Complete DHS Report for November 27, 2015
Daily Report
Top Stories
• A former Florida U.S. Postal Service employee was charged
November 23 after he allegedly stole at least $2.1 million from residents,
co-workers, and acquaintances in a fake gold and diamond investment opportunity
in Africa. – WPLG 10 Miami
12. November
24, WPLG 10 Miami – (Florida) Former postal employee arrested in alleged
investment scam. A former Florida U.S. Postal Service employee was arrested
and charged November 23 after he allegedly stole at least $2.1 million from
residents on his mail route, co-workers, and acquaintances in a fake gold and
diamond investment opportunity in Africa, where he promised victims that their
investments would double and guaranteed certain investors millions of dollars
in returns. The suspect also persuaded victims to invest in a fraudulent
infrastructure project in Africa, and instead used the money for personal
expenses. Source: http://www.local10.com/news/former-postal-employee-arrested-in-alleged-investment-scam/36637100
• Five people were charged November 24 in connection to a
kickback scheme that resulted in $580 million worth of fraudulent billing to
the government and insurance companies for patient referrals to 2 southern
California hospitals. – Associated Press
16. November
24, Associated Press – (California; Nevada) 5 charged with $580 million southern
California medical kickback scheme. Officials announced November 24 that 5
people, including a former hospital executive and 2 surgeons, were charged in
connection to a kickback scheme that resulted in $580 million worth of
fraudulent billing to the government and insurance companies. Two defendants
pleaded guilty and two others agreed to plead guilty in connection to the scam
which involved paying dozens of medical professions tens of millions of dollars
to refer patients to Pacific Hospital of Long Beach and Tri-City Regional
Medical Center in southern California for spinal surgeries. Source: http://www.startribune.com/5-charged-in-580m-southern-california-kickback-scheme/353295921/
• Nine Florida Department of Corrections employees were
among 50 individuals arrested the week of November 23 for their roles in a
scheme that distributed prescription pain medication to prisons in the State. –
Florida Times-Union
18. November
25, Florida Times-Union – (Florida) 50 arrested in prison painkiller
sting. The Bradford County Sheriff’s Office announced that 9 Florida
Department of Corrections (FDOC) employees were among 50 individuals arrested
the week of November 23 for their roles in a scheme that distributed the
prescription pain medication, Oxycodone, to prisons in the State after FDOC
workers obtained the narcotics through suppliers and individuals with
legitimate prescriptions. Source: http://jacksonville.com/news/crime/2015-11-24/story/50-arrested-prison-painkiller-sting
• Four men were arrested November 24 for allegedly slashing
an inflatable dam in Fremont, California, May 21, allowing the release of 50
million gallons of water into Alameda Creek. – KPIX 5 San Francisco;
Associated Press
23. November
24, KPIX 5 San Francisco; Associated Press – (California) Four
arrested for triggering 50-million gallon Fremont water spill. Four men
were arrested November 24 for allegedly slashing an inflatable creek dam in
Fremont May 21, allowing the release of 50 million gallons of water into
Alameda Creek and causing an estimated $1 million in damage to the dam. Source: http://sanfrancisco.cbslocal.com/2015/11/24/four-arrested-for-triggering-50-million-gallon-fremont-water-spill/
Financial Services Sector
5. November
25, Softpedia – (International) Researcher creates gadget that bypasses
credit card chip&PIN safeguards. A researcher created MagSpoof, a
device that can accurately read and predict credit card numbers and bypass
chip&PIN (CnP) safeguards by using information stored inside the magstripe
(magnetic strip), which can be extracted. Data is removed and fed to MagSpoof
allowing hackers to make financial transactions by placing the device near
point-of-sale (PoS) systems. Source: http://news.softpedia.com/news/researcher-creates-gadget-that-bypasses-credit-card-chip-pin-safeguards-496697.shtml
6. November
24, U.S. Department of Justice – (International) Former
California attorney pleads guilty in international investment fraud scheme. A
Las Vegas man pleaded guilty in Federal court November 24 for his role in a
nearly $5 million investment fraud scheme in which investors were told that
with an up-front payment, a Swiss company called Malom Group A.G. would grant
them access to international investment opportunities and cash loans. The man
also illegally presented himself as an attorney to investors after losing his license
to practice law. Source: https://www.fbi.gov/lasvegas/press-releases/2015/former-california-attorney-pleads-guilty-in-international-investment-fraud-scheme
7. November
24, KDKA 2 Pittsburgh – (Pennsylvania) Millionaire’s secretary
pleads guilty to fraud charge. A former secretary of a businessman in
Pittsburgh pleaded guilty November 24 to defrauding the U.S. Internal Revenue
Service out of $4 million in taxes by claiming that about $20 million of her
employer’s personal expenses were business expenses including the construction
of a mansion, the purchase of numerous exotic cars, and by designating staff
payroll as business expenses. Source: http://pittsburgh.cbslocal.com/2015/11/24/millionaires-secretary-pleads-guilty-to-fraud-charge/
8. November
24, KCNC 4 Denver – (Colorado) 2nd violent bank robbery suspect arrested, search
continues for 3rd. Police offered a $10,000 reward November 24 for
information leading to the arrest of a third suspect charged in a series of
crimes including a robbery at 1st Bank in Lakewood where 3 suspects entered the
bank November 18 wearing masks and made off with about $50,000 before shooting
and injuring at least 2 people during their getaway. Authorities arrested two
out of the three suspects who are also believed to be tied to a September bank
robbery in Lakewood. Source: http://denver.cbslocal.com/2015/11/24/1-of-2-suspects-identified-in-bank-robbery-crime-spree/
For another story, see item 12 above in Top Stories
Information Technology Sector
19. November
25, Securityweek – (International) Reuse of Cryptographic keys exposes millions
of IoT: study. Researchers from SEC Consult released a report identifying
that millions of Internet-of-Things (IoT) devices use the same cryptographic
keys hardcoded into the firmware, including secure shell (SSH) host keys and
X.509 certificates used for Hypertext Transfer Protocol Secure (HTTPS), that
may allow attackers to obtain sensitive information by connecting to a victim’s
network and leveraging the keys to launch impersonations, man-in-the-middle
(MitM) attacks, and passive decryption attacks. Source: http://www.securityweek.com/reuse-cryptographic-keys-exposes-millions-iot-devices-study
20. November
24, Wall Street Journal – (International) U.S. fines tech firm $1.5
million over sanctions violations. Campbell, California-based Barracuda
Networks Inc., agreed November 24 to pay about $1.5 million to the U.S.
Department of Commerce and $38,930 to the U.S. Department of the Treasury to
resolve allegations that the company and its U.K. subsidiary violated U.S.
sanctions and export control laws after selling Internet security products,
Web-filtering products that can block or censor Internet activity, and related
software subscriptions to Syria, Iran, and Sudan. Source: http://blogs.wsj.com/riskandcompliance/2015/11/24/u-s-fines-tech-firm-1-5-million-over-sanctions-violations/
21. November
23, Securityweek – (International) Malicious adware uses certificates to disable
security products. Researchers from Malwarebytes detected a trojan adware,
dubbed Vonteera, that blacklists13 certificates as “Untrusted Certificates” in
Microsoft Window’s certificate store to prevent anti-malware products that
block its infection as well as execute a new service called “appinf.exe” onto
infected operating systems that modifies desktop, taskbar, and start menu
shortcuts via a script designed to redirect victims to randomized Web sites. Source:
http://www.securityweek.com/malicious-adware-uses-certificates-disable-security-products
Communications Sector
Nothing to report