Search This Blog

Friday, April 27, 2012

Security Management Weekly - April 27, 2012

header

  Learn more! ->   sm professional  

April 27, 2012
 
 
Corporate Security
Sponsored By:
  1. "US Seizes 36 Websites Dealing in Stolen Credit Cards"
  2. "Protesters Crash Wells Fargo Shareholder Meeting" San Francisco
  3. "Wal-Mart Bribery Probe Exposes Retailer to Fines" Mexico
  4. "Approaching Risk Head On"
  5. "On the Fence Line" Physical Security Perimeters

Homeland Security
  1. "Threats of Terrorism, Spillover Violence at Border Overblown, Study Says"
  2. "U.S. Relaxes Drone Rules" Yemen
  3. "Top al-Qaida Bomb Maker in Yemen Resurfaces as Anniversary of bin Laden's Death Looms"
  4. "Pentagon Establishes Clandestine Service, New Espionage Unit"
  5. "Counter-terrorism Official: No Hizbollah Training Camps in Metro Detroit"

Cyber Security
  1. "Microsoft: Conficker Worm Continues to Plague Enterprises"
  2. "1 in 5 Macs Infected With (Windows) Malware, Study Finds"
  3. "FBI, Working Group Reboot Effort to Rid Computers of DNSChanger" Domain Name System
  4. "Anonymous Fingered as Most Fearsome Hackers by IT Leaders"
  5. "Iran Says Virus Has Hit Oil Sector"

   

 
 
 

 


US Seizes 36 Websites Dealing in Stolen Credit Cards
Dow Jones Newswires (04/26/12) Stynes, Tess

The Justice Department said the U.S. government has seized 36 domain names of websites that illegally sold and distributed stolen credit card numbers, part of an international effort to protect consumers' personal information on the Internet. The seized websites allowed a user to buy stolen-credit card information over the Web, even allowing use of online "shopping carts" similar to those used on legitimate websites. The sites allow buyers to select the type of credit card, the account's country of origin and in some cases, the state where the legitimate card holder lives. During an undercover operation, law enforcement officials were able to obtain credit card numbers issued by major banks such as Bank of America, SunTrust Banks and Capital One Financial.


Protesters Crash Wells Fargo Shareholder Meeting
Associated Press (04/24/12)

Two dozen Occupy Wall Street protesters were arrested in San Francisco on Tuesday after a demonstration at Wells Fargo's annual shareholders meeting. Several dozen people from community groups were allowed inside the meeting at the Merchant's Exchange Building because they had purchased Wells Fargo stock. Some of the protesters showed up to demand that Wells Fargo may more in corporate taxes, while others called for the bank to halt home foreclosures. Of the 24 people who were arrested, 15 were taken into custody for disrupting the shareholders meeting. Six were arrested on misdemeanor trespassing charges, while another three were arrested for resisting arrest. Despite the arrests, there were only minor clashes between protesters and police officers charged with securing the building. A spokesman for Wells Fargo said after the meeting that the bank would take steps to ensure the safety of its shareholders, customers, and employees.


Wal-Mart Bribery Probe Exposes Retailer to Fines
Bloomberg Business Week (04/23/12) Welch, David ; Weidlich, Thom

Wal-Mart is looking into allegations that some executives of its unit in Mexico may have violated the Foreign Corrupt Practices Act by bribing Mexican officials to get stores opened more quickly. The allegations date back as far as 2005, and a number of Wal-Mart executives--including Lee Scott, who was CEO at the time--were made aware of the claims then. Wal-Mart subsequently conducted an initial investigation into the allegations, though the investigation was closed in 2006 after the general counsel of Wal-Mart de Mexico concluded that there was no evidence that any bribes had been paid. An investigation that was later conducted by the New York Times found that a number of store permit requests were granted to Wal-Mart de Mexico shortly after the company made payments to two outside lawyers who gave the money to local officials in Mexico. The investigation by the New York Times also found that Eduardo Castro-Wright, who was the CEO of Wal-Mart de Mexico from 2003 to 2005 and served as the unit's president and chief operating officer from 2001 to 2003, was a central figure in the expansion of the alleged bribes. The former Wal-Mart de Mexico general counsel who conducted the initial investigation into the allegations was also suspected of having been involved in the payments. Wal-Mart is now once again looking into the allegations, as well as whether or not the company's board was informed about the alleged bribes in 2005. The investigation is also focusing on why Wal-Mart did not take action on the allegations sooner.


