| |
Security Guard Gets Jail Time for Mall Thefts
Pottstown Mercury (PA) (04/07/10) Phucas, Keith
A former security guard at the Nordstrom's in King of Prussia Plaza in Upper Merion Township, Pa., has been sentenced to nearly two years in jail and ordered to pay nearly $4,000 in restitution for her involvement in a theft ring at the upscale retailer. Authorities say the security guard, Marguerite Willis, and other members of the ring--many of whom were loss prevention specialists at Nordstrom--stole nearly $26,000 worth of merchandise from the retailer two years ago by intercepting customer orders in the King of Prussia Plaza store's mail room. Merchandise was also stolen from Nordstrom stores in New Jersey. After members of the ring stole the merchandise, they returned the items for cash refunds or gift cards, or exchanged them for other merchandise. The six other members of the ring have also been found guilty and have been sentenced or are awaiting sentencing.
Amid Emotional Testimony, Bill Targets Workplace Bullying
Wisconsin State Journal (04/07/10) Hall, Dee J.
The Wisconsin State Assembly Labor Committee heard testimony on Wednesday regarding a bill that would require employers to implement and enforce anti-bullying policies. Under the proposed bill, workers who believe they have been subject to abusive conduct would have the right to sue employers to stop the bullying, seek reinstatement, or to get compensation for lost wages, medical costs, attorneys' fees, emotional distress, and punitive damages. Abusive conduct in the bill is defined as "repeated infliction of verbal abuse, verbal or physical conduct that is threatening, intimidating or humiliating, sabotage or undermining of work performance, or exploitation of a known physical or psychological vulnerability." Critics of the bill say it is too vaguely worded and could therefore invite frivolous litigation. Wisconsin is not the only state discussing anti-bullying legislation. Seventeen other states are also in the process of considering similar bills.
Dutch Sidestep EU Red Tape to Rescue German Ship
Associated Press (04/07/10) Corder, Mike
Dutch naval forces on board the frigate Tromp rescued the German freighter MV Taipan and its crew of 15 from pirates on Monday. However, the captain of the Tromp, Col. Hans Lodder, did not ask for permission to board the MV Taipan from the command of the European Union's anti-piracy task force. Instead, Col. Lodder asked the Dutch government to use force to rescue the ship and its crew. After receiving permission from the Dutch government, Col. Lodder ordered a group of six special forces marines to use the Tromp's Lynx helicopter to board the Taipan. Once the marines landed on board the hijacked German freighter, the pirates surrendered without incident and the captured crew members were freed. The pirates could be sent to Germany or the Netherlands for trial. Although Col. Lodder did not go through the standard European Union process for rescuing a ship from pirates, which can often be lengthy, the rescue operation was legitimate because it avoided a delay in freeing the vessel, said Cmdr. John Harbour, a spokesman for the European Union Naval Force Somalia.
Study Points to Critical Gaps in Hospital Data Security
Healthcare IT News (04/06/10) Millard, Mike
The "2010 HIMSS Analytics Report: Security of Patient Data" reveals critical gaps in hospital data security and indicates that hospitals tend to take a reactive rather than proactive approach. The survey of 250 healthcare professionals shows an increase in healthcare organizations reporting data security breaches from 13 percent in 2008 to 19 percent this year, even as more participants say their organizations are in compliance with the Red Flags Rule, HITECH Act and other regulations. Additionally, the survey reveals that hospitals view data security as specific silos, and more respondents think patient satisfaction is hit hardest by data breaches (38 percent) than finances (15 percent). According to Lisa Gallagher, senior director of privacy and security for the Healthcare Information and Management Systems Society, "We'd still like to see increasing maturity of data security function -- from a checklist compliance approach to an organization-wide risk management approach."
