| | 
"Behind a Brazen Brazilian Burglary"
Washington Post (08/10/05) P. D1 ; Lehman, Stan A group of highly sophisticated thieves was responsible for the $67.8 million bank robbery in Fortaleza, Brazil, this past weekend, according to Brazilian law enforcement authorities. The robbers spent three months constructing a 262-foot long tunnel that stretched from a rented house in the city to a nearby skyscraper housing a Central Bank vault, and the 28-inch high tunnel went under one of the city's busiest and noisiest roads, so no sounds of digging were heard. The tunnel was dug 13 feet beneath the vault's floor, and police say that the thieves apparently cut through the vault's steel-reinforced concrete floor, which was 3.5 feet thick, with a drill, electric saw, blowtorch, and bolt cutter. Once inside the vault, they broke into five containers that contained used Brazilian currency notes worth $22 apiece. Authorities have identified at least eight suspects, though no arrests have been made, and the bank is conducting its own investigation. "We are looking into several aspects of the crime, including why the cameras and motion detectors inside the vault did not function and if the thieves had any inside help," said a spokeswoman for the Central Bank. The thieves placed signs at the rental house indicating that the house was a landscaping company with plants for sale, but neighbors said they never saw the house doing any business. Authorities believe the group of thieves may be the same robbers who stole more than $1 million from a money-transport company last year in a similar scheme in which a 400-foot tunnel was dug from a nearby house to the company's bathroom.
(go to web site) "Business Chiefs Accused of Failing to Take Charge of Security Measures"
Financial Times (08/10/05) ; Blitz, Roger The commissioner of the City of London Police has expressed frustration at what he perceives as a failure by the top executives of London businesses to take security seriously in the wake of last month's bombings. "We get security planning managers and contingency planning managers and all these sorts of people to pack out our conference rooms when we give briefings on terrorist threats and security issues," said Commissioner James Hart, explaining that mid managers, senior managers, and security personnel seem to understand the importance of security. "But it's actually terribly difficult to get CEOs and chief operating officers and managing partners to embrace this sort of thing." Hart accused the CEOs of talking about security but failing to follow up with action. The responsibility for security and security issues should be squarely on the shoulders of CEOs and managing partners, he said. There is a disconnect at the board level or managing partner level of companies, Hart said, explaining that there is an assumption among these executives that someone in the management chain will look after security. Hart has urged London's big companies to extend their security efforts to the smaller companies that serve them: "What we encourage big businesses to do is put up an umbrella around these people if they are working in the shadow of big corporate HQs." The business lobby group London First says that half of London's companies are not prepared to deal with the effects of a major terrorist attack.
(go to web site) "Breaches Raise Stakes for Credit Processors"
Atlanta Journal-Constitution (08/11/05) P. 1C ; Paul, Peralte C. The top credit card associations have become less tolerant of mistakes by card processors this year due to a series of data-security breaches, including a hacking attack on CardSystems Solutions' database of 40 million accounts. Card issuers have grown in size due to consolidation and could be less tolerant of smaller processors. In the last year alone, JPMorgan Chase, Bank of America, and Washington Mutual have announced acquisitions worth a combined $99.4 billion. These three companies are three of card payment processor Total System Services' (TSYS) five largest clients. Financial services analyst Timothy W. Willi says that card associations have become intensely concerned with the security of their payment systems because they cannot afford for consumers to lose trust in their credit cards. At TSYS' headquarters and processing centers, security is taken very seriously, and the measures include coded ID badges, surveillance cameras, visitor photographs, and security escorts of visitors. Analysts say that the company's multilayered security approach should serve as a model for the industry. In some areas of the TSYS buildings, employees wear color-coded smocks indicating that they belong to designated locations, and some areas are restricted to employees who swipe their access IDs unless another employee also swipes their ID. Employees of the company have their credit reports monitored, are subjected to FBI background checks, and the company schedules hacking attacks on its own computer networks in order to uncover any possible weaknesses.
(go to web site) "Experts Discourage Using Force in Shoplifting Cases"
Houston Chronicle (08/10/05) P. A1 ; Crowe, Robert Security experts weighed in on the recent death of an alleged shoplifter who was detained by employees of a Wal-Mart store in Atascocita, Texas, on Sunday. Wal-Mart's corporate office declined to comment on its procedures regarding the detainment of shoplifters or use of force against shoplifters. "Most retailers have a policy of not going into a chase or getting into a combative fight with someone," said Joseph LaRocca, the National Retail Federation's vice president of loss prevention, explaining that most retailers have a policy of letting combative shoplifters go and following up by calling police. Many security experts recommend that security personnel in retail stores avoid physical contact that could cause physical injury to suspected shoplifters, including striking, tackling, or sitting on suspects. In Sunday's incident, the Wal-Mart employees struggled with the suspect for 10 to 30 minutes on the hot surface of the store's parking lot, eventually handcuffing the suspect and physically forcing him to lie face down, according to witnesses. Security consultant Ralph Witherspoon says he recommends that his clients avoid struggling with unruly suspects because this can lead to "positional asphyxiation," in which the suspect stops breathing and suffocates. "This can happen when someone is on top of a suspect who's face down with hands handcuffed behind their back," he says. Security expert Chris McGoey says that in Texas, the law permits store employees to make a citizen's arrest: "You can use 'reasonable' force to recover merchandise or detain a person long enough to summon police."
