. April 11, Softpedia – (International) New Shellshock worm seeks vulnerable systems at tens of thousands of IPs. Security researchers at Volexity observed that cybercriminals had amassed 26,356 internet protocol (IP) addresses belonging to systems vulnerable to the Shellshock bug for the Bash command shell found in many Linux and Unix systems, that allows attackers to execute arbitrary commands by appending them after a variable function. Scanning for vulnerable systems has since decreased and the malicious files were removed from the IP address hosting them. Source: http://news.softpedia.com/news/New-Shellshock-Worm-Seeks-Vulnerable-Systems-at-Tens-of-Thousands-of-IPs-478233.shtml

24. April 10, Krebs on Security – (International) Don’t be fodder for China’s ‘Great Cannon’. Researchers from the University of Toronto, the International Computer Science Institute, and the University of California, Berkeley, released findings that a percentage of unencrypted Web traffic destined for the Chinese search service Baidu was actively manipulated by censors via malicious JavaScript (JS) files to cause users’ browsers to participate in denial-of-service (DoS) attacks. The capability was dubbed “The Great Cannon” and could serve malicious code that exploits other browser vulnerabilities. Source: http://krebsonsecurity.com/2015/04/dont-be-fodder-for-chinas-great-cannon/

25. April 10, Securityweek – (International) Siemens patches DoS, other vulnerabilities in SIMATIC HMI products. Siemens began releasing security updates addressing several vulnerabilities in its SIMATIC HMI (human-machine interaction) devices which include allowing attackers positioned between the HMI panel and programmable logic controller (PLC) to cause a denial-of-service (DoS) condition and intercept or modify industrial communication by sending specially crafted packets on transmission control protocol (TCP) port 102. Additional vulnerabilities include the ability to launch a man-in-the-middle (MitM) attack, and a flaw that allows users to authenticate themselves with password hashes instead of full passwords. Source: http://www.securityweek.com/siemens-patches-dos-other-vulnerabilities-simatic-hmi-products

Communications Sector

26. April 10, San Francisco Bay City News – (National) Sprint agrees to pay $15.5M in Federal surveillance lawsuit. Authorities announced April 9 that Sprint Communications, Inc., had agreed to pay $15.5 million to settle allegations that the company defrauded Federal law enforcement agencies out of $21 million from 2007 to 2010 by billing for expenses not covered under the Communications Assistance in Law Enforcement Act, while recovering otherwise legitimate costs of carrying out court-ordered wiretaps and surveillance activities. Source: http://sfappeal.com/2015/04/sprint-agrees-to-pay-15-5m-in-federal-surveillance-lawsuit/