Wednesday, December 21, 2016



Complete DHS Report for December 21, 2016

Daily Report                                            

Top Stories

• A Chinese national pleaded guilty December 19 to stealing and exploiting highly sensitive military technology and documents, and transporting the majority of the stolen information to China from 2013 – 2014. – U.S. Department of Justice

3. December 19, U.S. Department of Justice – (Connecticut) Chinese national admits to stealing sensitive military program documents from United Technologies. A Chinese national pleaded guilty December 19 to stealing and exploiting highly sensitive military technology and documents from United Technologies Corporation’s United Technologies Research Center (UTRC) and transporting the majority of the stolen information to China from 2013 – 2014. The defendant admitted his intent to advance China’s defense industry, and beginning in 2013, expressed his intent to individuals outside UTRC to return to China to work on research projects at select Chinese State-run universities using knowledge and materials he had acquired during his UTRC employment.

• Bliss, Idaho officials worked to clean up roughly 6,000 gallons of raw sewage that spilled over a lagoon dike edge December 17. – KMVT 11 Twin Falls/KSVT 14 Twin Falls

12. December 17, Los Angeles Times – (California) Orange County children’s dental clinic closed after bacteria found in new water system. Health officials in Orange County, California, ordered the closure of the Children’s Dental Group of Anaheim December 15 after lab tests revealed the presence of Mycobacterium in the dental clinic’s new internal water system, which was replaced following a previous outbreak of oral infections. The county has recorded 58 reports of infections at the clinic. Source: http://www.latimes.com/local/lanow/la-me-ln-anaheim-dental-office-20161217-story.html

• Los Angeles County officials announced December 19 it is notifying about 756,000 people that their personal information may have been compromised after 108 county employees were victims of a phishing email scam in May 2016. – SecurityWeek

14. December 19, SecurityWeek – (California) Los Angeles County notifies 756,000 of data breach. Los Angeles County officials announced December 19 it is notifying about 756,000 people that their personal information including Social Security numbers, names, and dates of birth, among other sensitive information, may have been compromised after 108 county employees were victims of a phishing email scam in May 2016. Officials reported a Nigerian national was charged in connection with the incident. Source: http://www.securityweek.com/los-angeles-county-notifies-756000-data-breach
• Kaspersky Lab researchers warned that a spear phishing campaign has targeted roughly 500 organizations in the smelting, power generation and transmission, construction, and engineering industries across 50 countries since August 2016. – SecurityWeek See item 20 below in the Information Technology Sector

Financial Services Sector

4. December 19, Arizona Republic – (Arizona) FBI seeks leads on ‘Blues Bandit’ bank robber who struck in Phoenix, Glendale. The FBI is searching December 19 for a man dubbed the “Blues Bandit” who is suspected of robbing 3 Desert Schools Federal Credit Union locations inside Walmart stores in Phoenix and Glendale, Arizona, between October and December 2016. Source: http://www.azcentral.com/story/news/local/phoenix/2016/12/19/fbi-seeks-leads-blues-bandit-bank-robber-who-struck-phoenix-glendale/95612948/

Information Technology Sector

20. December 19, SecurityWeek – (International) Spear phishing attacks target industrial firms. Kaspersky Lab researchers warned that a spear phishing campaign has targeted roughly 500 organizations in the smelting, power generation and transmission, construction, and engineering industries across 50 countries since August 2016 in order to spy on users and steal sensitive data. The phishing emails contain a subject line with text used in a company’s correspondence in order to trick the victim into opening the malicious Rich Text Format (RTF) file attached, which downloads a malware that can diminish the ability of antivirus products. Source: http://www.securityweek.com/spear-phishing-attacks-target-industrial-firms-kaspersky-lab-ics-cert

21. December 19, SecurityWeek – (International) Brute force attacks on WordPress Websites soar. WordPress security firm Wordfence warned that the number of brute force attacks targeting WordPress Websites have increased to more than 700,000 attacks per day since November 24, and the number of unique attack Internet Protocols (IPs) has increased from an average of about 13,000 per day in the period between October 16 and November 24 to over 30,000 per day. The firm reported it has blocked up to 23 million brute force attack attempts per day.

For another story, see item 14 above in Top Stories

Communications Sector

Nothing to report