Complete DHS Report for March 18, 2016
Daily Report
Top Stories
• An Oregon man was federally charged March 15 for allegedly
defrauding U.S. financial institutions by making, presenting, and transmitting
more than 300 fraudulent financial instruments purportedly worth over $100
trillion. – U.S. Department of Justice
5. March 16,
U.S. Department of Justice – (Oregon) Oregon man charged with using
fictitious financial instruments and failing to file income tax returns. Officials
from the U.S. Department of Justice’s Tax Division announced March 15 charges
against an Oregon man after he allegedly devised and participated in a scheme
to defraud U.S. financial institutions out of monies by making, presenting, and
transmitting more than 300 fraudulent financial instruments purportedly worth
over $100 trillion and promoted the instruments as ways to pay off debts and
Federal income taxes through seminars and private client consultations from
2008 – 2015. The suspect also failed to file income tax returns and report his
income to the U.S. Internal Revenue Service for several years.
• Officials reached a $955,000 settlement with Severn Trent
Environmental Services, Inc., March 16 after an investigation at its Hugo,
Oklahoma water treatment facility revealed several drinking water violations
that left thousands of residents with unsafe drinking water for months. – Associated
Press
13. March 16,
Associated Press – (Oklahoma) Oklahoma agency reaches $955,000 settlement over
Hugo water problems. The Oklahoma Department of Environmental Quality
reached a $955,000 settlement with Severn Trent Environmental Services, Inc.,
March 16 after an investigation at its Hugo Municipal Authority Water Supply
treatment facility revealed several drinking water violations, including
improper monitoring and low chlorination that left thousands of residents with
unsafe drinking water for months. As a part of the settlement, $930,000 will be
dedicated to upgrading communities’ water and wastewater treatment facilities. Source:
http://www.tulsaworld.com/news/state/oklahoma-agency-reaches-settlement-over-hugo-water-problems/article_2d821325-754c-5955-9814-0e990aa29348.html
• New York authorities
arrested 4 people March 15 for allegedly selling about $2.6 million worth of
counterfeit products including fake Apple, Inc., watches via Internet sales and
at flea markets. – Associated Press
21. March 16,
Associated Press – (International) NYPD nabs $2.6M worth of fake Apple watches,
headphones. The New York Police Department arrested 4 people March 15 for
trademark counterfeiting charges after the group allegedly sold about $2.6
million worth of counterfeit products including fake Apple, Inc., watches and
Beats Electronics, LLC music headphones via Internet sales and at flea markets.
Authorities believe the shipments came from China twice a year beginning in
2014. Source: http://www.nbcphiladelphia.com/news/tech/NYPD-Seized-Counterfeit-Goods-Apple-Watches-Beats-Headphones-372291021.html
• Bailey’s Inc. officials reported March 16 that payment card and
personal information for 250,000 customers may have been compromised after an
attacker gained access to customer information on its Web site. – SC
Magazine
23. March 16,
SC Magazine – (National) Attacker compromises information of 250K in
Bailey’s data breach. Bailey’s Inc. officials reported March 16 that
250,000 customers’ payment card and personal information including credit card
numbers, cardholder names, card verification value (CVV) numbers, and credit
card expiration dates, among other data, may have been compromised after an
attacker gained unauthorized access to customer information on its Web site
from December 2011 – January 2016. The company stated they have replaced its
servers, enhanced its firewalls, and implemented critical changes to ensure
their Web site was secure. Source: http://www.scmagazine.com/attacker-compromises-information-of-250k-in-baileys-data-breach/article/483630/
Financial Services Sector
4. March 16,
WWBT 12 Richmond – (Virginia; Maryland) 2 men indicted by Federal grand jury for
using skimming device at Chesterfield bank. Two Estonian men were arrested
and indicted by a Federal grand jury March 15 for using a skimming device to
steal the financial information of up to 40 people at a Bank of America in
Richmond. Authorities have tied the pair to a scheme which targeted SunTrust,
Bank of America, and State department credit union banks in Maryland and
Virginia after a subsequent search of the duo’s apartment revealed 94
magnetic-strip cards, $32,000 in cash, and ATM skimmer hardware. Source: http://www.nbc12.com/story/31487829/2-men-indicted-by-federal-grand-jury-for-using-skimming-device-at-chesterfield-bank
5. March 16,
U.S. Department of Justice – (Oregon) Oregon man charged with using
fictitious financial instruments and failing to file income tax returns. Officials
from the U.S. Department of Justice’s Tax Division announced March 15 charges
against an Oregon man after he allegedly devised and participated in a scheme
to defraud U.S. financial institutions out of monies by making, presenting, and
transmitting more than 300 fraudulent financial instruments purportedly worth
over $100 trillion and promoted the instruments as ways to pay off debts and
Federal income taxes through seminars and private client consultations from
2008 – 2015. The suspect also failed to file income tax returns and report his income
to the U.S. Internal Revenue Service for several years.
Information Technology Sector
17. March 16,
The Register – (International) Middle-aged US bloke pleads guilty to iCloud
celeb nude photo hack. The U.S. Department of Justice reported March 16
that a man from Lancaster pleaded guilty to one count of unauthorized access to
a protected computer after he illegally accessed and downloaded images from 50
iCloud accounts and 72 Gmail accounts via phishing attacks from November 2012 –
September 2014. Source: http://www.theregister.co.uk/2016/03/16/celebgate_phisher_pleads_guilty/
18. March 16,
Softpedia – (International) AceDeceiver iOS trojan abuses Apple’s
Fairplay DRM System to infect users. Researchers from Palo Alto Networks
reported that a new iOS trojan dubbed AceDeceiver was targeting Apple, Inc.’s
FairPlay digital rights management (DRM) system and can allow attackers to
infect both jailbroken and non-jailbroken devices by using a FairPlay
Man-in-the-Middle (MitM) attack to spread pirated apps by allowing attackers to
request authorized code and distribute the code to any device of choice,
enabling hackers to act as a middleman between a victim’s personal computer
(PC) and the App store. Source: http://news.softpedia.com/news/acedeceiver-ios-trojan-abuses-apple-s-fairplay-drm-system-to-infect-users-501815.shtml
19. March 16,
Help Net Security – (International) Malvertising campaign hits MSN.com, NY Times,
BBC, AOL. Security researchers from Malwarebytes and Trustwave discovered
that a malvertising campaign was targeting popular Web sites such as the New
York Times, Microsoft’s MSN Web site, and The Hill, among other Web sites, by
using the ad networks hosted on each Web site to serve malicious ads that could
lead users to other sites hosting an exploit kit (EK). Source: https://www.helpnetsecurity.com/2016/03/16/malvertising-campaign/
20. March 16,
Softpedia – (International) Database of abandoned iOS app exposes details
for 198,000 users. Security researchers from MacKeeper discovered that the
MongoDB database associated with the discontinued Kinoptic iOS app exposed
198,000 users’ information online including usernames, email addresses, and
hashed passwords, among other data, via a default MongoDB configuration that
allowed the public to access its content without any form of authentication. Source:
http://news.softpedia.com/news/database-of-abandoned-ios-app-exposes-details-for-198-000-users-501818.shtml
Communications Sector
Nothing to report