Approaching Risk Head On
Security Magazine (04/12)

As corporate security director for Adobe Systems, Mark Domnauer's goal is to protect the company's "assets and intellectual property while allowing" visitors to freely move. Non-Adobe workers must be approved to come on-site through specific procedures, he says, and are assigned access based on their role, location, and need. The entire process is fully automated, inclusive of access changes. Any manual changes in the access control system are identified on exception reports through a scalable and auditable process, says Domnauer. Moreover, every perimeter door is equipped with an alarmed or badge reader, and people go through central points using turnstiles to eliminate tailgating. The company's SAFE Secure system from Quantum Secure features security camera back-up and lets Domnauer streamline access requests and approval processes across different user-access profiles and physical access systems. Jos Giele, director of corporate security for freight company Con-way Inc., uses theft prevention tools and strict access restrictions for company facilities, and also emphasizes ongoing training and updates to the company’s yard and facility layouts. Whole Foods' Mario Ruiz, an associate facility team leader, says the company uses a Web-based access control system from Brivo that lets him place employees and outside contractors into separate groups depending on each person’s specific access requirement. The system’s alert feature warns him if a door is left open as well as monitors the time and attendance of staff.


On the Fence Line
Security Products (04/12) Vol. 16, No. 4, P. 52 Logue, Patricia

The key to creating strong physical perimeters is tailoring the sensor and surveillance system to meet each site's unique requirements. Security executives can find out how to do this by asking the following questions: What are the potential threats to this site, and what assets are we protecting?; what are we trying to detect and protect against?, and; are there climate conditions to take into account, such as extreme temperatures, high winds, or driving rains? A fundamental approach to perimeter security is to layer defenses, which gives an attacker more obstacles to overcome to reach their target and makes it more likely the facility will detect the intrusion before it occurs. These layers can include: threat protectors such as fences, security guards, and warning signs; delaying mechanisms such as fence lines and security staff; and threat detectors such as surveillance sensors, motion detectors, and CCTV. Fiber optic sensing systems are a new but increasingly popular technology being used in perimeter security systems. These systems are frequently used because they are easily tunable to compensate for extreme environmental and weather conditions; do not require a power source; are lightning-proof; and can be used over long distances. Infrared sensors detect energy generated by people and other external sources. Active infrared sensors produce a beam of infrared energy when an intruder passes through the protected area. Finally, video analytics, which scan incoming video feeds and automatically flag items of interest without requiring a security guard to constantly monitor the video, can be used for the purposes of intrusion detection, monitoring people and traffic, detecting objects left behind, and license plate recognition.




Threats of Terrorism, Spillover Violence at Border Overblown, Study Says
UT San Diego (04/26/12)

A new report from the Washington Office on Latin America has found that politicians have largely overblown threats of terrorism and violence from the drug war in Mexico, leading to a significant buildup of border security that has done little to reduce drug trafficking. The study showed that, despite increases in violence from Mexico's drug wars, violent crime actually dropped by 11 percent in border states between 2005 and 2010. The report also found no evidence that any member of any group on the State Department's list of Foreign Terrorist Organizations has ever attempted to enter the country through Mexico. The massive buildup in the number of Border Patrol agents, which has quintupled since 1992, now also includes personnel from two dozen law enforcement agencies, including the National Guard and the FBI. The report also found that the roles played by these agencies are often overlapping and poorly coordinated. For example, military personnel are permitted to accompany Border Patrol agents on rounds, but are required to carry only unloaded weapons.


U.S. Relaxes Drone Rules
Wall Street Journal (04/26/12) Entous, Adam ; Gorman, Siobhan ; Barnes, Julian E.

