| |
Visa Waives PCI Assessment for Chip-and-PIN Users Outside the U.S., Tweaks U.S. for Payment Law
Storefront Backtalk (02/10/11) Schuman, Evan
Visa has launched a new security program to promote the global use of EMV technology that waives the annual PCI data security standards revalidation assessment for retailers who push at least three-quarters of their transaction volume through EMV—but the program is only applicable to retailers outside the United States. To participate in Visa's Technology Innovation Program, merchants must equip their terminals for contact or dual contact and contactless interface chip acceptance. "Visa has repeatedly underscored the need for authentication solutions to move to dynamic data technologies such as EMV chip," says Visa's Ellen Richey. She says that "as markets move to chip they become less vulnerable to counterfeit fraud and, ultimately, to mass data compromise attacks." Participating retailers must still have confirmed PCI DSS compliance prior to entering the program, and must adhere to all PCI rules. "All merchants are still required to maintain ongoing PCI DSS compliance," notes a Visa Bulletin.
Pirates Hijack U.S.-Bound Oil Tanker off Oman
Reuters (02/09/11)
A U.S.-bound tanker carrying around $200 million worth of crude oil was hijacked on Wednesday, probably by Somali pirates working off the coast of Oman in the Indian Ocean. The Irene SL was carrying 2 million barrels of oil, or nearly 20 percent of daily U.S. crude imports. According to the ship's manager, there has not been any communication with the vessel so far. The ship's whereabouts are currently unknown. Joe Angelo, managing director of INTERTANKO, an association whose members own most of the world's tanker fleet, said the hijacking of the Irene SL marked "a significant shift in the impact of the piracy crisis in the Indian Ocean." According to Angelo, piracy in the Indian Ocean is "out of control"--a situation that he said has the potential to "severely disrupt oil flows to the U.S. and to the rest of the world."
Copper Prices and Incidences of Copper Theft Rise
New York Times (02/08/11) Williams, Timothy
Near-record prices for copper and other metals have spurred a resurgence in the past several months in the theft of common items that in better economic times might be overlooked — among them copper wiring that is being stripped out of overhead power lines. The thefts have proved difficult to stop for law enforcement agencies and have been a costly nuisance to utilities, which have been forced to spend millions of dollars on repairs and security. "We believe this is a national security issue," says Bryan Jacobs, executive director of the Coalition Against Copper Theft, an advocacy group in Washington that includes power companies. "The only thing keeping it from being an epidemic is that scrap yards are now scrutinizing the material. But theft is still rampant." The price of copper is near an all-time high, which has translated into $4-a-pound prices for scrap copper at salvage yards. The price in 2009 was about $1.25 a pound. "If you watch the price of copper, you notice a correlation between the price and the rate of theft," says Lynne Monaco, security director for Frontier Communications, which has seen an increase in thefts of its power and broadband lines in the 27 states it serves. Utilities have taken their own preventive measures, including offering rewards of as much as $10,000 and painting copper wire to make it less valuable as scrap. The American Electrical Power Company in Ohio has started replacing its copper wire with wire that contains less copper and is also more difficult to cut through. The company has also put up signs letting prospective thieves know that the new brand of wire is not worth stealing. "The new wire has no scrap value, and nobody has been able to cut through it," says Pat Hemlepp, a company spokesman. "But we don't know whether it has been successful in reducing thefts because traditional copper thefts are continuing."
