Friday, March 18, 2016



Complete DHS Report for March 18, 2016

Daily Report                                            

Top Stories

• An Oregon man was federally charged March 15 for allegedly defrauding U.S. financial institutions by making, presenting, and transmitting more than 300 fraudulent financial instruments purportedly worth over $100 trillion. – U.S. Department of Justice

5. March 16, U.S. Department of Justice – (Oregon) Oregon man charged with using fictitious financial instruments and failing to file income tax returns. Officials from the U.S. Department of Justice’s Tax Division announced March 15 charges against an Oregon man after he allegedly devised and participated in a scheme to defraud U.S. financial institutions out of monies by making, presenting, and transmitting more than 300 fraudulent financial instruments purportedly worth over $100 trillion and promoted the instruments as ways to pay off debts and Federal income taxes through seminars and private client consultations from 2008 – 2015. The suspect also failed to file income tax returns and report his income to the U.S. Internal Revenue Service for several years.

• Officials reached a $955,000 settlement with Severn Trent Environmental Services, Inc., March 16 after an investigation at its Hugo, Oklahoma water treatment facility revealed several drinking water violations that left thousands of residents with unsafe drinking water for months. – Associated Press

13. March 16, Associated Press – (Oklahoma) Oklahoma agency reaches $955,000 settlement over Hugo water problems. The Oklahoma Department of Environmental Quality reached a $955,000 settlement with Severn Trent Environmental Services, Inc., March 16 after an investigation at its Hugo Municipal Authority Water Supply treatment facility revealed several drinking water violations, including improper monitoring and low chlorination that left thousands of residents with unsafe drinking water for months. As a part of the settlement, $930,000 will be dedicated to upgrading communities’ water and wastewater treatment facilities. Source: http://www.tulsaworld.com/news/state/oklahoma-agency-reaches-settlement-over-hugo-water-problems/article_2d821325-754c-5955-9814-0e990aa29348.html

• New York authorities arrested 4 people March 15 for allegedly selling about $2.6 million worth of counterfeit products including fake Apple, Inc., watches via Internet sales and at flea markets. – Associated Press

21. March 16, Associated Press – (International) NYPD nabs $2.6M worth of fake Apple watches, headphones. The New York Police Department arrested 4 people March 15 for trademark counterfeiting charges after the group allegedly sold about $2.6 million worth of counterfeit products including fake Apple, Inc., watches and Beats Electronics, LLC music headphones via Internet sales and at flea markets. Authorities believe the shipments came from China twice a year beginning in 2014. Source: http://www.nbcphiladelphia.com/news/tech/NYPD-Seized-Counterfeit-Goods-Apple-Watches-Beats-Headphones-372291021.html

• Bailey’s Inc. officials reported March 16 that payment card and personal information for 250,000 customers may have been compromised after an attacker gained access to customer information on its Web site. – SC Magazine

23. March 16, SC Magazine – (National) Attacker compromises information of 250K in Bailey’s data breach. Bailey’s Inc. officials reported March 16 that 250,000 customers’ payment card and personal information including credit card numbers, cardholder names, card verification value (CVV) numbers, and credit card expiration dates, among other data, may have been compromised after an attacker gained unauthorized access to customer information on its Web site from December 2011 – January 2016. The company stated they have replaced its servers, enhanced its firewalls, and implemented critical changes to ensure their Web site was secure. Source: http://www.scmagazine.com/attacker-compromises-information-of-250k-in-baileys-data-breach/article/483630/

Financial Services Sector

4. March 16, WWBT 12 Richmond – (Virginia; Maryland) 2 men indicted by Federal grand jury for using skimming device at Chesterfield bank. Two Estonian men were arrested and indicted by a Federal grand jury March 15 for using a skimming device to steal the financial information of up to 40 people at a Bank of America in Richmond. Authorities have tied the pair to a scheme which targeted SunTrust, Bank of America, and State department credit union banks in Maryland and Virginia after a subsequent search of the duo’s apartment revealed 94 magnetic-strip cards, $32,000 in cash, and ATM skimmer hardware. Source: http://www.nbc12.com/story/31487829/2-men-indicted-by-federal-grand-jury-for-using-skimming-device-at-chesterfield-bank

5. March 16, U.S. Department of Justice – (Oregon) Oregon man charged with using fictitious financial instruments and failing to file income tax returns. Officials from the U.S. Department of Justice’s Tax Division announced March 15 charges against an Oregon man after he allegedly devised and participated in a scheme to defraud U.S. financial institutions out of monies by making, presenting, and transmitting more than 300 fraudulent financial instruments purportedly worth over $100 trillion and promoted the instruments as ways to pay off debts and Federal income taxes through seminars and private client consultations from 2008 – 2015. The suspect also failed to file income tax returns and report his income to the U.S. Internal Revenue Service for several years.

Information Technology Sector

17. March 16, The Register – (International) Middle-aged US bloke pleads guilty to iCloud celeb nude photo hack. The U.S. Department of Justice reported March 16 that a man from Lancaster pleaded guilty to one count of unauthorized access to a protected computer after he illegally accessed and downloaded images from 50 iCloud accounts and 72 Gmail accounts via phishing attacks from November 2012 – September 2014. Source: http://www.theregister.co.uk/2016/03/16/celebgate_phisher_pleads_guilty/

18. March 16, Softpedia – (International) AceDeceiver iOS trojan abuses Apple’s Fairplay DRM System to infect users. Researchers from Palo Alto Networks reported that a new iOS trojan dubbed AceDeceiver was targeting Apple, Inc.’s FairPlay digital rights management (DRM) system and can allow attackers to infect both jailbroken and non-jailbroken devices by using a FairPlay Man-in-the-Middle (MitM) attack to spread pirated apps by allowing attackers to request authorized code and distribute the code to any device of choice, enabling hackers to act as a middleman between a victim’s personal computer (PC) and the App store. Source: http://news.softpedia.com/news/acedeceiver-ios-trojan-abuses-apple-s-fairplay-drm-system-to-infect-users-501815.shtml

19. March 16, Help Net Security – (International) Malvertising campaign hits MSN.com, NY Times, BBC, AOL. Security researchers from Malwarebytes and Trustwave discovered that a malvertising campaign was targeting popular Web sites such as the New York Times, Microsoft’s MSN Web site, and The Hill, among other Web sites, by using the ad networks hosted on each Web site to serve malicious ads that could lead users to other sites hosting an exploit kit (EK). Source: https://www.helpnetsecurity.com/2016/03/16/malvertising-campaign/

20. March 16, Softpedia – (International) Database of abandoned iOS app exposes details for 198,000 users. Security researchers from MacKeeper discovered that the MongoDB database associated with the discontinued Kinoptic iOS app exposed 198,000 users’ information online including usernames, email addresses, and hashed passwords, among other data, via a default MongoDB configuration that allowed the public to access its content without any form of authentication. Source: http://news.softpedia.com/news/database-of-abandoned-ios-app-exposes-details-for-198-000-users-501818.shtml

Communications Sector

Nothing to report