Thursday, September 29, 2016



Complete DHS Report for September 29, 2016

Daily Report                                            

Top Stories

• Federal officials announced September 27 that Kirby Inland Marine L.P. agreed to pay $4.9 million to resolve claims stemming from a 4,000-barrel oil spill in the Houston Ship Channel in March 2014. – U. S. Department of Justice

2. September 27, U.S. Department of Justice – (Texas) Kirby Inland Marine to pay $4.9 million in civil penalties and provide fleet-wide improvements to resolve U.S. claims for Houston Ship Channel oil spill. U.S. Department of Justice and U.S. Coast Guard officials announced September 27 that Kirby Inland Marine L.P. agreed to pay $4.9 million in Clean Water Act civil penalties to resolve claims stemming from a 4,000-barrel oil spill in the Houston Ship Channel in March 2014. As part of the settlement, Kirby Inland Marine must implement fleet-wide operational improvements to vessels operating in the inland waters of the U.S., including the installation of enhanced navigational equipment of vessels, among other improvements. Source: https://www.justice.gov/opa/pr/kirby-inland-marine-pay-49-million-civil-penalties-and-provide-fleet-wide-improvements

• Two employees at a supermarket in Pawtucket, Rhode Island, were convicted September 27 for their roles in a $2.6 million Stolen Identity Refund Fraud scheme that began in January 2010. – U.S. Attorney’s Office, District of Rhode Island See item 5 below in the Financial Services Sector

• UBS Financial Services agreed September 28 to pay more than $15 million to settle charges alleging that the company failed to properly train sales representatives on the $548 million in reverse convertible notes (RCN) sold to over 8,700 retail customers. – U.S. Securities and Exchange Commission See item 6 below in the Financial Services Sector

• A former Commonwealth Bank of Australia executive was charged September 26 after he and several co-conspirators in Australia and the U.S. allegedly defrauded Computer Sciences Corporation out of $98 million. – U.S. Department of Justice See item 23 below in the Information Technology Sector

Financial Services Sector

5. September 28, U.S. Attorney’s Office, District of Rhode Island – (International) Jury convicts two in $2.6M stolen identity, tax fraud scheme. Two employees of the Dominican Supermarket in Pawtucket, Rhode Island, were convicted September 27 for their roles in a $2.6 million Stolen Identity Refund Fraud (SIRF) scheme where the duo and co-conspirators used more than 400 stolen identities, primarily from residents of Puerto Rico, to file falsified tax returns since January 2010. The charges state that counterfeit treasury checks were mailed to various locations in Rhode Island, Massachusetts, and New York and subsequently deposited into 27 different bank accounts controlled by the co-conspirators or others affiliated with the supermarket, and over $235,000 of the illicit earnings were transferred to a bank in the Dominican Republic.

6. September 28, U.S. Securities and Exchange Commission – (International) SEC charges UBS with supervisory failures in sale of complex products to retail investors. The U.S. Securities and Exchange Commission (SEC) announced September 28 that UBS Financial Services agreed to pay more than $15 million to settle charges alleging that the company failed to create and institute policies and procedures intended to properly educate and train sales representatives on the $548 million in reverse convertible notes (RCNs) it sold to over 8,700 inexperienced retail investors, which caused representatives to make unfit recommendations on RCN sales to certain retail clients regarding their investment profiles. As part of the settlement, the company will be censured by the SEC. Source: https://www.sec.gov/news/pressrelease/2016-197.html

For another story, see item 23 below in the Information Technology Sector

Information Technology Sector

21. September 28, SecurityWeek – (International) High severity DoS flaw patched in BIND. The Internet Systems Consortium released updates for the Domain Name System (DNS) software BIND addressing two vulnerabilities, including a high severity denial-of-service (DoS) flaw affecting all servers that can receive request packets from any source, which can be exploited using maliciously crafted DNS request packets. The updates also resolved a medium severity DoS flaw that can cause a targeted server to terminate due to an error. Source: http://www.securityweek.com/high-severity-dos-flaw-patched-bind

22. September 28, SecurityWeek – (International) Locky ransomware drops offline mode. Security researchers reported that the Locky ransomware adopted new methods after a BleepingComputer researcher spotted the malware appending the .ODIN extension to encrypted files, instead of the .zepto extension, and researchers from Avira found the ransomware switched back to the use of a command and control (C&C) server and dropped the use of an offline mode. The updated Locky version is still distributed via spam email campaigns that contain malicious code in the file attachments, which infects a system in order to deliver a ransom note. Source: http://www.securityweek.com/locky-ransomware-drops-offline-mode

23. September 27, U.S. Department of Justice – (International) American living in Australia charged in securities fraud case involving scheme to fraudulently inflate by nearly $100 million the cost of Santa Monica software company being purchased by Computer Sciences Corp. A former executive at Commonwealth Bank of Australia (CBA) was charged September 26 after he and several co-conspirators in Australia and the U.S. allegedly defrauded Computer Sciences Corporation (CSC) out of $98 million by inflating revenues for ServiceMesh, Inc., a Santa Monica, Californa-based cloud computer management software company that CSC planned to purchase from 2013 – 2014. The charges also allege that CBA employees received more than $630,000 in undisclosed kickbacks from a senior executive of ServiceMesh, Inc. involved in the scheme.

Communications Sector

Nothing to report