Friday, March 25, 2016



Complete DHS Report for March 25, 2016

Daily Report                                            

Top Stories

• A severe storm prompted the cancellation of hundreds of flights and the closure of the Denver International Airport in Colorado for more than 6 hours March 23 – March 24. – Fort Collins Coloradoan

11. March 24, Fort Collins Coloradoan – (Colorado) Transfort, DIA up and running, U.S. 287 and I-25 reopened. A severe storm that dumped several inches of snow in Colorado prompted the cancellation of hundreds of flights and the closure of the Denver International Airport for more than 6 hours March 23 – March 24. Schools and universities as well as interstates and highways were also closed. Source: http://www.coloradoan.com/story/news/2016/03/23/snow-delays-start-psd-school-i25-north-closed/82141896/

• A wildfire burned more than 400,000 acres in Kansas and Oklahoma March 24 and prompted the closure of U.S. 160 in Barber County for several hours March 23. – KAKE 10 Wichita

18. March 24, KAKE 10 Wichita – (Kansas; Oklahoma) Wildfire burns more than 400,000 acres in Kansas, Oklahoma. The governor of Kansas declared a state of emergency March 24 due to a wildfire that burned more than 400,000 acres in Kansas and Oklahoma and prompted the closure of U.S. 160 in Barber County for several hours March 23. Medicine Lodge Hospital was evacuated while fire crews worked to contain the blaze which continued to threaten 800 – 1,000 homes and businesses. Source: http://www.kake.com/home/headlines/Mile-wide-grass-fire-in-Comanche-County-373205531.html

• Researchers reported that an advanced data-stealing universal serial bus (USB) trojan dubbed, “USB Thief” was found in the wild and can compromise a system by injecting itself into the execution chain of portable versions of popular applications and disguising itself as a plugin or a Dynamic Link Library (DLL) file. – SecurityWeek See item 21 below in the Information Technology Sector

• An additional 48 bikers were indicted March 23 for allegedly engaging in organized criminal activity following a May 2015 shootout between 2 rival motorcycle clubs at a restaurant in Waco, Texas, that killed 9 people. – CNN

25. March 24, CNN – (Texas) 48 more bikers indicted in deadly shootout at Waco, Texas, restaurant. The McLennan County Criminal District Attorney announced March 23 that an additional 48 bikers were indicted for allegedly engaging in organized criminal activity following a May 2015 shootout between 2 rival motorcycle clubs at the Twin Peaks restaurant in Waco, Texas, that killed 9 people. The total number of indictments increased to more than 150 people.Source: http://www.cnn.com/2016/03/24/us/waco-more-bikers-indicted/

Financial Services Sector

6. March 24, KTVU 2 Oakland – (California) Woman captures video of ‘Bearded Bandit’ arrest. The FBI arrested a man dubbed the “Bearded Bandit” in Brentwood, California, March 23, after he allegedly committed 15 bank robberies that totaled $28,000 in theft from the San Francisco Bay Area. Source: http://www.ktvu.com/news/112910236-story

7. March 23, Los Angeles Times – (California) ‘Bad Breath Bandit’ strikes again at northern California bank, police say. Authorities are searching for a man dubbed the “Bad Breath Bandit” who is suspected of robbing the El Dorado Savings Bank in Georgetown, California, March 21 at gunpoint. Officials stated that the man is tied to four other bank robberies in northern California in 2014. Source: http://www.latimes.com/local/lanow/la-me-ln-bad-breath-bandit-strikes-again-20160323-story.html

8. March 23, Forum of Fargo-Moorhead – (North Dakota; Maryland) Valley City State prof faces ID theft charges after police seize 200 credit cards. A Chinese citizen working as an assistant professor at Valley City State University in North Dakota and Johns Hopkins University in Maryland was arrested March 22 after authorities discovered over 200 credit and gift cards, computers, electronic storage devices, and suspected counterfeit merchandise, among other items, in the professor’s apartment and office. The investigation began after authorities received anonymous photographs revealing the large number of credit cards bearing different names in the suspect’s apartment. Source: http://www.inforum.com/news/3993426-valley-city-state-prof-faces-id-theft-charges-after-police-seize-200-credit-cards

