| |
19 Years and £1 Million Later, a Past Catches Up
New York Times (02/15/12) Sulzberger, A.G.
A man who allegedly stole £1 million from an armored car in England in 1993 was arrested last week after hiding in plain sight in the U.S. for nearly 20 years. The suspect, 56-year-old Edward Maher, was working as an armored car driver for Securicor in the early 1990s when one day he allegedly disappeared with the vehicle he was driving. The armored car was being used to carry £1 million in bills and coins, though the money had been emptied from the vehicle by the time it was found. The money was never recovered. Maher and his family subsequently escaped to the U.S., moving from state to state before finally ending up in rural Ozark, Mo., about five years ago. Maher had changed his name to Michael King and was working as a broadband technician for the cable company Suddenlink. His wife, whose real name was Deborah Brett but went by either Sarah or Barbara, cleaned apartments to make extra money. Their lives came crashing down when their son Lee told his new wife, Jessica King, about his father's past. King subsequently turned Maher in, despite his threats to kill her. Maher and his family initially planned to go on the run again, though Maher eventually changed his mind and decided not to resist arrest. He is being held on charges of possessing firearms as an illegal immigrant and could be extradited back to England.
Violence Against Shippers New Norm Off West Africa
Associated Press (02/14/12)
The waters off the West Coast of Africa are now seen as being just as dangerous as the waters off the coast of Somalia. Several recent attacks on ships plying the waters off the coast of West Africa have underscored just how dangerous the region has become. On Feb. 13, a captain and a chief engineer on board a ship located roughly 126 miles off the Nigerian coast were killed by pirates who tried to hijack the vessel. Most of the ship's crew had locked themselves in a secure room as pirates opened fire. Just two days before, a cargo ship was attacked by pirates roughly 80 miles off the Nigerian coast. Another ship was attacked off the coast of the African nation of Benin on Feb. 9. Analysts believe that many of the pirates that are carrying out the attacks in the waters off of the West African coast are coming from Nigeria, where crime is thriving thanks to the country's corrupt law enforcement. However, some analysts say that it remains unclear whether the Feb. 13 attack was an unusual occurrence are part of a growing trend of violence.
Google Defends Google Wallet After Security Scare
TechWeekEurope UK (02/13/12) Boulton, Clint
Google representatives have defended the company's Google Wallet service, saying it is more secure than using credit cards to pay for transactions. The service consists of a mobile smartphone app that uses near-field communication to transmit payment to equipped registers at 20 retailers and restaurants, thus far. The app is protected by a PIN code and the phone's lock screen. Despite Google's support, two separate security researchers were recently able to crack the app's PIN code. In the first attack, security provider Zvelo was able to break the code using a brute-force attack. Zvelo recommends that Wallet-bearing smartphones be rooted by the user or someone who has physical access to the device to divine the PIN code. Google "strongly discourages" users from disabling their PIN code to gain root access to their phones because the product is not supported on rooted phones. In the other attack, the SmartphoneChamp blog showed how a user could fine a lost Wallet-enabled smartphone not protected by a screen lock and clear the data associated with Wallet from the phone's memory. The user is then asked for a new PIN the next time the app is launched, and the user creates a PIN and associates a Google PrePaid card to the app to access all previously available funds. To fix this problem, Google says it plans to disable provisioning of prepaid cards until it can come up with a permanent solution. Despite these concerns, experts say the Wallet app is just one of the NFC-based payment systems that will boom in the next five years.
Security Culture Begins at the Top
CSO Online (Australia) (02/02/12) Chung, Wayne
The foundation of a successful security program is a healthy security culture, one that starts at the top of the organization in the C-suite and trickles down to all levels. Unfortunately, security management initiatives tend to focus heavily on security requirements and controls and neglect to consider the role people play. A weak security culture, training, and attitude can easily undermine any of these controls and open up the organization's security to attack. Executives play a key role in influencing employees to pay more attention to awareness training; if employees do not see executives making statements and demonstrating the importance of security, they are not likely to treat it as a priority either. Here are several ways a C-suite executive can demonstrate to employees that security should be a consideration in their daily operations: A message during their security awareness training; a brief overview in the employee welcome packet; a clearly-posted policy message to go with other posted organizational policies, such as safety or equal opportunity policies; and including their name or job title as an impetus for security measures to show that it is an important project. This last suggestion is founded on the belief that organizational culture is established at the top, and that workers at the bottom level of the organization will only prioritize certain behaviors if they are accepted and practiced by executive leaders as core organizational tenets. This expectation follows for senior and middle managers as well as team leaders and supervisors -- everyone should be on board with the same security practices and processes.
