Security Management Weekly - February 3, 2012

Learn more! ->     February 3, 2012     Corporate Security Sponsored By: "A Pickup in Stickups Puzzles Police" 40 Bank Holdups Reported in Southern California in January "Avon Fires Vice Chairman" Corruption Allegations "Bikie Shootings Prompt Hospital Security Worries" Australia "In Million-Dollar Theft Case, Church Worker With a Secret Past" New York "Jury Clears Two Businessmen in 'Sting' Case on Bribery" Homeland Security "U.S. Officials Concerned by Israel Statements on Iran Threat, Possible Strike" "Civilian Deaths Due to Drones Are Not Many, Obama Says" "Iran, Perceiving Threat From West, Willing to Attack on U.S. Soil, U.S. Intelligence Report Finds" "Scores Dead After Egypt Soccer Match" "Terrorism Outlook in 2012: The Threat Continues" Cyber Security "Hackers Infect WordPress 3.2.1 Blogs to Distribute TDSS Rootkit" "Cyber Attacks Becoming Top Terror Threat, FBI Says" "Email Giants Move to Slash 'Phishing'" "Political Borders Don't Stop Cyberattacks, But They Prevent Defense, Study Finds" "Sacramento, Calif.'s Website Hacked, Goes Offline"             A Pickup in Stickups Puzzles Police Wall Street Journal (02/03/12) Audi, Tamara In January, 40 bank holdups were reported in Southern California, mostly in Los Angeles and Orange counties, the FBI announced Wednesday. In 2011, there were 677 bank robberies in California, the state with the highest number in the nation, according to federal data. New York and Texas followed, with 339 and 274, respectively. Nationwide, robberies are down 30 percent since 2005 and fell 34 percent in California in the same period. In the past, banks were typically hit by teams of armed men who held customers and employees hostage during a heist, police said. Now, banks are more likely to be robbed by a single person who quietly slips in, threatens the teller and leaves with cash. Robbers typically get away with about $1,000. Shootings and serious injuries during robberies have been rare in recent years. Web Link | Return to Headlines Avon Fires Vice Chairman Wall Street Journal (01/31/12) Palazzolo, Joe; Lublin, Joann S. Avon Vice Chairman Charles Cramb has been fired amid ongoing investigations into allegations that officials at the company bribed foreign officials and made improper disclosures to Wall Street analysts. Cramb, who served as the vice chairman in charge of developed markets, was terminated after evidence surfaced that he may have been aware of the alleged bribery as early as the middle part of the last decade. The Securities and Exchange Commission launched an investigation last October into allegations that some travel, entertainment, and other expenses in Latin America and China may have been improperly incurred. Avon opened an internal investigation into the matter in October 2008. The SEC is also investigating allegations that Cramb improperly disclosed information about the progress of the investigation of the bribery allegations to a Citigroup analyst. Cramb is not the first executive at Avon to be fired or leave as a result of the bribery investigation. Ian Rossetter, the company's former head of global internal audit and security, was terminated last May, while Bennett Gallina, a senior vice president who was responsible for Avon's operations for a large portion of the globe outside the U.S. and Latin America, quit in February 2011 after being put on leave in connection with the investigation. Web Link | Return to Headlines Bikie Shootings Prompt Hospital Security Worries ABC Online (Australia) (02/01/12) The presence of the leader of an Australian biker gang at the Royal Adelaide Hospital (RAH) has raised a number of security issues associated with the facility that is being built to replace it. The foyer of the existing hospital was evacuated on Jan. 31 following the discovery of a suspicious package that had been left for Vincenzo Focarelli, the leader of the Comancheros biker gang who was taken to RAH on Jan. 29 after being shot. The package turned out to be harmless. But Peter Christopher of the Public Service Association said that the incident underscores the need to build a secure area at the new RAH. Christopher said that such a secure zone would allow prisoners or others to be taken into and out of the hospital without having to go through the facility's main entrances. However, the South Australian government is opposed to plans to build such an area at the new hospital. Web Link | Return to Headlines In Million-Dollar Theft Case, Church Worker With a Secret Past New York Times (01/31/12) Otterman, Sharon; Buettner, Russ An employee of the Roman Catholic Archdiocese of New York has been arrested and charged with embezzling over $1 million from the organization over a seven-year period. Prosecutors say that 67-year-old Anita Collins used her job in the accounts payable department to write nearly 470 checks from the archdiocese to "KB Collins," which is the abbreviated name of one of her sons. Collins allegedly altered internal records after the checks were printed to make it seem as if the checks had been written to legitimate vendors. Collins also allegedly tried to cover her tracks