Search This Blog

Friday, March 23, 2012

Security Management Weekly - March 23, 2012

header

  Learn more! ->   sm professional  

March 23, 2012
 
 
Corporate Security
Sponsored By:
  1. "AT&T Tied to Nigerian Scam"
  2. "Job Seekers Getting Asked for Facebook Passwords"
  3. "OSHA Investigating Western Psych Shootings as Workplace Safety Matter" Occupational Safety and Health Administration, Pittsburgh
  4. "3 Nurses Charged as Uruguayan Authorities Probe Dozens of Possible Induced Deaths at Hospitals"
  5. "Duty of Care: What's the Security Director's Role?"

Homeland Security
  1. "Documents Show NYPD Infiltrated Liberal Groups"
  2. "French Slaying Suspect Dead After Police Raid Hideout"
  3. "NYPD Says Iran Has Conducted Surveillance in NYC"
  4. "London 2012 Olympics: MI5 Tells Cabinet Terror Threat Remains 'Substantial'"
  5. "Security Up at NY Jewish Sites After France Attack"

Cyber Security
  1. "'Hacktivists' Stole Most E-Records Last Year, Study Reveals"
  2. "Researchers Find New Type of 'Fileless' Malware"
  3. "Computer Viruses Could Cross Frontier Into Biological Realm, Researchers Say"
  4. "DuQu Mystery Language Solved With the Help of Crowdsourcing"
  5. "U.S. Accelerating Cyberweapon Research"

   

 
 
 
 

 


AT&T Tied to Nigerian Scam
Wall Street Journal (03/22/12) Troianovski, Anton; Kendall, Brent

The Justice Department has filed a lawsuit against AT&T, claiming that the telecommunications giant billed the federal government millions of dollars for a service that was mainly used by fraudsters. The service in question is known as IP Relay, which allows people with hearing problems to make telephone calls by typing messages on a computer. Those messages are sent over the Internet to call-center employees at AT&T and other companies, who then read the messages to the other party in the call. AT&T and other providers of the IP Relay service bill the federal government about $1.30 per minute for these calls. In the case of AT&T, the Justice Department alleges, scammers based in Nigeria were using IP Relay to order items from U.S. merchants that were paid for with stolen credit cards and counterfeit checks. The advantage that fraudsters have in doing this is that they cannot be visually identified, and the contents of conversations made via IP Relay cannot be divulged. After the Federal Communications Commission expressed concern that IP Relay was being abused, it recommended that telecommunications providers such as AT&T take steps to help cut down on fraud. But AT&T allegedly took steps that it knew would not do anything to prevent IP Relay from being abused because it was worried that its call volume would decline, the lawsuit claims. AT&T has not commented on the suit, but has said that it adhered to FCC rules for providing IP Relay and seeking reimbursement from the government.


Job Seekers Getting Asked for Facebook Passwords
Associated Press (03/20/12)

Some companies and government agencies are now taking another step to screen job candidates by asking them for login information to access Facebook, Twitter, and other social networking sites. It is not uncommon for prospective employers to search for social networking profiles, but experts say that some companies are going too far. "It's akin to requiring someone's house keys," said Orin Kerr, a George Washington University law professor and former federal prosecutor who calls the practice "an egregious privacy violation." What is more, many employers may lose out on qualified candidates who are uncomfortable with what they see as invasive, and potentially illegal, actions, particularly as the job market continues to improve. Legislation has been proposed in both Illinois and Maryland that would prevent public agencies from asking to access social networks. Giving out Facebook information also violates the site's terms of service, but those terms are not legally enforceable and there is nothing in the policy that prevents asking for such information. That said, the Department of Justice (DOJ) considers it a federal crime to enter a social networking site in violation of the terms of service, but DOJ officials say they would not prosecute cases. Companies looking to avoid such legal entanglements have also asked prospective employees to "friend" a human resource manager, or simply have them sign non-disparagement agreements that prevent them from talking negatively about their employer on social media.


