Friday, November 15, 2013



Complete DHS Daily Report for November 15, 2013

Daily Report

Top Stories

 • Some card readers at 60 Chicago Transit Authority train stations failed for about 15 to 90 minutes due to a server malfunction that resulted in 15,000 free rides for commuters before the problem was fixed. – Chicago Tribune

10. November 14, Chicago Tribune – (Chicago) Ventra outage hits 60 CTA stations, results in 15,000 free rides. Some Ventra card readers at 60 Chicago Transit Authority train stations failed for about 15 to 90 minutes due to a back-office server malfunction that resulted in 15,000 free rides for commuters before the problem was fixed November 13. Source: http://www.chicagotribune.com/news/local/breaking/chi-ventra-outage-hits-60-cta-stations-results-in-15000-20131113,0,1001325.story

 • Four Marines were killed during a routine sweep to make a range safe for future training exercises at California’s Camp Pendleton while they were clearing unexploded ordnance. – Associated Press

20. November 14, Associated Press – (California) 4 Marines die during safety sweep at Calif. base. Four Marines were killed during a routine sweep to make a range safe for future training exercises at California’s Camp Pendleton while they were clearing unexploded ordnance. Source: http://news.msn.com/us/4-marines-die-during-safety-sweep-at-calif-base

 • A former student was arrested after he ambushed, shot, and wounded three students outside the Brashear High School in Pittsburgh. – Pittsburgh Tribune-Review

21. November 14, Pittsburgh Tribune-Review – (Pennsylvania) 3 students shot outside Brashear High School. A former Brashear High School student was arrested November 13 after he ambushed, shot, and wounded three students outside the Pittsburgh school in what officials believe was a drug-related incident. Source: http://triblive.com/news/adminpage/5063971-74/brashear-police-avenue

 • Two teams competing in the PacSec 2013 Pwn2Own competition demonstrated methods to compromise security and steal personal information from popular smartphones. – The Register See item 30 below in the Information Technology Sector

Details

Financial Services Sector

5. November 14, Krebs on Security – (California) Feds charge Calif. brothers in cyberheists. Federal authorities arrested and charged two brothers in Fresno with allegedly stealing millions of dollars by stealing login credentials of brokerage accounts with Fidelity Investments, setting up fraudulent automated clearing house links between victim accounts and accounts they controlled, and then using prepaid debit cards from those accounts to purchase money orders that were deposited into other accounts for cash withdrawals. Source: http://krebsonsecurity.com/2013/11/feds-charge-calif-brothers-in-cyberheists/

6. November 14, Tampa Bay Business Journal – (Florida) FDIC lawsuit alleges ‘high-risk gamble’ by directors of failed Progress Bank. The Federal Deposit Insurance Corporation (FDIC) filed a lawsuit against three former directors of the failed Progress Bank of Florida seeking $6.3 million in damages, accusing the directors of gross negligence and breach of fiduciary duties. The bank’s 2010 failure cost the FDIC’s Deposit Insurance Fund $46.8 million. Source: http://www.bizjournals.com/tampabay/blog/morning-edition/2013/11/fdic-lawsuit-alleges-high-risk.html?page=all

7. November 13, Sioux City Journal – (National) Police: Storm Lake man had 350 fake credit, gift cards. Police arrested a Storm Lake, Iowa man November 13 and charged him with allegedly running a nationwide credit card fraud scheme. A search of the man’s residence yielded 350 fraudulent payment cards, a card re-encoder, and retail information from around the country. Source: http://siouxcityjournal.com/news/local/police-storm-lake-man-had-fake-credit-gift-cards/article_db705924-4d06-5584-90b0-e217632ffbdd.html

8. November 13, U.S. Attorney’s Office, Eastern District of New York – (National) Two indicted in $15 million investment fraud scheme that victimized National Hockey League players and Long Island investors. Two men were arrested in Arizona and charged in New York City with allegedly running a $15 million investment scheme involving fraudulent schemes in several States that targeted National Hockey League players and investors in Long Island, New York. Source: http://www.fbi.gov/newyork/press-releases/2013/two-indicted-in-15-million-investment-fraud-scheme-that-victimized-national-national-hockey-league-players-and-long-island-investors

9. November 13, Reuters – (New Jersey) High school pals plead guilty in NJ insider trading scheme. Two men in New Jersey pleaded guilty to their roles in an insider trading scheme that took place over 5 years and generated more than $1.7 million in illegal profits based. The men were the last of six men charged in November 2012 to plead guilty. Source: http://www.reuters.com/article/2013/11/13/crime-insidertrading-highschoolpals-plea-idUSL2N0IY1QW20131113

