Search This Blog

Friday, September 07, 2012

Security Management Weekly - September 7, 2012

header

  Learn more! ->   sm professional  

September 7, 2012
 
 
Corporate Security
Sponsored By:
  1. "House Panel to Question Chinese Telecom Firms" Huawei Technologies; ZTE Corp.
  2. "Bank Robbers Use Bomb to Coerce East L. A. Bank Manager" Los Angeles, Calif.
  3. "Colorado Contractor Settles Federal Corporate-Espionage Allegations" Paragon Dynamics Inc.
  4. "New Mine Clashes Rattle South Africa" Gold One International
  5. "New Jersey Teen Killed After Sticking Head Out of Party Bus"

Homeland Security
Sponsored By:
  1. "Suspect in Deadly Quebec Election Rally Shooting Known as Frustrated Businessman"
  2. "US to Designate Haqqani Network as Terrorists"
  3. "ICE Chief of Staff Resigns Over Claims of Sexual Misconduct" Immigration and Customs Enforcement
  4. "Ex-U.S. Guard in China Pleads Guilty in Secrets Case"
  5. "Hundreds of Afghan Soldiers Detained, Sacked for Insurgent Links" Afghanisatn

Cyber Security
Sponsored By:
  1. "CRS: Pipeline Security at Risk from Cyberattacks"
  2. "Claim of iPhone Hacking Raises Questions About FBI Data"
  3. "Qatar's Al Jazeera Website Hacked by Syria's Assad Loyalists"
  4. "Secrecy Surrounding 'Zero-Day Exploits' Industry Spurs Calls for Government Oversight"
  5. "Homeland Security's Domain Seizures Worries Congress"

   

 
 
 
 
 
 

 


House Panel to Question Chinese Telecom Firms
Wall Street Journal (09/07/12) Gorman, Siobhan

The U.S. House Intelligence Committee is expecting to hold public hearings next week in which it will question executives of Chinese telecom firms Huawei Technologies Co. and ZTE Corp. about concerns over corporate espionage, the companies' ties with the Chinese military and government, and their dealings with Iran. The hearings are part of a year-old probe into the companies by the committee, which has prompted several sharply worded warnings and statements by Huawei alleging it is being discriminated against and protesting its innocence of any wrong doing. ZTE has already announced that it will take part in the hearings and plans to send Senior Vice President Zhu Jinyun. Huawei, however, has said that its participation in the hearings will be conditional on the committee making "appropriate arrangements," though it has not indicated what arrangements those might be. Both companies have been attempting to further expand into the American market, but have been tripped up by concerns about their leadership and practices. Huawei founder Ren Zhengfei is a former Chinese military technology officer and many are concerned that the People's Liberation Army has an unknown degree of influence on the company, which could include having access to Huawei networks and devices. ZTE has been under scrutiny in part because of allegations that it has done business with Iran, potentially in violation of U.S. and international sanctions.


Bank Robbers Use Bomb to Coerce East L. A. Bank Manager
Los Angeles Times (09/06/12) http://articles.latimes.com/2012/sep/05/local/la-me-bank-bomb-20120906

Los Angeles, Calif. authorities investigating a bizarre bank heist on Thursday searched the home of a bank manager who was told to strap what she believed was a bomb to her midsection and then forced to order employees to "take out all the money" from her branch. Two masked gunmen got away with an undisclosed amount of cash from the Bank of America when it opened Wednesday morning, but no one was injured in the robbery. No arrests had been made. The bank manager was snatched in front of her home Wednesday morning and arrived at her workplace wearing the device. A Los Angeles County sheriff's bomb squad disabled the device, but investigators said it wasn't an explosive. She ordered her fellow employees to remove the cash from the bank and it was thrown to the men who were waiting outside. The two men, who were armed with handguns and wore ski masks, took off in a two-door car and remain at large.


Colorado Contractor Settles Federal Corporate-Espionage Allegations
Denver Business Journal (09/04/12) Avery, Greg

An Aurora, Colo. defense contractor has settled with the government in a case of alleged corporate espionage. Paragon Dynamics Inc., on Sept. 4 agreed to pay $1.15 million as part of an out of court settlement with the National Reconnaissance Office after the company was accused of stealing bid information from rival Raytheon Corp. According to the settlement agreement, sometime in late-July 2009, an unidentified senior Paragon software director accessed Raytheon's computer systems and obtained information including the contractor's bids for two NRO projects codenamed Antietam and Savannah. The bid information was then passed on to the president of Paragon, who forwarded it to an unnamed company partnered with Paragon that was competing for the Antietam contract against Raytheon. Paragon did not admit legal liability and there is no indication that the unnamed partner company acted on the stolen bid information, though there were indications that the software director who accessed Raytheon's systems has been fired. "Corporate espionage erodes the trust we have in our public procurement system, and the Department of Justice will hold cheaters accountable for their actions," said U.S. Attorney John Walsh, whose office represented the NRO in the suit.