by writing checks for less than $2,500 each so that she would not have to get her supervisor's approval. No one at the archdiocese noticed that there was anything wrong until late last year, when an annual audit uncovered the missing money. Collins was confronted in December and then fired. A spokesman for the archdiocese noted that no criminal background check was performed on Collins when she was hired in June 2003, meaning that no one knew that she had been convicted of stealing at least $46,000 over a 16-month period while working as a payroll manager at a temp agency in Manhattan just a few years before. Following the discovery of the alleged theft, the Archdiocese of New York has begun performing additional reviews of financial procedures and oversight. Collins, who has confessed to stealing the money, faces as much as 25 years in prison if convicted on the charge of first-degree grand larceny. Web Link | Return to Headlines Jury Clears Two Businessmen in 'Sting' Case on Bribery Wall Street Journal (01/31/12) Matthews, Christopher M.; Palazzolo, Joe A federal jury in Washington, D.C., has found two businessmen not guilty of violating the Foreign Corrupt Practices Act by bribing foreign officials. The two businessmen, Patrick Caldwell and John Godsey, were among a group of 22 people who were caught up in an FBI sting operation that focused on businessmen paying bribes to officials in other countries. During the sting, FBI agents posed as representatives of the defense minister of the African nation of Gabon, who was offering a $15 million defense contract to supply the country's national guard. FBI agents told the targets of the sting that they could participate in the contract if they inflated their prices on the invoices they gave to the Gabonese government in order to hide what agents said was a $3 million "commission." The targets were told that half of the purported commission would go to the Gabonese defense minister. Although the word "bribe" was never mentioned during the sting operation, prosecutors said that the targets knew that they were breaking the law by paying the $1.5 million commission. The case is the first involving the use of a sting operation in a foreign-bribery investigation, and is seen as being a test of the Justice Department's enforcement of a 1977 law that forbids companies from bribing foreign officials. Web Link | Return to Headlines U.S. Officials Concerned by Israel Statements on Iran Threat, Possible Strike Washington Post (02/03/12) Greenberg, Joel Israeli leaders on Thursday delivered one of the bluntest warnings to date of possible airstrikes against Iranian nuclear sites, adding to the anxiety that a surprise attack by Israel could spark a broader military conflict in the Middle East. Defense Minister Ehud Barak, speaking at a security forum attended by some of Israel’s top intelligence and military leaders, declared that time was running out for stopping Iran’s nuclear advance, as the country’s uranium facilities disappear into newly constructed mountain bunkers. The speech reflected a deepening rift between Israeli and U.S. officials over the urgency of stopping Iran’s nuclear program. Web Link | Return to Headlines Civilian Deaths Due to Drones Are Not Many, Obama Says New York Times (01/30/12) Landler, Mark President Obama recently spoke out in defense of the CIA's covert drone operations against suspected terrorists in Pakistan and other countries, saying that reports of huge civilian casualties are exaggerated. “We are very careful in terms of how it’s been applied,” he said. “It is important for everybody to understand that this thing is kept on a very tight leash.” This is the first time that the president, who has signed off on a significant expansion of drone usage in Pakistan as well as Yemen and Somalia, has spoken openly about the program, which is highly classified. Web Link | Return to Headlines Iran, Perceiving Threat From West, Willing to Attack on U.S. Soil, U.S. Intelligence Report Finds Washington Post (02/01/12) Miller, Greg Director of National Intelligence James R. Clapper Jr. told members of the Senate Intelligence Committee on Tuesday that Iran is prepared to carry out terrorist attacks against the U.S. homeland. Clapper's prepared testimony was delivered as part of the U.S. intelligence community's yearly assessment of most serious threats to the nation's security. The intelligence community came to the conclusion that Tehran was prepared to carry out attacks inside the U.S. following allegations that it plotted to assassinate Saudi Arabia's ambassador to the U.S. in Washington, D.C., last year. U.S. officials allege that an Iranian-American with ties to Iran's Revolutionary Guard Corps devised the plot, which involved using assassins from a Mexican drug cartel to kill the ambassador at a Washington restaurant. The plan was foiled when the Iranian-American accidentally hired a Drug Enforcement Administration informant to carry out the assassination. Clapper noted that the plot, which Tehran has denied any involvement in, shows that Iran's government is now more willing to carry out an attack in the U.S. than it was before because it