10 Tips for Offsite Meeting Security
CSO Online (02/01/12) Goodchild, Joan
Security departments need to be on their game when their organization hosts an offsite event, whether it is a small meeting or a large industry conference, says William Besse, vice president of consulting and investigations with security firm Andrews International. "Security can either build a reputation as a contributor or enabler of these events, or as a department that wants to make it look bad and is an obstacle to making it happen," he adds. Security should get involved as early as choosing a venue, and should meet with hotel management to get a better understanding of their rules and regulations as well as how they can help secure the event. Once the organization has agreed on a site, security should get to know the building inside and out, and will need to determine where to set up a security center and whether it will need to augment security offered by the venue. Security should have a plan for handling a medical emergency, and should visit local hospital emergency facilities before the event to determine their capabilities. An organization might present proprietary products or information at the offsite event, and security must come up with a plan to make sure it is protected. Security also must have a strong access-control strategy, make sure attendee credentials are visible and clear, determine whether signage is necessary, and scope out possible hiding spots for recording devices. Moreover, security may need to vet the venue staff, decide on vehicle access, and consider a parking plan.
Fearing Infiltration, Afghan Army Gives Soldiers With Ties to Pakistan an Ultimatum
Washington Post (02/17/12) Sieff, Kevin
Officials in Afghanistan are considering broadening an effort aimed at eliminating Taliban infiltrators from the country's army. In some areas of Afghanistan, officials have started telling soldiers with families in Pakistan that they have to leave the army if they are not able to get their relatives to move to Afghanistan. The Afghan Defense Ministry has not given its final approval to the policy, and officials are still trying to decide whether the rule should be rolled out across the country. The policy was implemented following a number of attacks on NATO or Afghan troops by Afghan soldiers who were covert Taliban agents. Many of the Afghan soldiers who have carried out these attacks have been found to have had ties to insurgents in Pakistan. Higher ranking Afghan military officials have also been targeted by Taliban infiltrators. For instance, the Afghan army's top commander in the southern part of the country found a bomb underneath his desk several months ago, and a man in Afghan army uniform attempted to kill Afghanistan's defense minister by opening fire inside the Defense Ministry complex last spring. Expanding the policy could inflame ethnic tensions in Afghanistan, since the rule would mostly effect the Pashtun ethnic group, whose members have long felt that the country's government has favored Afghans of other ethnicities. The policy could also complicate the relationship between Afghanistan and Pakistan. Kabul has been trying to enlist Islamabad's help in ending the Afghan War.
Tensions With Iran Raise US Safety Concerns
Associated Press (02/17/12)
The government has raised concerns that Iran could orchestrate a terrorist attack on U.S. soil. However, intelligence officials say there has been no specific or credible threat, and that it is unlikely that Iran would attack. Despite these assurances, some law enforcement officials in Los Angeles and New York City have said that they are on the lookout for potential Iranian operatives as global tensions heighten over Iran's nuclear program and the U.S.-led sanctions designed to discourage it. "The attacks overseas raises everybody's anxiety level a little bit," said Deputy Chief Michael Downing, commander of the Los Angeles Police Department's (LAPD) counterterrorism and special operations bureau. In recent weeks, Iran has been blamed for bombings in India, the former Soviet republic of Georgia and Thailand. The LAPD has also increased outreach to both Iranian and Jewish communities to discourage paranoia or aggression. Iran has accused Israel of killing several of its nuclear scientists, and Israel has threatened to openly attack Iranian nuclear targets.
