| Murder Bares Worker Anger Over China Industrial Reform Wall Street Journal (07/31/09) Canaves, Sky; Areddy, James T. Chen Guojun, an executive for the Jianlong Group, was murdered by a group of workers protesting the takeover of government-owned Tonghua Iron and Steel by Chen's company. The workers, worried about losing their jobs in the course of the takeover, staged a protest at a factory. During the protest, some workers found Chen and beat him severely. They then blocked streets and hurled bricks, preventing paramedics from reaching Chen. By the time local government officials announced that the takeover of the company had been abandoned and protesters relented, Chen was dead. As police search for Chen's killers, the event has sparked a debate in China over how workers of companies should be treated if ownership changes hands. Some have argued that there needs to be more focus on the benefits to the workers in such an ownership shift. These considerations are particularly important as China continues to attempt to consolidate its steel industry, the largest in the world. The industry in China is fragmented among as many as 800 producers. Shanghai Baosteel Group, long China's biggest producer, accounted for less than 5% of the roughly 500 million metric tons of steel China produced in 2009. By contrast, South Korea's Pohang Iron & Steel Co., or Posco, accounted for just over 60% of that country's steel production during the same time period.
Tech Gadgets Help Corporate Spying Surge in Tough Times USA Today (07/29/09) Acohido, Byron Corporate espionage has become increasingly more prevalent as companies have taken to storing massive amounts of data, and many are not careful about who has access to that data. As the economy has fallen, layoffs have also increased the opportunity for insiders to leave the company with sensitive information. Employees worried about job security face rising temptations to seek out and hoard proprietary data that could help boost their job performance, or at least make them more marketable should they get laid off, says Adam Bosnian, vice president at Cyber-Ark Software, another identity management systems supplier. Of the 400 information technology pros who participated in a recent Cyber-Ark survey, 74% said they knew how to circumvent security to access sensitive data, and 35% admitted doing so without permission. Among the most commonly targeted items: customer databases, e-mail controls and CEO passwords. Mobile device and social networking sites have also made the covert transfer of this data much easier. For companies who are not careful about handling passwords, the risk in even greater. Security experts warn that companies should ensure they educate employees about how to be cautious about password protection. Unfortunately, even these precautions cannot protect from more advanced forms of spy equipment that can be easily placed by janitors or other support staff. For example, one such device looks like an ordinary USB cable, but also picks up audio information that can be transmitted to a receiver up to 160 feet away. Aite Report Says There Is No Easy Cure for Threats to Card Security Credit Union Times (07/29/09) Rapport, Marc It could cost $100 billion to fix card security in the United States, according to a new Aite Group report, "Card Data Security: In Search of a Technology Solution." Aite surveyed 29 individuals, most of whom are responsible for risk management at issuing banks or payment processors, and respondents cited a migration from magnetic-stripe cards to smartcards as the most viable cure for card security threats. However, Aite says that a decision to standardize smartcard usage is five to seven years off, and analyst Nick Holland cautions that "the deeply entrenched magnetic-stripe infrastructure in the United States, and the cost and effort involved in transitioning stakeholders to chip and PIN infrastructure" may make such a development unlikely. Furthermore, a move to a smartcard architecture would only address the threat of counterfeit card fraud, leaving the threats of card-not-present fraud and malware unresolved. Holland says that technological advances will enable the most positive changes to the data security environment, while the biggest risks to card security are social engineering attacks and external physical assaults. Sixty-two percent of poll respondents identified merchants as the group most vulnerable to security breaches, followed by acquirers. Although some security tactics may be very successful, Aite notes that their high cost could hinder implementation, and smartcard architecture is the priciest solution. Survey respondents said PCI security could be improved by including payment processors in the standards development process and card networks in the enforcement of PCI compliance, as well as performing more frequent PCI audits. Pirate Bay Unfazed by New Threats BBC News (07/29/09) Peter Sundae, the co-founder of popular file-sharing Web site, Pirate Bay, says that he is not concerned about the lawsuit filed against