OSHA Investigating Western Psych Shootings as Workplace Safety Matter
Pittsburgh Post-Gazette (PA) (03/20/12) Gurman, Sadie

A federal Occupational Safety and Health Administration official said the agency is investigating the recent shooting at Western Pennsylvania Institute and Clinic of UPMC in Pittsburgh to determine whether the facility used the correct safety procedures on the day of the shooting. According to Robert Szymanski, OSHA's area director, investigators began their investigation one day after the March 8 shooting that left one dead and five wounded. Police say John Shick shot and killed a Western Psych employee and wounded five others before authorities shot and killed him. Szymanski said that OSHA is looking into whether the shooting was an act of workplace violence. OSHA would not discuss the findings of its investigation thus far because the probe is not yet complete.


3 Nurses Charged as Uruguayan Authorities Probe Dozens of Possible Induced Deaths at Hospitals
Associated Press (03/18/12)

Charges have been filed in the case of 16 suspicious deaths at two hospitals in Uruguay. Authorities say that two nurses who worked at the two hospitals induced the deaths of patients by injecting them with too much morphine or some other substance. One of the nurses, who worked at both hospitals, has admitted to killing five of the patients, while the other has confessed to the 11 other deaths. An attorney for one of the nurses said that her client induced the deaths of the patients because he felt sorry for them. It does not seem that the two were working together. A third nurse has been charged with covering up at least one of the deaths.


Duty of Care: What's the Security Director's Role?
Security Magazine (03/12) Rendeiro, John G.

A diverse range of issues related to international travel and challenges faced by expatriate workers and their families are the focus of the Duty of Care and Travel Risk Management Global Benchmarking Study. Commissioned by International SOS, the survey of 718 respondents from 628 organizations with global operations reveals that there is a lack of consensus on who 'owns' or should own, Duty of Care, and where it should reside in an organization. Respondents most often said a company's obligation to protect employees from risks falls on human resources, security, risk management, senior management and travel managers, albeit with little clarity on which discipline is most suited to manage the task. Security directors can get involved by communicating and interacting regularly with colleagues in other departments that are relevant to duty of care concerns, such as medical, legal, travel, public affairs, risk management and finance. They should communicate the essence of the principles of Duty of Care to upper management, and set up a Duty of Care committee for their organization. Security directors should stay current on Duty of Care trends, legal decisions, best practices and threat ratings for their travelers and expats. Also, security directors should not allow the Duty of Care portfolio to be left to one or two departments to run, and should not let cost considerations keep their company from having a comprehensive Duty of Care program.




Documents Show NYPD Infiltrated Liberal Groups
Associated Press (03/23/12)

An April 2008 memo to top New York Police Department intelligence officer David Cohen shows that the NYPD infiltrated organizations with liberal political leanings. The memo to Cohen summarizes an undercover NYPD investigation of the People's Summit, an event that was held in New Orleans in 2008 by groups that opposed U.S. economic policies as well as trade agreements between the U.S., Canada, and Mexico. The investigation, which was conducted by the NYPD's secretive Intelligence Division, identified groups that opposed U.S. immigration policies, labor laws, and the use of racial profiling. One of the police intelligence reports from the investigation mentioned two activists by name. The investigation has been criticized by one of the activists named in the intelligence report, Jordan Flaherty, who is a former member of the International Solidarity Movement Chapter in New York City and is a writer for The Huffington Post. Flaherty said that he does not understand why he is mentioned in the intelligence report, and added that the NYPD's actions were similar to those used by a secret police force. Those actions, Flaherty said, have resulted in the spreading of fear and the suppression of dissent. The NYPD has defended its investigations, saying that no political surveillance was performed and that the program is part of an effort to determine how likely it is that certain groups will be involved in acts of violence or other illegal activity in New York City.


French Slaying Suspect Dead After Police Raid Hideout
New York Times (03/22/12) Sayare, Scott; Erlanger, Steven; Berry, Richard

The more than 30-hour standoff between French police and the admitted gunman in the recent Jewish school shooting has ended. At midday on Thursday, officers entered the apartment in Toulouse where 23-year-old Mohammed Merah--who purportedly had been trained by al-Qaida--had been holed up since police arrived to arrest him the day before. Police entered the apartment through a front door and windows that had been blown out, and used video equipment to slowly search each room for Merah and any possible traps. After police began to inspect the apartment's bathroom with cameras, Merah jumped out from where he had been hiding and began firing at officers. Merah eventually jumped out of a window and fell to his death. French government officials had hoped to capture Merah alive. Following the end of the standoff, French President Nicolas Sarkozy said that the he would push for new laws that would make it illegal for French citizens to travel overseas in order to participate in terrorist training or indoctrination. Merah reportedly had traveled to Afghanistan and Pakistan two times over the last several years.


