Friday, September 30, 2016



Complete DHS Report for September 30, 2016

Daily Report                                            

Top Stories

• Weatherford International agreed to pay $140 million September 27 to settle charges that the firm fraudulently lowered its year-end provision for income taxes to align earnings with previously-disclosed projections. – U.S. Securities and Exchange Commission

1. September 27, U.S. Securities and Exchange Commission – (Washington, D.C.) Oil services company paying $140 million penalty for account fraud. The U.S. Securities and Exchange Commission announced September 27 that Weatherford International, an oil services company, agreed to pay $140 million to settle charges that the firm fraudulently lowered its year-end provision for income taxes by up to $154 million each year in order to align its earnings with its previously-disclosed projections and effective tax rate. Source: https://www.sec.gov/news/pressrelease/2016-194.html

• The former president and chairman of the board at Gerova Financial Group, Ltd. was convicted September 28 for defrauding the firm’s shareholders out of roughly $72 million by diverting corporate stock to himself and 6 co-conspirators from 2009 – 2011. – U.S. Attorney’s Office, Northern District of New York See item 6 below in the Financial Services Sector

• A NJ Transit train crashed at the Hoboken Terminal in New Jersey September 29, killing at least 1 person and injuring up to 100 others. – WNBC 4 New York

8. September 29, WNBC 4 New York – (New York) 1 dead, up to 108 hurt in major Hoboken train crash. NJ Transit train number 1614 traveling on the Pascack Valley Line crashed through a bumper stop at the end of the platform at the Hoboken Terminal in Hoboken, New Jersey, September 29, killing at least 1 person, injuring up to 100 others, and causing extensive damage to the station. The cause of the derailment remains under investigation. Source: http://www.nbcnewyork.com/news/local/Major-Train-Accident-in-Hoboken-Injuries-Reported-395249051.html

• Vibra Healthcare, LLC agreed to pay $32.7 million September 28 to resolve claims that the firm admitted multiple patients to 5 of its long-term care hospitals and 1 inpatient rehabilitation facility who did not qualify for treatment at the facilities between 2006 and 2013. – U.S. Department of Justice

16. September 28, U.S. Department of Justice – (National) Vibra Healthcare to pay $32.7 million to resolve claims for medically unnecessary services. Vibra Healthcare, LLC agreed to pay $32.7 million September 28 to resolve claims that Vibra admitted multiple patients to 5 of its long-term care hospitals (LTCHs) and 1 of its inpatient rehabilitation facilities (IRFs) who did not qualify for treatment at the facilities, and extended the stay of LTCH patients to complete medically unnecessary services between 2006 and 2013. As part of the settlement, Vibra agreed to enter a corporate integrity agreement with the Inspector General of the U.S. Department of Health and Human Services.

Financial Services Sector

6. September 28, U.S. Attorney’s Office, Southern District of New York – (International) Former president and chairman of the board of Gerova Financial Group, found guilty of defrauding shareholders. The former president and chairman of the board at Gerova Financial Group, Ltd. was convicted September 28 for defrauding the firm’s shareholders out of roughly $72 million by secretly diverting corporate stock to himself and 6 co-conspirators without any legitimate business purpose from 2009 – 2011, causing the former executive to personally accumulate over $2.6 million in illicit earnings. The charges state that the former Gerova official intentionally deceived the firm’s chief financial officer and other officers, causing the company to conceal information about the stock scheme in its public filings with the U.S. Securities and Exchange Commission, among other fraudulent activities. Source: https://www.justice.gov/usao-sdny/pr/gary-hirst-former-president-and-chairman-board-gerova-financial-group-found-guilty

7. September 28, U.S. Department of Justice – (International) New York City resident pleads guilty to using sham foreign entity and secret foreign accounts in Switzerland and Israel to evade taxes. A New York resident pleaded guilty September 28 to Federal and New York State tax evasion for tax years 2003 – 2005 and 2007 – 2010 by hiding more than $7.3 million in undeclared financial accounts from 1987 – 2011 in Switzerland and Israel, as well as using Contactus Partnership Associated S.A., a fake British Virgin Island entity, to avoid paying over $650,000 in U.S. taxes. The charges allege the man repatriated the funds by having an attorney draft a fraudulent agreement between himself and Contactus, and wiring the funds into his attorney’s escrow account. Source: https://www.justice.gov/opa/pr/new-york-city-resident-pleads-guilty-using-sham-foreign-entity-and-secret-foreign-accounts

For another story, see item 1 above in Top Stories

Information Technology Sector

20. September 29, SecurityWeek – (International) Syrian Electronic Army member pleads guilty to hacking, extortion. A member of the Syrian Electronic Army (SEA) hacker group pleaded guilty to Federal charges for his role in an extortion scheme where he and another SEA member breached the systems of various organizations in the U.S. and other countries and threatened to damage their computers and data unless a ransom was paid. The FBI is searching for two other suspects involved in the extortion scheme. Source: http://www.securityweek.com/syrian-electronic-army-member-pleads-guilty-hacking-extortion

21. September 27, SecurityWeek – (International) Apple confirms weakened security in local iOS 10 backups. Apple confirmed an issue affecting the encryption strength for local backups of devices running on operating system (iOS) 10 after ElcomSoft security researchers discovered a bug in iOS 10 that makes local backups more susceptible to brute-force attacks than previous operating systems by allowing for 6,000,000 passwords to be attempted per second, while iOS 9 only allowed for 2,400 passwords to be attempted per second. Apple officials stated a patch for the flaw would be released in an upcoming update. Source: http://www.securityweek.com/apple-confirms-weakened-security-local-ios-10-backups