New Mine Clashes Rattle South Africa
Wall Street Journal (09/03/12) Maylie, Devon

A violent clash between protestors, police, and security forces at a South African gold mine left four people injured on Monday as unrest and violence continue to spread through the country's mining sector. Police were called to the mine, which belongs to Gold One International, on Monday after the company reported that laid off workers had attacked a bus carrying miners to their work sites. Company security fired rubber bullets at the protestors, who were armed with clubs and metal rods, and police later fired tear gas and arrested four on disorderly conduct charges. The riot at Gold One was just the latest such after extensive unrest at a Lonmin platinum mine last month left 34 people dead, leading to controversial murder charges being made against 270 protesting miners, some of whom were released without charges on Sunday. Fueled by rivalries between entrenched and emerging workers unions, the unrest in South Africa's mining sector has become a hot political issue that is testing support for the ruling African National Congress party. Former ANC Youth League leader Julius Malema, who was expelled from the party for fomenting racial hatred, was apparently at the Gold One mine last Thursday to stir up workers. Malema is among the forces looking to use mine unrest as a political weapon against the ANC and sitting president Jacob Zuma.


New Jersey Teen Killed After Sticking Head Out of Party Bus
CNN (09/03/12) Lewin, Khara

A 16-year-old from New Jersey was killed on Sunday after sticking his head out of an emergency hatch on the roof of a party bus and then striking an overpass. Daniel Fernandez, along with 64 other teenagers was en route to New Jersey from Queens, N.Y., for a birthday party when the accident happened. Other passengers were reportedly in shock and some covered in blood when emergency services responded to the scene and rushed Fernandez to Hackensack Medical Center, where he was pronounced dead. Spokespeople for the party bus company have said that there was no alcohol on board the bus and that Fernandez had opened the emergency hatch of the double-decker bus despite repeated warnings from security personnel about the dangers.




Suspect in Deadly Quebec Election Rally Shooting Known as Frustrated Businessman
Associated Press (09/06/12)

Neighbors and police have identified the man who killed one man and wounded another in a shooting at the victory rally of newly elected Quebec Premier Pauline Marois in Montreal on Tuesday night as 62-year-old Richard Henry Bain of La Conception, Quebec. Neighbors and city officials say that Bain was a businessman and entrepreneur and owned the Les Activités Rick fishing and hunting retreat located some 90 miles north of Montreal. Acquaintances say Bain had commented with frustration on bureaucratic hurdles that stymied some of his numerous business ventures, but had never openly espoused any violent anti-government sentiments or hostility towards French-speaking Quebecers. Bain was apprehended after shooting his two victims, who worked for production company Productions du Grand Bambou Inc., just outside of the venue where Marois was delivering her acceptance speech. Video of the arrest shows Bain, dressed in a blue bathrobe, black t-shirt, and shorts, shouting "The English are waking up!" in French. Tension has always existed between the French- and English-speaking residents of Quebec, which last resulted in widespread violence during the 1970s with members of the Front de Libération du Québec conducting kidnappings and killings in what is known as the "October Crisis."


US to Designate Haqqani Network as Terrorists
Associated Press (09/07/12) Klapper, Bradley

U.S. Secretary of State Hillary Clinton on Friday issued a report to Congress stating that the U.S. State Department will formally designate the Pakistan-based Haqqani network as a terrorist organization within the next two weeks. The decision comes after Congress last month ordered Clinton and the State Department to make a decision on the designation of the network, which is among the U.S.'s most strident opponents in Afghanistan and Pakistan, but whose power and influence in the region makes designation a difficult diplomatic proposition. The Haqqani network was formed by Jalaluddin Haqqani during the Soviet occupation of Afghanistan and has been an influential force in the mountainous tribal area surrounding the border between Afghanistan and Pakistan ever since. Haqqani served as justice minister in Afghanistan after the retreat of the Soviets and as minister of tribal and border affairs while the country was under Taliban rule, and the network, now run by Haqqani's sons, has allied with the Taliban against U.S. and NATO forces. The Haqqanis are very influential in eastern Afghanistan and the tribal regions of northwest Pakistan, and the group is believed to have strong ties with the Pakistani intelligence services, which makes designating them terrorists a difficult proposition as the U.S. relies on Pakistan for support as NATO winds down operations in Afghanistan.