(go to web site) "At America's Malls, Grim Preparations for the Unthinkable"
Wall Street Journal (08/08/05) P. A1 ; Block, Robert The London transit bombings have increased concerns among U.S. counterterrorism officials that suicide bombers could target the United States. In July, the Homeland Security Department issued a list of the most likely soft targets for bombing, which include shopping malls, banks, tall buildings, and high-profile companies. There are some 1,200 enclosed shopping centers in the United States, and the specter of suicide bombings has forced private security firms to rethink the way they prepare their security guards to defend these facilities. In making these preparations, many firms are adopting the methods that Israel uses to prevent suicide attacks on enclosed shopping centers. The focus of anti-terrorism efforts at shopping malls is careful observation, which includes taking note of people who wear a jacket in hot weather; who avoid making eye contact; who have a tight, white-knuckle grip on backpacks; or who are videotaping structures within the mall. The Israeli method of spotting suicide bombers focuses on the way suicide bombers act instead of what they look like. Suicide bombers often stake out their targets before an attack or conduct dry runs, and they often use flowery soaps or perfumes in preparation for their expected martyrdom. The Israeli method involves using all senses when attempting to find a bomber, and once a suspicious person is identified, the preferred tactic is to react quickly, make eye contact, and confront the person in a non-violent way.
(go to web site) "Is Abduction Insurance Bad Policy?"
Dallas Morning News (08/05/05) P. 1A ; Nichols, Bruce A lawsuit between the family of abducted Dominican Republic worker Ruben Angustia and the U.S.-based company that employed him as a technician in Venezuela-- Hanover Compressor Co.-- highlights some of the issues involved in kidnapping and ransom (K&R) insurance policies that are often purchased by multinational corporations operating in dangerous locations. Angustia was kidnapped near the border between Venezuela and Colombia in 2002 and is now presumed dead. In the lawsuit against Hanover, Angustia's family alleges that the company collected $250,000 plus reimbursement for its expenses from the worker's abduction and murder, while his family received nothing. Hanover is not commenting directly on the case. Experts say companies that do business internationally routinely purchase K&R insurance policies for their workers, but the terms of such policies are kept secret to avoid encouraging would-be kidnappers. University of Houston law professor Seth Chandler says Hanover probably did not profit from Angustia's abduction. However, Michael Doyle, lawyer for the Angustia family, questions the "death benefit" part of Hanover's insurance plan with National Union Fire Insurance Co., a division of AIG, which he says rewards employers with a financial settlement if an employee is killed.
(go to web site) 
"Officials Warn of Possibility of Attack Around Sept. 11"
New York Times (08/12/05) P. A13 ; Lichtblau, Eric; Rashbaum, William K. Terrorists may be seeking to launch a set of mass-casualty attacks in New York City, Los Angeles, and Chicago to coincide with the upcoming fourth anniversary of the Sept. 11 attacks, according to a group of FBI counterterrorism analysts. The analysts are basing their warning on overseas intelligence information, and their alert states that "Al Qaeda leaders plan to employ various types of fuel trucks as vehicle-borne improvised explosive devices in an effort to cause mass casualties in the U.S. prior to the 19th of September." The alert does not mention the significance of Sept. 19, but it does say that the attacks are specifically planned for the three named cities, that the aim of the attacks is to collapse the U.S. economy, and that it is not clear if the attacks will be simultaneous or not. Several law enforcement officials have expressed skepticism of the threat, noting that its credibility has not been verified and that it is a threat of generic nature. Department of Homeland Security spokesman Brian Roehrkasse said that the intelligence community is continuing to evaluate the threat. "The information is uncorroborated, and the source is of questionable reliability," he said. Despite their skepticism about this particular threat, many law enforcement officials are nonetheless concerned that terrorists will seek to launch attacks sometime around this upcoming Sept. 11 or during the Ramadan holy period, which begins on Oct. 4. Also, officials noted that there is ongoing, generic concern that Al Qaeda will attempt to use trucks to carry out an attack, because it is a tactic that they have used around the world.