Breaking Up Silos Could Help Banks Thwart Identity Theft
American Banker (02/08/11) Quittner, Jeremy
According to Javelin's 2011 Identity Fraud Survey Report, the cost to consumers for identity theft crimes is going up, while technology is driving down the rate of fraud for banks. For banks that have invested in systems that show all customer relationships at one time, it is easier to block fraud attempts. "While a zero-liability policy is in place at most banks for credit card transactions, only 44 percent of the top 26 banks we surveyed had a zero-liability policy in place for PIN debit purchases," says Javelin's president and founder, James Van Dyke. In 2010, there was a decline in the number of adult victims of identity fraud. There was also a decline in the amount of people affected by identity theft. By dollar volume, identity theft fraud amounted to $37 billion, down from $56 billion. The average fraud amount per victim was $4,607, down from $4,991. "The incidence of identity theft and total loss to customers and time to resolution is all down for Bank of America, for all products, across all silos," says Bob Shiflet, the firm's global fraud prevention executive. Bank of America takes a horizontal approach to cutting fraud, sharing information across the categories of detection, prevention, and recovery. "This allows us to see those things that are attacking the relationship, not just the product or transaction," says Shiflet. "It is an end-to-end process." Many of the top banks are developing their own technology to track crime across product silos, with the average price of such projects falling between $12 million and $20 million over three years. Increasingly, banks and industry observers say, customers are critical partners in fraud prevention, making customer education a critical part of an anti-fraud effort.
Drugs on the Job
Waikato Times (NZ) (02/07/11) Brennan-Tupara, Nicola
Employers in Waikato, New Zealand, have tripled drug testing between 2009 and 2010, according to the New Zealand Drug Detection Agency. The company reports that it performed a total of 2,864 tests last year, up from 934 the previous year. Eight percent of those who took drug tests tested positive. In 2009, 12 percent of workers who tested positive for drug use had methamphetamine in their system compared with 7 percent nationally. In 2010, it was 9 percent, compared with 6.7 percent nationally. Meanwhile, 68 percent of the positive tests were triggered by evidence of cannabis. Although employers are conscious of their workers' privacy, many point out that major industries in the area, such as forestry and trucking, cannot afford to take a chance that their workers might come to work under the influence of drugs.
Iraq Refugees in U.S. Scrutinized for Al Qaeda Terror Links
Associated Press (02/11/11)
During a congressional hearing on Thursday, FBI Director Robert Mueller told lawmakers that security officials are closely watching hundreds of Iraqi refugees living in the U.S. for possible ties to al-Qaida in Iraq. In his remarks, which came in response to a question about domestic terrorism threats, Mueller suggested that authorities were focusing on Iraqi refugees who had been associated with al-Qaida in Iraq in the past. However, Mueller and other officials did not indicate that there was an imminent threat from Iraqi refugees living in the U.S. Meanwhile, a second U.S. official said that authorities were mainly looking at Iraqi refugees who arrived in the U.S. prior to 2007, when security screening for refugees became more stringent. Roughly 700 Iraqi refugees were resettled in the U.S. between 2003 and 2006.
Officials Warn of Domestic Terrorism Threat
Wall Street Journal (NY) (02/10/11) P. A5 Johnson, Keith
Security officials who testified before the U.S. House Homeland Security Committee said that the nation's risk of a terrorist attack is the highest it's been since September 11, 2001. Officials such as Homeland Security Secretary Janet Napolitano said that the heightened threat level is the result of the rise of lone-wolf extremists in the United States who have little or no formal connection to terrorist groups like al-Qaida. Napolitano added that homegrown extremists may be planning small attacks in the United States. Since these extremists -- who can be radicalized by watching jihadist videos, listening to sermons, and reading training manuals on the Internet -- do not have links to terrorist organizations and do not usually travel overseas for training, they can be difficult to detect, security officials say. According to counterterrorism officials, the shooting at Fort Hood, Texas, in November 2009 underscores the risk of attacks committed by those who do not have formal ties to al-Qaida. Although the suspect in that attack, Maj. Nidal Malik Hasan did not have formal connections to Osama bin Laden's terrorist network, he had exchanged emails with Anwar Awlaki, a radical Muslim cleric and a key member of al-Qaida in the Arabian Peninsula, in the months before the shooting. Also testifying at the hearing was National Counterterrorism Center Director Michael Leiter, who said that foiled plots like the alleged attempt to blow up Washington, D.C.'s Metrorail system show that al-Qaida is able to radicalize individuals in the United States to attack targets here. Leiter added that while lone-wolf attacks are not as well-organized as those planned by al-Qaida, terrorist attacks do not have be to sophisticated in order to be deadly.