NYPD Says Iran Has Conducted Surveillance in NYC
Associated Press (03/21/12)

Mitchell Silber, the New York Police Department's director of intelligence analysis, told the House Homeland Security Committee on Wednesday that more than a dozen people with ties to the Iranian government who were found to be taking pictures of landmarks in New York have been interviewed by authorities since 2005. Among those who have been interviewed by the NYPD were six people who were taking pictures and videos of the Brooklyn Bridge and other landmarks while on a sight-seeing cruise in May 2005. Three other individuals were interviewed by police in September 2008 after they were seen taking pictures of railroad tracks. In September 2010, four people were observed by federal air marshals taking pictures and videos at a heliport in New York. Although all of these individuals were released without being charged, police believe that the people that were interviewed were engaged in pre-operational surveillance. As a result, officials in New York City are concerned that Iran or the terrorist groups that it has ties with could be prepared to attack the U.S. in the event that tensions between Washington and Tehran continue to rise. However, federal officials say that there is no specific threat of an Iranian attack against the U.S.


London 2012 Olympics: MI5 Tells Cabinet Terror Threat Remains 'Substantial'
Telegraph.co.uk (03/20/12)

Jonathan Evans, the director of Britain's MI5 intelligence agency, recently briefed the Cabinet of Prime Minister David Cameron about the terrorist threats the U.K. faces. Cameron representatives called the briefing a "routine" update that was not focused on any particular new intelligence or change in the terrorism threat level. The discussion reportedly included security preparations for the upcoming Olympic games, which are to be held in London this summer. "It was a broad discussion about terrorism and an assessment of the current threat and a run-through of the various issues that the government is dealing with on the legislative side, such as the fact that we have replaced control orders with TPIMS (Terrorism Prevention and Investigation Measures) and the various measures that are being considered in the context of the security and justice Bill," a spokesperson for Cameron said.


Security Up at NY Jewish Sites After France Attack
Associated Press (03/19/12)

Security at synagogues and a number of other sites in New York City has been increased following the shooting that took place at the Jewish school in France on March 19. Extra police patrols were sent to over 50 locations in the city, including the Museum of Jewish Heritage, the Israeli Mission to the United Nations, and 92nd Street YMCA in Manhattan's Upper East Side. NYPD Commissioner Raymond Kelly said that the extra security is not a response to a specific threat against New York, but is rather a precautionary measure that is needed to help protect the city's Jewish population from potential copycat attacks. New York City has the largest Jewish population outside of Israel.




'Hacktivists' Stole Most E-Records Last Year, Study Reveals
Financial Times (03/22/12) Bradshaw, Tim

Electronic records are increasingly being stolen by ideologically-motivated hacker groups, or hacktivists, instead of financially-motivated cybercriminals, according to a new Verizon study, which examined more than 850 data breaches. The study, which included information from Verizon clients and law enforcement agencies in the U.S. and several other countries, found that 174 million electronic records were stolen in cybersecurity breaches last year. More than half of those records were stolen by hacktivists, although hacktivists carried out only 3 percent of the attacks that were analyzed in the study. However, some of the breaches involved large amounts of records being stolen, which explains why hacktivists were responsible for a disproportionate number of records being taken. The study also found that the type of information that is being stolen is changing. The overwhelming majority of information stolen in 2011, 95 percent, was personally identifiable information. Just 1 percent of the information taken the previous year was personally identifiable information. Most of the records that were stolen that year were payment cards.


Researchers Find New Type of 'Fileless' Malware
Techworld (03/21/12) Dunn, John E.

