Intelligence Briefing- Q2, 2015

Uber data breach impacts 50,000 current and former drivers.
Uber determined in September 2014 that their internal database was breached in May without authorization by an unidentified third-party who accessed the information of 50,000 former and current drivers, which included names and driver’s license numbers. Uber changed access protocols and locked down the database while continuing to investigate the incident.
_____________________________________________________

SEC halts Ponzi-like scheme by purported venture capital fund manager in Buffalo.
The U.S. Securities and Exchange Commission charged a New York-based supposed venture capital fund manager Feb. 27 for allegedly using his firms Archipel Capital LLC and BIM Management LP to solicit money from investors for the purchase of 230,000 pre-IPO Twitter shares, of which he only purchased 80,000 shares, and using three unrelated funds and Ponzi-like payments with fake documents to pay investors.

_____________________________________________________

Fall River wastewater plant fails, spills 600,000 gallons into Mount Hope Bay.
According to the Rhode Island Department of Environmental Management (DEM), a failed bleach pump at the Fall River Regional Wastewater Treatment in Massachusetts prompted the discharge of an estimated 600,000 gallons of non-disinfected wastewater Feb. 25. The spill prompted the DEM to close both Mount Hope Bay and Kickemuit River to shellfishing until March 5 after technicians rebooted the computer system and restarted the pumps.

_____________________________________________________

Arizona authorities probe vandalism that cut off Internet, phones for hours.
Officials announced Feb. 26 that vandalism caused an Internet, cellphone, and landline outage in northern Arizona for more than six hours Feb. 25 after CenturyLink employees and Phoenix police found a cut fiber-optic cable. Crews restored services that impacted a 100-mile area stretching between Phoenix to Flagstaff.

_____________________________________________________

MetLife unit to pay $123.5 million for alleged mortgage fraud.
The U.S. Department of Justice announced Feb. 25 that Met Life Home Loans LLC will pay $123.5 million to resolve accusations that the company, doing business as MetLife Bank at the time of the alleged infractions, knowingly violated the False Claims Act from September 2008 to March 2012 by originating and underwriting mortgage loans insured by the Federal Housing Administration (FHA) that did not meet underwriting requirements. MetLife was allegedly aware of the accused violations through its internal quality control measures and reportedly downgraded its sub-standard FHA loans to appear to have fewer issues.

_____________________________________________________

Ramnit botnet shut down.
Europol Cybercrime Centre (EC3) investigators, Microsoft, AnubisNetworks, and Symantec carried out an operation to shut down the Ramnit botnet’s seven command and control (C&C) servers and redirected traffic from 300 domains used by the botnet. EC3 estimated that more than 3.2 million Windows computers have been infected with the botnet via spam campaigns, phishing scams, and drive-by downloads that installed malicious code to grant attackers access to banking credentials and other log-in information.

_____________________________________________________

New DDoS attack and tools use Google Maps plugin as proxy.
PLXsert security researchers discovered that attackers are exploiting a known vulnerability in Joomla’s Google Maps plugin by spoofing the sources of requests, causing results to be sent from proxies to their denial of service (DDoS) targets. Researchers identified more than 150,000 potential Joomla reflectors on the internet, many of which remain vulnerable to be used for this type of attack.

_____________________________________________________

Anthem says hack may affect more than 8.8 million other BCBS members.
Anthem Inc., announced Feb. 24 that 8.8 million to 18.8 million members of other Blue Cross Blue Shield health insurance plans may have been affected by a breach reported by the company in February. Anthem updated the total number of records accessed in the database to 78.8 million customers, including 14 million incomplete records.

_____________________________________________________

Valve leak shuts down Limerick nuke plant.
One of two reactors at Exelon Nuclear’s Limerick Generating Station experienced an abrupt “hot shut-down” Feb. 23 when a leak in a nitrogen supply line caused an unexpected closure of one of the main steam isolation valves, sending steam to the unit’s electrical generator. The U.S. Nuclear Regulatory Commission was notified of the unplanned scram, and officials stated that the plant’s second reactor and the power grid remain stable while the reactor idles until it is place back into service.

