Complete DHS Report for April 11, 2014
Daily Report
Details
• A Georgia man associated with the $50 million
Carder.su identity theft, payment card fraud, and cybercrime organization
agreed to plead guilty to federal racketeering charges according to court
documents released April 9. – Ars Technica See item 8 below in the Financial Services Sector
• Oakland County Police charged 5 individuals
with allegedly operating a multimillion-dollar theft ring that stole items from
Las Vegas and southeastern Michigan retailers and pharmacies and resold them on
the Internet. – Detroit Free Press
19.
April 9, Detroit Free Press –
(Michigan; Nevada) Police: ‘Amazing’ $15,000-a-day shoplifting ring targeted
CVS, Walgreens. Oakland County Police charged 5 individuals with operating
a multimillion-dollar theft ring that stole items from Las Vegas and
southeastern Michigan retailers, including CVS and Walgreens, and resold them
on the Internet. The suspects stole as much as $15,000 a day in
over-the-counter drugs and other goods from pharmacies and retailers and stored
the items in a warehouse. Source: http://www.freep.com/article/20140409/NEWS03/304090129/shoplifting-ring-stole-thousands-of-dollars-Oakland-county
• A former internal affairs lieutenant for the
Miami-Dade Police Department was arrested April 8 in connection with allegedly
working with a drug trafficking organization to assist in planning a murder
plot and purchasing weapons for drug dealers in exchange for money and gifts. –
CNN
23.
April 8, CNN – (International) Miami
cop accused of helping drug traffickers get guns, plot killing. A former
internal affairs lieutenant for the Miami-Dade Police Department was arrested
April 8 in connection with allegedly working with a drug trafficking
organization to assist in planning a murder plot and purchasing weapons for
drug dealers in exchange for money and gifts. The former lieutenant also reportedly
used contacts at airports to transport weapons in carry-on luggage during
international trips. Source: http://www.cnn.com/2014/04/08/justice/miami-police-lieutenant-arrested/index.html
• Authorities issued a warrant and were
searching for a man involved in a hit-and-run incident that killed 1 child and
injured 14 others at a KinderCare day care center in Orlando, Florida, April 9.
– CNN; WESH 2 Orlando
29.
April 10, CNN; WESH 2 Orlando –
(Florida) Authorities issue arrest warrant in deadly Florida day care center
crash. Authorities issued a warrant and were searching for a man involved
in a hit-and-run incident that killed 1 child and injured 14 others at a
KinderCare day care center in Orlando April 9. The suspect was allegedly
driving a vehicle that struck a car, which jumped the curb and crashed into the
facility. Source: http://www.cnn.com/2014/04/10/us/florida-day-care-center-crash/
Financial Services Sector
7. April 9, KTLA 5 Los Angeles – (California) ‘Lugar Bandit’: Violent bank robber
strikes again. Police reported that a suspect known as the “Luger Bandit”
robbed a Chase Bank branch in San Dimas April 9, the seventh robbery linked to
the suspect in Los Angeles, San Bernardino, and Riverside counties since
January. Source: http://ktla.com/2014/04/09/lugar-bandit-sought-in-series-of-violent-bank-robberies-strikes-again/
8. April 9, Ars Technica – (International) Man behind Carder.su racketeering,
other cybercrime, pleading guilty. A Georgia man associated with the
Carder.su identity theft, payment card fraud, and cybercrime organization
agreed to plead guilty to federal racketeering charges according to court
documents released April 9. As many as 55 alleged members of the group that
caused $50 million in losses have also been charged, with 8 pleading guilty and
many remaining at large. Source: http://arstechnica.com/tech-policy/2014/04/man-behind-carder-su-racketeering-other-cybercrime-pleading-guilty/
For another story, see item 24 below in the Information Technology Sector
Information Technology Sector
24. April 10, Softpedia – (International) Deltek suffers data breach, hackers gain access to credit card information. Deltek reported that attackers breached the company’s GovWin IQ Web site, exposing personal and financial details of around 80,000 employees of federal contractors and about 25,000 payment card details belonging to customers of the site’s eCommerce platform. The breach was first discovered March 13 but occurred sometime between July 3, 2013 and November 2, 2013. Source: http://news.softpedia.com/news/Deltek-Suffers-Data-Breach-Hackers-Gain-Access-to-Credit-Card-Information-436861.shtml
25. April 10, The Register – (International) Not just websites hit by OpenSSL’s
Heartbleed – your PC, phone and more may be in peril. A researcher from the
SANS Institute reported in a presentation that the Heartbleed vulnerability in
OpenSSL could also affect devices and applications on the client side as well as
the server side, potentially allowing attackers to obtain passwords and
cryptographic keys from PCs, phones, routers, and other devices. Source: http://www.theregister.co.uk/2014/04/10/many_clientside_vulns_in_heartbleed_says_sans/
26. April 10, Softpedia – (International) SQL injection vulnerability fixed in
Orbit Open Ad Server. High-Tech Bridge researchers identified and reported
a SQL injection vulnerability in the popular open-source ads server Orbit Open
Ad Server that could have allowed attackers to compromise Web sites running
vulnerable installations. OrbitScripts fixed the vulnerability after being
notified by the researchers. Source: http://news.softpedia.com/news/SQL-Injection-Vulnerability-Fixed-in-Orbit-Open-Ad-Server-436925.shtml
27. April 9, Threatpost – (International) BlackBerry patches remote code
execution vulnerability. BlackBerry released an update April 9 which closes
a remote code execution vulnerability in BlackBerry 10 that could be exploited
in a limited number of scenarios. Source: http://threatpost.com/blackberry-patches-remote-code-execution-vulnerability/105373
28. April 9, The Register – (International) Uh oh! Here comes the first bug in the
Windows 8.1 Update. Microsoft suspended distribution of the Windows 8.1
Update for April after some enterprise customers using Windows Server Update
Services (WSUS) 3.0 Service Pack 2 reported that the update prevented machines’
abilities to receive future updates. Source: http://www.theregister.co.uk/2014/04/09/windows_81_update_bug/
Communications Sector
Nothing
to report