Iran Threatens to Cut Some Oil Exports to Europe, Touts Nuclear Advances
Washington Post (02/16/12) Erdbrink, Thomas; Warrick, Joby
Iranian President Mahmoud Ahmadinejad appeared on Iranian television on Wednesday to boast about the purported progress his country has made in its nuclear energy program. For instance, Ahmadinejad claimed that Iran had begun inserting fuel rods into a nuclear reactor that is used create medical isotopes. In a separate statement on Iran's state-run TV network, it was announced that scientists have begun using new centrifuges at the uranium-enrichment facility in Natanz. Similar claims have been made in the past by Iranian officials. U.S. officials have downplayed the announcements, saying that the advances do nothing to improve Iran's ability to develop nuclear weapons. Iran has denied that its nuclear energy program is aimed at making such weapons. Meanwhile, Iran also threatened to cut off the oil it supplies to half a dozen European countries as part of an effort to retaliate against a European embargo of Iranian oil that is scheduled to begin in July. However, Iran's Oil Ministry seemed to back away from the threats to cut off oil to the six European nations just a few hours later. At the same time, Iranian officials also appeared to be open to discuss the future of Tehran's nuclear program with world leaders. In a letter to European officials, Iran's senior nuclear negotiator to the E.U. said such talks were the best way to improve cooperation and end the crisis over Tehran's alleged effort to develop nuclear weapons.
Botched Thai Bombing Plot Ratchets Up Pressure on Iran
Wall Street Journal (02/15/12) Hookway, James
Five people were injured in three explosions in a busy neighborhood of Bangkok, Thailand, on Tuesday. The first explosion took place in an apartment that was being leased by three foreigners, at least two of whom had Iranian passports. The men then ran out of the building after the explosion and tried to hail a taxi, but the driver refused to let him in the cab. That prompted one of the men to throw an improvised explosive device at the vehicle. A number of witnesses then chased the suspect up a busy street. When the man encountered a police patrol, he tried to throw another bomb but the device dropped next to him and blew off his legs. One of the Iranians who fled the explosion at the apartment was later captured at an airport as he prepared to board a flight for Malaysia. Another suspect remains at large. A subsequent search of the suspects' home revealed the presence of at least two unexploded bombs. The explosions were apparently part of a botched bomb plot that is believed to have involved Iran. Tehran has not commented on the Bangkok explosions.
Thais Find Possible Bomb Link in Thai, India Attacks
Reuters (Africa) (02/15/12) Hariraksapitak, Pracha
Authorities in Thailand say that they have found a connection between yesterday's explosions in Bangkok and the attack on a staff member at the Israeli Embassy in New Delhi on Monday. According to a high-ranking Thai security official, one of the suspects in Tuesday's explosions was found to be in possession of the same kind of magnets that were used in the New Delhi attack. In that attack, an assailant on a motorcycle attached an explosive device to the back side of a car that an Israeli Embassy staff member, who is also the wife of an Israeli diplomat, was traveling in. The woman was injured in the attack. Both that attack and the explosions in Bangkok have been blamed on Iran. However, Tehran has denied any involvement in either the Bangkok explosions or the attack in New Delhi, as well as a similar attack that took place in the former Soviet republic of Georgia on Monday. Back in Thailand, authorities there would not say whether the explosions that shook Bangkok were related to last month's arrest of a Lebanese man in the city who is believed to have ties to the Lebanese militant group Hezbollah.
Adobe Confirms New Zero-Day Flash Bug
Computerworld (02/16/12) Keizer, Gregg
Adobe has patched several important flaws in Flash Player, including a cross-site scripting (XSS) flaw in Internet Explorer's Flash Player plug-in, a vulnerability Google researchers say hackers are exploiting in active targeted attacks. The Adobe security advisory accompanying the Flash update says that the patch fixes an XSS flaw that could be used to carry out functions on the user's behalf online, if the user visits a compromised Web site. This attack is only used against IE. The other six weaknesses that Adobe rated as critical were memory corruption flaws or security bypass bugs that "could cause a crash and potentially allow an attacker to take control of the affected system." Adobe fixed the vulnerabilities by updating Flash Player 11 and Flash Player 10 on Windows, MAC OS X, Linux, Solaris, and Android's Flash Player. Earlier in February, Adobe verified that its next target for a sandboxed Flash Player would be the IE plug-in, a safeguard that, if already implemented, should have thwarted the current exploits.
