| |
Please Refrain From Taking a Hammer to the Michelangelo
Wall Street Journal (10/11/12) Russell, Anna
The vandalization of a Mark Rothko painting at London's Tate Modern museum this week has cast light on the delicate balance that museums must often strike between protecting their often extremely valuable pieces and allowing guests to have the up-close experience they desire. "Vandalism is probably the most difficult thing to protect against," says Museum Association Security Committee chair Steven Keller, noting that even motion sensing cameras mounted directly above an artwork have their drawbacks. Robert Wittman, the founder of the FBI's National Art Crime Team, says that cameras are often the best solution because museum owners and the public at large often dislike the use of things like plexiglass cases, which obscure the art. Art vandalism has been a problem for decades, with people and artists looking to make a political or "artistic" point often targeting well-known works for defacement, painting-over, urination, or in the case of statuary, hammer attacks. However, Michael Govan, the director of the Los Angeles County Museum of Art, says there is never any artistic value in destroying or damaging great art, noting that notorious subversive Dadaist Marcel Duchamp himself only ever altered reproductions of valuable works.
How the 'Six Strike' Program Works
International Business Times (10/10/12) Stone, Jeff
Five of the largest U.S. Internet service providers are preparing to institute a so-called "six strikes" campaign aimed at cutting down on illegal file sharing. According to Wired, the six strikes plan grew directly out of the failure last year of the proposed Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA), which were defeated in the U.S. legislature after an overwhelming public backlash. The six strikes plan is seen as a fallback by the Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA), which lobbied AT&T, Time Warner Cable, Cablevision Systems, Comcast, and Verizon to develop the program. According to copyright experts and online activists, the six strikes system works by detecting when users download BitTorrent files-- which are distributed download files that are among the primary vehicles for illegal file sharing--or visit sites known to host illegal content. On the first two such instances the user receives an alert warning them that their account "appears to have been used for online content theft." On the next two occasions, a popup box appears requiring users to acknowledge that they have been warned about the nature and consequences of such actions. Finally, the fifth and sixth times, users will be subject to "mitigation measures" which can include throttling of their connection speed, redirection to landing pages instructing them to contact the ISP, and other measures. The plan does not call for the termination of the accounts of users suspected of illegally downloading content.
ISO Standard Proposed for Private Security Companies
Occupational Health & Safety (10/08/12)
ASIS International and the American National Standards Institute (ANSI) are hoping that the International Organization for Standardization (ISO) will adopt their recently submitted plan for a new international standard for the management of private security companies. The proposal seeks the adoption by the ISO of ANSI and ASIS' "Management System for Quality of Private Security Company Operations - Requirements with Guidance." This standard establishes auditable criteria for determining if security companies meet relevant local laws and international human rights agreements. According to an ASIS justification study, security companies are seeing ever-wider use of private security in a whole variety of situations. Employers include not just government and industry, but non-governmental organizations (NGOs), aid and development groups, and other entities of all sizes, making such standardization even more valuable in such a diverse marketplace. The ASIS/ANSI proposal is open for comment until Oct. 26, with stakeholders instructed to contact ANSI International Policy Director Steven Cornish for more information.
Growing Prevalence of Industrial Espionage Threaten Automakers
iMotor Times (10/02/12) Choy, Danny
Automotive News reports that industrial espionage in the U.S. has been rising steadily in several sectors, including the auto industry. The U.S. Immigration and Customs Enforcement Homeland Security Investigations (ICE HSI) unit opened 1,212 intellectual property rights cases for the 2011 fiscal year, up 66 percent over 2009. Such cases are especially common at auto giants such as General Motors, Ford, and Toyota, all of whom have been victims of intellectual property theft. "A well-placed rogue employee can capture a company's highly protected crown jewels, things on which profits and jobs depend on," said U.S. Deputy Attorney General James Cole, during a Michigan keynote speech. The Office of the National Counterintelligence Executive said that firms must implement countermeasures to prevent such losses. Companies are encouraged to be thorough during exit interviews and to collect all sensitive documents and company-owned electronic devices upon an employee's departure.
