Complete DHS Report for December 7, 2016
• A Federal court fined Sharon, Connecticut-based Wilkinson Financial Opportunity Fund $22 million December 3 for orchestrating a Ponzi scheme that bilked 30 investors out of $11 million. – WSHU 91.1 FM Fairfield See item 2 below in the Financial Services Sector
• Federal officials announced December 5 that a multinational operation involving arrests and searches in four countries successfully dismantled Avalanche, a complex network of computer servers that allegedly facilitated financial crimes and money laundering campaigns worldwide. – U.S. Department of Justice See item 16 below in the Information Technology Sector
• Authorities continued searching for victims December 5 after a fire at a converted warehouse in Oakland, California, that killed at least 36 people December 2. – CNN
17. December 6, CNN – (California) Oakland fire toll at 36; DA promises ‘thorough’ probe. California State and Federal authorities continued searching for victims December 5 after a December 2 fire at a converted warehouse in Oakland that killed at least 36 people. The cause of the fire remains under investigation. Source: http://www.cnn.com/2016/12/05/us/oakland-fire-investigation/
• A 10-alarm fire in Cambridge, Massachusetts, displaced 125 people and caused over 1,600 customers to lose power December 3. – Cambridge Patch
18. December 6, Cambridge Patch – (Massachusetts) Cambridge fire: Neighborhood burned; 10 alarms struck; 125 displaced. A 10-alarm fire in Cambridge, Massachusetts, December 3 damaged 16 buildings including a 20-unit affordable housing complex, displaced 125 people, and caused over 1,600 customers to lose power. No serious injuries were reported. Source: http://patch.com/massachusetts/cambridge/cambridge-fire-blazing-reached-six-alarms
Financial Services Sector
2. December 5, WSHU 91.1 FM Fairfield – (Connecticut) Conn. investment firm fined $22 million for running Ponzi scheme. A Federal court fined Sharon, Connecticut-based Wilkinson Financial Opportunity Fund $22 million December 3 for orchestrating a Ponzi scheme that bilked 30 investors out of $11 million. Beginning in 2005, a member of the firm’s board of directors falsely promised friends, relatives, and business partners 10 to 30 percent returns from their investments, and paid off old clients with earnings coming in from new clients when the promised returns failed to materialize.
3. December 4, Franklin Home Page – (Tennessee) Franklin man convicted on 31 counts of conspiracy, computer access and wire fraud. Two men were convicted December 2 for altering the denomination distribution amounts of cash dispensed from Safe Cash Systems, LLC ATMs at convenience stores, bars, and restaurants in Nashville, Tennessee, from January 2009 – March 2010 using passwords that one of the co-conspirators knew from his previous employment as a Safe Cash ATM technician. Once the denomination distribution amounts were changed, the duo made more than 800 withdrawals from Safe Cash ATMs using 9 bank accounts and 17 bank cards to steal over $600,000 from the company, 20 times the amount that was debited from their bank accounts. Source: http://franklinhomepage.com/franklin-man-convicted-on-31-counts-of-conspiracy-computer-access-and-wire-fraud/
4. December 3, WCCO 4 Minneapolis – (Minnesota) Jury convicts Minnesota chiropractor of tax evasion. A Minnesota chiropractor was convicted December 2 after he neglected to file individual income tax returns from 2004 – 2014, created a religious organization, Sovereign Christian Mission, to conceal his income and pay personal expenses, and presented a fraudulent financial instrument allegedly worth $300 million to the U.S. Internal Revenue Service (IRS), claiming it covered the taxes he was responsible for. The chiropractor tried to conceal his income by diverting money to a warehouse bank, MYICIS, cashing more than $800,000 in business checks, and submitting fictitious money orders and other financial instruments to the IRS.
For another story, see item 16 above in Top Stories
Information Technology Sector
15. December 5, SecurityWeek – (International) Chrome 55 patches 36 flaws, blocks Flash by default. Google released Chrome 55 patching a total of 36 security flaws including 12 high risk flaws in PDFium, Blink, DevTools, and V8, as well as 9 medium severity issues, and 5 low risk flaws, among other patched vulnerabilities. In addition to resolving the security flaws, Chrome 55 enhances user security by blocking Websites that contain Adobe Flash content out-of-the-box.
16. December 5, U.S. Department of Justice – (International) Avalanche network dismantled in international cyber operation. The U.S. Department of Justice announced December 5 that a multinational operation involving arrests and searches in four countries successfully dismantled Avalanche, a complex network of computer servers that allegedly hosted more than two dozen of the most severe types of malicious software and facilitated financial crimes and money laundering campaigns worldwide. The Avalanche network reportedly served clients operating as many as 00,000 infected computers worldwide on a daily basis and caused hundreds of millions of dollars in losses. Source: https://www.justice.gov/opa/pr/avalanche-network-dismantled-international-cyber-operation
For another story, see item 1 below from the Critical Manufacturing Sector
1. December 6, SecurityWeek – (International) Backdoor found in many Sony security cameras. Sony Corporation released firmware updates for 80 of its SNC series Internet Protocol (IP) cameras equipped with the IPELA ENGINE signal processing system after researchers from SEC Consult found that the firmware contains hardcoded password hashes for the admin and root users that are easy to crack, and discovered a Common Gateway Interface (CGI) binary that allows a remote user to enable the Telnet service on a device by sending it a specially crafted Hypertext Transfer Protocol (HTTP) request with authentication data, which can be easily found in plain text in a file, and then leverage the root account to gain remote access with elevated privileges. Once an attacker gains root access to a camera, the malicious actor can disrupt camera functionality, spy on the user, breach the network that houses the camera, and infect it with Mirai-like malware.
Nothing to report