feels threatened by the pressure Washington is placing on it to abandon its alleged nuclear weapons program. However, U.S. officials have said that there are no indications that Iran is actively planning attacks in the U.S. Meanwhile, Daniel Byman, an expert on Iran at Georgetown University, agreed that the Iranian government feels threatened, and said that Tehran could already have agents inside the U.S. Web Link | Return to Headlines Scores Dead After Egypt Soccer Match Washington Post (02/02/12) Londoño, Ernesto; Hassieb, Ingy At least 74 people were killed and more than 200 others were injured in violent clashes that broke out after a soccer match in Egypt on Wednesday night. The clashes took place at a soccer stadium in Port Said, and broke out after the local team defeated the Cairo squad. Following the conclusion of the game, fans of the Cairo team streamed onto the pitch. Witnesses said that fans of both teams used sharp objects, rocks, and metal pipes to attack one another. Despite the violence, security forces did not move into break up the clashes as they intensified. Egyptian parliamentarian Mohammad Abu Hamed said that security should have been present at the soccer match from the beginning, given the history of tension between fans of the two teams. The clashes have underscored the deterioration of the security situation in Egypt following the protests against the rule of former President Hosni Mubarak last year. Some have said that the clashes and other recent violent incidents may have been staged by Egypt's ruling military council in order to justify the need for authoritarian rule and to punish soccer fans for the role they played in last year's protests. Web Link | Return to Headlines Terrorism Outlook in 2012: The Threat Continues Eurasia Review (Spain) (01/30/12) Gunaratna, Rohan Several developments are likely to take place in the fight against terrorism this year, according to Rohan Gunaratna, a professor at Nanyang Technological University and the head of the university's International Centre for Political Violence and Terrorism Research. One of the trends that is likely to take place in 2012, Gunaratna said, is the growing threat from self-radicalized homegrown terrorists. Gunaratna noted that certain individuals will continue to become radicalized despite the fact that al-Qaida's core leadership has been severely hurt by the death of Osama bin Laden because the group's ideology and propaganda is still being circulated via electronic media and the Internet. Gunaratna added that the number of attacks by self-radicalized individuals and terrorist cells is growing, and the number of such attacks will continue to increase due to the inability of governments around the world to offer an alternative to the ideology of terrorist groups. Meanwhile, the threat to the security of aviation, maritime, and land transportation is still significant, Gunaratna said. Gunaratna said that terrorists will continue to carry out suicide attacks and remote-controlled bombings, in addition to using unconventional forms of attack. While physical security measures can help reduce the threat from terrorism, Gunaratna said, counterterrorism operations and community engagement strategies are also necessary. Web Link | Return to Headlines Hackers Infect WordPress 3.2.1 Blogs to Distribute TDSS Rootkit InfoWorld (01/31/12) Constantin, Lucian Attackers are infecting WordPress 3.2.1 blogs in order to contaminate their visitors with the TDSS rootkit, according to Websense researchers. It is unclear how the Web sites are being attacked, but there are widely known exploits for weaknesses present in WordPress 3.2.1, which is an older version of the blog-publishing platform. Once they obtain unauthorized access to a blog, the hackers inject vicious JavaScript code into its pages in order to insert a Java exploit from a third-party server. The company's analyses of the mass injection attack shows that the perpetrator behind it is experienced. The TDSS rootkit is one of the "stealthiest rootkits in the wild," and its goal is to gain total access of compromised computers "and use them as zombies for its botnet," says Websense's Stephan Chenette. These toolkits typcially contain exploits for weaknesses in multiple software products such as Adobe Reader, Flash Player, and Java. Websense analysts are unsure if the mass code injection attack uses an updated toolkit or an entirely different one, but M86 Security researchers have connected recent WordPress 3.2.1 attacks to the Phoenix Exploit Kit. M86 analyst Daniel Chechik says the individuals behind these attacks are drawing victims to the compromised sites by sending them spam messages that contain pernicious links which lead to legitimate blogs, helping attackers skirt reputation filters. Web masters are urged to upgrade to WordPress 3.3.1. Web Link | Return to Headlines Cyber Attacks Becoming Top Terror Threat, FBI Says Information Week (02/01/12) Hoover, J. Nicholas In his testimony before the Senate Select Intelligence Committee on Feb. 1, FBI Director Robert Mueller said that cyber attacks will eventually bypass terrorism as the biggest threat to U.S. security. Both