To Cargo Thieves, a Truck’s a 'Bank on Wheels'
CFO (10/12) McDonald, Caroline
Truck cargo thefts are becoming increasingly common, with 22 percent more of such thefts occurring during the second quarter of this year in the U.S. over the same time last year, according to data provider CargoNet. The U.S. Federal Bureau of Investigation estimates that cargo theft amounts to about $30 billion per year, and high-value products like pharmaceuticals and electronics are most commonly stolen, followed by high-demand products like tobacco and alcohol. Because most shipping containers are unmarked and their contents thus unknown to outside observers, truck theft is usually an inside job, with the driver or someone at the distribution center providing cargo bandits with knowledge akin to a shipping manifest. Insurance experts and risk managers recommend companies focus on the truck driver when trying to stop theft, as the lure of getting a cut from a sizable haul -- some pharmaceutical hauls can be worth millions of dollars -- can easily outweigh the $40,000 to $50,000 most drivers make per year. While most companies that ship goods via truck insure their products, these policies often stipulate that claims will not be paid if the driver is at fault.
Security Cut Before Libya Raid
Wall Street Journal (10/11/12) Solomon, Jay ; Nissenbaum, Dion
The House Oversight and Government Reform Committee held a hearing on Wednesday to examine the security that was in place to protect U.S. officials in the run-up to last month's attack on the American consulate in Benghazi, Libya. Testifying at the hearing was Eric Nordstrom, the State Department's former regional security officer in Libya, who wrote in diplomatic cables that he was concerned the Obama administration was withdrawing U.S. security forces and replacing them with Libyan security personnel too quickly. Among the U.S. security forces that was withdrawn from Libya ahead of the attack was a 16-member security detail formerly commanded by Lt. Col. Andrew Wood of the Utah National Guard, who also testified before the panel. Wood said that the security force could have helped prevent the attack on the consulate, though a State Department official said that the security detail would have offered no protection to the diplomatic outpost because it was based in the Libyan capital of Tripoli rather than Benghazi, and because personnel from the force rarely traveled with the ambassador slain in the assault. The State Department official also said that the 16-member security force was replaced, mostly with Libyan personnel who had received training from the U.S. In addition to expressing concern about the withdrawal of U.S. security forces from Libya, Nordstrom's diplomatic cable from July also requested continued security support through mid-September. However, the Obama administration in August explained its decision to withdraw the 16-member security force by saying that it wanted to transition to a more normal diplomatic presence in Libya following that country's civil war last year.
U.S. Embassy Security Aide Shot Dead in Yemen
Wall Street Journal (10/11/12) Almasmari, Hakim
More information has come to light about the Thursday shooting that took the life of a long-time Yemeni security official who worked at the U.S. Embassy in San'a. Yemeni officials say that Qassem Aqlan was driving from his home to the U.S. Embassy Thursday morning when a number of masked gunmen riding motorcycles opened fire on his car, wounding Aqlan before fleeing the scene. Aqlan died several hours later. A U.S. Embassy security employee, who spoke anonymously, said that Aqlan and the rest of the security staff had been warned by embassy officials that they might become targets of extremists and to take precautions. Security at the U.S. Embassy in San'a has been beefed up in the month since a violent riot in front of the embassy resulted in the death of at least three protestors. The anonymous security employee claims that Aqlan was part of the investigation into the September protest, though the State Department has denied this. Similarly, Yemeni officials have been quick to imply that the attack was the work of al-Qaida in the Arabian Peninsula, though the State Department has remained cagey and non-committal about potential suspects and a possible motive.
French Investigators Find Bomb-Making Materials
New York Times (10/10/12) Erlanger, Steven
French prosecutor Francois Molins said Wednesday that police searches related to the arrest Saturday of 12 young Muslim men suspected of involvement in a grenade attack on a Jewish grocery had turned up bomb-making materials and firearms. According to Molins, police searching buildings and garages in the Paris suburb of Torcy, where two of the Saturday arrests took place, found a shotgun and a handgun, along with materials that could be used in bomb making. The materials, which included bags of potassium nitrate, sulfur and saltpeter, pressure cookers, and small light bulbs, are all commonly used in the manufacturing of improvised explosive devices. "We are clearly and objectively facing an extremely dangerous terrorist cell," said Molins. The weekend arrests were carried out after DNA found on the pin of a grenade thrown into a Jewish grocery store in the Paris suburb of Sarcelles last month was matched to Jeremie Louis-Sidney, who police believed to be the leader of the group. Sidney was killed on Saturday after he opened fire on police when they came to arrest him. Sidney, a former drug trafficker who had converted to Islam while serving a two year prison sentence, wounded three officers before being killed when police returned fire.