Communications Sector

22. September 28, SecurityWeek – (International) Siemens patches flaw in SCALANCE products. Siemens released an update for its SCALANCE M-800 industrial routers and SCALANCE S615 firewall versions prior to 4.02 resolving a medium severity vulnerability that could allow a man-in-the-middle (MitM) attacker to obtain Web session cookies and access potentially sensitive information. Source: http://www.securityweek.com/siemens-patches-flaw-scalance-products

Thursday, September 29, 2016



Complete DHS Report for September 29, 2016

Daily Report                                            

Top Stories

• Federal officials announced September 27 that Kirby Inland Marine L.P. agreed to pay $4.9 million to resolve claims stemming from a 4,000-barrel oil spill in the Houston Ship Channel in March 2014. – U. S. Department of Justice

2. September 27, U.S. Department of Justice – (Texas) Kirby Inland Marine to pay $4.9 million in civil penalties and provide fleet-wide improvements to resolve U.S. claims for Houston Ship Channel oil spill. U.S. Department of Justice and U.S. Coast Guard officials announced September 27 that Kirby Inland Marine L.P. agreed to pay $4.9 million in Clean Water Act civil penalties to resolve claims stemming from a 4,000-barrel oil spill in the Houston Ship Channel in March 2014. As part of the settlement, Kirby Inland Marine must implement fleet-wide operational improvements to vessels operating in the inland waters of the U.S., including the installation of enhanced navigational equipment of vessels, among other improvements. Source: https://www.justice.gov/opa/pr/kirby-inland-marine-pay-49-million-civil-penalties-and-provide-fleet-wide-improvements

• Two employees at a supermarket in Pawtucket, Rhode Island, were convicted September 27 for their roles in a $2.6 million Stolen Identity Refund Fraud scheme that began in January 2010. – U.S. Attorney’s Office, District of Rhode Island See item 5 below in the Financial Services Sector

• UBS Financial Services agreed September 28 to pay more than $15 million to settle charges alleging that the company failed to properly train sales representatives on the $548 million in reverse convertible notes (RCN) sold to over 8,700 retail customers. – U.S. Securities and Exchange Commission See item 6 below in the Financial Services Sector

• A former Commonwealth Bank of Australia executive was charged September 26 after he and several co-conspirators in Australia and the U.S. allegedly defrauded Computer Sciences Corporation out of $98 million. – U.S. Department of Justice See item 23 below in the Information Technology Sector

Financial Services Sector

5. September 28, U.S. Attorney’s Office, District of Rhode Island – (International) Jury convicts two in $2.6M stolen identity, tax fraud scheme. Two employees of the Dominican Supermarket in Pawtucket, Rhode Island, were convicted September 27 for their roles in a $2.6 million Stolen Identity Refund Fraud (SIRF) scheme where the duo and co-conspirators used more than 400 stolen identities, primarily from residents of Puerto Rico, to file falsified tax returns since January 2010. The charges state that counterfeit treasury checks were mailed to various locations in Rhode Island, Massachusetts, and New York and subsequently deposited into 27 different bank accounts controlled by the co-conspirators or others affiliated with the supermarket, and over $235,000 of the illicit earnings were transferred to a bank in the Dominican Republic.

6. September 28, U.S. Securities and Exchange Commission – (International) SEC charges UBS with supervisory failures in sale of complex products to retail investors. The U.S. Securities and Exchange Commission (SEC) announced September 28 that UBS Financial Services agreed to pay more than $15 million to settle charges alleging that the company failed to create and institute policies and procedures intended to properly educate and train sales representatives on the $548 million in reverse convertible notes (RCNs) it sold to over 8,700 inexperienced retail investors, which caused representatives to make unfit recommendations on RCN sales to certain retail clients regarding their investment profiles. As part of the settlement, the company will be censured by the SEC. Source: https://www.sec.gov/news/pressrelease/2016-197.html

For another story, see item 23 below in the Information Technology Sector

Information Technology Sector

21. September 28, SecurityWeek – (International) High severity DoS flaw patched in BIND. The Internet Systems Consortium released updates for the Domain Name System (DNS) software BIND addressing two vulnerabilities, including a high severity denial-of-service (DoS) flaw affecting all servers that can receive request packets from any source, which can be exploited using maliciously crafted DNS request packets. The updates also resolved a medium severity DoS flaw that can cause a targeted server to terminate due to an error. Source: http://www.securityweek.com/high-severity-dos-flaw-patched-bind

22. September 28, SecurityWeek – (International) Locky ransomware drops offline mode. Security researchers reported that the Locky ransomware adopted new methods after a BleepingComputer researcher spotted the malware appending the .ODIN extension to encrypted files, instead of the .zepto extension, and researchers from Avira found the ransomware switched back to the use of a command and control (C&C) server and dropped the use of an offline mode. The updated Locky version is still distributed via spam email campaigns that contain malicious code in the file attachments, which infects a system in order to deliver a ransom note. Source: http://www.securityweek.com/locky-ransomware-drops-offline-mode

23. September 27, U.S. Department of Justice – (International) American living in Australia charged in securities fraud case involving scheme to fraudulently inflate by nearly $100 million the cost of Santa Monica software company being purchased by Computer Sciences Corp. A former executive at Commonwealth Bank of Australia (CBA) was charged September 26 after he and several co-conspirators in Australia and the U.S. allegedly defrauded Computer Sciences Corporation (CSC) out of $98 million by inflating revenues for ServiceMesh, Inc., a Santa Monica, Californa-based cloud computer management software company that CSC planned to purchase from 2013 – 2014. The charges also allege that CBA employees received more than $630,000 in undisclosed kickbacks from a senior executive of ServiceMesh, Inc. involved in the scheme.

Communications Sector

Nothing to report