Friday, April 11, 2014




Complete DHS Report for April 11, 2014

Daily Report

Details

 • A Georgia man associated with the $50 million Carder.su identity theft, payment card fraud, and cybercrime organization agreed to plead guilty to federal racketeering charges according to court documents released April 9. – Ars Technica See item 8 below in the Financial Services Sector

 • Oakland County Police charged 5 individuals with allegedly operating a multimillion-dollar theft ring that stole items from Las Vegas and southeastern Michigan retailers and pharmacies and resold them on the Internet. – Detroit Free Press

19. April 9, Detroit Free Press – (Michigan; Nevada) Police: ‘Amazing’ $15,000-a-day shoplifting ring targeted CVS, Walgreens. Oakland County Police charged 5 individuals with operating a multimillion-dollar theft ring that stole items from Las Vegas and southeastern Michigan retailers, including CVS and Walgreens, and resold them on the Internet. The suspects stole as much as $15,000 a day in over-the-counter drugs and other goods from pharmacies and retailers and stored the items in a warehouse. Source: http://www.freep.com/article/20140409/NEWS03/304090129/shoplifting-ring-stole-thousands-of-dollars-Oakland-county

 • A former internal affairs lieutenant for the Miami-Dade Police Department was arrested April 8 in connection with allegedly working with a drug trafficking organization to assist in planning a murder plot and purchasing weapons for drug dealers in exchange for money and gifts. – CNN

23. April 8, CNN – (International) Miami cop accused of helping drug traffickers get guns, plot killing. A former internal affairs lieutenant for the Miami-Dade Police Department was arrested April 8 in connection with allegedly working with a drug trafficking organization to assist in planning a murder plot and purchasing weapons for drug dealers in exchange for money and gifts. The former lieutenant also reportedly used contacts at airports to transport weapons in carry-on luggage during international trips. Source: http://www.cnn.com/2014/04/08/justice/miami-police-lieutenant-arrested/index.html

 • Authorities issued a warrant and were searching for a man involved in a hit-and-run incident that killed 1 child and injured 14 others at a KinderCare day care center in Orlando, Florida, April 9. – CNN; WESH 2 Orlando

29. April 10, CNN; WESH 2 Orlando – (Florida) Authorities issue arrest warrant in deadly Florida day care center crash. Authorities issued a warrant and were searching for a man involved in a hit-and-run incident that killed 1 child and injured 14 others at a KinderCare day care center in Orlando April 9. The suspect was allegedly driving a vehicle that struck a car, which jumped the curb and crashed into the facility. Source: http://www.cnn.com/2014/04/10/us/florida-day-care-center-crash/

Financial Services Sector

7. April 9, KTLA 5 Los Angeles – (California) ‘Lugar Bandit’: Violent bank robber strikes again. Police reported that a suspect known as the “Luger Bandit” robbed a Chase Bank branch in San Dimas April 9, the seventh robbery linked to the suspect in Los Angeles, San Bernardino, and Riverside counties since January. Source: http://ktla.com/2014/04/09/lugar-bandit-sought-in-series-of-violent-bank-robberies-strikes-again/

8. April 9, Ars Technica – (International) Man behind Carder.su racketeering, other cybercrime, pleading guilty. A Georgia man associated with the Carder.su identity theft, payment card fraud, and cybercrime organization agreed to plead guilty to federal racketeering charges according to court documents released April 9. As many as 55 alleged members of the group that caused $50 million in losses have also been charged, with 8 pleading guilty and many remaining at large. Source: http://arstechnica.com/tech-policy/2014/04/man-behind-carder-su-racketeering-other-cybercrime-pleading-guilty/

For another story, see item 24 below in the Information Technology Sector

Information Technology Sector
 
24. April 10, Softpedia – (International) Deltek suffers data breach, hackers gain access to credit card information. Deltek reported that attackers breached the company’s GovWin IQ Web site, exposing personal and financial details of around 80,000 employees of federal contractors and about 25,000 payment card details belonging to customers of the site’s eCommerce platform. The breach was first discovered March 13 but occurred sometime between July 3, 2013 and November 2, 2013. Source: http://news.softpedia.com/news/Deltek-Suffers-Data-Breach-Hackers-Gain-Access-to-Credit-Card-Information-436861.shtml

25. April 10, The Register – (International) Not just websites hit by OpenSSL’s Heartbleed – your PC, phone and more may be in peril. A researcher from the SANS Institute reported in a presentation that the Heartbleed vulnerability in OpenSSL could also affect devices and applications on the client side as well as the server side, potentially allowing attackers to obtain passwords and cryptographic keys from PCs, phones, routers, and other devices. Source: http://www.theregister.co.uk/2014/04/10/many_clientside_vulns_in_heartbleed_says_sans/

26. April 10, Softpedia – (International) SQL injection vulnerability fixed in Orbit Open Ad Server. High-Tech Bridge researchers identified and reported a SQL injection vulnerability in the popular open-source ads server Orbit Open Ad Server that could have allowed attackers to compromise Web sites running vulnerable installations. OrbitScripts fixed the vulnerability after being notified by the researchers. Source: http://news.softpedia.com/news/SQL-Injection-Vulnerability-Fixed-in-Orbit-Open-Ad-Server-436925.shtml

27. April 9, Threatpost – (International) BlackBerry patches remote code execution vulnerability. BlackBerry released an update April 9 which closes a remote code execution vulnerability in BlackBerry 10 that could be exploited in a limited number of scenarios. Source: http://threatpost.com/blackberry-patches-remote-code-execution-vulnerability/105373

28. April 9, The Register – (International) Uh oh! Here comes the first bug in the Windows 8.1 Update. Microsoft suspended distribution of the Windows 8.1 Update for April after some enterprise customers using Windows Server Update Services (WSUS) 3.0 Service Pack 2 reported that the update prevented machines’ abilities to receive future updates. Source: http://www.theregister.co.uk/2014/04/09/windows_81_update_bug/

Communications Sector

Nothing to report