The Obama administration has agreed to a request from the CIA and the U.S. military to broaden the drone campaign against terrorism suspects in Yemen, after turning down a similar request made last year. Before the change, the CIA and the U.S. military's Joint Special Operations Command (JSOC) were limited to carrying out so-called "personality" strikes, in which each potential target is identified and investigated to determine his role in al-Qaida in the Arabian Peninsula (AQAP), which is the al-Qaida affiliate in Yemen. Last year the CIA and the JSOC asked the administration for the ability to carry out "signature" strikes, in which targets are chosen on the basis of their behavior even if their names are not known. While the administration has opted not to give the CIA and the JSOC the authority to carry out full-blown signature strikes, it has decided to let the target lower level-level AQAP fighters whose identities are not known so long as the CIA and the JSOC can determine that the activities of these individuals are significant enough to designate them as being high-value targets. The CIA and the JSOC can also target individuals who are suspected of plotting against the interests of the U.S. and other Western nations. Supporters of the change say that it is necessary because AQAP has grown in strength since former leader Anwar al-Awlaki was killed in a drone strike last year. But one Yemeni official expressed concern that the U.S. could confuse suspected militants with ordinary Yemenis, since many civilians in the country carry weapons.


Top al-Qaida Bomb Maker in Yemen Resurfaces as Anniversary of bin Laden's Death Looms
Associated Press (04/26/12)

U.S. counterterrrorism officials are growing increasingly concerned about the threat from al-Qaida in the Arabian Peninsula (AQAP). Officials say that there has been increased intelligence chatter associated with AQAP over the last six months. That chatter could be an indication that AQAP is planning attacks against aviation targets in Western nations, as well as attacks against other types of targets, officials say. The intelligence also indicates that an AQAP bomb maker who was thought to have been killed in a U.S. drone attack in Yemen last year is still alive. However, officials also point out that there is no credible or specific threat associated with the one-year anniversary of Osama bin Laden's death, which is coming up on May 2. White House spokesman Jay Carney said that al-Qaida's affiliates and allies still want to carry out attacks against the U.S. homeland, possibly as part of an effort to exact revenge for the killing of bin Laden. But those plans may not necessarily be tied to the anniversary of bin Laden's death, Carney said.


Pentagon Establishes Clandestine Service, New Espionage Unit
Washington Post (04/24/12) P. A1 Miller, Greg

The Pentagon has announced the creation of the Defense Clandestine Service, which would work closely with the CIA as part of an effort to collect intelligence outside of the war zones in Iraq and Afghanistan. The creation of the Defense Clandestine Service does not involve new manpower or new authorities, one official said. Instead, the creation of the Defense Clandestine Service involves a realignment of the military's classified espionage efforts that will ensure that intelligence officers are in the right locations so that the military's espionage efforts can be more focused on important targets that are beyond the tactical considerations of Iraq and Afghanistan, the official noted. The official did not say exactly how that realignment would take place. However, some of the most important intelligence priorities over the last several years have included things such as counterterrorism, non-proliferation, and the rising power of China and other nations. Some congressional officials are asking for more information about the plan, including information about why it is being undertaken. Other congressional officials have said that the coordination behind the plan to create the Defense Clandestine Service has reassured them that the Department of Defense is not trying to consolidate human intelligence in order to create a defense against what the CIA does, as some said it tried to do under former Defense Secretary Donald Rumsfeld.


Counter-terrorism Official: No Hizbollah Training Camps in Metro Detroit
Detroit Free Press (04/24/12) Warikoo, Niraj

FBI Special Agent Todd Mayberry, who oversees the bureau's counterterrorism efforts in Michigan, spoke at a security conference in the state on April 24 and discussed the threat from the Lebanese militant group Hizbollah. Mayberry noted that there are Hizbollah sympathizers in the U.S., and that some people give the group money because they see it as a charitable organization. However, Mayberry said that Hizbollah is a terrorist group and that the FBI would go after anyone who gives it money. Mayberry added that Hizbollah does not have terrorist training camps in the Detroit area, despite claims by some to the contrary. Mayberry also discussed the threats to the Jewish community in Michigan. While there are no specfic threats to the Jewish community in the state, Mayberry said, there are several potential and general threats. One of those threats comes from Iran and Hizbollah, which acts as a proxy for Tehran, Mayberry said. Mayberry noted that Hizbollah is just as much as a threat as al-Qaida, if not more. He added that another threat comes from Muslims who become radicalized after visiting jihadist Web sites and chat rooms.




