Friday, December 18, 2015



Complete DHS Report for December 18, 2015

Daily Report                                            

Top Stories

• The former chief executive officer of Retrophin Inc., December 17 was charged with committing fraud after misappropriating over $1 million from 2 hedge funds he founded, and making false claims to investors, among other misconducts. – U.S. Securities and Exchange Commission See item 2 below in the Financial Services Sector

• A former portfolio manager at Canarsie Capital LLC was charged December 16 for secretly subjecting investors to massive risk, causing the fund to lose $56.5 million and collapse. – U.S. Securities and Exchange Commission See item 4 below in the Financial Services Sector

• Two Clark County residents were indicted December 16 for felony theft charges after the two vandalized $116,000 worth of lighting systems and stole 34,300 feet of copper wire across Interstate 1-64 in Kentucky. – WTVQ 40 Lexington

9. December 16, WTVQ 40 Lexington – (Kentucky) Clark Co. man, woman indicted in copper wire thefts on highways. Two Clark County residents were indicted December 16 with seven counts of theft and seven counts of first-degree criminal theft after an investigation revealed the two vandalized $116,000 worth of lighting systems and cut and removed about 34,300 feet of copper wire across Interstate 1-64 in Bath and Carter counties, Woodford County, and Clark County from October – November. Source: http://www.wtvq.com/2015/12/16/clark-co-man-woman-indicted-in-copper-wire-thefts-on-highways/

• A severe storm that moved across North Dakota and South Dakota December 16 caused power outages to hundreds of homes, businesses, and schools, prompted travel alerts, and forced Ellsworth Air Force Base to close. – Associated Press

12. December 16, Associated Press – (North Dakota; South Dakota) Storm leads to power outages, closed schools in Dakotas. A severe storm that moved across North Dakota and South Dakota December 16 knocked out power to hundreds of homes and businesses, closed schools, prompted travel alerts, and forced Ellsworth Air Force Base in South Dakota to close due to poor road conditions. Source: http://rapidcityjournal.com/news/local/storm-leads-to-power-outages-closed-schools-in-dakotas/article_454ebc40-296d-5997-844d-f3b77517cd49.html

Financial Services Sector

2. December 17, U.S. Securities and Exchange Commission – (National) SEC charges former CEO with fraud. The U.S. Securities and Exchange Commission charged the former chief executive officer (CEO) of Retrophin Inc., a pharmaceutical company, December 17 with misappropriating over $1 million from 2 hedge funds he founded, MSMB Capital Management LP and MSMB Healthcare LP, and for making material misrepresentations to investors, among other misconduct. The former CEO worked with two other co-conspirators to mislead investors and executives about the hedge funds’ size and performance, which resulted in millions in losses. Source: http://www.sec.gov/news/pressrelease/2015-282.html

3. December 16, Charleston Post and Courier – (South Carolina; Georgia) Summerville mortgage fraud probe nets new indictment; losses totaled $23 million. Federal authorities announced that 2 suspects from Summerville were charged December 15 for their roles in a $45 million mortgage loan scheme in South Carolina and Georgia involving 70 properties and losses of more than $23 million. Three others pleaded guilty in connection to the scheme based off real estate and mortgages businesses in the town. Source: http://www.postandcourier.com/article/20151216/PC05/151219525/1005/

4. December 16, U.S. Securities and Exchange Commission – (New York) SEC: Hedge fund adviser lied to investors. The U.S. Securities and Exchange Commission announced December 16 that a former portfolio manager at Canarsie Capital LLC in New York was charged for making false and misleading statements to investors about the fund’s performance, lying to the fund’s prime brokers to avoid margin calls, and for liquidating all of the long positions in a long/short equity portfolio, causing the fund to lose about $56.5 million and collapse. Source: http://www.sec.gov/news/pressrelease/2015-281.html

5. December 16, Federal Bureau of Investigation, Knoxville – (Tennessee) Arrest and indictment of armed bank extortionists. The FBI announced December 16 that two suspects were arrested in North Carolina for their roles in a series of robberies at three Tennessee banks, including the Y-12 Federal Credit Union in Oak Ridge, SmartBank in Knoxville, and Northeast Community Credit Union in Elizabethton from April to October. Source: https://www.fbi.gov/knoxville/press-releases/2015/arrest-and-indictment-of-armed-bank-extortionists