Information Technology Sector

28. November 14, Help Net Security – (International) Sinowal and Zbot trojan collaborate in new attack. Researchers at Trend Micro observed a variant of the ZeuS/Zbot trojan working in collaboration with a new Sinowal trojan to attempt to make ZeuS’s job easier by disabling the Trusteer Rapport security software. The two trojans are dropped by the Andromeda backdoor attached to malicious emails. Source: http://www.net-security.org/malware_news.php?id=2626

29. November 14, Softpedia – (International) MacRumors hacker says he will not leak the 860,000 passwords he stole. The MacRumors forums were hacked and 860,000 users’ usernames, emails, and password hashes were compromised, MacRumors confirmed November 12. However, the hacker who took credit for the breach claimed that they would not reveal the information. Source: http://news.softpedia.com/news/MacRumors-Hacker-Says-He-Will-Not-Leak-the-860-000-Passwords-He-Stole-400064.shtml

30. November 14, The Register – (International) Pwn2Own crackers leave iOS and Samsung mobe security IN RUINS. Two teams competing in the PacSec 2013 Pwn2Own competition demonstrated methods to compromise security and steal personal information from a Samsung Galaxy S4 running Android and an Apple device running iOS version 7.0.3 and iOS 6.1.4. Source: http://www.theregister.co.uk/2013/11/14/pwn2own_crackers_leave_ios_and_samsung_handsets_wide_open/

31. November 14, Softpedia – (International) Cybercriminals use new Linux backdoor to steal information from companies. Symantec researchers identified a cybercriminal operation that carried out an attack against a large hosting provider using a new Linux backdoor, dubbed Linux.Fokirtor that was able to gain access to usernames, passwords, emails, and possibly financial information. The backdoor hides inside server processes that could give the attack away and prompt security reviews. Source: http://news.softpedia.com/news/Cybercriminals-Use-New-Linux-Backdoor-to-Steal-Information-from-Companies-400203.shtml

32. November 14, Softpedia – (International) Remote code execution vulnerability fixed in BlackBerry Link. BlackBerry closed remote code execution and local privilege elevation vulnerabilities in its BlackBerry Link for Windows and Mac OS in a recent software update. Source: http://news.softpedia.com/news/Remote-Code-Execution-Vulnerability-Fixed-in-BlackBerry-Link-400167.shtml

33. November 14, Washington Post – (International) LivingSocial back online after Web site outage. An unspecified internal error caused LivingSocial’s Web site and mobile app to be inoperable for around 2 days starting November 12. The site and app were returned to service November 14. Source: http://www.washingtonpost.com/business/capitalbusiness/livingsocial-outage-continues-into-second-day/2013/11/13/ac6266c2-4c78-11e3-be6b-d3d28122e6d4_story.html

34. November 13, Softpedia – (International) At least 100,000 Instagram users fall victim to InstLike scam. Symantec researchers found that at least 100,000 Instagram users may have fallen victim for a scam service called InstLike that promised ‘likes’ and followers in return for providing Instagram login credentials and for buying virtual coins. The app was available in Google’s Play store and Apple’s App Store for several months and was downloaded between 100,000 and 500,000 times in the former. Source: http://news.softpedia.com/news/At-Least-100-000-Instagram-Users-Fall-Victim-to-InstLike-Scam-399959.shtml

35. November 13, SC Magazine – (International) Popular humor site hosted Nuclear Pack exploit kit. Barracuda Labs researchers found that popular humor site Cracked.com was compromised as of November 10 in order to host the Nuclear Pack exploit kit. Exploits were then served to visitors through a malicious Javascript targeting vulnerable versions of Java and Adobe Flash and PDF software. Source: http://www.scmagazine.com//popular-humor-site-hosted-nuclear-pack-exploit-kit/article/320833/

Communications Sector

36. November 14, Kansas City Star – (Kansas; Missouri; Oklahoma) Sprint: Service restored to disrupted markets. The source of a Sprint service outage that knocked out service to the Internet, text message exchanges, and the ability to make calls in Kansas City, St. Louis, and Oklahoma City was identified and service restored after more than 5 hours November 14. Source: http://www.kansascity.com/2013/11/14/4620837/sprint-network-down-in-kansas.html

37. November 12, U.S. Department of Labor – (New York) US Labor Department reaches settlement agreement with Verizon New York Inc. to increase training, safeguards for field technicians. The U.S. Department of Labor’s Occupational Safety and Health Administration reached a settlement with Verizon New York Inc., that included a fine of $147,000 and requirements to provide enhanced electrical safety training and other safeguards for field technicians, stemming from citations issued in March 2012 in connection with a fatal electrocution of an employee in September 2011 in Brooklyn. Source: https://www.osha.gov/pls/oshaweb/owadisp.show_document?p_table=NEWS_RELEASES&p_id=25071

For additional stories, see items 30 and 33 above in the Information Technology Sector