Complete DHS Report for December 13, 2016
• The president of Discovery Sales, Inc. pleaded guilty on behalf of his company December 8 to a builder bailout scheme that caused Wells Fargo & Company and JP Morgan Chase & Co. to suffer roughly $75 million in losses. – San Jose Mercury News See item 4 below in the Financial Services Sector
• The former president of Culpeper, Virginia-based Capitol Components and Millwork, Inc. (CCM) pleaded guilty December 9 to a $10.5 million bank fraud scheme. – U.S. Attorney’s Office, Eastern District of Virginia See item 5 below in the Financial Services Sector
• An unlicensed physician who formerly worked at Detroit-based B&M Visiting Doctors PLC pleaded guilty December 8 to his role in a $6.3 million Medicare fraud scheme where he submitted falsified patient records to Medicare from 2005 – 2013. – U.S. Department of Justice
17. December 9, U.S. Department of Justice – (Michigan) Unlicensed Michigan physician pleads guilty to conspiracy to commit wire fraud for role in $6.3 million Detroit-based Medicare fraud scheme. An unlicensed physician who formerly worked at Detroit-based B&M Visiting Doctors PLC pleaded guilty December 8 to his role in a $6.3 million Medicare fraud scheme where he falsified patient records, including medical documents, prescriptions for controlled substances, and billing documents, which he fraudulently submitted to Medicare from 2005 – 2013. Three co-conspirators previously pleaded guilty for their roles in the scheme. Source: https://www.justice.gov/opa/pr/unlicensed-michigan-physician-pleads-guilty-conspiracy-commit-wire-fraud-role-63-million
• A 2-alarm fire at the Wood Lawn Garden Apartments in Alexandria, Virginia, displaced 67 residents and caused nearly $230,000 in damages December 10. – WUSA 9 Washington, D.C.
25. December 11, WUSA 9 Washington, D.C. – (Virginia) More than 67 without homes after Va. fire. A 2-alarm fire at the Wood Lawn Garden Apartments in Alexandria, Virginia, displaced 67 residents and caused nearly $230,000 in damages December 10. Authorities believe the fire was caused by a mechanical failure of a natural gas furnace flue. Source: http://www.wusa9.com/news/local/alexandria/more-than-40-without-homes-after-va-fire/367740760
Financial Services Sector
3. December 9, Brookfield-Elm Grove Now – (Wisconsin) Two charged for allegedly scamming credit unions for over $300K. A Wisconsin couple was charged December 6 after the duo allegedly defrauded Enterprise Credit Union in Brookfield out of more than $300,000 after one of the defendants, who managed the bank’s accounts, had her co-conspirator cash bank checks worth $980 several times each week beginning in May 2015. The charges allege that the couple used the money to buy drugs. Source: http://www.wauwatosanow.com/story/news/crime/2016/12/09/two-charged-allegedly-scamming-credit-unions-over-300k/95207718/
4. December 9, San Jose Mercury News – (California) Homebuilder ordered to pay $11 million for “builder bailout” scam. A northern California residential developer and president of Discovery Sales, Inc. pleaded guilty on behalf of his company December 8 to a builder bailout scheme where former Discovery Sales employees secured mortgages for buyers of more than 325 Seeno-built homes through illicit means and opened at least $1.24 billion in construction lines of credit, resulting in over $200 million in sales and roughly $75 million in losses to Wells Fargo & Company and JP Morgan Chase & Co. from 2006 – 2008. The executive agreed to pay $3 million in restitution to Fannie Mae and Freddie Mac as well as an $8 million fine, and the firm was placed on probation for 5 years. Source: http://www.mercurynews.com/2016/12/08/homebuilder-albert-seeno-iii-ordered-to-pay-11-million-for-builder-bailout-scam/
5. December 9, U.S. Attorney’s Office, Eastern District of Virginia – (Virginia) Executive pleads guilty to $10.5 million bank fraud. The former president of Culpeper, Virginia-based Capitol Components and Millwork, Inc. (CCM) pleaded guilty December 9 to a $10.5 million bank fraud scheme where the former executive fraudulently maintained a credit line at Fauquier Bankshares, Inc. by misrepresenting the company’s true financial condition and submitting documents to the bank in October 2015 that fraudulently claimed there was roughly $17 million of total accounts receivable and inventory securing the bank’s $11.5 million credit line, while in reality there was no more than $3.4 million of total accounts receivable and inventory. CCM was unable to repay the interest or principal amount of the loan.