House to Take Up Patriot Act Again
United Press International (02/10/11)
House Republicans are calling for an extension of a provision in the USA Patriot Act that permits the FBI to eavesdrop on terror suspects. Lawmakers recently failed to gain the two-thirds majority required to pass the bill under fast-track rules. However, the bill will now only need a simple majority to pass. If the bill does pass the House, the provisions, which were set to expire on Feb. 28, will now be in place through December 2011. That said, the extension will still need to pass in the Senate before the provisions expire. If it does, the FBI will retain the authority to conduct roving wiretaps; to access "tangible items" such as library records, medical records, emails; and financial transactions; and to spy on suspects that do not have ties to a specific terrorist group.
Does Egypt Make al-Qaida Irrelevant?
MSNBC (02/09/11) Windrem, Robert
Experts are wondering why Osama bin Laden and his deputy, Ayman al-Zawahiri, have yet to issue any video or audio messages about the ongoing unrest in Egypt. Roger Cressey, a former official with the National Security Council, said he thinks it is "curious" why bin Laden and al-Zawahiri, who is an Egyptian, have not released any statements about the protests. The lack of any statements from bin Laden and al-Zawahiri is seen as being odd because the two have used audio and video messages to speak out about events in the Muslim world for years so that they could continue to be seen as leaders of radical Islam. There have been a number of theories as to why bin Laden and al-Zawahiri have yet to comment on the protests in Egypt, including the fact that the security situation in northeast Pakistan--where the two men are hiding--is deteriorating. Others said that bin Laden and al-Zawahiri are waiting to see what the outcome of the unrest will be. One American official said that the lack of al-Qaida involvement in the protests is good for the U.S., since it sends the message that change can be brought about without going "to Pakistan to carry out a suicide bombing."
U.K. Case Reveals Terror Tactics
Wall Street Journal (02/07/11) MacDonald, Alistair; Bryan-Low, Cassell
The trial of British Airways employee Rajib Karim on terrorism charges has brought to light some of the methods that terrorists use to hide their communications. According to British prosecutors, Karim hid messages to Anwar al-Awlaki--the radical Muslim cleric who leads al-Qaida in the Arabian Peninsula--that were stored on an external hard drive by altering the suffix at the end of the name of certain files. These files could only be accessed with a password, and were created with a program that allowed each file to run as a separate, encrypted virtual hard drive. Even with the password, prosecutors were not able to read the contents of the files because Karim made the text scrambled and unreadable. Prosecutors were eventually able to read the contents of the files after another file was found on the external hard drive that contained instructions for using a formula that could crack the code. Once they cracked the code, prosecutors found that the files contained an additional level of security that involved the use of false names and coded words to hide the contents of the messages. As a result, it took several months for authorities to fully understand the contents of the messages that Karim allegedly hid on the external hard drive.
Oil Firm Hit by Hackers From China, Report Says
Wall Street Journal (02/10/11) Hodge, Nathan; Entous, Adam
McAfee is set to issue a report on Thursday detailing a cyber espionage campaign against five major Western energy companies. The report noted that beginning as early as 2007, hackers used tools to take advantage of vulnerabilities in Microsoft operating systems and remote administration tools to copy and extract information from computers at these companies. The internal documents that were stolen included proprietary information about oil- and gas-field operations and project financing. Bidding documents were also stolen from the targeted companies, who were not named in the report because some of them are McAfee's clients. Although highly-sensitive documents were stolen in the attacks, which McAfee said are ongoing, there is no evidence that any sabotage was committed. According to Dmitri Alperovitch, McAfee's vice president of threat research, the attacks appear to have been committed by hackers based in China, since the data that was stolen was traced back to Internet addresses in Beijing. In addition, the tools that were used in the attack were primarily of Chinese origin. Alperovitch added that it remains unclear whether the attacks were sanctioned by the Chinese government.
