Thursday, March 31, 2016



Complete DHS Report for March 31, 2016

Daily Report                                            

Top Stories

• A clogged utility line in Woodland Park caused approximately 660,000 gallons of raw sewage to spill into Fountain Creek March 28, prompting Colorado Springs Utilities to open overflow pits to separate sewage. – KOAA 5 Pueblo

14. March 29, KOAA 5 Pueblo – (Colorado) More than 600,000 gallons of sewage spill into Fountain Creek. A clogged utility line in Woodland Park caused approximately 660,000 gallons of raw sewage to spill into Fountain Creek March 28, prompting Colorado Springs Utilities to open overflow pits to separate any sewage that made it through. The raw sewage dissipated into the soil of the dried creek and health officials posted signs warning residents of the spill. Source: http://www.koaa.com/story/31594658/more-than-600000-gallons-of-sewage-spills-into-fountain-creek

• Michigan authorities announced March 29 that at least 13 former and current principals in the Detroit Public Schools system were charged in a conspiracy scheme involving over $900,000 in kickbacks and bribes in exchange for doing business worth $2.7 million with Allstate Sales. – NBC News

19. March 29, NBC News – (Michigan) Feds charge 13 Detroit Public School principals in $900K kickback scheme. Michigan authorities announced March 29 that at least 13 former and current principals in the Detroit Public Schools system were charged in a conspiracy scheme involving over $900,000 in kickbacks and bribes in exchange for doing business worth $2.7 million with Allstate Sales, a vendor that provides school supplies. Source: http://www.nbcnews.com/news/us-news/feds-charge-13-detroit-public-school-principals-900k-kickback-scheme-n547341

• A security researcher discovered that hundreds of thousands of Internet of Things (IoT) printers were susceptible to attacks after finding that many IoT printers did not require authentication when connecting to the device. – SecurityWeek See item 25 below in the Information Technology Sector

• Two separate building fires March 29 caused a total of about $600,000 in damages, prompted the closure of surrounding roads, and the evacuation of nearby areas in Salt Lake City. – KSL 5 Salt Lake City

29. March 29, KSL 5 Salt Lake City – (Utah) 2 Salt Lake fires cause up to $600K in damage. Salt Lake City officials reported March 29 that 2 separate large building fires caused a total of about $600,000 in damages, prompted the closure of surrounding roads, and the evacuation of nearby areas after one of the blazes allegedly began from an overheated fluorescent light ballast. Officials stated another fire began in a Salt Lake City warehouse March 28 after a fire used to keep people warm ignited propane bottles inside the facility. Source: https://www.ksl.com/?sid=39096233&nid=960&title=2-salt-lake-fires-cause-up-to-600k-in-damage

Financial Services Sector

3. March 29, WCBS 2 New York City – (New York) Police: 2 men wanted in ATM skimming device incidents in Brooklyn, Queens. Officials from the New York City Police Department and the FBI are searching March 29 for two men suspected of installing and removing ATM skimming devices at five different TD Bank locations in Brooklyn and Queens, New York, from September 2015 – November 2015.

4. March 29, Softpedia – (International) Repeated DDoS attacks force Coinkite Bitcoin wallet to close down web service. One of the first Web-based bitcoin wallet services, Coinkite reported March 28 that it will be closing down its Web-based wallet service with the intention of solely developing its hardware products after their services received constant denial-of-service (DDoS) attacks for the past three years. The company warned users of potential phishing scams that will trick users into revealing their account credentials or tricking users into sending bitcoins to the wrong account. Source: http://news.softpedia.com/news/repeated-ddos-attacks-force-coinkit-bitcoin-wallet-to-close-down-web-service-502335.shtml