ICE Chief of Staff Resigns Over Claims of Sexual Misconduct
Fox News Latino (NY) (09/03/12)

Immigration and Customs Enforcement Chief of Staff Suzanne Barr tendered her resignation over the weekend after facing allegations of sexual harassment and misconduct related to a sexual discrimination lawsuit filed against the agency in New York state. Barr had been on leave since the New York Post reported on a lawsuit filed against the agency by its former top agent in New York who alleged that Barr had created a hostile work environment at the agency meant to humiliate male employees. This report was followed up by anonymous reports of further sexual misconduct by Barr, and over the weekend she submitted her letter of resignation to ICE Director John Morton. In her letter, Barr denied the accusations against her, calling them "allegations designed to destroy my reputation," but said that she was stepping down to avoid becoming a distraction. "I feel it is incumbent upon me to take every step necessary to prevent further harm to the agency and to prevent this from further distracting from our critical work," wrote Barr. Despite this, Rep. Peter King (R-N.Y.), who chairs the House Homeland Security Committee, has stated that he intends to open an investigation into Department of Homeland Security personnel policies as a result of the allegations against Barr.


Ex-U.S. Guard in China Pleads Guilty in Secrets Case
Associated Press (08/30/12) Yost, Pete

On Aug. 30, Bryan Underwood, a former security guard at the U.S. consulate in Guangzhou, China, pleaded guilty in federal court to attempting to sell top secret information to the Chinese government. According to prosecutors, Underwood, who worked as a federal employee with Top Secret clearance between Nov. 2009 and Aug. 2011, at some point during his tenure working at the Guangzhou consulate compound lost $170,00 in the stock market and hatched a plan to sell information about the facility's security capabilities to the Chinese. In May 2011 Underwood surreptitiously photographed restricted areas of a consulate building and then drew up schematics and diagrams detailing the security features and camera layout of the consulate. He then wrote a letter to the Chinese Ministry of State Security expressing interest in selling the information he hand. Underwood attempted to deliver the letter by hand, but was rebuffed by a guard at the Ministry who refused to accept the letter. After investigators became suspicious of him, Underwood at first claimed that he had attempted to sell the information as part of his work on a counter-intelligence project at the consulate, before confessing to his plan. Underwood faces a maximum sentence of life in prison, though he is more likely to serve 15 to 20 years.


Hundreds of Afghan Soldiers Detained, Sacked for Insurgent Links
Reuters (09/05/12) Harooni, Mirwais

Afghanistan's Defence Ministry on Wednesday announced that it had fired or detained several hundred members of the almost 200,000-strong Afghan army for having links to militant and insurgent groups. The announcement follows increased tension between Afghans and their NATO allies and trainers as the number of so-called green-on-blue insider attacks have risen in recent months. Forty-five NATO troops have been killed this year by such attacks, which see members of the Afghan military or police services turning their weapons on NATO troops, with 15 deaths in August alone. The latest such incident saw three Australian servicemen killed, and the ruthless efforts of Australian forces to apprehend the rogue Afghan soldier responsible has set relations between Kabul and Canberra on edge. "Using an army uniform against foreign forces is a serious point of concern not only for the Defence Ministry but for the whole Afghan government," said Defence Ministry spokesman Zahir Azimi on Wednesday. Azimi also mentioned that this week's arrests and firings were the result of an investigation into insider shootings launched by the Ministry six months ago. NATO forces have already halted or suspended training of numerous police and militia organizations as they attempt to re-vet their members.




CRS: Pipeline Security at Risk from Cyberattacks
Fierce Homeland Security (08/31/12) Bird, Julie

A recent report by the Congressional Research Service has revealed that America's natural gas and hazardous liquid pipelines face a serious risk of targeted cyberattacks. Filed on Aug. 16, the report notes that pipeline controls have been the targets of numerous coordinated cyber intrusions recently. The attacks target supervisory control and data acquisition, or SCADA, systems. While the Transportation Security Administration technically has the power to impose cyber security regulations on the nation's pipelines, it has refrained from doing so, citing concerns that government regulations might be less effective and even conflict with existing systems. The CRS report, however, reads in part: "whether the self-interest of pipeline operators is sufficient to generate the level of cybersecurity appropriate for a critical infrastructure sector is open to debate." The U.S. has nearly 1.5 million miles of high-volume and small, individual client oil, gas, and other liquid material pipelines.