Wikileaks Releases Video Depicting US Forces Killing of Two Reuters Journalists in Iraq
Christian Science Monitor (04/05/10) Murphy, Dan
The Web site Wikileaks, whose mission is to release classified information from the U.S. and other governments, released a video on Monday that appears to show the July 2007 killing of two Iraqi journalists who were working for Reuters in Baghdad. In the wake of the incident, the U.S. said that the journalists, Namir Noor-Eldeen and Saeed Chmagh, and the group of men they were with were shot at by Apache attack helicopters because they were believed to be armed insurgents. The U.S. later revised its account of the events leading up to the incident, saying that the helicopters opened fire on the men because they were being attacked from the ground. However, the video released by Wikileaks seems to dispute that account. In the video, some of the men could be seen carrying what appear to be assault rifles. In addition, a crewmember on one of the helicopters can be heard in the video saying that one of the men was carrying an RPG, though the weapon cannot be seen in the video. But Noor-Eldeen only appeared to be carrying a professional camera slung over his shoulder, while Chmagh was unarmed. At no point in the video do the men open fire on the Apache attack helicopters.
La. Guard General Warns of Terrorism Threats to U.S.
2theAdvocate (Baton Rouge, La.) (04/09/10) Mitchell, David J.
Louisiana Army National Guard Maj. Gen. Hunt Downer Jr. recently warned that there is a risk of another terrorist attack in the U.S., telling members of the Ascension Parish Chamber of Commerce that, "It's just a question of when and where." Following this warning, Downer discussed the importance of business involvement in statewide disaster planning as well as disaster recovery efforts, cheering the creation of a business emergency operation center. He also warned that the most likely time for an attack is actually during a natural disaster when resources are otherwise committed. Downer assists the Louisiana Army National Guard adjutant general, Maj. Gen. Bennett C. Landreneau, in the Governor's Office of Homeland Security and Emergency Preparedness. In his speech, Downer also said that he learned in a recent presentation that the 45,000 people of interest who were caught trying to cross the U.S.-Mexican border last year were non-Mexican nationals. He speculated that many of these individuals may be on U.S. watch lists and are trying to blend in with others crossing the U.S. border.
Qatari Envoy Queried After Smoke Is Detected on Jetliner
Los Angeles Times (04/08/10) Serrano, Richard; Riccardi, Nicholas
A United Airlines flight from Washington, D.C., was escorted to its destination in Denver on Wednesday night by two F-16 fighter jets amid fears that the plane was the target of a terrorist attack. The incident began when a Qatari diplomat later identified as Mohammed Al Madadi tried to smoke a cigarette in the plane's bathroom. Flight attendants smelled the smoke after Al Madadi left the bathroom and asked him what he had been doing. According to a law enforcement official in Washington, Al Madadi sarcastically said that he had been lighting his shoes on fire. Air marshals on board the flight did not find the comment to be funny, and responded by taking Al Madadi into custody until the flight landed. After the flight landed safely in Denver, the plane sat on the runway for nearly an hour before Al Madadi was taken away in handcuffs. The other passengers, meanwhile, were ordered to go to a fire station to be questioned and searched to ensure that they were not accomplices in a bombing plot. No explosives were found. It remains unclear whether Al Madadi will be charged in connection with the incident, since he may have some form of diplomatic immunity.
Nuclear Summit Must Convince Nations of Terror Threat, Experts Say
Global Security Newswire (04/08/2010) Matishak, Martin
President Barack Obama and his Russian counterpart Dmitry Medvedev have officially signed a new nuclear arms reduction deal as part of the president's nonproliferation agenda. The president now turns to the next item on that agenda, a two-day summit where the United States and Russia will be joined by China, Pakistan, India, and nearly 50 other nations to discuss strategies to secure loose nuclear material. The summit is part of President Obama's goal to secure all loose nuclear material, including warheads, highly enriched uranium or plutonium, and nuclear research, within the next four years to avoid it falling into the hands of terrorists. In order to achieve this aim, the president will have to convince summit attendees that cracking down on the illicit trading of nuclear materials needs to be a security priority for all nations. A draft communiqué for the event calls for tougher criminal prosecution of traffickers, better accounting for weapon-grade material, and more international collaboration in resolving smuggling cases. Obama is also expected to encourage participants to sign or ratify existing agreements like the Convention on the Physical Protection of Nuclear Material or implement the Additional Protocol to their safeguards agreement with the U.N. nuclear watchdog, which would grant International Atomic Energy Agency (IAEA) inspectors more extensive access to a nation's nuclear program information and facilities. Convincing nations of the necessity of these agreements may not be an easy task for Obama, experts say. As Charles Ferguson, president of the Federation of American Scientists, points out, Obama's argument "can't just be about nuclear security or securing facilities against possible nuclear attacks or even radiological attacks. It has to address other countries' concerns and you have to say that if you put in place a security culture in your country it has spin-off benefits." Among the benefits that Obama and U.S. officials will be trying to sell are increased border security, which also prevents human trafficking, arms trafficking, and other problems; improved interagency cooperation; and better general governance.
