Complete DHS Report for
April 14, 2015
Daily Report
Top Stories
· Miami
officials reported April 9 that 42 individuals were charged in connection to
various schemes in which the suspects allegedly used thousands of stolen
identities to try to collect about $22 million in tax refunds and other
benefits. – Miami Herald See item 4
below in the Financial Services Sector
· Authorities
arrested and charged a Kansas man April 10 for planning a suicide bomb attack
against the Fort Riley military base in an alleged plan to support the Islamic
State (ISIS). – CBS News; Associated Press
18. April
10, CBS News; Associated Press – (Kansas) Kansas man accused of
suicide plot at Army base. Authorities arrested and charged a Kansas man
April 10 for planning a suicide bomb attack against the Fort Riley military
base in an alleged plan to support the Islamic State (ISIS), after the suspect
attempted to arm what he thought was a 1,000-pound bomb inside a van near the
base. Federal prosecutors claimed that the suspect met with an undercover FBI
agent in October 2014 and expressed extremist views and a desire to attack
American soldiers. Source: http://www.cbsnews.com/news/john-booker-army-recruit-in-kansas-accused-of-trying-to-support-isis/
· U.S. and
European agencies along with private security firms collaborated with Interpol
to disrupt the Simda botnet by seizing 14 command and control (C&C) servers
throughout the Netherlands, U.S., Poland, Luxembourg, and Russia. – Securityweek See item 21 below in the Information Technology Sector
· U.S.
Department of Agriculture officials announced April 9 that $73 million will be
invested to rehabilitate and assess about 150 dams in 23 States to consider
structural integrity, flood damage protection, and water supply improvements. –
U.S. Department of Agriculture
31. April 9, U.S. Department of Agriculture –
(National) USDA invests in critical dam rehabilitation and assessment
projects in 23 states. U.S. Department of Agriculture officials announced
April 9 that $73 million will be invested to rehabilitate and assess about 150
dams in 23 States to consider structural integrity, flood damage protection,
and water supply improvements. Source: http://www.usda.gov/wps/portal/usda/usdahome?contentid=2015/04/0092.xml&contentidonly=true
Financial Services Sector
3. April
10, Mount Pleasant Morning Sun – (Michigan) Mt. Pleasant woman
admits opening fake accounts, stealing cash at Alpena bank. A former branch
manager and personal banker at Citizens Bank in Alpena pleaded guilty to
embezzlement and filing false tax returns April 9 after a U.S. Internal Revenue
Service investigation revealed that she allegedly stole over $300,000 from 2010
– 2011 by opening bank accounts in fictitious names and transferred funds to
them from certificates of deposit held by elderly and deceased customers.
Source: http://www.themorningsun.com/general-news/20150410/mt-pleasant-woman-admits-opening-fake-accounts-stealing-cash-at-alpena-bank
4. April
9, Miami Herald – (National) Feds bust 40 suspects in ID
theft-fraud takedown in South Florida. Miami officials reported April 9
that 42 individuals were charged in connection to various identity-tax refund,
credit card, debit card, and Social Security fraud schemes in which the
suspects allegedly used thousands of stolen identities to try to collect about
$22 million in tax refunds and other government benefits from the U.S.
Department of the Treasury, Florida, and other States. The suspects were paid
out $3.2 million through the schemes. Source: http://www.miamiherald.com/news/local/crime/article17932964.html
Information Technology Sector
21. April 13,
Securityweek – (International) Law enforcement, security firms team up to
disrupt Simda botnet. U.S. and European agencies along with private
security firms collaborated with Interpol to disrupt the Simda botnet by
seizing 14 command and control (C&C) servers throughout the Netherlands,
U.S., Poland, Luxembourg, and Russia. The malware is usually delivered via
exploit kits (EK) and is often used for the distribution of malware and
potentially unwanted applications (PUA), and has infected over 770,000
computers worldwide over the past 6 months. Source: http://www.securityweek.com/law-enforcement-security-firms-team-disrupt-simda-botnet
22. April 12,
IDG News Service – (International) Chinese hacker group among first to target
networks isolated from internet. FireEye released findings in a technical
report that identify a hacker group called Advanced Persistent Threat (APT) 30
as one of the first to target air-gapped networks with malware that has
infected defense-related clients’ systems worldwide, utilizing custom-made
malware components with worm-like capabilities that can infect removable drives
such as USB sticks and hard drives. Source: http://www.networkworld.com/article/2909093/chinese-hacker-group-among-first-to-target-networks-isolated-from-internet.html
23. April 11,
Softpedia – (International) New Shellshock worm seeks vulnerable systems
at tens of thousands of IPs. Security researchers at Volexity observed that
cybercriminals had amassed 26,356 internet protocol (IP) addresses belonging to
systems vulnerable to the Shellshock bug for the Bash command shell found in
many Linux and Unix systems, that allows attackers to execute arbitrary
commands by appending them after a variable function. Scanning for vulnerable
systems has since decreased and the malicious files were removed from the IP
address hosting them. Source: http://news.softpedia.com/news/New-Shellshock-Worm-Seeks-Vulnerable-Systems-at-Tens-of-Thousands-of-IPs-478233.shtml
24. April 10,
Krebs on Security – (International) Don’t be fodder for China’s ‘Great Cannon’. Researchers
from the University of Toronto, the International Computer Science Institute,
and the University of California, Berkeley, released findings that a percentage
of unencrypted Web traffic destined for the Chinese search service Baidu was
actively manipulated by censors via malicious JavaScript (JS) files to cause
users’ browsers to participate in denial-of-service (DoS) attacks. The
capability was dubbed “The Great Cannon” and could serve malicious code that
exploits other browser vulnerabilities. Source: http://krebsonsecurity.com/2015/04/dont-be-fodder-for-chinas-great-cannon/
25. April 10,
Securityweek – (International) Siemens patches DoS, other vulnerabilities in
SIMATIC HMI products. Siemens began releasing security updates addressing
several vulnerabilities in its SIMATIC HMI (human-machine interaction) devices
which include allowing attackers positioned between the HMI panel and
programmable logic controller (PLC) to cause a denial-of-service (DoS) condition
and intercept or modify industrial communication by sending specially crafted
packets on transmission control protocol (TCP) port 102. Additional
vulnerabilities include the ability to launch a man-in-the-middle (MitM)
attack, and a flaw that allows users to authenticate themselves with password
hashes instead of full passwords. Source: http://www.securityweek.com/siemens-patches-dos-other-vulnerabilities-simatic-hmi-products
Communications Sector
26. April 10, San Francisco
Bay City News – (National) Sprint agrees to pay $15.5M in Federal
surveillance lawsuit. Authorities announced April 9 that Sprint
Communications, Inc., had agreed to pay $15.5 million to settle allegations
that the company defrauded Federal law enforcement agencies out of $21 million
from 2007 to 2010 by billing for expenses not covered under the Communications
Assistance in Law Enforcement Act, while recovering otherwise legitimate costs
of carrying out court-ordered wiretaps and surveillance activities. Source: http://sfappeal.com/2015/04/sprint-agrees-to-pay-15-5m-in-federal-surveillance-lawsuit/