Claim of iPhone Hacking Raises Questions About FBI Data
Los Angeles Times (09/05/12) Dilanian, Ken; Rodriguez, Salvador

The claim by a hacktivist group that they obtained a file containing millions of identification numbers and personal information tied to iOS devices from an FBI laptop is being greeted with a mix of alarmed credulity and measured skepticism. The group AntiSec made headlines over the weekend after posting online a file containing some 1 million unique device identifiers (UDIDs) tied to Apple iOS devices, claiming that the UDIDs came from a larger file that also contained identifying information including user and device names, Apple Push Notification Service tokens, phone numbers, and physical addresses. AntiSec claims to have lifted this larger file from the Dell laptop of FBI Cyber Action Team member Christopher K. Stangl, and say that the file was named "NCFTA_iOS_devices_intel.csv" feeding rampant speculation that the file was part of a supposed corporate/government information sharing program being facilitated by the National Cyber-Forensics and Training Alliance. Many privacy advocates had sounded alarms that cyber security legislation Congress failed to pass last month would have led to the sharing of just such information with government agencies. However, the FBI has strenuously denied that it ever sought or possessed such a file and some are regarding AntiSec's claim as a potential hoax. In the absence of the alleged larger file, AntiSec's claim is hard to substantiate, especially considering that without being tied to identifying information, a simple list of UDIDs is essentially meaningless.


Qatar's Al Jazeera Website Hacked by Syria's Assad Loyalists
Reuters (09/04/12)

Qatar-based news organization al Jazeera was the target of a cyber vandalism attack on Tuesday, when its Web site was defaced by hackers widely assumed to be acting on behalf of the government of Syrian President Bashar al-Assad. Al Jazeera is backed by Qatar, which has sided with the primarily Sunni uprising against the Assad regime and Jazeera has been sympathetically reporting on the rebellion since it began in March 2011. Tuesday's hack replaced the al Jazeera homepage with a Syrian flag and messages denouncing what it characterized as the news organization's support for armed groups attacking "the Syrian people and government." A group calling itself al-Rashedon took credit for the attack, and Syrian opposition members have widely blamed the incident on pro-Assad elements. Jazeera is just the latest entity to become the target of cyber attacks in region recently. Qatar's Rasgas natural gas exporter acknowledged being compromised by malware last month, shortly after oil producer Saudi Aramco admitted to having been hacked. Reuters was also the target of a cyber attack last month that subverted its news site to post fake stories, including one reporting the death of Saudi Foreign Minister Prince Saud al-Faisal.


Secrecy Surrounding 'Zero-Day Exploits' Industry Spurs Calls for Government Oversight
Washington Post (09/02/12) Ball, James; Nakashima, Ellen

A barely regulated industry for zero-day exploits sold by researchers has sprung up, and even certain insiders believe this trade should be subject to more stringent regulation, according to analysts. They note demand for such tools is stoked by their potency and unpredictability, and this worries experts, who are urging greater government oversight. There is a precedent for regulating an industry such as zero-day exploits, as the U.S. Commerce Department oversees the sale of software, exploits associated with cryptography, and some penetration-testing software. One of the few nations to tightly regulate exploits is Germany, which has outlawed the free distribution of such exploits as well as the domestic sale of exploits. The debate on regulation partly hinges on whether computer code counts as free speech and thus should be exempted from limitations. The zero-day trade is extremely secretive, with most sales conducted through intermediaries who protect their client list and require the researchers who sell for them to sign nondisclosure agreements. "The big issue is really the fact that researchers are put in this position to either make $50,000 doing the thing that doesn't help anyone, or do something for free that helps people," said former U.S. National Security Agency staffer Charlie Miller.


Homeland Security's Domain Seizures Worries Congress
CNet (09/03/12) Kerr, Dara

An initiative by the U.S. Department of Homeland Security to seize domains and take down URLs is causing some concern in Congress. In a recent letter to Attorney General Eric Holder and DHS Secretary Janet Napolitano, three members of the House Judiciary Committee voiced their concerns about the department's tactics and the protection of free speech. "Our concern centers on your department's methods, and the process given, when seizing the domain names of Web sites whose actions and contents are presumed to be lawful, protected speech," reads the letter by Reps. Zoe Lofgren (D-Calif.), Jared Polis (D-Colo.), and Jason Chaffetz (R-Utah). The letter cites a case in which the government removed a hip-hop Web site owned by a man called Dajaz1 because it allegedly linked to copyrighted songs. But Lofgren, Polis, and Chaffetz say the links were given to the site's owners by the artists themselves. According to U.S. Immigration and Customs Enforcement, approximately 700 domain names have been seized since Operation In Our Sites launched in 2010.


Abstracts Copyright © 2012 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

1 comment:

Anonymous said...

I definitely wanted to type a quick

word to

[url=http://www.tomsshoesoutlet-us.com]cheap toms outlet[/url] say thanks

to you for the

fabulous solutions you are

posting at this site.[url=http://www.tomsshoesoutlet-us.com]toms outlet usa[/url] , My extensive

internet research has at the end of

the day been paid with

extremely good insight to go over with

my great friends. I 'd assume that

we website visitors are very endowed to

be in a really good community with very many toms outlet usa wonderful cheap toms outlet people with good pointers. I feel very much fortunate to have discovered your site and look forward to

some more enjoyable minutes reading here.

Thanks a lot once again for a lot of things.