him by 13 Hollywood production companies as part of their attempt to shut down the site. In April the site's founders were found guilty of breaking copyright law and were sentenced to a year in jail and ordered to pay $4.5 million in damages. However, the site remains operational. The lawsuit has been brought by Columbia Pictures, Disney Enterprises, Universal Studios and 10 other firms, many of which were due to receive damages form the April settlement. The Pirate Bay was set up in 2003 by anti-copyright organization Piratbyran, but for the last five years it has been run by individuals. Following the initial lawsuit, the site was purchased by Global Gaming Factory. Under the new management, copyrighted material continues to reside on users computers rather than on Pirate Bay servers, but a "give and take" system has been instituted that pays users for sharing their resources. 'Smart Grid' Raises Security Concerns Washington Post (07/28/09) P. A12; Krebs, Brian The U.S. Energy Department is requiring electric utilities competing for $3.9 billion in new federal "smart grid" grants to show that they are taking measures to prevent cyberattacks as they move to link nearly all elements of the U.S. power grid to the public Internet. Security experts have expressed concern that many existing smart-grid efforts do not have sufficient built-in protections against computer hacking, including new "smart meters" that provide real-time feedback on power consumption patterns and levels by putting information about consumers' power use onto the Internet, grid-management software, and other equipment. The Edison Foundation's Institute for Electric Efficiency says more than 50 million smart meters could be installed over the next five years. However, these devices often are the weakest link in the smart-grid chain, due to their two-way communication that opens up the possibility that the grid could be attacked from the outside. Many of these systems require little authentication to carry out key functions, such as disconnecting customers from the power grid. The Energy Department says it can reject any smart-grid grant application that does not demonstrate that ensuring cybersecurity will be a top priority. 7 Arrested in North Carolina on Terrorism Charges Los Angeles Times (07/28/09) Meyer, Josh Seven men were arrested by federal authorities in North Carolina on Monday and charged with training to participate in an Islamic holy war against U.S. allies. According to a seven-count indictment filed in federal court on Monday, the men attempted to provide material support to terrorists and to kill, kidnap, maim and injure people in attacks overseas. The indictment noted that the plot began in March 2006, when one of the suspects, 39-year-old Daniel Patrick Boyd, traveled to Gaza and attempted to go further into the Palestinian territories with one of his two sons, both of whom are also believed to be part of the conspiracy. Authorities also believe that the elder Boyd trained in terrorist camps in Pakistan and Afghanistan. The indictment goes on to say that Boyd and his son Zakariya traveled to Israel in 2007 with two of the other suspects to wage holy war, though they returned to the U.S. without accomplishing their goal. Also charged in the indictment is Ziyad Yaghi and Hysen Sherifi, who allegedly traveled to Jordan and Kosovo, respectively, in order to participate in a jihad. The indictment also says Sherifi, a permanent U.S. resident, returned to North Carolina from Kosovo to raise support for Islamic militants. None of the men ever committed any violent acts, and none were planning attacks on U.S. soil, authorities say. Nevertheless, the seven men could face life in prison if they are convicted on the charges. US Drones to Target Taliban in Afghan War: Report AFP Business News (07/31/09) The U.S. military plans to use more unmanned drones to attack Taliban militants, shifting its focus away from tracking al-Qaeda leaders. Eight drones that have been devoted to tracking Al-Qaeda in remote Afghan mountains will reportedly be transferred to the fight against Taliban insurgents. The U.S. Central Command also plans to send about 12 more drones to the Afghan front, including some aircraft that have been assigned to Iraq -- a move resisted by U.S. commanders there. Although President Obama has declared defeating al-Qaeda is the top priority of the Afghan war, officials believe they must first establish stability in Afghanistan in order to provide the terrorist organization with less opportunities to exploit political and economic unrest there. The drones are considered invaluable resources by the army as they can monitor targets for hours. There has been some debate as how to best use the drones, but the new commander of U.S. and NATO forces in Afghanistan, General Stanley McChrystal, has ordered an elaborate review of how the mission uses surveillance aircraft. McChrystal reportedly supports using the drones in a more concentrated way instead of spreading the aircraft across the country. By doing so, he hopes to allow