Researchers Crack Online Encryption System
Computerworld (02/15/12) Vijayan, Jaikumar
An online encryption technique widely used to safeguard email, e-commerce, and other sensitive Internet transactions is crackable, according to a study by U.S. and European cryptanalysts. Their review of 6.6 million public keys employed by Web sites to encrypt online transactions found that 12,720 were completely insecure and 27,000 were susceptible to compromise. The problem was often linked to the manner in which the keys were produced, with the researchers demonstrating that the numbers associated with the keys were not always as random as necessary--thus enabling attackers to use public keys to guess the corresponding private keys used to decode data. "We are presently working around the clock to inform the parties whose keys are vulnerable and the [certificate authorities] that issued certificates for them, so that new keys can be generated and the vulnerable certificates can be revoked," says the Electronic Frontier Foundation's Peter Eckersley. He warns that hackers could exploit the vulnerability by assembling a similar database of public keys and reproducing the cryptanalysts' method to identify the weak keys. Cryptographer Bruce Schneier says the random number problems described by the researchers could have been unintentional or deliberately embedded by someone attempting to eavesdrop on encrypted communications.
Cybersecurity Measure to Boost Companies' Costs, Lobbyists Say
Bloomberg Business Week (02/15/12) Strohm, Chris; Engleman, Eric
A cybersecurity bill that was introduced in the U.S. Senate on Feb. 14 is coming under fire from some in the private sector. Under the bill, the Department of Homeland Security would be required to identify computer systems that play a vital role in ensuring national and economic security. Attacks on such systems could result in large numbers of casualties or major damage to the nation's economy. In addition, DHS would be given the authority to establish security rules for overseeing organizations in both the public and private sectors. These regulations would require organizations that operate vital computer networks to take steps to improve security. In addition, companies could be penalized if they are unable to prove that their networks are secure. Among the business groups that have come out in opposition to the legislation is the U.S. Chamber of Commerce, which has said that the bill would create excessive, costly regulatory burdens for companies. The Chamber of Commerce says that a better approach would be to provide incentives to companies to improve security, rather than forcing them to comply with rules. However, lawmakers say that the rules are needed to help prevent cyber attacks against vital computer systems.
Chinese Hackers Suspected in Long-Term Nortel Breach
Wall Street Journal (02/14/12) Gorman, Siobhan
An internal investigation conducted at the telecommunications firm Nortel Networks found that hackers had access to the company's computer network for nearly 10 years. A report detailing the investigation's findings noted that the hack was discovered in 2004, when a Nortel employee noticed that a high-ranking executive seemed to be engaging in the downloading of an unusual group of documents. However, the executive said that he was not downloading the files. Further investigation found that hackers using a Chinese Internet address had obtained the passwords of seven top Nortel officials, including a former CEO, and had used them to break into the company's network as early as 2000. Brian Shields, the former Nortel employee who led the investigation, says the hackers were able to download technical papers, research-and-development reports, business plans, employee emails, and other types of documents with impunity because there were few security measures in place inside Nortel's network. However, nothing was done to address the problem. There is concern now that the breach could pose a cybersecurity threat to the companies that acquired Nortel's assets following its bankruptcy, including Avaya, Ciena, Telefon AB L.M. Ericsson, and Genband. Shields notes that Nortel did not inform these companies about the breach before they acquired its assets.
Hackers Claim Attack on Tear-Gas Company
Associated Press (02/14/12)
Members of the hacking collective Anonymous said Feb. 14 that they hacked into the Web site of Combined Systems, a U.S. security firm whose tear gas has been used against demonstrators in Egypt. In addition to breaking into Combined Systems' Web site, the hackers said that they had taken personal information belonging to clients and employees of the company. E-mails from the company were also stolen and later published. The hackers said that they attacked Combined Systems because the company is run by people who try to make a profit off of war and who sell chemical weapons to militaries and law enforcement agencies around the world. Anonymous added that those weapons were being used to suppress its "revolutionary movements." Anonymous has claimed to have carried out several attacks spanning the globe over the past year and has recently focused specifically on security firms, law enforcement and governmental organizations.
Abstracts Copyright © 2012 Information, Inc. Bethesda, MD |
No comments:
Post a Comment