Search This Blog

Friday, March 30, 2012

Security Management Weekly - March 30, 2012

header

  Learn more! ->   sm professional  

March 30, 2012
 
 
Corporate Security
Sponsored By:
  1. "U.S. Charges JetBlue Pilot for Midair Meltdown"
  2. "MasterCard Releases Tool That Predicts Ecommerce Fraud"
  3. "JetBlue Pilot's Rant Puts Focus on Medical Exams"
  4. "Calif. Democratic Treasurer Perpetrated $7M Fraud"
  5. "House GOP Says 'Not so Fast' to Bill on Facebook and Job Applicants"

Homeland Security
  1. "Gov't Report: DC Nuke Blast Wouldn't Destroy City"
  2. "FBI Files Detail Muslims' Religious Practices"
  3. "France Focuses on Suspect's Brother" Jewish School Shooting
  4. "Momentum Stalls on Obama Nuclear Agenda"
  5. "Campus Security Plans Fall Through the Cracks" Illinois

Cyber Security
  1. "Second Kelihos Botnet Steps Into a Sinkhole"
  2. "Duqu Malware Resurfaces After Four-Month Holiday"
  3. "LulzSec Reborn Claims Military Dating Site Hack"
  4. "Malware to Increasingly Abuse DNS?" Domain Name Service
  5. "Microsoft Leads Zeus Botnet Server Shutdown"

   

 
 
 

 


U.S. Charges JetBlue Pilot for Midair Meltdown
Reuters (03/29/12) MacLaggan, Corrie

Charges of interfering with a flight crew have been filed against Capt. Clayton Frederick Osbon, the JetBlue pilot whose erratic behavior disrupted a flight from New York to Las Vegas on Tuesday. Osbon, who has worked for JetBlue for 12 years and was given a clean bill of health just four months ago, has been suspended from his job and could face as much as 20 years if convicted on the charges against him. The affidavit filed in the case shows that problems with Osbon became apparent shortly after the plane took off from LaGuardia Airport, when Osbon began talking incoherently about religion. The plane's co-pilot reportedly started getting nervous when Osbon began saying that "things just don't matter" and started yelling at air traffic controllers over the radio. Osbon was eventually locked out of the cockpit by the co-pilot after he began saying that "we need to take a leap of faith" and that he did not intend to fly to Las Vegas. Osbon also reportedly made loud incoherent remarks about Jesus, the Sept. 11 attacks, Iraq, Iran, and terrorists before he was subdued by a group of passengers. An off-duty pilot who was on board the plane took over for Osbon and landed the aircraft safely in Amarillo, Texas. It remains unclear what prompted Osbon's behavior. The incident has lead some to call for pilots and flight attendants to undergo annual evaluations for stress.


MasterCard Releases Tool That Predicts Ecommerce Fraud
Help Net Security (03/29/12)

MasterCard's Expert Monitoring Fraud Scoring for Merchants is a new tool that provides merchants with a predictive fraud score for card-not-present transactions to quantify the probability that a transaction is fraudulent. The tool uses fraud detection models especially designed for e-commerce retailers, enabling them to assess a longer span of transaction history to generate a fraud score that describes online cardholder behavior with greater accuracy. "Our new tool allows acquirers and their participating merchants to look at the potential for fraud in a transaction in real time, and integrate the data into any existing fraud detection solution," says MasterCard Worldwide's Johan Gerber. The tool also helps consumers by shielding them from bogus card transactions and minimizing potential refusal of genuine transactions. MasterCard says e-commerce retailers could potentially achieve 15 percent to 30 percent fraud loss savings by reviewing or automatically declining transactions designated as high-risk by using the new tool. Starting in May, the tool will be available as an option for acquirers and their merchants on all card-not-present transactions originating from U.S.-issued cards.


JetBlue Pilot's Rant Puts Focus on Medical Exams
Associated Press (03/28/12)

The meltdown of a JetBlue pilot in mid-flight on March 27 has drawn attention to the measures that are in place to screen for psychological problems in pilots. Experts and pilots say that doctors that perform the checkups that pilots are required to undergo every six months to a year do not usually ask about their mental health. Even if they did, the answers that a pilot gives to a doctor about questions regarding his mental health would not be good predictors of whether the pilot would have serious issues during a flight, since the pilot could always provide a deceptive answer, said Embry-Riddle Aeronautical University administrator Richard Bloom, who holds a doctorate in clinical psychology. Another problem is that some doctors do not report all the information they have about a pilot to the FAA. One captain for a major airline said that his doctor keeps two files: one that contained accurate information and another that is meant for the FAA. However, additional mental health screenings for pilots may not significantly help improve security or be worth the cost, since incidents like the one that took place on March 27 are rare. Some say that the JetBlue pilot's meltdown does underscore the need to review a program that allows airline pilots to carry guns in order to prevent their planes from being hijacked by terrorists. Some say that the March 27 incident could have been disastrous if the pilot had a gun.