each regional command to have use of the drones for a designated period each day. Obama Participates in Terror Preparedness Test CBS News (07/30/09) Knoller, Mark President Obama and other high-level government officials--including members of the National Security and Homeland Security Councils--on Thursday took part in "National Level Exercise 2009," a week-long program that is designed to test strategies for preventing a terrorist attack on the United States. During Thursday's session, Obama and other officials had to respond to a fictitious terrorist attack overseas and prevent terrorists from entering the U.S. and carrying out additional attacks. State and local authorities, as well as officials from the U.K., Canada, Australia, and Mexico, also took part in the exercise. According to the Federal Emergency Management Agency, the terrorism prevention efforts used in Thursday's exercise will be allowed to proceed to a logical conclusion, regardless of whether they are successful or not. The government will then be evaluated on intelligence sharing, counter-terrorism, border security, public notification, and international coordination. Indonesia Hotel Bombings: Manchester United Football Team 'Was Target' Telegraph.co.uk (07/30/09) Malkin, Bonnie Indonesian police are investigating an Internet message about the bombings of the Marriott and Ritz-Carlton hotels in Jakarta on July 17. The message, which was purportedly written by Mohammed Noordin Top, one of the prime suspects in the bombing, says that the British soccer team Manchester United was the target of the attacks. According to the message, the attack was intended to be a warning to Indonesians "against the arrival of the soccer club Manchester United," whose players are referred to as "enemies of Allah" because they are Christians. The Manchester United had been scheduled to stay at the Ritz-Carlton hotel. The authenticity of the message has not been independently verified, though a terrorism expert says it may be authentic because the language used resembles the language used in previous claims by Muslim extremist groups. Nigeria Confirms Death of Islamic Sect's Leader New York Times (07/30/09) Nossiter, Adam Nigerian security forces on Thursday confirmed the death of Mohammed Yusuf, the leader of the fundamentalist Islamic sect that has blamed for attacking police stations and for preparing to launch a religious war in the African nation. A spokesman for Nigeria's military refused to say exactly how Yusuf was killed, though there were reports that the Boko Haram leader had been killed after he was captured. News of Yusuf's death came one day after the Nigerian military launched an assault that destroyed Boko Haram's compound in the city of Maiduguri. Yusuf's death also ended a five-day campaign against Boko Haram that left hundreds of people dead and drove thousands of others from their homes. The Nigerian military has said that members of Boko Haram have largely withdrawn to the outskirts of Maiduguri, though pockets of fundamentalists remain in the city. The Nigerian military's effort to drive members of Boko Haram from Maiduguri has been criticized by human rights activists, who said it was too excessive. However, the Nigerian military says the operation was not heavy handed, and that the loss of life was kept to a minimum. UK Pentagon Hacker Loses Appeal, Will be Sent to U.S. CNN International (07/31/09) Britain's High Court ruled Friday that Gary McKinnon, who is accused of carrying out a major hack of U.S. government and military computers, will be tried in the U.S. rather than the U.K. The court's decision came after it turned down McKinnon's request to review a decision by the director of public prosecutions not to pursue legal action in the U.K. The ruling clears the way for McKinnon to be extradited to the U.S, where he faces seven charges of computer fraud and related activity for breaking into 97 computers at the Pentagon, NASA, and the Earle Naval Weapons Station in New Jersey, among others, from his home computer beginning in March 2001. McKinnon has acknowledged accessing the computer systems without authorization, but said he did so in an effort to find out whether the U.S. government was covering up the existence of UFOs. But Alison Saunders of the Crown Prosecution Service said that the hack was "a deliberate effort to breach U.S. defense systems at a critical time which caused well-documented damage." However, prosecutors do not believe that McKinnon was connected to any terrorist organization. If McKinnon is convicted on the charges against him, he would face a maximum of 10 years in prison on each count and a fine of $250,000. Experts Find iPhone Text-Message Security Flaw San Francisco Chronicle (07/31/09) P. C1; Kim, Ryan There is a vulnerability in Apple's iPhone that hackers could take advantage of to take control of the device, cybersecurity researchers Charlie Miller and Collin Mulliner said Thursday at the Black Hat cybersecurity conference in Las Vegas. According to Miller and Mulliner, the vulnerability is