Friday, November 18, 2016



Complete DHS Report for November 18, 2016

Daily Report                                            

Top Stories

• Twelve individuals were charged November 16 for their alleged roles in an ATM skimming scheme that defrauded Bank of America and PNC Financial Services Group, Inc. customers in New Jersey out of more than $428,000. – U.S. Department of Justice See item 3 below in the Financial Services Sector

• The Hawaii State Department of Health’s Clean Water Branch reported that around 4,275 gallons of raw sewage entered a storm drain at Lake Wilson in Wahiawa November 15. – Honolulu Star-Advertiser

12. November 16, Honolulu Star-Advertiser – (Hawaii) More than 4,000 gallons of sewage spills into Lake Wilson. The Hawaii State Department of Health’s Clean Water Branch reported that around 4,275 gallons of raw sewage entered a storm drain at Lake Wilson in Wahiawa November 15. Crews stopped the spill and removed 300 gallons of the discharge, and the Clean Water Branch advised the public to keep away from lake waters between Olive Avenue and the spillway until further notice. Source: http://www.staradvertiser.com/2016/11/16/breaking-news/more-than-4000-gallons-of-sewage-spills-into-lake-wilson/

• North Carolina officials reported November 17 that hundreds of fire personnel were working to contain dozens of wildfires that have scorched a total of roughly 49,112 acres across the State. – WNCN 17 Goldsboro; Associated Press

14. November 17, WNCN 17 Goldsboro; Associated Press – (North Carolina) NC wildfires near 50,000 acres as Lake Lure fire spreads to evacuated areas. North Carolina Forest Service officials reported November 17 that hundreds of fire personnel were working to contain dozens of wildfires that have scorched a total of roughly 49,112 acres across the State, including the 5,700-acre Party Rock Fire in Rutherford County that has forced the evacuation of over 1,000 area residents. Source: http://wncn.com/2016/11/16/nc-wildfires-near-50000-acres-as-lake-lure-fire-spreads-to-evacuated-areas/

• A Whittier, California resident was convicted November 16 for his role in a scheme where he and 3 co-conspirators defrauded Electronic Arts (EA) out of more than $16 million. – U.S. Department of Justice See item 20 below in the Information Technology Sector

Financial Services Sector

3. November 16, U.S. Department of Justice – (New Jersey) Twelve individuals charged in ATM skimming conspiracy. Twelve individuals were charged November 16 for their alleged involvement in an ATM skimming scheme that defrauded Bank of America and PNC Financial Services Group, Inc. customers in New Jersey out of more than $428,000 between March 2015 and July 2016. The group reportedly installed skimming devices on ATMs at banks across New Jersey to record payment card data encoded on the magnetic stripe of credit and debit cards, and transferred the stolen information onto counterfeit bank cards that they subsequently used to withdraw cash from the affected accounts. Source: https://www.justice.gov/opa/pr/twelve-individuals-charged-atm-skimming-conspiracy

4. November 16, U.S. Department of Justice – (National) Two Tennessee residents indicted for conspiracy and employment tax fraud. Two Tennessee residents were charged in an indictment unsealed November 15 after the pair allegedly conspiring to defraud the U.S. Internal Revenue Service (IRS) by neglecting to collect and pay roughly $2.8 million in employment tax while running a temporary staffing company serving firms in Tennessee and elsewhere, failing to timely file employment tax returns, and filing false employment tax returns, among other fraudulent actions. The charges also allege that the duo falsely represented to the IRS their management of the company and knowledge of their responsibility to honestly account for and pay out employment taxes, placed the company in the names of nominees with no control over business operations, and established payment arrangements to impede an IRS levy placed on their customer payments. Source: https://www.justice.gov/opa/pr/two-tennessee-residents-indicted-conspiracy-and-employment-tax-fraud

Information Technology Sector

15. November 17, SecurityWeek – (International) Several vulnerabilities patched in Drupal 7, 8. Drupal released versions 7.52 and 8.2.3 addressing four vulnerabilities including a flaw in Drupal 8 that can be exploited to cause a denial-of-service (DoS) condition with specially crafted URLs via the transliteration mechanism. The updates also resolved a flaw in Drupal 7 that could allow a malicious actor to build a confirmation form Uniform Resource Locator (URL) that redirects victims to third-party Websites after they interact with the form, among other flaws.

16. November 17, Softpedia – (International) Raspberry Pi-based hacking device can break into any computer in seconds. A security researcher created a hijacking device, dubbed PoisonTap, which is an inexpensive Raspberry Pi Zero device that leverages a backdoor installed on a targeted device via USB and imitates an Internet over USB connection to convince the computer it is connected via the Ethernet, causing the device to be configured to prioritize the USB connection and begin sending unencrypted Internet traffic to PoisonTap. Once the hacking device hijacks all the Web traffic, it collects Hypertext Transfer Protocol (HTTP) authentication cookies and session data, thereby allowing an actor to bypass two-factor authentication (2FA) and access a user’s online accounts. Source: http://news.softpedia.com/news/raspberry-pi-based-hacking-device-can-break-into-any-computer-in-seconds-510295.shtml

17. November 16, SecurityWeek – (International) Firefox 50 patches 27 vulnerabilities. Mozilla released Firefox 50 to address 27 vulnerabilities including a critical heap-buffer-overflow in the Cairo programming library when processing Scalable Vector Graphics (SVG) content that could lead to a crash due to compiler optimization, as well as a series of critical memory safety issues that could potentially be exploited by a malicious actor to run arbitrary code, among other flaws. The new browser also adds Download Protection for many executable file types on Microsoft Windows, Apple Mac, and Linux to improve overall security for users. Source: http://www.securityweek.com/firefox-50-patches-27-vulnerabilities

18. November 16, SecurityWeek – (International) Backdoor in some Android phones sends data to server in China. Kryptowire security researchers reported that several Android models sold in the U.S. were found to include a backdoor in their firmware that transmits personal identifiable information (PII) including contact lists, call history, and text messages to third-party servers without the victim’s authorization via a commercial Firmware Over The Air (FOTA) update software system managed by Shanghai ADUPS Technology Co. Ltd. The researchers found the firmware could remotely install applications without user consent, target specific users and text messages by matching remotely defined keywords, and collect data on the use of applications on an affected device. Source: http://www.securityweek.com/backdoor-some-android-phones-sends-data-server-china

19. November 16, SecurityWeek – (International) CryptoLuck ransomware emerges. A Proofpoint security researcher discovered a new ransomware family, dubbed CryptoLuck that leverages the RIG-Empire exploit kit (EK) for distribution, and abuses the legitimate GoogleUpdate.exe executable and dynamic-link library (DLL) hijacking to infect devices. The malware spreads in the form of a RAR self-extracting archive (SFX) file and performs a series of checks to ensure it is not running in a virtual machine before scanning all mounted drives and unmapped network shares for files it can encrypt. Source: http://www.securityweek.com/cryptoluck-ransomware-emerges

20. November 16, U.S. Department of Justice – (International) Fourth defendant convicted in scheme that defrauded software company of over $16 million worth of virtual currency. A Whittier, California resident was convicted November 16 for his role in a scheme where he and 3 co-conspirators defrauded software company and FIFA Football video game publisher, Electronic Arts (EA) out of more than $16 million by creating software that fraudulently logged thousands of FIFA Football matches to circumvent security mechanisms created by the firm and illicitly earn FIFA coins, which the trio subsequently exchanged on a secondary market where the coins are exchanged for dollars. The three co-conspirators previously pleaded guilty for their roles in the scheme. Source: https://www.justice.gov/opa/pr/fourth-defendant-convicted-scheme-defrauded-software-company-over-16-million-worth-virtual

Communications Sector

Nothing to report