Calif. Democratic Treasurer Perpetrated $7M Fraud
Associated Press (03/28/12)

Kinde Durkee, of Durkee & Associates in Burbank, Calif., has reportedly defrauded at least 50 Democratic candidates, office holders, and political organizations of $7 million over the course of more than 10 years. The U.S. attorney's office has filed additional charges against Durkee, who was originally arrested in Sept. 2011 and charged with suspicion of mail fraud after millions of dollars were found to be missing from the accounts of U.S. Sen. Dianne Feinstein (D-Calif.), several Democratic members of Congress from California, and several Democratic state lawmakers. Court filings indicate Durkee used campaign funds to pay for a number of personal and business expenses, including payments on Durkee's Long Beach condominium and the 401(k) plan for her employees.


House GOP Says 'Not so Fast' to Bill on Facebook and Job Applicants
Wall Street Journal (03/28/12)

House Republicans have blocked a Democratic-backed amendment to a Federal Communications Commission bill that would have prevented companies from asking prospective employees for their Facebook passwords during job interviews. Energy and Commerce Subcommittee on Communications and Technology Chairman Rep. Greg Walden (R-Ore.) said the GOP caucus generally opposed the measure because it did not protect the privacy of Facebook users who are looking for jobs. Meanwhile, Sens. Charles Schumer (D-N.Y.) and Richard Blumenthal (D-Conn.) have called on the Department of Justice to launch an investigation into whether the practice of asking job candidates for Facebook passwords violates the Stored Communications Act, the Computer Fraud and Abuse Act, or other federal statutes. The Equal Employment Opportunity Commission has also been asked to launch an investigation. In addition, Schumer and Blumenthal are working on legislation that would address any gaps that may exist in laws that are already on the books.




Gov't Report: DC Nuke Blast Wouldn't Destroy City
Associated Press (03/27/12) Caldwell, Alicia A.

The Federal Emergency Management Agency has conducted a study on the likely impact that a nuclear terrorist attack would have on Washington, D.C. The study, which is entitled "Key Response Planning Factors for the Aftermath of Nuclear Terrorism" and has been circulating on scientific and government watchdog Web sites, involved a scenario in which terrorists detonated a 10-kiloton nuclear device in downtown Washington. If the device was detonated several blocks north of the White House, the blast would extend just beyond the White House's south lawn and east towards FBI headquarters, FEMA noted. The study found that buildings within a one-half mile radius of the blast would be completely destroyed, and that few people in the blast zone would survive. More than 45,000 people would be killed, and 323,000 others would be injured, the study estimated. In addition, the blast area would have to be cordoned off for several days afterward because radiation levels would be too high. Radioactive material would drift over Baltimore about two hours later, though the potency of the cloud would be reduced, the study noted. Finally, the study said that the federal government would use television, radio, e-mail, text messages, and social networking sites such as Twitter and Facebook to inform the public about such a nuclear blast.


FBI Files Detail Muslims' Religious Practices
Associated Press (03/27/12)

The American Civil Liberties Union (ACLU) has released FBI records from the agency's San Francisco division that indicate it used Muslim outreach efforts to collect information on religious activities. The FBI is generally prohibited from keeping records on such information by the U.S. Privacy Act unless it can give a clear reason why it needs to do so. The ACLU says the FBI violated the law in documents ranging from 2004 through 2008. This period is before the FBI established a formal community outreach program and before the Obama administration put in place new rules governing intelligence collection. The FBI responded to the ACLU's accusations, saying that its reports were within the bounds of the Privacy Act because they were meeting with members of the Muslim community for law enforcement purposes, and that all agents involved in the efforts identified themselves.


France Focuses on Suspect's Brother
Wall Street Journal (03/26/12) P. A12 Masidlover, Nadya

The older brother of the suspect in last week's Jewish school shooting and the recent shooting deaths of three French soldiers is being investigated for his alleged role in both of those incidents. Abdelkader Merah, the 29-year-old brother of Mohamed Merah, has been charged with being an accessory in the killings of the four individuals at the Jewish school and the three French soldiers. The elder Merah is not known for being violent, though he is believed to be part of a radical Islamic sect. French counterterrorism agencies have been aware of Abdelkader Merah before his younger brother allegedly carried out the recent shootings because he was suspected of having helped Islamic militants illegally travel from Europe to Iraq in 2007. However, Abdelkader was never charged in that case. Authorities are also trying to determine whether other people may have been involved in the Jewish school shooting and the deaths of the French soldiers. Officials are specifically looking into whether others were involved in financing terrorism and illegally acquiring, retaining, and transporting weapons, spare parts for weapons and ammunition. Abdelkader has denied being involved in the attacks.