Low Security Awareness Found Across IT
Computerworld (02/10/11) Vijayan, Jaikumar
A large number of IT professionals, even those whose jobs include security functions, have low levels of awareness about the key security issues that affect their organizations, according to a recent survey of members of the Oracle Application Users Group. Although 82 percent of the respondents said that they had at least a limited or supporting role in security functions, only 4 percent said that they were completely informed about the security breaches their organizations suffered. In addition, the survey found that about 80 percent of those who worked for an organization that had suffered a security breach in the past year were unable to determine which IT components may have been affected by the breach. The survey also found that IT professionals were less knowledgeable about the costs associated with security breaches. Of those who worked for an organization that had suffered a security breach, 90 percent said they had no idea how much that breach had cost their organization. Over 53 percent said that they did not know how much of their organization's budget was devoted to security. The results of the survey show that there is a lack of communication about issues related to security among different groups of employees within organizations, says Application Security's Thom VanHorn.
Smart Tool Could Spot Dodgy Domains and Block Botnets
New Scientist (02/08/11) Aron, Jacob
International Secure Systems Lab researchers led by Leyla Bilge have developed Exposure, a tool that identifies malicious domains by analyzing traffic in specific parts of the domain name system (DNS). Exposure analyzes DNS traffic to find clues that indicate malicious behavior, such as domains that suddenly appear before disappearing shortly after attacks, or domain names containing lots of numbers and few meaningful words, which are often used to control botnets. Bilge worked with a French Internet service provider to test Exposure, which identified more than 3,000 previously unknown malevolent domains. "I think it's quite a valuable addition to the methods that we already have," says University of Birmingham computer scientist Marco Cova. He says Exposure's learning abilities also are valuable. "Once you describe a system someone can devise methods to bypass it," Cova says. "With a system like this it wouldn't be hard to add a new feature to monitor."
Threat of Mobile Cybercrime on the Increase
Financial Times (02/08/11) Watkins, Mary
Cybercrooks are increasingly going after mobile devices as they look to take advantage of consumer ignorance of potential security risks tied to smartphones and tablet PCs. The volume of malicious software created specifically to attack mobile devices increased 46 percent last year, according to a McAfee report. The report also found that whereas hackers tended to focus on locating breaches in Nokia's Symbian operating platform, Apple's iOS and Google's Android platforms were increasingly targeted as they acquired market share. Security researchers have recently discovered security flaws in some smartphones that operate on Android, which they say hackers could take advantage of to steal personal information or record conversations by installing rogue applications. McAfee's Greg Day notes that although attacks targeting mobile phones are not new, they are steadily increasing.
Nasdaq Stock Exchange Reveals Repeated Security Breaches
Inquirer.net (02/07/11) Latif, Lawrence
U.S. federal investigators have yet to find out the identity of hackers who broke into some systems at the Nasdaq stock exchange in 2010. The Wall Street Journal says Nasdaq's trading platform was not affected, but the FBI is still trying to find the perpetrators and their aim. Investors are also unsure whether all the security vulnerabilities have been patched. Authorities say no actual damage occurred, and that the hackers merely observed things in the network. The London Stock Exchange has also revealed that it has been subject to hacking attacks. Uri Rivner, head of new technologies at RSA Security, suggests that the attacks might have been conducted internally. Nasdaq, the New York Stock Exchange, and other stock exchanges are classed as vital infrastructure to the United States, and any disruptions could severely affect the U.S. economy. Investor confidence would likely be eroded if a stock exchange were to reveal that it was manipulated via computer security vulnerabilities, so exchange operators would likely keep silent about potential breaches. Law enforcement authorities may find it challenging to discern the difference between hackers and investment bankers who manipulate the stock markets through the Internet on a daily basis.
Abstracts Copyright © 2011 Information, Inc. Bethesda, MD |
.jpg)
No comments:
Post a Comment