_____________________________________________________

Man arrested after setting five cars ablaze outside Ventura County Government Center.
Police took a man into custody after he allegedly set fire to five cars in the parking lot of the Ventura County Government Center in California Feb. 21, rendering three cars a total loss while a fourth had moderate damage. The suspect was found near the cars after setting them ablaze and hospitalized after California Highway Patrol officers spotted the fire, which impacted four cars belonging to the county.

_____________________________________________________

Accused Russian hacker to face charges in US court.
A Russian national was extradited to the U.S. and charged Feb. 17 in New Jersey for his alleged involvement in an international scheme that stole more than 160 million credit card numbers resulting in hundreds of millions of dollars in losses to consumers and financial institutions including Dow Jones, 7-Eleven, Nasdaq, Visa, and JetBlue. The suspect, arrested in the Netherlands in 2012, allegedly hacked victims’ networks to gain access to usernames and passwords, credit card and personal identifiable information, and sold them to resellers around the world.

_____________________________________________________

Ongoing cyber attack on banks worldwide creates billion-dollar loss.
Kaspersky security researchers discovered that cyber criminals robbed over 100 financial institutions worldwide of up to $1 billion by using spear-phishing attacks exploiting two vulnerabilities in Microsoft Office and one vulnerability in Microsoft Word to install malware and infiltrate institutions’ networks. The attackers cashed in by instructing ATMs to dispense money at specific times without payment cards, opening accounts with fake balances, and artificially inflating account balances of bank customers and then transferring the surplus to their accounts in China and the U.S.

_____________________________________________________

More than 100 firefighters assist on Fitchburg CO incident.
The EcoStar plastics production facility in Fitchburg, Wisc., was evacuated Feb. 13 due to elevated levels of carbon monoxide that resulted from a chemical reaction inside a pellet storage bin. HAZMAT crews worked 17 hours to remove about 7,000 pounds of hazardous materials and plastic pellets from the area, and the building was cleared after carbon monoxide levels were reduced to a safe level Feb. 14.

_____________________________________________________

Former EMT arrested for HEMSI station fire.
A former Huntsville Emergency Medical Services, Inc., (HEMSI) employee was arrested Feb. 10 in connection to starting a fire Feb. 7 that destroyed the HEMSI station in Huntsville, Ala. The former employee was fired in February 2014 and is also connected to other ambulance burglaries in the area and surrounding counties.

_____________________________________________________

Ex-CIA officer convicted of leaking secrets to reporter.
A former CIA officer was convicted by a jury in Virginia Jan. 26 for leaking details of a covert mission regarding Iran’s nuclear program to a New York Times reporter, who published the leaks in a book in 2006.

_____________________________________________________

Chemical spill forces evacuation in Waxahachie.

Authorities are investigating after a 300-gallon container, dubbed a “tote,” was being moved at the Magnablend Texas Liquid Facility in Waxahachie Jan. 26 when a reaction occurred and caused the tote to rupture, spilling sodium chlorite and prompting an evacuation of the facility. Responders cleared the scene and lifted an evacuation order for all buildings within a half-mile radius of the plant after the spill was contained.

_____________________________________________________

CDC: 115-case Salmonella outbreak linked to bean sprouts is officially over.
The U.S. Centers for Disease Control and Prevention issued its final report into a Salmonella outbreak connected to Wonton Foods Inc. bean sprouts Jan. 23 and declared that the outbreak was over after causing at least 115 illnesses in 12 States in the Northeast region of the U.S. Wonton Foods agreed in November 2014 to destroy remaining products while their facilities underwent a thorough cleaning and sanitization before the company resumed shipping bean sprouts Nov. 29.

_____________________________________________________