Momentum Stalls on Obama Nuclear Agenda
Reuters (03/20/12) Spetalnick, Matt; Bull, Alister; Bohan, Caren; et al.

Traction for President Barack Obama's push to dramatically reduce nuclear weapon stockpiles in the U.S. and abroad has slowed, with anti-proliferation groups complaining about fiscal austerity measures in Washington that have lowered spending on nuclear security programs, while conservatives see Obama's anti-nuclear agenda weakening the country's defensive posture. "Instead of dealing with real nuclear threats like Iran and North Korea, he's going to magic shows and talking about a world without nuclear weapons, which would be a much less safe world for the United States," said former U.N. Ambassador John Bolton. In 2010, Obama introduced a policy renouncing new nuclear weapon development and limiting the use of those already in the U.S. arsenal, and he obtained pledges from world leaders at the inaugural Nuclear Security Summit to prevent the acquisition of bomb-grade material by terrorists. But these initiatives have been overshadowed by a number of priorities, including foiling North Korea and Iran's nuclear programs. Also pressuring Obama is the looming presidential election, while defense and national security officials have been debating a clandestine series of new options being prepared for the president to help steer future arms control negotiations. The budget cuts severely squeezed a pair of programs at the Department of Energy's National Nuclear Security Administration, with $32 million slashed from the budget for the Global Threat Reduction initiative, designed to secure nuclear material at civilian locations worldwide. Meanwhile, $259 million was cut from the International Nuclear Materials Protection and Cooperation program, whose purpose is to enhance security at vulnerable nuclear weapon stockpiles in nations deemed to be of special concern. At the second Nuclear Security Summit, Obama called on world powers, especially China and Russia, to ramp up the pressure on Iran and North Korea with diplomacy and sanctions. Still, the president is expected to exercise caution with countries such as Pakistan, which experts see as the largest area of risk because it has a large stockpile of weapons-grade material and faces internal security threats from militant insurgents.


Campus Security Plans Fall Through the Cracks
Chicago Tribune (03/19/12) Gregory, Ted

A recent investigation by the Chicago Tribune has raised questions about the effectiveness of the Illinois Campus Security Enhancement Act. Passed in the wake of the February 2008 Northern Illinois University shooting, the statute requires colleges and universities to create and practice detailed strategies for preventing violence and managing emergencies that take place on their campuses. Although the deadline for filing those plans passed in January 2009, only 66 out of the state's 185 colleges and universities are currently in compliance with the law. The Chicago Tribune's investigation found that there are a number of reasons why compliance with the Campus Security Enhancement Act has been low, including the fact that the statute is worded in such a way that it is not clear whether colleges and universities in the state are required to file violence prevention and emergency management plans at all. Instead of explicitly requiring institutions of higher learning to file such plans, the statute says that the plans "should be" given to emergency and disaster relief offices and to the Illinois Board of Higher Education or the Illinois Community College Board. The Tribune also found that there is no way to enforce the law's provisions, and that funding to help colleges and universities comply with the statute has not been made available. An Illinois state representative who sponsored the Campus Security Enhancement Act defended the law, saying it was designed to create standard, detailed strategies for campus emergencies that were practiced by colleges and universities. The representative also said Homeland Security funding has been provided to help implement the requirements of the law.




Second Kelihos Botnet Steps Into a Sinkhole
ZDNet UK (03/28/12) Espiner, Tom

A team of researchers from four security vendors have taken control of the most recent version of the peer-to-peer Kelihos botnet. The researchers locked down the botnet by luring infected bots into a "sinkhole" address. Vendors participating in the project included security experts from Kaspersky Lab, Dell SecureWorks, CrowdStrike Intelligence Team, and the Honeynet Project. In describing the process used to trap the botnet, Tillmann Werner, a senior malware researcher at Kaspersky, said "we crafted a special peer list with all of the entries pointing to our sinkhole — our sinkhole is the only machine they [could] see, and they [were] trapped." Unlike the first Kelihos, which only infected about 40,000 systems, the new version found its way into 116,000 computers after six days of operation. Both botnets stole data, carried out targeted denial-of-service attacks, and distributed spam. However, the second botnet was also able to use Bitcoin mining and wallet theft. The researchers added that they believe this is the fifth botnet created by a single gang. Previous versions included the Storm and Waledac botnets.