a lack of safeguards that prevents code in text messages from embedding an executable file into the iPhone's memory. The two researchers noted that attackers can take advantage of this lack of safeguards by sending out a series of mostly invisible SMS bursts. The attackers can then take control over the device's phone, text messaging, Web browsing, microphone, and camera features. Windows Mobile devices also contain a similar vulnerability. Although Miller and Mulliner told Apple about the vulnerability a month ago, the company still has not released a patch. However, it is very unlikely that iPhone users will be attacked, since the attack uses no less than 512 text messages, according to MyMobiSafe founder Eric Everson. In addition, the attack will not be effective if any of the messages are deleted before the attack is finished, Everson said. File Sharing Leaks Sensitive Federal Data, Lawmakers Are Told Washington Post (07/30/09) P. A6; Krebs, Brian; Nakashima, Ellen Rep. Edolphus Towns (D-N.Y.), the chairman of the House Oversight and Government Reform Committee, said Wednesday that he plans to introduce legislation that would ban peer-to-peer file sharing software from all government computers and networks, as well as the computers and networks used by government contractors. Towns announced his plans after his panel heard testimony from Tiversa CEO Robert Boback, who said that his company was able to find sensitive government and personal information while recently searching through music- and file-sharing networks on the Internet. Boback noted that these searches yielded FBI surveillance photos of an alleged Mafia hit man, as well as motorcade routes and safe-house locations for Laura Bush, who was first lady at the time the searches were performed. In addition, Tiversa discovered a list that contained the names and Social Security numbers of people infected with HIV, as well as medical records with full psychological assessments of patients with mental illnesses. Patient Privacy Rights founder Deborah Peel said that these records contained enough information for someone to commit identity theft. Also testifying at the hearing was Mark Gorton, chairman of Lime Group, which makes the peer-to-peer software LimeWire. Gorton said the government would likely find it difficult to regulate peer-to-peer software, since there are hundreds of companies that make such applications, most of which are not based in the United States. Use of Tracking Cookies on Government Sites Sparks Privacy Concern Computerworld (07/28/09) Vijayan, Jaikumar The U.S. Office of Management and Budget (OMB) has proposed changing the way tracking cookies are used on federal Web sites. Under OMB's plan, federal agencies could use single-session and multi-session cookies, including persistent cookies, so long as they comply with the security and privacy standards dealing with the collection and use of tracking information. Agencies and the public will have until Aug. 10 to comment on the proposal, which officials say will make government Web sites more user-friendly and will enable the federal government to provide better customer service and perform better Web analytics. Some privacy advocates say that any attempt to weaken an existing policy that forbids government sites from tracking visitor activity without the approval of the agency head is a mistake. They also say that users should have a reasonable expectation of privacy when visiting a government site. Others have said the government needs to spell out what it will do with the data it collects from the cookies, as well as why the information is useful. Researchers Try to Stalk Botnets Used by Hackers New York Times (07/27/09) Markoff, John To track the spread of botnets, Sandia National Laboratories computer security specialists Rob Minnich and Don Rudish have converted a Dell Thunderbird supercomputer to simulate a mini-Internet of one million computers. The researchers hope to be able to infect their test network with a botnet in October and watch and collect data on how it spreads. One of the project's key challenges will be tricking the botnet into thinking it is operating on the real Internet. The Sandia computer, called MegaTux, is an example of a new kind of computational science in which computers are used to simulate scientific instruments. "One of the advantages of such a system is that we can stop the simulation at any point and look for patterns," Rudish says. The researchers say no one has previously tried to program a computer to simulate more than tens of thousands of operating systems. In addition to simulating the Internet, Sandia's Keith Vanderveen says the research will be valuable for exploring the design of future supercomputers that could have millions, instead of thousands, of processors, and could be invaluable for researchers looking to design new, more secure protocols for the Internet. "We will have a test bed where we will be able to try things out at Internet scale," Vanderveen says. Abstracts Copyright © 2009 Information, Inc. Bethesda, MD |