the House and the Senate continue to work on cybersecurity legislation, despite some complaints from the industry over the cost of the Senate bill. James Clapper, the director of national intelligence, seconded Mueller's concerns, saying that the difficulty with cyber threats is our ability to provide prior warning of attacks, to detect those that have occurred, and to determine who the perpetrators are. Clapper added that the biggest state actors in cyber attacks are China, Russia, and Iran. However, Clapper said officials are also concerned about non-state actors like the groups Anonymous and LulzSec that carry out denial of service attacks on institutions including the International Monetary Fund and NASDAQ. The Senators at the hearing, in turn, raised concerns about which agency should take the lead in the event of a major cyber attack. Officials responded that the Department of Homeland Security would likely be responsible for dealing with the fallout of the attack while the FBI or the National Security Agency would likely hunt down the culprits. Web Link | Return to Headlines Email Giants Move to Slash 'Phishing' Wall Street Journal (01/30/12) Worthen, Ben A number of e-mail service providers have partnered with financial-service companies, social networking sites, and messaging-security providers in an effort to reduce phishing. The participating companies have created a working group known as DMARC.org, which will promote a standard set of technologies that aim to improve e-mail security. Some of the technologies that will be included, including those that use digital signatures to authenticate the sender of a message, are already widely used. However, not all messages are currently authenticated. Under the standards promoted by DMARC.org, companies will be required to identify every outgoing e-mail server and verify that the security technologies are being used. Third-party companies that send messages on behalf of clients, such as marketing agencies, will have to do the same. According to DMARC.org Chairman and PayPal Senior Manager Brett McDowell, e-mail vendors or security firms will likely add authentication capabilities in future versions of their systems. In addition, security and e-mail software vendors could also adopt the DMARC.org standards at some point, McDowell said. Web Link | Return to Headlines Political Borders Don't Stop Cyberattacks, But They Prevent Defense, Study Finds Government Computer News (01/30/12) Jackson, William Real-world political borders are hindering the defense of cyberspace, according to McAfee's new Cyber Defense Report. The study points to a dearth of common standards of behavior, objectives, and language in discussing cyberspace's inherent challenges. McAfee's Phyllis Schneck warns that "we've made a lot of progress, but our enemies are a lot better and faster than we are." The report revealed the results of a stress test applied to 21 countries, based on a cybersecurity maturity model devised by former U.S. deputy assistant secretary Robert Lentz. Included in the model are five stages of resilience against attacks, and none of the assessed nations achieved a rating of five stars. The U.S. received four stars based on contributing factors such as the government Computer Emergency Response Team, which has a contingency plan for cyberevents and participates in cybersecurity exercises. Overall, pessimism prevailed among the McAfee report's contributors that an international pact could supply a framework for cooperation. The study recommends establishing cyberconfidence building measures between nations as a substitute for a global treaty, or at least as an interim measure. Included would be agreements on "expectations about state behavior," says the Center for Strategic and International Studies' James A. Lewis. Web Link | Return to Headlines Sacramento, Calif.'s Website Hacked, Goes Offline Government Technology (01/30/12) The home Web pages for the Sacramento, Calif., city government, city parking, convention center, and parks and recreation department were all attacked in late January. Visitors to the city's parking Web site saw the message, "HaCKed by El_MhUaMMcD. This Turkish Hacker." The city's Web site could be offline through the first week of February, a spokesperson told reporters. No personal data was breached, officials said. As of Jan. 30, the site told visitors that the city was carrying out emergency maintenance and the Web site would not be available. A handful of Web sites affiliated with the U.S. government have been attacked in recent weeks by Anonymous. Earlier in January after federal officials shuttered Megaupload, a globally popular file-sharing Web site, Anonymous went after the Department of Justice's Web site in apparent retaliation. Officials have not named a culprit behind the cyberattack in Sacramento. Web Link | Return to Headlines Abstracts Copyright © 2012 Information, Inc. Bethesda, MD   ASIS also offers a daily and a non-sponsored, special-content Professional Edition of Security Newsbriefs. Please click to see a sample or to contact us for more information. Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online