Duqu Malware Resurfaces After Four-Month Holiday
Computerworld (03/28/12) Keizer, Gregg

Security researchers at Symantec have captured a single sample of the driver for the Duqu malware in Iran. The new driver, which is responsible for decrypting parts of the malware and loading those parts of the Trojan into the memory of the infected machine, had been compiled on February 23, 2012, Symantec says. That date is roughly four months after the cybercriminals last updated the driver. According to Symantec's Liam O Murchu, the new version of the driver performed the same basic functions as the version that was updated on October 17, 2011, as well as another version from late 2010. O Murchu says it is not clear why there was a four-month lag in the time it took the cybercriminals behind Duqu to update the driver. He notes that the fact that Duqu has infected only a small number of computers could be an indication that those responsible for the malware released more attacks between November and February that went unnoticed. It also could mean that the cybercriminals have been laying low, O Murchu says. He notes that what is clear is that the perpetrators are still working on Duqu and that they have recompiled the system driver for a new victim. That in turn could mean that they may have developed new techniques since last fall and may have even developed a zero-day threat, O Murchu says.


LulzSec Reborn Claims Military Dating Site Hack
InformationWeek (03/27/12) Schwartz, Mathew J.

Following the arrest of many of the major members of LulzSec, a new hacking group calling itself LulzSec Reborn announced that it hacked a military dating Web site, www.militarysingles.com, releasing the usernames and passwords for 170,937 subscribers. The group has also said that it will publish the full database of military singles, including private messages. ESingles, the company that runs MilitarySingles, denied that the site had been hacked. Despite ESingles' denial, LulzSec Reborn says it is now preparing to make more "data dumps" of hacked files from the CSS Corp. Web site. Data from the company, which provides communication and technology services, appears to include Web site surveys, contact information for CSS media relations personnel, and a "users" file with usernames and passwords for nine CSS employees.


Malware to Increasingly Abuse DNS?
Dark Reading (03/27/12) Lemos, Robert

Some of the researchers who attended the recent RSA Conference say the domain name service (DNS) could be used by cybercriminals as a command-and-control channel to communicate with systems that have been compromised by malware. According to Damballa's Gunter Ollmann, DNS could be used by cybercriminals in two ways—either by tunneling, in which DNS port 53 is used to bypass firewalls, or by hiding exfiltrated data in DNS packers and using the DNS infrastructure to send the information to a particular destination. Ollmann says the second method is the one that will be used most often by cyber criminals. Consultant Ed Skoudis agrees that malware would increasingly hide commands and stolen data in DNS packets, saying it would be to the advantage of cybercriminals to do so because it would allow them to use local servers as proxies and in turn bypass security measures that may be in place. Researchers say companies can protect themselves from cybercriminals who use this technique by closely watching their DNS traffic for unusual characteristics, including traffic that may be going to parts of the world where they do not do business. However, some researchers say DNS is not likely to be exploited by cybercriminals, given the difficulty involved in masking malicious DNS communications.


Microsoft Leads Zeus Botnet Server Shutdown
InformationWeek (03/26/12) Schwartz, Mathew J.

Microsoft has helped shut down command-and-control servers for the Zeus botnet, which is used by cyber criminals to steal financial information belonging to consumers, including online banking login credentials, and transfer stolen money. In addition to the shut down of the C&C servers, which were located at two hosting centers in Illinois and Pennsylvania, Microsoft has also helped revoke the two IP addresses that were associated with the servers. The Redmond, Wash.-based company is also continuing to observe the hundreds of domain names that were related to the servers in order to help identify thousands of computers that are believed to have been infected with the Zeus botnet. The shutdown of the C&C servers comes as Microsoft, the Financial Services Information Sharing and Analysis Center, and the National Automated Clearinghouse Association filed a civil lawsuit accusing 39 individuals of infecting 13 million computers with the Zeus botnet over the course of five years, allowing them steal more than $100 million and send out large amounts of spam messages. Some of the individuals named in the lawsuit are believed to have written code for Zeus or SpyEye, while others are suspected of having developed the exploits that were used to infect computers. Still others are accused of money laundering. Sophos senior technology consultant Graham Cluley said that bringing these individuals to justice is an important part of reducing cyber crime, since simply shutting down botnets is not enough to completely address the problem.


Abstracts Copyright © 2012 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments: