Monday, December 19, 2016



Complete DHS Report for December 19, 2016

Daily Report                                            

Top Stories

• A resident of Alaska was indicted December 15 for his alleged role in a scheme where he and 4 co-conspirators provided services to Iran that resulted in the unlawful distribution of roughly $1 billion U.S. dollars. – U.S. Attorney’s Office, District of Alaska See item 4 below in the Financial Services Sector

• Six individuals were charged in an indictment unsealed December 13 for their alleged roles in a $50 million investment fraud scheme. – U.S. Attorney’s Office, Southern District of New York See item 5 below in the Financial Services Sector

• Pomona, California-based East Valley Community Health Center, Inc. announced December 14 that the patient information on 65,000 insurance claims was compromised after an unauthorized actor hacked its system and installed ransomware that encrypted files on a single server in October. – Inland Valley Daily Bulletin

24. December 16, Inland Valley Daily Bulletin – (California) Data breach at Pomona health clinic affected patient information. Pomona, California-based East Valley Community Health Center, Inc. announced December 14 that the patient information on 65,000 insurance claims from the past 6 years was compromised after an unauthorized actor hacked into its computer system and installed ransomware that encrypted files on a single server in October. There has been no indication that the patient information was accessed or illegally used. Source: http://www.dailybulletin.com/general-news/20161215/data-breach-at-pomona-health-clinic-affected-patient-information

• A 6-alarm fire at a mixed-use building in the Charlestown neighborhood of Boston displaced 23 people and damaged multiple apartments December 16, causing an estimated $2 million in damage. – WBZ 4 Boston

36. December 16, WBZ 4 Boston – (Massachusetts) Charlestown apartments, laundromat featured in ‘The Town’ destroyed in 6-alarm fire. A 6-alarm fire at a mixed-use building in the Charlestown neighborhood of Boston displaced 23 people and damaged multiple apartments and a laundromat December 16, causing an estimated $2 million in damage. No injuries were reported and the cause of the fire remains under investigation.
Source: http://boston.cbslocal.com/2016/12/16/bunker-hill-street-fire-charlestown-boston/

Financial Services Sector

3. December 16, Associated Press – (Ohio) Feds: Man suspected as ‘Buckeye Bandit’ indicted in Ohio. A man dubbed the “Buckeye Bandit” was indicted December 15 for allegedly committing 7 armed bank robberies across central Ohio since 2013. He was previously indicted for one armed bank robbery in November, when authorities discovered over $53,000 in his possession. Source: http://www.dailyprogress.com/feds-man-suspected-as-buckeye-bandit-indicted-in-ohio/article_aa71dbf3-d68a-5fda-a4c5-be7496cb54f5.html

4. December 15, U.S. Attorney’s Office, District of Alaska – (International) U.S. citizen charged with conspiring to provide unlawful services to Iran and international money laundering conspiracy. An Anchorage, Alaska man was indicted December 15 for his alleged role in a scheme where he and 4 co-conspirators provided services to Iran that resulted in the unlawful distribution of roughly $1 billion U.S. dollars equivalent of Iranian owned funds between January 2011 and at least April 2014 after the man stored the proceeds from fictitious sales of marble and other construction materials to an Iranian shell company in controlled South Korean bank accounts, and then converted the proceeds into more easily tradeable currencies by convincing the Korean regulators the transactions were lawful before transferring the finances to over 10 countries. The charges allege the man received between $10 million and $17 million from Iranian nationals for his criminal activities. Source: https://www.justice.gov/usao-ak/pr/us-citizen-charged-conspiring-provide-unlawful-services-iran-and-international-money-1

