Thursday, March 21, 2013   

Complete DHS Daily Report for March 21, 2013

Daily Report

Top Stories

 • A lawyer charged in a massive $279 million New York auto insurance fraud scheme pleaded guilty to conspiracy charges. A total of 36 individuals are charged in the scheme. – ABA Journal  See item 10 below in the Banking and Finance Sector

 • A loan broker and his conspirators were charged with fraudulently obtaining $100 million in bank loans backed by the U.S. Small Business Administration through his brokerage firm between 1990 and 2011 – Bloomberg News

19. March 19, Bloomberg News – (National) Loan broker admits to $100 million small-business fraud. A loan broker and his conspirators were charged with fraudulently obtaining $100 million in bank loans backed by the U.S. Small Business Administration through his brokerage, Jade Capital & Investments LLC, of Woodbridge, Virginia. The loan broker created 124 fake loans with 17 commercial lenders between 1990 and October 2011. Source: http://www.bloomberg.com/news/2013-03-19/virginia-loan-broker-admits-to-100-million-sba-bank-loan-fraud.html

 • Several South Korean TV stations and banks were hit by a cyberattack that caused computers on their networks to crash, be unable to be restarted, and flash error messages. Online banking and ATMs were also affected. – The Register See item 27 below in the Information Technology Sector

 • A heist at Virginia‟s Pentagon City Mall netted four thieves 23 watches worth more than $600,000. The robbery was the second crime of this type reported at the mall in 2 months. – Associated Press

35. March 19, Associated Press – (Virginia) Watches worth $600,000 taken in Va. Smash-and-grab. A heist at Virginia‟s Pentagon City Mall lasted 30 seconds and netted four thieves 

23 watches worth more than $600,000. The robbery was the second crime of this type reported at the mall in 2 months after a February 4 theft netted thieves $128,000 in stolen rings using the same method of smashing cases with a hammer. Source:http://www.abc6onyourside.com/template/inews_wire/wires.national/2dec92cf-www.abc6onyourside.com.shtml#.UUm_sSbD-Uk

Details

Banking and Finance Sector

9. March 20, Softpedia – (International) Man allegedly connected with Tilon banking trojan arrested by UK police. A man allegedly involved in distributing the Tilon banking trojan was arrested by authorities in the United Kingdom and charged with conspiracy to defraud and other offenses. Source: http://news.softpedia.com/news/Man-Allegedly-Connected-With-Tilon-Banking-Trojan-Arrested-by-UK-Police-338770.shtml

10. March 19, ABA Journal – (New York) Lawyer takes plea in $279M no-fault auto insurance fraud case. A lawyer charged in a massive $279 million New York auto insurance fraud scheme pleaded guilty to conspiracy charges. A total of 36 individuals are charged in the scheme, including two other lawyers. Source: http://www.abajournal.com/news/article/lawyer_takes_plea_in_279m_no-fault_auto_insurance_fraud_case/

11. March 19, CNN Money – (National) Florida man arrested for fraud in run-up to Facebook IPO. A man who allegedly defrauded investors of $8 million by claiming to have access to shares of social media companies prior to their IPOs was arrested in Florida. Source: http://buzz.money.cnn.com/2013/03/19/fraud-facebook-ipo/

For an additional story, see item 27 below in the Information Technology Sector

Information Technology Sector

27. March 20, The Register – (International) South Korean TV and banks paralysed in disk-wipe cyber-blitz. Several South Korean TV stations and banks were hit by a cyberattack that caused computers on their networks to crash, be unable to be restarted, and flash error messages. Online banking and ATMs were also affected. Source: http://www.theregister.co.uk/2013/03/20/south_korea_cyberattack/

28. March 20, V3.co.uk – (International) LinkedIn suffers mysterious service outage. Professional social networking site LinkedIn suffered an unexplained outage March 20. Source: http://www.v3.co.uk/v3-uk/news/2256145/linkedin-suffers-mysterious-service-outage

29. March 20, IDG News Service – (International) Microsoft: Hackers obtained high profile Xbox Live accounts. Microsoft reported that several Xbox Live accounts of current and former employees were compromised using social engineering techniques to obtain access. Source: http://www.computerworld.com/s/article/9237740/Microsoft_Hackers_obtained_high_profile_Xbox_Live_accounts

30. March 19, Help Net Security – (International) Massive Chameleon botnet steals $6M per month from advertisers. Researchers uncovered a sophisticated botnet dubbed “Chameleon” that uses over 120,000 hosts in the U.S. to perform click fraud. Source: http://www.net-security.org/secworld.php?id=14620

31. March 19, Threatpost – (International) T-Mobile Wi-Fi calling feature susceptible to man-in-the-middle snooping. T-Mobile released a patch March 18 to close a vulnerability that could allow man-in-the-middle (MiTM) attacks through T-Mobile devices‟ Wi-Fi Calling feature. Source: http://threatpost.com/en_us/blogs/t-mobile-wi-fi-calling-feature-susceptible-man-middle-snooping-031913

32. March 19, Threatpost – (International) Ruby on Rails patches DoS, XSS vulnerabilities. The developers of Ruby on Rails released patches to close vulnerabilities that could have allowed denial of service (DoS) attacks and cross-site scripting (XSS) injections. Source: http://threatpost.com/en_us/blogs/ruby-rails-patches-dos-xss-vulnerabilities-031913

33. March 19, eWeek – (International) Google pays $40,000 for partial Chrome OS exploit. Google awarded a researcher who participated in the Pwnium 3 contest $40,000 for uncovering a partial exploit of Chrome OS that contained a string of bugs that but did not produce an end-to-end exploit. Source: http://www.eweek.com/security/google-pays-40000-for-partial-chrome-os-exploit/

34. March 19, Softpedia – (International) Uracto malware hidden in at least 10 Android apps, Symantec finds. Researchers at Symantec found that the Uracto malware targeting Japanese users was seen in 10 different apps, has multiple variants, and appears to be created by the same group or developer as two other pieces of malware. Source: http://news.softpedia.com/news/Uracto-Malware-Hidden-in-at-Least-10-Android-Apps-Symantec-Finds-338610.shtml

Communications Sector

Nothing to report


Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information

About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport

Contact Information

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS Daily Report Team at (703)387-2314

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.

Removal from Distribution List:     Send mail to support@govdelivery.com.


Contact DHS

To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at  nicc@dhs.gov or (202) 282-9201.

To report cyber infrastructure incidents or to request information, please contact US-CERT at  soc@us-cert.gov or visit their Web page at  www.us-cert.go v.

Department of Homeland Security Disclaimer

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.