Monday, December 28, 2015




Complete DHS Report for December 28, 2015

Daily Report                                            

Top Stories

• The owners of Good Neighbor Services Corp., were indicted December 21 for their alleged involvement in a $7 million insurance fraud and tax evasion scheme that hid the existence of at least 800 hotel workers in California. – San Diego Union-Tribune See item 5 below in the Financial Services Sector

• Oregon officials closed a portion of Highway 42 December 23 for at least a week due to a potential landslide that could spill over the highway. – Roseburg News-Review

7. December 23, Roseburg News-Review – (Oregon) Landslide closes Highway 42 ‘for a long time,’ says ODOT. The Oregon Department of Transportation closed Highway 42 at the Coos-Douglas county line December 23 until further notice due to debris from steep hills that may spill over the highway following heavy rainstorms which caused land destabilization. Official reported that the highway could be closed for at least a week.

• A December 23 fire at the Rockcastle County jail in Kentucky sent 13 inmates and 2 guards to an area hospital and caused the temporary displacement of about 90 other inmates. – WKYT 27 Lexington

17. December 23, WKYT 27 Lexington – (Kentucky) Fire inside Rockcastle Co., Ky. jail leads to evacuations, hospitalizations. A December 23 fire at the Rockcastle County jail in Mt. Vernon, Kentucky, sent 13 inmates and 2 guards to an area hospital to be treated for smoke inhalation and caused the temporary displacement of about 90 other inmates after the fire began following an argument about a television in a jail cell. The jail is closed for repairs until further notice due to extensive smoke and water damage. Source: http://www.local8now.com/news/headlines/Fire-inside-Rockcastle-Co-jail-leads-to-evacuations-hospitalizations-363421651.html

• A Bahamian man was charged December 22 for allegedly hacking into the email accounts of individuals working in the entertainment and professional sports industries to steal industry and personal information. – SecurityWeek See item 19 below in the Information Technology Sector

Financial Services Sector

3. December 23, Philadelphia Business Journal – (National) Local bank pays $4.3M to settle charges of ‘unfair and deceptive practices.’ The U.S. Federal Deposit Insurance Corporation announced December 23 that The Bankcorp, Inc., will pay $4.3 million in fines and restitution to settle alleged violations of the Federal Trade Commission Act after authorities found that the bank failed to protect consumers against account errors, failed to provide promised rewards from a debit-card program, and charged deceptive fees on a prepaid card. Source: http://www.bizjournals.com/philadelphia/news/2015/12/23/bancorp-ftc-settlement-million-unfair-banking.html

4. December 23, Shelby County Reporter – (Alabama) Pelham man arrested in connection to $1 million tax fraud scheme. The Internal Revenue Service (IRS) announced December 23 that a Birmingham employee was arrested and charged in connection to an alleged stolen identity tax-refund scheme that netted over $1 million in false claims. Three other co-conspirators were arrested for their alleged roles in the scheme which involved stealing personal identity information from the IRS to create fraudulent tax returns and collecting the stolen refunds. Source: http://www.shelbycountyreporter.com/2015/12/23/pelham-man-arrested-in-connection-to-1-million-tax-fraud-scheme/

5. December 21, San Diego Union-Tribune – (California) Company owners indicted in $7M hotel-worker fraud case. The owners of Irvine-based Good Neighbor Services Corp., were indicted December 21 for their alleged involvement in a $7 million insurance fraud and tax evasion scheme that reportedly hid the existence of at least 800 hotel workers in California in order to avoid paying over $3.6 million in workers’ compensation insurance rates and over $3.3 million in payroll taxes. The owners, along with 6 accomplices used 12 shell companies to misrepresent the number of employees and the size of payroll in order to defraud insurance providers and the State. Source: http://www.sandiegouniontribune.com/news/2015/dec/21/janitor-services-fraud-indictment/

For additional stories, see item 20 below in the Information Technology Sector and 21 below from the Commercial Facilities Sector

21. December 24, SecurityWeek – (International) Hyatt Hotels finds malware on payment systems. Hyatt Hotels Corporation reported December 23 that an investigation is ongoing into a potential breach of its payment processing systems following the discovery of malware on its systems. The company has taken additional steps to strengthen security measures and advised its customers to monitor their payment card statements for any suspicious activity.

Information Technology Sector

18. December 23, SecurityWeek – (International) Threat group uses new malware to target Russian organizations. Palo Alto Networks reported that a new threat group, similar to Roaming Tiger operation, has been using a new malware tool dubbed “BBSRAT” to infect devices by using the same command and control (C&C) domains, but deploying different malware variants and separate infrastructure for each of the targeted entities via droppers and downloaders, which creates registry entries for persistence. Once installed on a system, the malware collects data from the infected device and sends it back to a remote server via POST request, allowing attackers to send commands to uninstall or kill the malware, execute a shellcode, start or stop a service, manipulate processes, and execute commands, among other actions. Source: http://www.securityweek.com/threat-group-uses-new-malware-target-russian-organizations

19. December 23, SecurityWeek – (International) Man charged for hacking celebrity emails. The U.S. Attorney’s Office for the Southern District of New York reported December 22 that a man from the Bahamas was charged for allegedly hacking into the email accounts of 130 individuals working in the entertainment, media, and professional sports industries to steal private files including movie and TV scripts, Social Security numbers, and passport copies via malware and phishing campaigns. The suspect was arrested December 21 after attempting to sell 15 scripts and the personal information of 3 professional athletes and 1 actress for $80,000. Source: http://www.securityweek.com/man-charged-hacking-celebrity-emails

20. December 23, SecurityWeek – (International) Ramnit botnet returns. Researchers from IBM Security discovered a new botnet and a new variant of the Ramnit trojan that uses a different command and control (C&C) structure, relies on shorter configuration files, and uses web injections leveraged by other trojans including Dridex, Shifu, and Neverquest to infect banking Web sites from a remote server. The malware is distributed via malvertising campaigns that rely on the Angler exploit kit (EK), but researchers reported that the malware could also be distributed through other infection vectors. Source: http://www.securityweek.com/ramnit-botnet-returns

For another story, see item 21 above in the Financial Services Sector

Communications Sector

Nothing to report