Friday, June 20, 2014




Complete DHS Report for June 20, 2014

Daily Report

Top Stories

 • Three passengers aboard an aircraft were killed when the airplane ran off the runway at Huntsville International Airport in Alabama, caught fire, and crashed near a fence June 18.–WAFF 48 Huntsville

11. June 19, WAFF 48 Huntsville – (Alabama) 3 dead in plane crash at Huntsville International Airport. Three passengers aboard a Westwind II aircraft were killed when the airplane ran off the runway at Huntsville International Airport in Alabama, caught fire, and crashed near a fence June 18. The airport suspended all operations for several hours to investigate the crash. Source: http://www.waff.com/story/25811413/3-dead-in-crash-at-huntsville-international-airport

 • Heavy rainfall forced the closure of Interstate 29 in southeast South Dakota June 19, a levee breach in Iowa, and caused the town of Rock Rapids to lose its water supply indefinitely. – KCCI 8 Des Moines

12. June 19, KCCI 8 Des Moines – (Iowa; Nebraska, South Dakota) Flood summary: I-29 closing in SD, metro bike trails closing. Interstate 29 in southeast South Dakota was closed June 19 as cities in Iowa and Nebraska fought a surging Big Sioux River after heavy rainfall pushed the waterway to high levels in some areas. A levee breach in Iowa June 18 caused flooding while the town of Rock Rapids lost its water supply indefinitely. Source : http://www.kcci.com/weather/saylorville-to-rise-16-feet-with-more-rain-on-the-way/26549564

 • Officials reported that an estimated 100,000 acres of crops and farmland in Rock County, Minnesota, were damaged by strong storms systems that produced heavy rains and hail during the week of June 16. – Minneapolis Star Tribune

15. June 19, Minneapolis Star Tribune – (Minnesota) Water woes in Mankato; state park closes; 100K acres of crops lost in Rock Co. Officials reported that an estimated 100,000 acres of crops and farmland in Rock County, Minnesota, were damaged by strong storms that produced heavy rains and hail during the week of June 16. The storms eroded fields, flooded creeks and rivers, and caused cattle to be washed from the fields into the Rock River where they drowned. Source: http://www.startribune.com/local/263626331.html?page=all&prepage=1&c=y

 • Rady Children’s Hospital in San Diego notified over 20,000 patients June 17 that its employees mistakenly forwarded some of their private health information to about 15 job applicants June 6 and in 2012. – U-T San Diego

26. June 17, U-T San Diego – (California) Patient data breach at Rady Children’s. Rady Children’s Hospital in San Diego notified over 20,000 patients June 17 that its employees mistakenly forwarded some of their private health information to about 15 job applicants June 6 and in 2012. In the June incident the employee accidentally emailed a spreadsheet containing patients’ health information to applicants for data management jobs and in 2012, three job candidates viewed an email file containing patient data while 6 others viewed the data while testing on company computers. Source: http://www.utsandiego.com/news/2014/jun/17/rady-breach-data-patients-childrens-hospital/

Financial Services Sector

8. June 19, Stamford Daily Voice – (Connecticut) Stamford man admits role in mortgage fraud scheme, faces 30 years in prison. A Stamford man pleaded guilty June 16 to recruiting and directing straw buyers as part of a mortgage fraud scheme involving properties in Fairfield County that cost lenders over $7 million. Three others previously pleaded guilty in relation to the fraud which ran between 2005 and 2013. Source: http://stamford.dailyvoice.com/news/stamford-man-admits-role-mortgage-fraud-scheme-faces-30-years-prison

9. June 18, Dark Reading – (International) Malicious Google Play clone steals banking credentials. Google and FireEye worked to take down email addresses associated with a piece of banking malware that imitates the Google Play icon in Android devices and steals users banking and personal information. The malware was spotted by only 3 of 51 security programs and appears to currently be targeting Korean-speaking users. Source: http://www.darkreading.com/mobile/malicious-google-play-clone-steals-banking-credentials/d/d-id/1278692

10. June 18, U.S. Attorney’s Office, Western District of Virginia – (Virginia) Former head of Lynrocten Federal Credit Union indicted. The former manager of the Lynrocten Federal Credit Union in Lynchburg was charged in an indictment unsealed June 18 with bank fraud, embezzlement, and identity theft for allegedly making unauthorized loans in the names of credit union members, writing unauthorized checks from members’ accounts, and making false statements on $1 million in loans in order to enter into a Loan Participation Agreement with another credit union. The former head teller of the credit union pleaded guilty in January in relation to the alleged fraud. Source: http://www.fbi.gov/richmond/press-releases/2014/former-head-of-lynrocten-federal-credit-union-indicted

Information Technology Sector

31. June 19, Help Net Security – (International) Scan of Google Play apps reveals thousands of secret keys. Researchers with Columbia University used an automated tool called PlayDrone to scan, download, and decompile over 880,000 apps from the Google Play app store and found that several app developers often leave secret authentication keys embedded in the apps, potentially allowing attackers to steal user data or server resources, among other findings. Source: http://www.net-security.org/secworld.php?id=17026

32. June 19, Help Net Security – (International) Code hosting Code Spaces destroyed by extortion hack attack. Cloud code hosting service Code Spaces announced that it was forced to shut down its business after attackers deleted most of its stored code and backups after a ransom that accompanied a distributed denial of service (DDoS) attack was not paid. Source: http://www.net-security.org/secworld.php?id=17028

33. June 19, Softpedia – (International) Simplocker changes attack vectors. Researchers from ESET and Kaspersky found that several variants of the Simplocker ransomware were developed and that some attackers are using a trojan downloader known as Android/TrojanDownloader.FakeApp to attempt to infect victims. The ransomware is currently most prevalent in Ukraine and Russia and demands ransoms in those countries’ currencies. Source: http://news.softpedia.com/news/Simplocker-Increases-Attack-Vectors-447554.shtml

34. June 19, Help Net Security – (International) Bitcoin miner lurking on Facebook. Bitdefender researchers spotted a new Bitcoin mining malware campaign that utilizes Facebook messages to send users a malicious file that downloads .DLL files which embed a Bitcoin mining program on victims’ systems. The delivered payload can be changed by attackers as well, potentially allowing other forms of malware to be added to infected systems. Source: http://www.net-security.org/malware_news.php?id=2789

35. June 19, Softpedia – (International) Ancestry services crippled by DDoS attack. Servers belonging to Ancestry.com and several of its services were affected by a distributed denial of service (DDoS) attack that began June 16 and continued to cause issues for users June 19. Users reported that the site was only accessible intermittently and the site recommended that users switch to offline mode until the issue is resolved. Source: http://news.softpedia.com/news/Ancestry-Services-Crippled-by-DDoS-Attack-447427.shtml

For another story, see item 9 above in the Financial Services Sector

Communications Sector

Nothing to report