5. March 28, Middletown Times Herald-Record – (New York) Montgomery man pleads guilty in $2.5 million fraud case. Two Pennsylvania men and a New York resident pleaded guilty March 28 to Federal charges alleging that the trio defrauded banks from 2007 – 2015 by lying about their income in order to secure over $2.5 million in fraudulent loans and lines of credit from banks and credit unions, then defaulting on the loans. Officials from the U.S. Attorney’s Office for the Southern District of New York stated that the trio used the loans to pay off credit card purchases, business expenses, and other loans to conceal the fraud. Source: http://www.recordonline.com/article/20160328/NEWS/160329452

6. March 28, U.S. Department of Justice – (National) Connecticut insurance salesman convicted of tax fraud. The U.S. Department of Justice Tax Division announced March 28 that a Connecticut-based insurance salesman was found guilty of tax fraud after he attempted to obstruct the U.S. Internal Revenue Service (IRS) by filing 3 false tax returns for 2007, including a fraudulent request for a $14 million refund, sending false and threatening correspondence to the IRS to defeat its assessment, collection, and investigative efforts, and by submitting threatening correspondence to those insurance companies that cooperated with IRS activities. Officials stated the salesman also established nominee entities to divert his insurance commissions in order to conceal assets and prevent the IRS from collecting on his tax liabilities. Source: https://www.justice.gov/opa/pr/connecticut-insurance-salesman-convicted-tax-fraud

Information Technology Sector

24. March 29, SecurityWeek – (International) “Vaccine” available for CTB-Locker, Locky, TeslaCrypt. French cybersecurity company, Lexsi released a “vaccine” that can improve users’ computer defenses against ransomware including CTB-Locker, Locky, and TeslaCrypt and stated that users can create a specific mutex or registry key, or change the simple system parameter as long as the modification does not pose an inconvenience to other users. Source: http://www.securityweek.com/vaccine-available-ctb-locker-locky-teslacrypt

25. March 29, SecurityWeek – (International) Thousands of printers “hacked” to spew anti-semitic flyers. A security researcher discovered that hundreds of thousands of Internet of Things (IoT) printers were susceptible to attacks after finding that many IoT printers did not require authentication when connecting to the device. The researcher found the vulnerability when using Masscan, a mass Internet Protocol (IP) scanner that collected all vulnerable printers in its vicinity. Source: http://www.securityweek.com/thousands-printers-hacked-spew-anti-semitic-fliers

26. March 29, Softpedia – (International) vBulletin servers hacked, admins force password reset for all users. A company official for vBulletin.org and vBulletin.com reported that its Web domains went offline from March 24 – March 25 for a non-scheduled maintenance outage and forced its users to reset their passwords after hackers accessed the company’s vBulletin Germany (VGB) servers that carry user information. The exploit was allegedly reported to have used the content management system (CMS) used to run the company’s VGB’s presentation site. Source: http://news.softpedia.com/news/vbulletin-servers-hacked-admins-force-password-reset-for-all-users-502331.shtml

For additional stories, see item 4 below in the Financial Services Sector, item 20 below from the Government Facilities Sector and item 28 below from the Commercial Facilities Sector

20. March 29, SecurityWeek – (National) Marine Corps activates cyber warfare group. The U.S. Marine Corps activated a new Cyberspace Warfare Group (MCCYWG) in Fort Meade, Maryland, March 25 which will help train and equip Marine Cyberspace mission teams to perform defensive and offensive cyber operations in support of the U.S. Cyber Command and U.S. Marine Corps Forces Cyberspace Command. The unit is active and will be fully operational in fiscal year 2017.

28. March 29, Softpedia – (International) Magento stores targeted by new KimcilWare ransomware. Security researchers from MalwareHunterTeam discovered a new ransomware dubbed KimcilWare was targeting Magento online stores and Web servers by encrypting users’ Magento store files and adding the “.kimcilware” extension to each file, thus making the store inoperable. Researchers reported the ransomware was in its early stages of activity and were unsure about its mode of operation. Source: http://news.softpedia.com/news/magento-stores-targeted-by-new-kimcilware-ransomware-502328.shtml

Communications Sector

Nothing to report