US Needs Financial Data for Terrorism Fight- Official
Reuters (04/07/10) Lambert, Lisa
U.S. Treasury official David Cohen said Wednesday that the U.S. was ready to negotiate with the European Union to reach an agreement on the use of data on international funds transfers. The European Parliament in February rejected an interim agreement that would have given the U.S. access to the data, saying that the data could have been mined, which in turn would have violated citizens' right to privacy. The rejection of that agreement has put the continued operation of the Terrorist Finance Tracking Program in doubt, Cohen said. He noted that the continued use of the program is essential because it will provide the U.S. and other countries with actionable intelligence to go after terrorist groups. Cohen also said that a French judge reviewed the program and found that it included safeguards that would protect personal data.
Threats of Violence Overblown, IRS Says
Washington Times (04/06/10) Weber, Joseph
IRS Commissioner Douglas Shulman said Monday that there has not been an increase in threats of violence against IRS employees as the result of rising anti-government sentiment and the passage of President Obama's health care reform bill, despite reports in the media to the contrary. Fears about increased threats against IRS employees have been on the rise since a Texas man flew his small plane into the side of an IRS building in Austin in February, killing an agency worker. Speaking in a luncheon address at the National Press Club, Shulman said that while there has not been an increase in threats against IRS employees, there has been increased anti-government talk on the Internet, much of which involves the issue of taxes. Although there has not been an increase in threats against IRS employees, the agency is taking steps to protect its workers, including providing armed escorts for agents in potentially violent situations, and providing "awareness training" to help employees identify potential dangers. However, not everyone is convinced that risks to IRS employees have not grown. Among them is J. Russell George, the Treasury Department's inspector general for tax administration, who said that the difficult economic conditions and increased enforcement of tax laws could increase the risk of attacks against IRS employees.
After Google-China Dust-Up, Cyberwar Emerges as a Threat
Computerworld (04/07/10) Vijayan, Jaikumar
Recent cyberattacks originating in China against Google and other tech firms highlight concerns about adversaries' ability to launch a full-fledged cyberwar against the United States. Many see the hacks as an indication that the United States is already engaged in an undeclared cyberwar—and losing. Such worries are spurring action in the form of a pair of cybersecurity bills, one of which would link U.S. financial aid to a nation's willingness to combat cybercrime, while the other would bolster domestic cybersecurity and mandate that the president work with private industry on responding to a cyber crisis. Meanwhile, the U.S. State Department is mulling the establishment of a cybersecurity ambassador for the United Nations—a key issue, as no settled definition of cyberwar exists and various countries are already trying to determine the implications, declaration protocols, and counter-strategies of a cyberwar. Amit Yoran, former director of the Department of Homeland Security's National Cyber Security Division, says there increasingly appears to be a point of connection between perpetrators of cybertheft and cyberespionage—botnets, servers, and malware tools. "Where traditionally a [state-run] intelligence service would execute their own operations, now they have ties with organized crime," he notes. The fluctuating nature of such connections calls for greater collaboration between the intelligence community, the U.S. Secret Service, the Federal Bureau of Investigation, and other law enforcement agencies in order to form an effective strategic response, according to security analysts. Former de facto federal CIO Karen Evans cites the need for the government to concentrate on continuous monitoring and situational awareness through the creation of an early warning system that could detect cyberattacks.
1-in-10 Windows PCs Still Vulnerable to Conficker Worm
Computerworld (04/07/10) Keizer, Gregg
Ten percent of Windows machines have still not been patched to protect against the Conficker worm, which some experts once feared would bring down the Internet, according to a recent Qualys study. Qualys CTO Wolfgang Kandek says the percentage remains high because Windows users have not been in a hurry to install the patch Microsoft issued for the vulnerability in October 2008, despite the fact that the fix was issued as part of an emergency update. Meanwhile, efforts to eradicate Conficker are continuing. The U.S. Department of Homeland Security, for example, recently formed the Conficker Working Group to prepare a report on the global effort to prevent more machines from becoming infected with the Conficker worm. The group also tried to prevent Conficker from expanding by blocking the worm from updating its botnet. Although the effort has taught experts a great deal about how Conficker works, they have not had much luck in defeating the worm, says working group member Rodney Joffe.