Information Technology Sector
19. December 12, Help Net Security – (International) New AirDroid releases fix major security issues. The AirDroid team released mobile version 220.127.116.11 and Microsoft Windows and Apple Mac version 18.104.22.168 of its remote management tool for Android after Zimperium security researchers found the app does not verify if a served update is legitimate, and sends and receives information over insecure channels, thereby exposing users on unsecured networks to man-in-the-middle (MitM) attacks. In addition to the security improvements, the AirDroid developers also upgraded the communication channels to Hypertext Transfer Protocol Secure (HTTPS) and enhanced the encryption method.
20. December 12, SecurityWeek – (International) Dozens of teens arrested over DDoS attacks. Europol announced that 34 arrests were made as part of a multi-national operation targeting users of distributed denial-of-service (DDoS) cyber-attack tools after the individuals allegedly paid for stressers and booters services to deploy malicious software to launch DDoS attacks. Authorities believe the tools used in the attacks are part of the illicit DDoS-for-hire services where a hacker can pay to have an attack carried out against a targeted victim.
21. December 12, SecurityWeek – (International) Samas ransomware gang made
$450,000 in one year analysis. Palo Alto Networks researchers reported that the cybercriminals behind the Samas, or SamSa ransomware were carrying out targeted attacks against the healthcare industry and have collected over $450,000 in ransom payments from their targets since the beginning of 2016. The ransomware has undergone a series of modifications since it was first spotted, including changes to the encrypted filename extensions that are appended to files after encryption takes place in order to make analysis and reverse-engineering more difficult. Source: http://www.securityweek.com/samas-ransomware-gang-made-450000-one-year-analysis
22. December 12, Help Net Security – (International) New minimum code signing requirements for use by all CAs. The Certificate Authority Security Council (CASC) announced that the Code Signing Working Group released new Minimum Requirements for Code Signing for use by all Certificate Authorities (CA) which represent the first standardized code signing guidelines and incorporate several new features to help businesses defend their systems from cyber-attacks, including stronger protection for private keys, certificate revocation, and improved code signatures time-stamping, among other features. Microsoft is the first applications software vendor to adopt the guidelines and will require CAs that issue code signing certificates for Windows platforms to adhere to the new requirements beginning February 1, 2017.
23. December 12, The Register – (International) Microsoft Edge’s malware alerts can be faked, researchers say. Security researchers discovered that malicious actors can abuse Microsoft’s Edge Web browser to display legitimate-appearing malware warning messages by altering URL characters and appending a hash and a URL of a Website that appears to be authentic to forge a technical support scam page due to flaws in Edge’s “ms-appx:” and “ms-appx-web:” protocols. The fraudulent warnings replace Edge’s SmartScreen messages, which are displayed if the browser detects suspected malicious Websites, indicating that a nominated site displayed in the address bar is infected. Source: http://www.theregister.co.uk/2016/12/12/microsoft_edges_malware_alerts_can_be_faked/
24. December 12, Help Net Security – (International) Critical flaw opens Netgear routers to hijacking. Netgear is investigating after the Computer Emergency Response Team Coordination Center (CERT/CC) warned that several of the company’s router models,
including R7000, R6400, and R8000, potentially among others, can be exploited by remote, unauthenticated attackers to execute Linux commands with root privileges on affected routers by appending the command to a URL and convincing a targeted victim to visit a maliciously crafted Website or a legitimate site that serves malicious ads. This access can be used to command a victim’s router to attack other computers, for File Transfer Protocol, or to carry out any other malicious action the attacker wants. Source: https://www.helpnetsecurity.com/2016/12/12/flaw-netgear-routers-hijacking/