Attack on U.S. Mission in Libya Presents Legal, Policy Dilemma for Obama Administration
Washington Post (10/09/12) Birnbaum, Michael ; Whitlock, Craig
The Obama administration is grappling with the issue of how to handle the suspects in last month's attack on the U.S. consulate in Libya, if and when they are found. An administration official speaking on condition of anonymity said that the White House has not ruled out any of its options, which could include prosecuting the suspects in a civilian court in the U.S. or before a military commission, allowing the Libyan government to bring the perpetrators of the attack to justice, or carrying out a drone strike on those believed to be involved in the assault. Each of the options has a number of disadvantages. For example, it could be difficult to bring any suspects identified in the FBI investigation of the attack to justice in the U.S. because there is currently no extradition treaty between Washington and Tripoli. Although the Libyans in theory could arrest the suspects themselves and transfer them to the custody of U.S. officials without an extradition treaty, doing so could amount to extralegal rendition. If American officials are able to bring the suspects to the U.S., experts say that the Obama administration would likely seek to try them in civilian courts despite the fact that a bill passed by Congress last year calls for terrorism suspects with ties to al-Qaida to be tried before military commissions. Drone strikes, meanwhile, could hurt the relationship between the U.S. and Libya, much as similar attacks in Pakistan have strained ties between Islamabad and Washington. Finally, allowing the Libyans to handle the prosecution of the suspects is unattractive as well, as some believe that Libya's justice system may not be prepared to handle such a case.
Chinese Telecom Firms Huawei and ZTE Pose Security Threat, Congressional Investigators Say
Washington Post (10/08/12) Nakashima, Ellen
Rep. Mike Rogers (R-Mich.), the chairman of the House Permanent Select Committee on Intelligence, on Monday said that his panel would be turning over to the FBI evidence of potential cyber-espionage efforts by the Chinese telecom firm Huawei Technologies uncovered during an 11-month investigation into Huawei and ZTE Corp. Rogers and the committee's ranking Democrat, Rep. C.A. Dutch Ruppersberger (Md.), warned that U.S. companies and government agencies should refrain from using Huawei or ZTE equipment as part of networks that contain or carry potentially sensitive data. Rogers and Ruppersberger also advised that the federal government should block potential mergers between the the Chinese firms and U.S. companies due to ongoing questions about Huawei and ZTE's relationships with the Chinese government. Huawei's vice president for external affairs, William Plummer, responded to the report by calling it "quite strong on rhetoric," but "utterly lacking in substance." Plummer criticized the committee for not revealing any information about the multiple reports it had received of cyber espionage linked to his company, stating that he was only aware of one such incident, which involved the inadvertent use of an infected laptop by a Huawei employee. ZTE responded by releasing a letter sent to the committee last month where the company expressed its disappointment and disagreement with the investigation.
Panetta Warns of Dire Threat of Cyberattack on U.S.
New York Times (10/12/12) Bumiller, Elisabeth; Shanker, Thom
Defense Secretary Leon Panetta appeared before members of the Business Executives for National Security in New York City on Thursday and warned of the potential for disastrous consequences if an enemy of the U.S. were to carry out a cyber attack on the nation's critical infrastructure. Panetta noted that the nation's adversaries--including China, Russia, Iran, and militant groups--are becoming increasingly aggressive and are improving their technology, so much so that they could launch cyber attacks on vulnerable computer systems used to operate the power grid, transportation system, financial networks, and the government. These attacks could result in the derailment of passenger trains carrying dangerous chemicals, the contamination of water supplies in major U.S. cities, or the failure of the nation's power grid, Panetta said. Perhaps the most worrisome scenario, Panetta said, is a cyber attack on critical infrastructure carried out in tandem with a physical attack. Panetta said such an attack would amount to a "cyber-Pearl Harbor" that would cause physical destruction and the loss of life, and could terrorize the populace to such an extent that it would create "a profound new sense of vulnerability." But improved cyber defenses alone will not prevent a cyber attack against the nation's critical infrastructure, Panetta said, which is why the Department of Defense has developed the ability to conduct "effective operations" to mitigate threats to U.S. interests in cyber space. Panetta did not say that such capabilities were "offensive," though other senior U.S. officials have said offensive measures could be used to retaliate against those believed to be responsible for a cyber attack on an American target.