(go to web site) "Shays to Look at Millstone Security"
Hartford Courant (CT) (08/10/05) P. B1 ; Williams, Thomas D. An anti-nuclear group that has raised security and terrorism questions about the Millstone Nuclear power plant in Connecticut will have its concerns addressed by U.S. Rep. Christopher Shays (R-4th District). Shays has announced that in his capacity as chairman of the House subcommittee on national security, he plans to hold hearings on the security of U.S. nuclear plants. To that end, the Government Accountability Office is taking a close look at how the Nuclear Regulatory Commission has handled nuclear plant security since the Sept. 11 attacks. Two years ago, the Millstone plant spurned an offer from the Homeland Security Department that would have given the plant a $1 million security barrier to protect the plant's three water inlets and concrete water intakes, which provide crucial cooling to the reactors. The barrier would have been free of charge, with the plant paying only for its maintenance, but Dominion Nuclear Connecticut, which runs the plant, turned down the offer, saying that it had determined, along with the Nuclear Regulatory Commission, that the plant had adequate security. At least one nuclear safety engineer claims that the Millstone plant's water intakes are vulnerable to a water-based terrorist attack, potentially leading to a catastrophic meltdown of the plant's reactors.
(go to web site) "U.S. Cities Focus on Spy Cameras"
Chicago Tribune (08/08/05) ; Dorning, Mike Interest in expanding the number of police surveillance cameras is increasing across the United States in the wake of the London terrorist bombings last month. Sen. Hillary Clinton (D-N.Y.) and Washington, D.C., Mayor Anthony Williams are among the notable officials who favor expanding the use of surveillance cameras in public places. In London, authorities were able to use the city's extensive digital video surveillance system to quickly publish high-resolution images of the suspected terrorists. Proponents of such video surveillance systems note the images can be very helpful to the investigation of attacks, but detractors claim the surveillance does nothing to prevent terrorists from carrying out attacks. Even after an attack has occurred, however, the cameras can provide many details about suicide bombers, enough details to possibly allow authorities to track down and uncover a previously hidden terrorist cell. Digital cameras cost less, are smaller, can be concealed easier, and provide higher-resolution images. Surveillance cameras played a key role in allowing U.K. authorities to eventually rein in the threat of IRA bombing attacks. U.K. authorities used the cameras along with other measures and tactics, including heavy training of transit staff; an increase in uniformed and undercover police patrols; messages aimed at encouraging the public to report suspicious items; and covert inspections of transit areas in which inspectors would purposely plant suspicious items.
(go to web site) "Man's Best Terror Deterrent Still Somewhat-Reliable Dog"
Washington Post (08/12/05) P. A1 ; Horwitz, Sari Explosives-detecting dogs continue to be America's best defense against the type of suicide bombers that carried out the London bombings--these canines are, as Homeland Security Secretary Michael Chertoff noted Thursday, a "state-of-the-art anti-terrorist tool." With their powerful sense of smell, dogs are capable of detecting 19,000 different types of explosives, and Paul Waggoner, the director of Auburn University's Canine and Detection Research Institute, notes that depending on the type of odor, dogs' sense of smell is 100 to 10,000 times more powerful than human noses. Officials say that dogs are a better tool for finding potential suicide bombers than random passenger searches or security cameras, and many private companies, government research centers, and laboratories are attempting to develop technologies that would replace or enhance the dogs. The Department of Defense is even conducting tests to see if rats, honeybees, wasps, or yeast have the potential to detect explosives. There are several advantages to using dogs: they are mobile; curious; have the ability to detect one smell from among many; and can detect guns and ammunition on people and in cars and containers. However, their limitations include inconsistencies in their ability to detect explosives depending on variable factors like temperature, wind direction, and proximity of explosives. Also, the dogs normally need a break after working for 30 minutes, and there are not enough trained dogs to cover all U.S. transit systems.
(go to web site) "U.S. Seeks to Let Air Passengers Keep Shoes On"
Washington Post (08/10/05) ; Hudson, Audrey The Transportation Security Administration (TSA) is seeking new technologies that would allow security screeners to examine air travelers' shoes without requiring passengers to take their shoes off. The TSA hopes it will be able to start testing such technologies by this winter. Meanwhile, the Homeland Security Department is testing a modified version of a controversial backscatter X-ray machine that is capable of detecting weapons through a person's clothing. The initial version of the technology also showed a realistic image of travelers' naked bodies, raising questions about privacy violations. The modified version of the technology that the department is testing outlines the human form instead of showing naked images. The backscatter technology is already being used to screen visitors at some prisons, and it could also be used to examine cargo for smuggled humans.