9. March 23, U.S. Department of Justice – (International) Miami businessman pleads guilty to foreign bribery and fraud charges in connection with Venezuela bribery scheme. The owner of multiple U.S.-based energy companies pleaded guilty March 22 to foreign bribery and Federal fraud charges after he and a co-conspirator participated in a scheme to illicitly secure energy contracts from Venezuela’s state-owned energy company, Petroleos de Venezuela S.A. (PDVSA) by paying bribes and other things of value to PDVSA officials in order to win lucrative energy contracts, ensure spots on PDVSA approved vendor lists, and be given payment priority ahead of other vendors from 2009 – 2015. Officials stated that four other individuals pleaded guilty for their participation in the scheme.

10. March 23, Reuters – (New Jersey) FBI seeks help nabbing bank robber known as ‘Count Down Bandit’. The FBI is searching March 23 for a man dubbed the “Count Down Bandit” who is suspected of committing at least seven robberies at banks around northern New Jersey, with his most recent taking place March 8. The suspect has reportedly targeted Hudson City bank branches. Source: http://www.reuters.com/article/us-new-jersey-bandit-idUSKCN0WP2PV

Information Technology Sector

21. March 23, SecurityWeek – (International) Sophisticated USB trojan spotted in the wild. Researchers from ESET reported that an advanced data-stealing universal serial bus (USB) trojan dubbed, “USB Thief” was found in the wild and can compromise a system by injecting itself into the execution chain of portable versions of popular applications and disguising itself as a plugin or a Dynamic Link Library (DLL) file. The threat is bound to a single USB drive and was reported to have four executables and two configuration files that enable it to avoid detection and prevent researchers from detecting, copying, and analyzing the malware. Source: http://www.securityweek.com/sophisticated-usb-trojan-spotted-wild

22. March 24, Help Net Security – (International) OS X zero day bug allows hackers to bypass system integrity protection. A security researcher discovered a non-memory corruption flaw in Apple Inc.,’s operating system (OS) X that could allow an attacker to compromise OS X and iOS systems by executing arbitrary code on any binary and escalating attackers’ privileges to root and/or bypass Apple’s System Integrity Protection feature. Researchers stated the zero-day vulnerability was not exploited by attackers, but the flaw could potentially be used in highly targeted or State sponsored attacks. Source: https://www.helpnetsecurity.com/2016/03/24/os-x-zero-day-bug-allows-hackers-bypass-system-integrity-protection/

23. March 24, SecurityWeek – (International) Oracle reissues patch for two-year-old Java. Oracle Corporation released updates for two of its Java SE products addressing a sandbox escape flaw after researchers discovered the previously patched flaw could be bypassed to allow a remote, unauthenticated attacker trick users into visiting a malicious Web site. The new update successfully patches the flaw within Java SE 8 Update 77 and Java SE 7 Update 99.

For additional stories, see item 5 below from the Defense Industrial Base Sector and 24 below in the Communications Sector

5. March 23, U.S. Department of Justice – (International) Chinese national pleads guilty to conspiring to hack into U.S. defense contractors’ systems to steal sensitive military information. The U.S. Department of Justice announced that a Chinese national pleaded guilty March 23 to participating with two others in China in a conspiracy to hack into computer networks of major U.S. defense contractors in order to steal military technical data. The businessman provided two co-conspirators with guidance regarding what persons, companies, and technologies to target, as well as which files and folders to steal once the individuals had successfully breached information technology systems. Source: https://www.justice.gov/opa/pr/chinese-national-pleads-guilty-conspiring-hack-us-defense-contractors-systems-steal-sensitive

Communications Sector

24. March 24, Help Net Security – (International) RCE flaw affects DVRs sold by over 70 different vendors. A security researcher from RSA Security discovered a remote code execution (RCE) flaw in digital video recorders (DVRs) sold by more than 70 different vendors and manufactured by a Chinese company, TVT Digital Technology Co., Ltd., can allow an attacker to gain root access to the DVR as the vulnerability resides within the implementation of the Hypertext Transfer Protocol (HTTP) server included in the firmware. The implementation opens ports 81/82 of the device to the Internet, which is included in over 30,000 devices internationally.