Mozilla Pulls Firefox 16 Over Security Concerns
TG Daily (10/11/12) Woollacott, Emma
Mozilla has pulled the latest version of its Firefox Web browser just days after its release after identifying a serious security flaw. "The vulnerability could allow a malicious site to potentially determine which Web sites users have visited and have access to the URL or URL parameters," wrote Mozilla Security Assurance Director Michael Coates on a company blog, though he added that Mozilla did not believe the vulnerability had yet been exploited in the wild. Mozilla hopes to have an updated fix for Firefox 16 ready Thursday, with a patch for the Android version of the browser already available on the Google Play store. Many users are disappointed by the news. Binary Outcast's Matt Tobin blamed the recall on flaws with Mozilla's RapidRelease update program, saying that if the company cannot reliably put out stable and secure versions of their software using the program, it should return to a more reliable update release method.
Cyberattack on Mideast Energy Firms Was Among Most Destructive, Panetta Says
Washington Post (10/11/12) Nakashima, Ellen
Speaking to the group Business Executives for National Security in New York on Oct. 11, Secretary of Defense Leon Panetta invoked cyber attacks launched against Arabian energy firms over the summer as examples of the growing cyber threats facing U.S. critical infrastructure. The attacks, which targeted Saudi Arabia's state-owned oil company Aramco and Qatar's Ras Gas, were carried out using the so-called "Shamoon" virus. Shamoon targeted some 30,000 computers at Aramco, stealing gigabytes of sensitive data before rendering the systems inoperable by overwriting files with garbage data or replacing files with an image of a burning American flag. There is still debate among experts about who was responsible for Shamoon, but numerous intelligence officials and diplomats have put the blame squarely on Iran, saying the virus was retaliation for painful Western oil sanctions. Panetta told his audience that the Shamoon attacks had caused "renewed concerns about still more destructive scenarios that could unfold," and said that the Pentagon was already aware of efforts by "foreign cyber-actors" to probed the IT, control systems, and security of chemical plants, electric and water utilities, and transportation systems in the U.S. Panetta said that the Department of Defense views the cyber defense of critical infrastructure in the U.S. to be part its mandate and noted that he is actively seeking greater resources and authority for the DoD's two-year-old Cyber Command division.
Email Encryption a Major Challenge for Government IT
eWeek (10/10/12) Eddy, Nathan
Although encryption can be a useful tool in protecting the security of information at government agencies, it also can be used by rogue employees to exfiltrate that information without authorization, according to a recent study. The study noted that 83 percent of federal agencies provide their employees with the ability to encrypt the emails they send, and that encryption tools can be used by these employees to conceal the fact that they are stealing sensitive information. In fact, email is the primary way in which data thieves steal classified and sensitive information from the federal government, followed by agency-issued mobile devices and USB flash drives, the study found. Axway's Michael Dayton says government agencies need to be sure that encryption does not make the contents of emails sent by employees so opaque that malicious insiders can steal sensitive information without being detected. One way to do this is by configuring email gateways to decrypt and scan outbound emails that are encrypted using desktop encryption applications. Doing so will also help agencies enforce their email policies, which are generally not followed by employees at 45 percent of the agencies that took part in the study.
Worm Spreading on Skype IM Installs Ransomware
CNet (10/08/12) Musil, Steven
Cyber security researchers at GFI have discovered a new worm spreading through Skype instant messages capable of holding a computer for ransom. The so-called "Dorkbot" worm tricks users into downloading a ZIP file by displaying the message, "lol is this your new profile pic?" with a link that also automatically spreads the message to other users. When opened, the ZIP file installs the Dorkbot worm and creates a backdoor to the system via the "Blackhole" exploit kit. The backdoor then allows the attacker to install ransomware that locks the users out of their computers via a password or encryption until they agree to pay to regain control of their systems. This particular worm asks for $200 within 48 hours or the files on the computer will abe deleted. PC users will also see a message that claims the computer has been used to visit sites that offer illegal content and threatens to send the information to the "special Department of the US government" using a program called "System Cleaner," which it claims was developed by the government "to prevent crime and illegal activity on the Internet." Finally, the malware uses click fraud while in control of the system to generate revenue for the worm's authors by clicking on as many as 2,259 ads in 10 minutes.
Abstracts Copyright © 2012 Information, Inc. Bethesda, MD |
No comments:
Post a Comment