Wednesday, March 23, 2016



Complete DHS Report for March 23, 2016

Daily Report                                            

Top Stories

• Golden Valley Electric Association announced March 21 that its Healy Unit 2 coal plant in Alaska will be closed for at least 4 – 6 months following the plant’s shut down March 3. – Fairbanks Daily News-Miner

1. March 21, Fairbanks Daily News-Miner – (Alaska) Explosion will keep GVEA’s Healy Unit 2 coal plant offline for several months. Golden Valley Electric Association announced March 21 that its Healy Unit 2 coal plant in Alaska will be closed for at least 4 – 6 months following the plant’s shut down March 3 when a fire in the coal feed system damaged a fan that transports pulverized coal dust, causing an explosion. An investigation into the cause of the fire will be completed during the plant’s closure. Source: http://www.newsminer.com/news/local_news/explosion-will-keep-gvea-s-healy-unit-coal-plant-offline/article_fe874caa-efd3-11e5-96e2-5f8c092158a9.html

• A dual citizen of Turkey and Iran was arrested and charged March 19 for his alleged role in a scheme to circumvent U.S. economic sanctions by conducting hundreds of millions of dollars-worth of transactions on behalf of the Iranian government and businesses. – U.S. Department of Justice See item 7 below in the Financial Services Sector

• Google released an emergency security patch addressing an elevation of privilege vulnerability that affects all Android devices running kernel versions 3.4, 3.10, and 3.14. – SecurityWeek See item 16 below in the Information Technology Sector

• Walt Disney World Park officials reported March 21 that a fire at its Animal Kingdom theme park in Florida caused all remaining performances to be cancelled and prompted 1,000 customers to evacuate the theater. – Fox News

18. March 22, Fox News – (Florida) Fire disrupts Disney’s Lion King show at Animal Kingdom. Walt Disney World Park officials reported March 21 that a fire at its Animal Kingdom theme park caused all remaining performances to be cancelled and prompted 1,000 of its customers to evacuate the theater after the blaze began during its “Festival of the Lion King” live-action show. The cause of the fire is under investigation. Source: http://www.foxnews.com/travel/2016/03/22/fire-disrupts-disneys-lion-king-show-at-animal-kingdom/

Financial Services Sector

6. March 21, U.S. Department of Justice – (Florida) Miami man pleads guilty to multimillion-dollar scheme to defraud commercial lenders and U.S. Export-Import Bank. Officials from the U.S. Department of Justice and the Export-Import Bank of the U.S. (EXIM) announced March 21 that a Miami man pleaded guilty for his role in a scheme to defraud 2 commercial lenders and EXIM out of more than $11 million after he and co-conspirators utilized companies they controlled to create fictitious invoices for the sale of merchandise, factored the invoices to 2 Miami-area lenders, transferred the funds they received through multiple bank accounts under their control, and used the proceeds to pay off prior factored invoices from 2007 – 2012. Officials stated that the man extended the scheme by creating false invoices and shipping documents to obtain a loan guaranteed by EXIM, and later defaulted on the loan, causing a $2 million loss to the U.S.

7. March 21, U.S. Department of Justice – (International) Turkish national arrested for conspiring to evade U.S. sanctions against Iran, money laundering and bank fraud. The U.S. Department of Justice announced March 21 that a dual citizen of Turkey and Iran was arrested March 19 and indicted on Federal charges for his alleged role in an international scheme to circumvent U.S. economic sanctions by conducting hundreds of millions of dollars-worth of transactions on behalf of the Iranian government and Iranian businesses, laundering the proceeds, and concealing the true nature of the illicit transactions through a network of companies located in Iran and Turkey, and elsewhere from U.S. banks and the U.S. Department of the Treasury’s Office of Foreign Assets Control between 2010 – 2015. Two other Iranian citizens included in the indictment remain at large for their alleged involvement in the scheme. Source: https://www.justice.gov/opa/pr/turkish-national-arrested-conspiring-evade-us-sanctions-against-iran-money-laundering-and

Information Technology Sector

16. March 21, SecurityWeek – (International) Google issues emergency patch for critical Android rooting exploit. Google released an emergency security patch addressing an elevation of privilege vulnerability that affects all Android devices running kernel versions 3.4, 3.10, and 3.14, which could allow local malicious applications to execute arbitrary code in the kernel by rooting applications that were previously installed by customers. Source: http://www.securityweek.com/google-issues-emergency-patch-critical-android-rooting-exploit

17. March 21, Softpedia – (International) “Surprise” ransomware uses TeamViewer to infect victims. A new ransomware dubbed Surprise was discovered to be infecting users’ personal computers (PCs) by using poorly secured TeamViewer installations and encrypting victim’s files via an AES-256 algorithm, using an RSA-2048 to secure each file’s encryption keys with a master’s key, and uploading the file to the command and control (C&C) server. Once an attacker encrypts a target’s file, a “.surprise” extension is added to all files and the victims are given a ransom note. Source: http://news.softpedia.com/news/surprise-ransomware-uses-teamviewer-to-infect-victims-502006.shtml

Communications Sector

Nothing to report