5. December 13, U.S. Attorney’s Office, Southern District of New York – (International) Manhattan U.S. Attorney announces charges against six individuals in international high-yield investment fraud scheme. Six individuals were charged in an indictment unsealed December 13 for their alleged roles in a $50 million investment fraud scheme that defrauded investors in the U.S. and several foreign countries between at least June 2013 and August 2016 by purporting that their Cities Upliftment Program (CUP) would produce considerably high returns, claiming that half of the returns would help rejuvenate American cities recovering from the 2008 financial crisis, while the other half would be paid back to the investors at the rate of $1 million per day for 75 banking days, and by using forged and counterfeit New York Fed documents, among other material misrepresentations, to persuade victims to invest in the CUP scheme. The group reportedly laundered the proceeds through various domestic and overseas bank accounts held in the names of shell companies they operated. Source: https://www.justice.gov/usao-sdny/pr/manhattan-us-attorney-announces-charges-against-six-individuals-international-high

For another story, see item 30 below in the Information Technology Sector

Information Technology Sector

29. December 16, SecurityWeek – (International) Joomla patches dangerous security flaws. Joomla released version 3.6.5 to resolve three security issues, including a high severity flaw plaguing all Joomla iterations from 1.6.0 – 3.6.4 which could be exploited to allow an attacker to modify existing user accounts including altering usernames, user group assignments, and passwords. In addition to the patches, the update included additional security hardening mechanisms.

30. December 15, Agence France-Presse – (International) Suspect arrested in JPMorgan, Dow Jones data theft case. A U.S. citizen living in Moscow was arrested at John F. Kennedy International Airport in New York December 14 after he allegedly orchestrated computer hacking crimes against U.S. financial institutions, brokerage firms, and financial news publishers, including a hack that compromised the data on 7 million businesses and 76 million household customers of JPMorgan Chase & Co and other firms. The man and his co-conspirators also allegedly operated an Internet gambling scheme, an unlawful bitcoin exchange, and an illicit payment processing operation for fraudulent online pharmaceutical sellers.  Source: http://www.securityweek.com/suspect-arrested-jpmorgan-dow-jones-data-theft-case

31. December 15, SecurityWeek – (International) Over 8,800 WordPress plugins have flaws: Study. RIPS Technologies researchers released a report after analyzing 44,705 plugins in the official WordPress plugins directory, which found a total of 67,486 vulnerabilities in the plugins, including 41 critical flaws, 2,799 high severity flaws, and more than 4,600 medium severity security holes. The study also revealed that more than 68 percent of the vulnerabilities discovered are cross-site scripting (XSS) issues and over 20 percent are Structured Query Language (SQL) injection flaws.

32. December 15, SecurityWeek – (International) Nymaim trojan fingerprints MAC addresses to bypass virtualization. SophosLabs security researchers reported that the Nymaim trojan was spotted comparing a targeted machine’s media access control (MAC) address against a hardcoded list of blacklisted vendors, enabling the malware to avoid virtual environments and hinder analysis tools. The researchers also found that the trojan includes a list of checks and continues running even after those checks fail in order to hide its failure. Source: http://www.securityweek.com/nymaim-trojan-uses-mac-addresses-bypass-virtualization

Communications Sector

33. December 15, SecurityWeek – (International) Malvertising campaign targets routers. Proofpoint security researchers reported that attackers behind the DNSChanger exploit kit (EK) were attempting to infect home or small office (SOHO) routers using an enhanced version of the DNSChanger, and subsequently expose the router to further attacks as the EK changes network rules to make the administration ports available from external addresses. The researchers reported malicious actors are leveraging the attacks in order to steal traffic from large Web ad agencies, and users can prevent their devices from being infected by updating their routers to the most updated firmware. Source: http://www.securityweek.com/malvertising-campaign-targets-routers

34. December 15, Iowa City Press-Citizen – (Iowa) Mediacom services restored in Iowa City area. Up to 1,800 Mediacom customers in the Iowa City, Iowa area were without Internet, cable, and phone services for more than 10 hours December 14 after a city-owned construction vehicle inadvertently cut a main line of a fiber optic cable. Source: http://www.press-citizen.com/story/money/business/2016/12/14/mediacom-outage-iowa-city-area-may-take-hours-repair/95445896/