Complete DHS Report for November 1, 2016
Daily Report
Top Stories
• Approximately 6,500 gallons of crude oil spilled at the Prospect
Energy, LLC processing facility in Larimer County, Colorado, October 27 after a
pipe valve on a tank battery used to store crude oil failed. – Fort Collins
Coloradoan
2. October 28, Fort
Collins Coloradoan – (Colorado) 150 barrels of oil spill in Fort
Collins. Approximately 6,500 gallons of crude oil spilled at the Prospect
Energy, LLC processing facility in Larimer County, Colorado, October 27 after a
pipe valve on a tank battery used to store crude oil failed. Authorities
reported that most of the oil was concentrated on the top soil and contained to
the spill site. Source: http://www.coloradoan.com/story/news/2016/10/28/estimated-150-barrels-oil-spill-fort-collins/92897686/
• Officials in Syracuse, New York, reported that at least 5
million gallons of sewage were dumped into Ley Creek October 29 while crews
worked to repair a pipe that spilled at least 7 million gallons of sewage into
Onondaga Lake following heavy rains October 21. – Syracuse Post-Standard
13. October 30, Syracuse
Post-Standard – (New York) County dumps 5 million gallons of sewage into
Ley Creek to fix busted pipe. Officials in Syracuse, New York, announced
October 30 that at least 5 million gallons of sewage were dumped into Ley Creek
October 29 while crews worked to bypass and repair a separate pipe that spilled
at least 7 million gallons of sewage into Onondaga Lake following heavy rains
October 21. Source: http://www.syracuse.com/news/index.ssf/2016/10/5_m_gallons_of_sewage_dumped_in_ley_creek_while_fixing_busted_pipe.html
• Imperva security researchers discovered that roughly 49,657
unique Internet Protocol (IP) addresses across 164 countries are hosting
Internet of Things (IoT) devices infected with the Mirai botnet. – SecurityWeek
See item 18 below in the Information Technology Sector
• Massachusetts officials formally launched October 28 the start
of a $2.4 million safety upgrade project to the Van Horn Dam in Springfield. – Springfield
Republican
27. October 28,
Springfield Republican – (Massachusetts) Springfield launches $2.4
million Van Horn Dam safety upgrade 8 years after it was cited as 'high
hazard'. Massachusetts officials formally launched October 28 the start of
a $2.4 million safety upgrade project to the Van Horn Dam in Springfield, which
includes removing trees and stumps from the dam site to decrease erosion and
possible dam failure, armoring an upstream section of the dam to reduce
erosion, and repairing the dam’s concrete outlet structure, among other
improvements. Officials expect the project to be completed by May 2017. Source:
http://www.masslive.com/news/index.ssf/2016/10/springfield_launches_van_horn.html
Financial Services Sector
4. October 28, U.S.
Attorney’s Office, Northern District of Indiana – (National) Defendants entered
pleas of guilty today. The owner of Munster, Indiana-based Weichman &
Associates PC and Medical Management & Data Services and 3 co-conspirators
pleaded guilty October 28 for conspiring to conceal a nearly $2 million tax
debt to the U.S. Internal Revenue Service (IRS) and neglecting to report to the
IRS at least $100,000 in income, hiding hundreds of thousands of dollars from
the business owner’s bankruptcy creditors in January 2011, and withdrawing
$95,000 from a client’s retirement fund in April 2012. The charges also state
that the owner stole $10,000 from one of his physician clients in a bank fraud
scheme where at least $660,000 was illegally taken from that client’s account. Source:
https://www.justice.gov/usao-ndin/pr/jack-weichman-defendants-entered-pleas-guilty-today
5. October 28,
Arlingtonva.us – (Virginia) Credit card cloning suspects arrested by
police. The owners of Caffe Aficionado in Arlington, Virginia, were
arrested October 28 for allegedly participating in a money laundering and credit
card fraud scheme where the suspects redeemed hundreds of thousands of dollars’
worth of pre-payable gift cards using cloned credit cards since at least
November 2015. Source: https://newsroom.arlingtonva.us/release/credit-card-cloning-suspects-arrested-by-police/
For another story, see item 14
below from the Government Facilities
Sector
14. October 28, Wichita
Eagle – (Kansas) County announces department affected by $566,000 fraud.
Sedgwick County, Kansas officials announced October 28 that the Sedgwick
County Division of Finance was defrauded out of approximately $566,000 sometime
between September 23 and October 25. The fraudulent activity remains under investigation. Source:
http://www.kansas.com/news/local/crime/article111117877.html
Information Technology Sector
17. October 30, Softpedia
– (International) Serial spammer pleads guilty, faces up to ten years in
jail. A Florida resident pleaded guilty October 27 for orchestrating spam
campaigns where he and 2 co-conspirators operated a legitimate business named A
Whole Lot of Nothing LLC, which provided on-demand spam campaigns for legitimate
business and illegal parties, including groups selling untested pharmaceutical
drugs. The charges state the trio built botnets to distribute their spam,
constructed proxy networks to avoid detection, and hacked into at least four
corporate networks and Websites in order to take control of corporate emails
and servers to distribute spam from devices that were not blacklisted, among
other malicious activities.Source: http://news.softpedia.com/news/serial-spammer-pleads-guilty-faces-up-to-ten-years-in-jail-509807.shtml
18. October 28,
SecurityWeek – (International) Mirai botnet infects devices in 164 countries.
Imperva security researchers discovered that roughly 49,657 unique Internet
Protocol (IP) addresses across 164 countries are hosting Internet of Things
(IoT) devices infected with the Mirai botnet. The researchers found that 10
percent of the IP addresses hosting Mirai-infected devices are located in the
U.S. Source:
http://www.securityweek.com/mirai-botnet-infects-devices-164-countries
19. October 28,
SecurityWeek – (International) LDAP attack vector makes terabit-scale
DDoS attacks possible. Corero Network Security researchers reported a newly
observed zero-day distributed denial-of-service (DDoS) attack vector that
relies on the Lightweight Directory Access Protocol (LDAP) could be used to
leverage an amplification factor of 46 times and a peak of 55 times to carry
out terabit-scale DDoS events against a target. Corero also reported that an
attacker could send a simple query to a compromised reflector supporting the
Connectionless LDAP service (CLDAP) to make it appear as though the query
originated from the intended victim, causing unwanted network traffic to be
immediately sent to the attacker’s target. Source: http://www.securityweek.com/ldap-attack-vector-makes-terabit-scale-ddos-attacks-possible
Communications Sector
20. October 28, KTVI 2
St. Louis; DownDetector.com – (National) AT&T phone and internet
outages reported across the Midwest. About 1,085 AT&T Inc. customers in
Cincinnati, St. Louis, and Chicago, among other cities across the Midwest
experienced an Internet and phone service outage for several hours October 28. Source:
http://fox2now.com/2016/10/28/att-phone-and-internet-outages-reported-across-the-midwest/
For another story, see item 16 below from the Emergency Services
Sector
16. October 28, WCAU 10
Philadelphia – (Pennsylvania) Verizon reports Montgomery County 9-1-1
system fully restored overnight. Verizon Wireless reported October 28 that
emergency 9-1-1 service in Montgomery County, Pennsylvania, was fully restored
after callers using a landline experienced degraded service for several hours
October 27 – October 28 after a contractor cut a conduit containing communication
lines. Emergency calls or messages made via cell phones were not impacted. Source:
http://www.nbcphiladelphia.com/news/local/Montgomery-County-Experiencing-Problems-With-9-1-1-System-398917481.html