For another story see item 16 below from the Government Facilities Sector

16. December 16, San Francisco Bay City News – (California) Former ABAG financial services director guilty of fraud, admits stealing nearly $3.9 million. A former financial services director for the Association of Bay Area Governments, a regional urban planning agency, pleaded guilty in Federal court in San Francisco December 15 to embezzling close to $3.9 million from funding allocated by the agency for public works projects in California between 2011 and 2015. Source: http://www.mercurynews.com/crime-courts/ci_29262897/former-abag-financial-services-director-guilty-fraud-admits

Information Technology Sector

17. December 16, Softpedia – (International) XRTN ransomware discovered, currently undecryptable. A researcher from Bleeping Computer’s released a report on the XRTN ransomware detailing how the malware infects a computer system by sending email attachments, such as malicious Word documents and batch files that are encoded with JavaScript commands, to a victim’s corporate or personal email, that if opened and downloaded, attackers can execute the JavaScript commands to run batch files that will encrypt personal data files and add the .xrtn extension. All files are encrypted with an RSA-1024 key, which can only be decrypted with a private key held by the attacker. Source: http://news.softpedia.com/news/xrtn-ransomware-discovered-currently-undecryptable-497739.shtml

18. December 16, Softpedia – (International) Four Network Management Systems vulnerable to SQLi and XSS attacks. Two security researchers discovered six vulnerabilities in four Network Management Systems (NMS) that allow attackers to gain access to applications and use the affected system to carry out future attacks via four cross-site scripting (XSS) flaws and two SQL injection (SQLi) flaws, which enables hackers to access a user’s session information, through the management interface, breach the underlying database, steal information about all connected devices, and escalate privileges over the server itself. Source: http://news.softpedia.com/news/four-network-management-systems-vulnerable-to-sqli-and-xss-attacks-497735.shtml

19. December 16, IDG News Service – (International) Grub2 bootloader flaw leaves locked-down Linux computers as risk. Two researchers from the Cybersecurity Group at Universitate Politenica de Valencia found an integer underflow vulnerability in Grand Unified Bootloader2 (GRUB2), a boot loader for Linux systems, that can be triggered by pressing the backspace key 28 times when the bootloader asks for a user’s credentials, allowing unauthorized access to a powerful shell which can enable hackers to rewrite the Grub2 code loaded in the RAM and bypass the authentication checkpoint. Once an attacker penetrates the bootloader, hackers can destroy data on the disk and install malware to steal authentic users’ encrypted home folder data. The vulnerability exist in all versions of GRUB2 from 1.98 released December 2009 to the current 2.02. Source: http://www.computerworld.com/article/3015995/security/grub2-bootloader-flaw-leaves-locked-down-linux-computers-at-risk.html#tk.rss_security

20. December 15, The Register – (International) Web host Moonfruit defies Armada DDoS crew… by (temporarily) defeating itself. United Kingdom-based Web host, Moonfruit was back online after pulling its own Web site and many of its customers’ Web sites offline for approximately twelve hours while researchers upgraded the company’s defenses and advised users to update settings following a December 10 denial-of-service (DDoS) attack by the Armada Collective Crew that shut down the company’s Web site for 45 minutes. The company stated they were making significant infrastructure changes to prevent future DDoS attacks. Source: http://www.v3.co.uk/v3-uk/news/2439205/moonfruit-takes-thousands-of-websites-offline-after-cyber-attack-threat

Communications Sector
 
21. December 16, Eureka Times-Standard – (California) AT&T vows to upgrade North Coast network after outages. AT&T Inc. officials announced December 16 that it will be upgrading its North Coast Network by 2016 to prevent single point failures and to reduce outage impacts on local communities, such as wire cuts and Internet service failures, by reprogramming its equipment to route service traffic over diverse fiber paths. Source: http://www.times-standard.com/general-news/20151216/att-vows-to-upgrade-north-coast-network-after-outages