Researchers Trace Data Theft to Intruders in China
New York Times (04/06/10) P. A1; Markoff, John; Barboza, David; Bajaj, Vikas
Over the past eight months a team of U.S. and Canadian researchers have spied on a gang of intruders that stole sensitive information from the Indian Defense Ministry and traced them to China. The researchers say it is possible that the spying was sanctioned by the Chinese government, given the spy ring's sophistication and its targets. A report from the researchers indicates that the ring extensively employed Internet services such as Twitter, Yahoo Mail, and Google Groups to automate the control of computers once they had been commandeered. The investigators gained access to the control servers used by the gang to monitor the theft of a broad spectrum of material, and traced the attacks to intruders that appeared to be based in Chengdu by studying a series of email addresses. Chengdu is the site of a technical reconnaissance bureau run by the People's Liberation Army. Among the stolen material were documents related to the travel of NATO forces in Afghanistan, which demonstrated that many nations can be put at risk of exposure by a single computer security hole. "An important question to be entertained is whether the [People's Republic of China (PRC)] will take action to shut the Shadow Network down," the report says. "Doing so will help to address longstanding concerns that malware ecosystems are actively cultivated, or at the very least tolerated, by governments like the PRC who stand to benefit from their exploits though the black and gray markets for information and data."
Cyberattack Looming, Federal IT Pros Believe
InformationWeek (04/06/10) Montalbano, Elizabeth
A recent survey of federal information technology (IT) professionals by the security vendor Lumension has found that 61 percent believe that there is a high probability that a foreign nation will launch a cyberattack against critical U.S. IT infrastructure sometime within the next year. In addition, the survey finds that 42 percent of federal IT pros believe that the government's ability to prevent or deal with such an attack is fair or poor. One reason why respondents say the government would likely find it difficult to prepare or respond to a major cyberattack is the complexities involved in integrating the various technologies that are found in networks. IT pros who took part in the survey also express concern about the difficulties involved in ensuring that the needs of IT departments and the objectives created by executives match up. Federal regulations, including the Trusted Internet Connection and the Federal Information Security Management Act, also have not done enough to protect federal networks, respondents say. They note that there are a number of reasons why they are having a difficult time complying with such regulations, including a lack of skilled personnel and other resources and the increased time and paperwork involved in compliance. However, respondents believe that compliance has made federal networks more secure than they were a year ago. Nearly 40 percent of respondents also say that compliance has allowed them to obtain more funding and personnel for their departments, while 32 percent say that compliance has made it possible for them to make additional purchases of technologies.
Why Rockefeller-Snowe's Regulations Won't Prepare the US for Cyberwar
Forbes (04/05/10) Stiennon, Richard
The cybersecurity bill that has been proposed by Sens. Jay Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine) will do little if anything to help the nation prepare for a cyberattack, writes Richard Stiennon, the founder and chief research analyst at IT-Harvest. The bill includes a number of provisions that aim to improve cybersecurity, including one that calls for the creation of a national cybersecurity adviser to coordinate the government's cybersecurity efforts and to work with the private sector on cybersecurity issues. The bill calls for the person appointed to this position to be confirmed by the Senate and to report directly to the president. However, Stiennon noted that this provision of the bill would do nothing to improve cybersecurity because the position of national cybersecurity adviser already exists. He added that requiring the Senate to confirm a nominee for this position would not do anything to improve cybersecurity either, and would only serve to politicize the issue. Other provisions of the bill, including ones that would create a cybersecurity public awareness campaign and one that would encourage businesses to adopt cybersecurity best practices, would also do little if anything to improve cybersecurity, Stiennon wrote. Stiennon called on the government to take different steps to improve cybersecurity, including issuing a presidential order that establishes responsibility for cybersecurity and creates consequences for those who fail to prevent cybersecurity breaches.
Abstracts Copyright © 2010 Information, Inc. Bethesda, MD |
No comments:
Post a Comment