Monday, January 25, 2016



Complete DHS Report for January 25, 2016

Daily Report                                            

Top Stories

• An impending snowstorm along the east coast prompted more than 4,500 flight cancellations nationwide, school closures across several States, and the shutdown of public transportation in Washington, D.C. January 22 and January 23. – CNN

5. January 22, CNN – (National) Snowstorm threaten east coast; D.C., Baltimore under blizzard warnings. An impending snowstorm along the east coast prompted more than 4,500 flight cancellations nationwide, school closures across several States, the shutdown of the Washington Metropolitan Area Transit Authority (Metro) in Washington, D.C., and state of emergency issuances along the Atlantic coast for January 22 and January 23. Preparations for the storm follow snowfall January 20 in Maryland and Virginia, which caused 767 accidents and responses to 392 calls for disabled vehicles, among other incidences. Source: http://www.cnn.com/2016/01/21/us/winter-snowstorm-washington-blizzard/

• A blizzard warning prompted the closure of nearly all Washington, D.C., Maryland, and Virginia schools January 22 after officials declared states of emergency January 21. – WRC 4 Washington, D.C.

9. January 22, WRC 4 Washington, D.C. – (Washington, D.C.; Maryland; Virginia) Blizzard may dump 30 inches of snow on DC area; first flakes begin at noon. A blizzard warning prompted the closure of nearly all Washington, D.C., Maryland, and Virginia schools January 22 after officials declared states of emergency January 21. Federal government and local government offices were also closed or issued early closures as a precaution. Source: http://www.nbcwashington.com/news/local/Icy-Roads-Close-Delay-Schools-Ahead-of-Expected-Blizzard-366030031.html

• The Georgia Department of Corrections charged 4 current officers, 11 former officers, 18 inmates, and 21 civilians in connection to a corruption, fraud, and money laundering scheme at the Autry State Prison in Pelham January 21. – WMAZ 13 Macon

12. January 21, WMAZ 13 Macon – (Georgia) 54 indicted in Georgia state prison conspiracy case. The Georgia Department of Corrections announced January 21 that 4 current officers, 11 former officers, 18 inmates, and 21 civilians were charged in connection to a corruption, fraud, and money laundering scheme at the Autry State Prison in Pelham in which the defendants allegedly used contraband cell phones to call and mislead victims into falsely thinking that they failed to report to jury duty and ordered them to pay bogus fines.

• AMX released a firmware update for its NX-1200 device, a central controller used by the White House, after an SEC Consult discovered backdoor accounts on older versions of the device. – Softpedia See item 14 below in the Information Technology Sector


Financial Services Sector

3. January 21, KTLA 5 Los Angeles – (California) Hourslong search for 2 bank robbery suspects ends in Culver City; 2 others detained. Two schools were placed on lockdown and a T.J. Maxx store was evacuated January 21 after four armed men reportedly fired shots at a One West Bank in Culver City and robbed the bank of an undisclosed amount of funds. Two of the four suspects were detained outside of the bank and the retail store, and no injuries were reported.

4. January 21, Sacramento Bee – (California) Sacramento woman pleads guilty to role in credit card fraud conspiracy. The U.S. Attorney's Office announced that a Sacramento woman pleaded guilty January 21 to conspiracy to commit access-device fraud and aggravated identity theft charges after she was linked to a credit card scheme involving four others who allegedly committed mail fraud, obtained at least 500 counterfeit credit and debit cards, and made over $186,000 in fraudulent purchases at retail stores in the Sacramento area from July 2014 – April 2015. Source: http://www.sacbee.com/news/local/crime/article55915090.html

For another story, see item 1 below from the Energy Sector

1. January 21, Associated Press – (Alabama) Alabama couple ordered to return $1.6 million in BP claim money. The owners of Alabama-based Vision Design Management were ordered to repay more than $1.6 million in claim money following the 2010 BP Deepwater Horizon explosion in the Gulf of Mexico after a Federal court determined that the company submitted fraudulent revenue documents to the Deepwater Horizon Economic Claims Center, and were wrongfully awarded over $2.1 million. Source: http://www.al.com/news/index.ssf/2016/01/alabama_couple_ordered_to_retu.html

Information Technology Sector

13. January 22, ZDNet – (International) TeslaCrypt flaw opens the door to free file decryption. A security researcher discovered that the TeslaCrypt ransomware and variants of TeslaCrypt 2.0 contained a design flaw in how the ransomware’s encryption keys were stored in a victim’s computer following the discovery that a new Advanced Encryption Standard (AES) key was generated during each encryption session, revealing that researchers could use specialized programs to retrieve prime numbers of the stored keys to reconstruct a decryption key. Researchers developed software that generates decryption keys for TeslaCrypt files with the extensions .ECC, .EZZ, .EXX, .XYZ, .ZZZ, .AAA, .ABC, .CCC, and .VVV. Source: http://www.zdnet.com/article/teslacrypt-vulnerability-exposes-ransomed-files-to-free-cracking/

14. January 21, Softpedia – (International) Backdoor account found on devices used by White House, US military. AMX released a firmware update for its NX-1200 device, a central controller used by the White House for conference room equipment, after a security researcher from SEC Consult discovered that older versions of the devices’ firmware were embedded with a series of backdoor accounts under the username, “BlackWidow” and “1MB@tMaN” that could have allowed attackers to spy on users and hack the device. A source code named “setUpSubtleUserAccount” was found to set up hidden user accounts without appearing in the devices’ configuration screen, posing several vulnerabilities. Source: http://news.softpedia.com/news/backdoor-found-in-devices-used-by-white-house-us-military-499239.shtml

15. January 21, Softpedia – (International) Kovter malware victims were secret zombies in the ProxyGate proxy network. Security researchers from Forcepoint detected that the malware, Kovter was recently distributed through an email campaign attached with ZIP files that when opened, executes a JavaScript file and connects to a web server without the users’ consent and downloads the Kovter malware, and two additional payloads including the Miuref adware and the ProxyGate installer. Researchers believe the author of the campaign may be running other malicious campaigns through ProxyGate’s network to increase his available proxy output Internet Protocol (IP) address by using the Kovter’s payload. Source: http://news.softpedia.com/news/kovter-malware-victims-were-secret-zombies-in-the-proxygate-proxy-network-499252.shtml

Communications Sector

Nothing to report