Thursday, January 23, 2014



Complete DHS Report for January 23, 2014

Daily Report

 • Thirteen men were charged with allegedly placing Bluetooth-equipped skimming devices on gas station pumps in Texas, Georgia, and South Carolina and using fraudulent cards made with the data obtained to steal and launder over $2 million. – Ars Technica See item 3 below in the Financial Services Sector

 • A semi-truck carrying hazardous materials caught fire at a Knouse Foods Cooperative plant in Orrtanna, Pennsylvania, forcing the building to be evacuated and sending 11 people to the hospital January 21. – Hanover Evening Sun

10. January 21, Hanover Evening Sun – (Pennsylvania) Chemical blaze in Orrtanna sends 11 to hospitals. A semi-truck carrying hazardous materials caught fire at a Knouse Foods Cooperative plant in Orrtanna January 21, forcing the building to be evacuated and sending 11 people to the hospital. A shelter-in-place order temporarily issued for residents living within one-half mile of the plant was lifted several hours later and the plant was scheduled to reopen January 23. Source: http://www.eveningsun.com/local/ci_24956056/911-explosion-tractor-trailer-fire-forces-evacuation-orrtanna

 • A huge snow storm that stretched from Kentucky to New England prompted schools to close across several States and roughly 1,400 flight cancellations nationwide. – Associated Press

17. January 22, Associated Press – (National) Snow swirls up east coast, leaving a bitter trail. A large snow storm January 21 that stretched from Kentucky to New England prompted schools to close January 22 across several States and roughly 1,400 flights to be cancelled nationwide. Source: http://news.msn.com/us/snow-swirls-up-east-coast-leaving-a-bitter-trail

 • Researchers identified a cyberespionage campaign targeting energy, government, and defense organizations in the U.S., Europe, and Asia that appears to be affiliated with the Russian government. – Softpedia See item 21 below in the Information Technology Sector

Details

Financial Services Sector

3. January 21, Ars Technica – (National) Feds: Thieves with Bluetooth-enabled data skimmers stole over $2 million. Thirteen men were charged January 21 with allegedly placing Bluetooth-equipped skimming devices on gas station pumps in Texas, Georgia, and South Carolina and using fraudulent cards made with the data obtained to steal over $2 million. The accused then allegedly deposited the stolen money in New York bank accounts and withdrew the stolen money in California or Nevada. Source: http://arstechnica.com/tech-policy/2014/01/feds-thieves-with-bluetooth-data-skimmers-stole-over-2-million/

4. January 21, Arizona Republic – (Arizona) Tempe police: 105 arrested in check-scam sweep. Police in Tempe announced the arrest of 105 suspects January 21 for allegedly being part of a large-scale check fraud scheme that stole around $240,000. The investigation began in March 2012 and identified five alleged check mills that were loosely connected. Source: http://www.azcentral.com/community/tempe/articles/20140121tempe-police-arrested-check-scam-sweep-abrk.html

5. January 21, Boston Globe – (Massachusetts) West Roxbury family pleads guilty to multimillion-dollar Ponzi scheme. Three members of a West Roxbury family pleaded guilty to running a Ponzi scheme through a firm called Viking Financial Group that cost at least 42 victims $10 million or more. Source: http://www.boston.com/news/local/massachusetts/2014/01/21/west-roxbury-family-pleads-guilty-multi-million-dollar-ponzi-scheme/99Px0kHIvuiQFUTHFCtI8O/story.html

For an additional story, see item 20 below:

20. January 21, Krebs on Security – (National) DHS alerts contractors to bank data theft. A U.S. Department of Homeland Security (DHS) spokesman stated that documents belonging to 114 contractor organizations that bid on a DHS Science & Technology division contract could have been disclosed by a security breach that occurred in late 2013, with 16 documents containing banking information. Source: http://krebsonsecurity.com/2014/01/dhs-alerts-contractors-to-bank-data-theft/

Information Technology Sector

21. January 22, Softpedia – (International) Russia accused of conducting global cyber espionage campaign. Researchers at CrowdStrike identified a large cyber espionage campaign targeting energy, government, defense, and other organizations in the U.S., Europe, and Asia operated by a group dubbed Energetic Bear that appears to be affiliated with the Russian government. The campaign has been monitored since August 2012 and relies on the HAVEX RAT and SYSMain RAT remote access trojans (RATs.) Source: http://news.softpedia.com/news/Russia-Accused-of-Conducting-Global-Cyber-Espionage-Campaign-419457.shtml

22. January 22, Threatpost – (International) XSS filter bypass bug found in Chrome and Safari. A researcher at Eleven Paths warned of a flaw in anti-cross site scripting (XSS) filters in the Chrome and Safari browsers that could be exploited to allow an attacker to bypass the filters and use XSS flaws on certain Web sites to compromise users’ systems. The researcher released a proof-of-concept for the vulnerability. Source: http://threatpost.com/xss-filter-bypass-bug-found-in-chrome-and-safari/103761

23. January 21, PCWorld – (International) Syrian Electronic Army hacks Microsoft’s Office Blogs site mere hours after redesign. Attackers claiming affiliation with the Syrian Electronic Army hacktivist group compromised Microsoft’s official Office Blogs site January 20. Microsoft reset the site’s account and regained control later that day. Source: http://www.pcworld.com/article/2089820/syrian-electronic-army-hacks-microsofts-office-blogs-site.html

Communications Sector

24. January 21, Eagle Valley Enterprise – (Colorado) Tower outage affects local cell phone users. AT&T customers in Vail were without cell phone service for nearly 11 hours January 21-22 after a degraded tower knocked out service and data functions. Crews were able to repair a landline connecting the cell site to the rest of the network that had failed. Source: http://www.vaildaily.com/news/9847952-113/service-edwards-phone-vail