Kaspersky Lab says it has discovered an extremely rare and potentially unique "fileless" malware variant that executes entirely in memory without having to save any files to a victim's PC hard drive. Researchers said they discovered the malware after receiving reports of an attack exploiting a common Java vulnerability on Russian Web sites that did not appear to leave behind any files from which to initiate a standard Trojan attack. The attack was found to be running Javascript from an iFrame embedded on a compromised Web site, inserting its encrypted .dll payload directly into the Javaw.exe process. Researchers said the malware seems to perform two functions—it disables Windows User Account Control, and also acts as a "pathfinder," setting up a bot to communicate with a command and control server from which it can receive instructions, including one to download Lurk, a data-stealing Trojan, on the infected computer. A weakness of this attack is that a user can erase it from memory by restarting the computer, meaning a new infection would be required. The other side of the coin for attackers, however, is that the malware is difficult to detect, particularly if the exploit being targeted is unpatched. The attack also is multi-platform because it operates on Java, researchers said, adding that the new attack is something of an advance "stub" that primes a machine for a later attack after exploiting its low profile to skirt security systems.


Computer Viruses Could Cross Frontier Into Biological Realm, Researchers Say
IDG News Service (03/19/12) Essers, Loek

Security researchers at the recent Black Hat Europe conference discussed how computer hackers could create malicious software that acts like human viruses and could spread dangerous epidemics. The comparison between computer and human viruses was meant to give researchers a better understanding of why the human immune system is so much better in battling viruses than antivirus software. Computer and human viruses behave in basically the same way, including coding information for parasitic behavior inside a host system, notes Fortinet's Guillaume Lovet. For example, a denial of service attack can be compared to HIV because both aim at overloading a system, says Fortinet's Ruchna Nigam. The researchers also speculate that human and computer viruses could converge in the future. They note that some people already have several electronic devices in their body, and when those devices communicate with an external machine, they become vulnerable to computer viruses. "Seeing that the infamous Stuxnet virus, in 2010, was able to creep through a uranium enrichment plant, seize control of its [programmable logic controller], and destroy its centrifuging gear, one could reasonably think that a virus infecting the computers sporting DNA databases is not outside the realm of possibility," Fortinet's researchers say.


DuQu Mystery Language Solved With the Help of Crowdsourcing
Wired (03/19/12) Zetter, Kim

Researchers at Kaspersky Lab have determined what kind of programming language was used in the code for the DuQu virus' communications functions. Most of the code for DuQu was written in C++ and compiled with Microsoft's Visual C++ 2008, though the code for a component that communicates with command-and-control servers and downloads and executes additional payload modules does not. The code was so mysterious that researchers at Kaspersky Lab published a blog post asking programmers to help them determine what programming language was used to write the code for the communications component. Two people responded to the posting by saying that the code seemed to be generated from a custom object-oriented C (OO C) dialect and that special extensions were used. Researchers then tested a number of combinations of compiler and source codes and found that C code compiled with Microsoft Visual Studio Compiler 2008 using options 01 and Ob1 in the compiler produced binary that was the same style as what was used in DuQu. Kaspersky's researchers said that the discovery tells them a number of things about the people who were behind DuQu. One is that they were coders who preferred to use older programming techniques, since the programming style used in DuQu is more common in professionally-produced commercial software that was created 10 years ago than it is in malware today. In addition, researchers said that the use of the C programming language instead of C++ indicates that the programmers wanted to ensure that DuQu would run on servers, mobile phones, or other devices. C is more flexible than C++ because it can be compiled with any compiler on any platform.


U.S. Accelerating Cyberweapon Research
Washington Post (03/18/12) Nakashima, Ellen

Pentagon officials report that they are stepping up efforts to create cyber weapons that would disrupt the military networks of hostile nations, even if those networks were not connected to the Internet. Theoretically, such technology would use radio signals to insert computer coding into such networks. That research is estimated to be about a year away from a practical approach, but, if successful, the U.S. military could target air defense systems, nuclear sites, or other important targets. The Department of Defense has placed $500 million on hold for five years for the development of both offensive and defensive cyber weapons. The agency also has launched new cyber-development initiatives, including a “fast-track” program, and Pentagon officials are working on a congressionally mandated strategy to rapidly acquire new cyber weapons to keep pace with developing technology. That said, the total amount of Pentagon spending on offensive and defensive cybersecurity and cyber technology for 2012 alone is $3.4 billion.


Abstracts Copyright © 2012 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments: