Monday, December 5, 2016



Complete DHS Report for December 5, 2016

Daily Report                                            

Top Stories

• Five co-conspirators were charged December 1 for their roles in a $33 million mortgage fraud conspiracy after their company, Terra Foundation filed nearly 60 fraudulent mortgage discharges in New York and Connecticut. – Lower Hudson Valley Journal News See item 6 below in the Financial Services Sector

• Officials announced December 1 that American Civil Contractors agreed to pay a $207,000 settlement after a March 2016 chemical spill that killed over 5,600 fish in northern Colorado’s Big Thompson River. – Associated Press

13. December 2, Associated Press – (Colorado) Company to pay $207,000 after spill killed thousands of fish in Big Thompson River. Colorado Parks and Wildlife officials announced December 1 that American Civil Contractors agreed to pay a $207,000 settlement after a March 2016 chemical spill that killed over 5,600 rainbow trout, brown trout, suckers, and dace fish in northern Colorado’s Big Thompson River during reconstruction of U.S. Route 34 in the Big Thompson Canyon near Loveland. Source: http://www.denverpost.com/2016/12/01/company-pay-spill-killed-big-thompson-fish/

• Researchers reported that tens of millions of users of Android’s AirDroid are vulnerable to man-in-the-middle (MitM) attacks that could compromise their devices through fraudulent updates and result in data theft. – Help Net Security See item 26 below in the Information Technology Sector

• Authorities in New York City raided 2 Brooklyn warehouses December 1 and seized more than $7 million worth of counterfeit Apple and Samsung products, $71,000 in cash, and arrested 3 suspects. – WNBC 4 New York

28. December 2, WNBC 4 New York – (New York) NYPD raids Brooklyn warehouses, seize more than $7 million in bogus Apple, Samsung smartphones. Authorities in New York City raided 2 Brooklyn warehouses December 1 and seized more than $7 million worth of counterfeit Apple and Samsung products, $71,000 in cash, and arrested 3 suspects who allegedly sold counterfeit phones to unsuspecting customers through business locations across the city. The months-long investigation began when suspicious packages began coming through John F. Kennedy International Airport around May 2016. Source: http://www.nbcnewyork.com/news/local/NYPD-Raids-Brooklyn-Warehouses-Seize-10-Million-Apple-Samsung-Products-404162246.html

Financial Services Sector

6. December 1, Lower Hudson Valley Journal News – (New York; Connecticut) 5 facing federal charge for $33M mortgage fraud. Five co-conspirators were charged December 1 for their roles in a $33 million mortgage fraud conspiracy after their company, Terra Foundation filed nearly 60 fraudulent mortgage discharges in Westchester and Putnam counties in New York and in Connecticut that made it appear as though Terra’s clients’ mortgages were paid off. In order to make a profit, Terra charged monthly fees for services including audits that were never performed, and convinced clients to take out a second or reverse mortgage and retained large portions of the proceeds.

Information Technology Sector

26. December 2, Help Net Security – (International) AirDroid app opens millions of Android users to device compromise. Zimperium security researchers reported that tens of millions of users of Android’s remote management tool, AirDroid are vulnerable to man-in-the-middle (MitM) attacks that could compromise their devices through fraudulent updates and result in data theft. If a user is on the same unsecured network as a malicious actor, the attacker could perform a MitM network attack to access the device authentication information, decrypt any Hypertext Transfer Protocol (HTTP) request the application performs, and redirect and modify the HTTP traffic sent and received by the device when it checks for updates, and then plant a malicious update for the app to use.

27. December 1, SecurityWeek – (International) Bug allows activation lock bypass on iPhone, iPad. Security researchers discovered two variations of a flaw that can be exploited to bypass Apple’s Activation Lock feature and access the homescreen of locked iPhones and iPads running Apple’s mobile operating system (iOS) 10.1 and iOS 10.1.1. Once a locked device is started, users are required to connect to a WiFi network and attackers can enter long strings into the username and password fields to trigger a crash that display’s the device’s homescreen. Source: http://www.securityweek.com/bug-allows-activation-lock-bypass-iphone-ipad

Communications Sector

Nothing to report