(go to web site) 
"Government Computers Top Target for Cyberattacks"
Government Executive (08/05/05) ; Pulliam, Daniel According to IBM's Global Business Security Index Report, over 237 million worldwide security attacks occurred in the first six months of 2005 with 54 million of those attacks aimed at the U.S. government. Other popular targets for hackers included the manufacturing sector, the financial services industry, and the healthcare industry, according to the report. IBM reports a decrease in harmless attacks as hackers favor for-profit attacks involving phishing, with highly targeted phishing attacks growing by more than a factor of 10 since the beginning of 2005. Spam accounted for 67 percent of all email traffic in June, compared to 83 percent in January; virus-laden emails rose 50 percent in the same period. One in every 28 emails contained a malicious security threat by June, compared to one in every 35 emails six months before. The United States was the point of origin for most of the attacks in the given period, with 12 million. SANS Institute research director Alan Paller laments that the U.S. government's response to cyberattacks is inadequate due to lack of a government-wide strategy. He also asserts that federal agencies in the United States are writing more costly reports instead of spending time and money on preventing attacks.
(go to web site) "Annual Hacking Game Teaches Security Lessons"
SecurityFocus (08/04/05) ; Lemos, Robert The annual DEF CON conference hosts a hacker version of Capture the Flag, and this year's bout emphasized more real-world skills, according to University of California at Santa Barbara computer science professor Giovanni Vigna, whose Shellphish team was the victor. "The game required skills that are also required by both security researchers and hackers, such as ability to analyze attack vectors, understanding and automating attacks, finding new, unpredictable ways to exploit things," Vigna explained. "It's about analyzing the security posture of a system that is given to you and about which you initially know nothing." This year the organizers courted controversy by running a central server on which each team's virtual server operated, whereas in past tournaments each team was permitted to run their own server; Crispin Cowan with Novell's SUSE division said this meant there was very little defense that could be implemented, and he doubted that anyone with a substantial interest in defense will participate in future tournaments if exclusive concentration on code auditing becomes the norm. One of the organizers defended his year's game with the argument that the bout was a hacking contest. He said finding and exploiting security flaws in custom software via reverse engineering, not just code auditing, is key to being a top hacker. The organizer insisted that defense was not sidelined, noting that some teams successfully deployed Tripwire, a data-integrity checker that can pinpoint altered files, and used an intrusion detection system to monitor traffic. Vigna said the winning team's strategy kept the discovery of flaws and the toughening up of systems services in balance.
(go to web site) "PluggedIn: Wireless Networks--Easy Hacker Pickings"
Reuters (08/05/05) ; Sullivan, Andy Wireless networks are highly vulnerable to exploitation, so much so that hackers regularly compete to find open Wi-Fi connections. Mapping out wireless access points, a practice known as wardriving, is very popular, as demonstrated by wardriving contests hosted at the recent Defcon hacker conference. Inexpensive wireless routers let consumers surf the Web from home, while a Wi-Fi signal's radius of several hundred feet allows neighbors to access the Internet as well. Very few wireless hotspot owners avail themselves of encryption, password protection, and computer-specific network access features. Wardrivers say the WEP encryption standard employed by many access points is easy to break, while others blame manufacturers such as Linksys for failing to make security a default setting in their products because they are more interested in ease of use. Mike Wagner with Linksys claims new routers enable computers to securely link with other Linksys devices through the simple push of a button, but admits his company cannot ship its products with the security settings activated because most users will not go to the trouble of changing the default password. Numerous laws criminalize accessing computer networks without authorization, but few have been put to the test in court. Wardrivers claim not to approve of unauthorized network use, insisting that the goal of their activities is to raise awareness of wireless security's vulnerability among consumers and manufacturers in the hope of spurring them to make improvements.
(go to web site) "Enterprise Needs Security From the Edge to the Center"
Enterprise Networks and Servers (07/05) Vol. 11, No. 6, P. 15 ; Moulds, Richard Enterprises can no longer focus the wealth of their security efforts on perimeter security with only soft security measures to cover people, machines, and networks on the inside, according to nCipher marketing vice president Richard Moulds. In fact, the perimeter is disappearing as more enterprises are using mobile devices, wireless networks, portable media storage, and offsite data archives. Moulds suggests a security approach that makes hard security mandatory all the way through the network without differentiation between inside threats and outside threats. Centralized management of network users and their access levels is mandatory for proper network security with each user considered remote despite their geographic location. Moulds believes the best security focuses on building virtual perimeters around individual users and not around networks. Jericho Forum is working on the development of technology to string together existing technologies to accomplish this task, writes Moulds, who also points out that large computer manufacturers are also taking the idea to heart by offering an incorporated trusted platform module technology as a standard feature. Network users under the security of virtual perimeters will undergo intense authentication and deal with encryption technology to ensure all communication is done with other authentic network users, indicates Moulds. Users will be responsible for security, but encryption will reduce the amount of risk in case of error, according to Moulds. Moulds believes eliminating perimeter security methods will mean more secure and less expensive networks for enterprises.
(go to web site) Abstracts Copyright © 2005 Information, Inc. Bethesda, MD |
No comments:
Post a Comment