Microsoft: Conficker Worm Continues to Plague Enterprises
eWeek (04/25/12) Burt, Jeffrey

The Conficker worm is still the biggest malware threat that businesses face despite the fact that a new variant for Conficker has not been released in more than two years, according to Microsoft's recent Security Intelligence Report. The study, based on data collected from Windows PCs, Hotmail accounts, Web pages scanned by the Bing search engine, and Microsoft's security software and tools, estimated that the number of times that Conficker has been detected in each quarter since 2009 has risen 225 percent. The fourth quarter of last year saw 1.7 million detections of Conficker, which infects computers by exploiting a remote code execution flaw in Windows and is capable of stealing administrative passwords in order to log into other computers on the same network as the machine that was initially infected. Microsoft has found that about 92 percent of all the recent Conficker infections are the result of users utilizing weak passwords, such as "admin123," "Login," and "manager." The remaining percentage infections was the result of systems not being patched. Microsoft's Tim Rains says companies should protect themselves from Conficker by implementing strong password policies, applying available updates, using anti-virus software from a reputable company, and upgrading to newer, more secure operating systems.


1 in 5 Macs Infected With (Windows) Malware, Study Finds
Government Computer News (04/24/12) McCaney, Kevin

Sophos recently examined 100,000 Mac users who downloaded the company's antivirus software and found that 20 percent of Macs are infected with malware, even though the malware that has infected those computers was designed for Windows machines. Although Windows malware does not pose a threat to Macs, the infected machines could still spread the malicious software to Windows PCs. Sophos also found that 2.7 percent of the Macs it examined were infected with malware designed for the Mac OS X. Most of that malware, 75.1 percent, was OSX.Flashback. The second most common type of malware Sophos found on Macs was rogue antivirus software, which was found on nearly 18 percent of the computers it examined. Some of the malware that Sophos found could have been removed with antivirus software. Sophos is urging Mac users to protect themselves by using an antivirus program and ensuring that it is kept up to date, keeping Mac OS X and any applications up to date with the latest security patches, and being cautious when installing programs and clicking on links.


FBI, Working Group Reboot Effort to Rid Computers of DNSChanger
Government Computer News (04/24/12) McCaney, Kevin

The FBI and a coterie of security experts have resumed their campaign to cleanse computers of DNSChanger malware that still threatens to take hundreds of thousands of users offline in July. The DNSChanger Working Group has a Web site where individuals and organizations can receive instructions on how to find and eradicate DNSChanger from their machines, and the FBI has its own Web site devoted to the issue. DNSChanger has compromised as many as 4 million computers globally as part of an Estonian clickjacking scheme the FBI broke up in November 2011. The malware redirected infected computers to the ring's servers, which then directed them to sham sites and also disabled users' antivirus software. The FBI obtained an extended court order through July 9 that gives the agency more time to clean machines. Although federal agencies have largely been purged of infections, roughly 350,000 could still be at risk.


Anonymous Fingered as Most Fearsome Hackers by IT Leaders
Wall Street Journal (04/23/12)

The security vendor Bit9 recently conducted a survey that asked more than 2,000 IT security leaders who they thought would be most likely to carry out a cyber attack on their companies' computers. The largest percentage of respondents, 61 percent, said that they believed that a hacktivist group like Anonymous would be the most likely perpetrator of a cyber attack against their companies. Anonymous is a worldwide network of hackers that has carried out cyber attacks on HBGary Federal and Sony, among others. Gartner analyst John Pescatore said that it is understandable that IT security leaders would be afraid of attacks launched by Anonymous because the group can carry out attacks that companies may not even know about. However, Pescatore added that IT security professionals should be less focused on who might carry out cyber attacks against them and more focused on strengthening the security of their computer networks.


Iran Says Virus Has Hit Oil Sector
Wall Street Journal (04/23/12) Faucon, Benoit; Fassihi, Farnaz

The Iranian Oil Ministry reported April 23 that a cyber attack against its computers has intensified. Officials at the ministry first discovered that the agency's server and Web sites, as well as those of the National Oil Company, were infected with the Wiper virus in March. However, officials discovered on April 22 that had the virus had erased information from several Oil Ministry computers and that the operations of a number of servers had been disrupted. The Oil Ministry responded by cutting off Internet access to all of its workers to prevent the Wiper virus from spreading. The Oil Ministry has also created an emergency committee to combat the virus infection and investigate where the virus came from.


Abstracts Copyright © 2012 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments: