Search This Blog

Friday, February 08, 2013

Security Management Weekly - February 8, 2013

header

  Learn more! ->   sm professional  

February 8, 2013
 
 
Corporate Security
Sponsored By:
  1. "Beitar Arson Attack Linked to Racial Incitement" Israel
  2. "Crime That No Longer Pays" Decline in Bank Robberies
  3. "Stores Use Clear Boxes to Deter Theft"
  4. "Hospital Installs RFID to Protect Youngest Patients" Radio Frequency Identification
  5. "Private Security Group Assembles First Private Navy Since East India Company to Protect Indian Ocean Shipping Convoys from Somali Pirates"

Homeland Security
Sponsored By:
  1. "Nominee Tested by CIA Critic" CIA Director-Designate John Brennan
  2. "Officials Defend Pentagon's Benghazi Response"
  3. "U.S. Counterterrorism Efforts in Africa Defined by a Decade of Missteps"
  4. "Homegrown Muslim-American Terrorism Down Third Straight Year"
  5. "Lawyers Say Surveillance of Muslims Flouts Accord" New York City

Cyber Security
  1. "Microsoft and Symantec Take Down Bamital Botnet That Had Ensnared Thousands of PCs"
  2. "Vulnerability Lets Hackers Control Building Locks, Electricity, Elevators and More"
  3. "As Cloud Use Grows, So Will Rate of DDoS Attacks" Distributed Denial of Service Attacks
  4. "Anonymous Posts Over 4,000 U.S. Bank Executive Credentials"
  5. "Chinese Hackers Suspected in Attack on The Post's Computers"

   

 
 
 

 


Beitar Arson Attack Linked to Racial Incitement
Reuters (02/08/13)

A Feb. 8 arson attack on the main club house of the Israeli Premier League club Beitar Jerusalem caused "extensive damage" but no injuries, according to police spokesman Micky Rosenfeld. Officials believe the arson was connected to racist incitement against the team's recruitment of Muslim players. Police said the blaze was likely caused by several suspects, but they have yet to arrest anyone in connection with the incident. Beitar was the only soccer team in Israel to not have signed any Arab players because of fan pressure, but last month it signed two Chechen Muslim players. This signing incited anger amongst some of the team's fan base, inspiring some spectators to chant racist epithets during a game last month.


Crime That No Longer Pays
The Wall Street Journal (02/05/13) Nicas, Jack

Bank robberies in the United States have been in decline as cyber crime targeting financial institutions has begun to rise, according to statistics from the FBI. FBI statistics show that the number of bank robberies fell to 5.1 per every 100 U.S. banks in 2011, about half of what it was a decade ago. Preliminary data from 2012 shows that there were 3,870 such robberies last year compared to the more than 5,000 of a year earlier. Fewer physical robberies mean fewer injuries and deaths, with statistics for 2011 showing there were only 88 injured and 13 killed in bank robberies that year. Both of those statistics are down about 40 percent from a decade ago. The FBI said that this decrease in bank robberies was the result of increased security at banks and tougher sentencing for bank robbers. Younger and more sophisticated bank robbers have in the meantime moved their illicit activity online as bank transactions have become increasingly digital. FBI statistics show that Internet crime had risen nearly fivefold in 2011 compared to a decade earlier, with 314,000 complains filed that year. Digital bank crime like check and debit-card fraud earned robbers some $1.8 billion in 2010, compared to the $29.5 million taken by traditional bank robbers in 2012.


Stores Use Clear Boxes to Deter Theft
Delmarvanow.com (02/04/2013) Morrison, Connie

A new Food Lion policy requires the use of so-called "Alpha Keepers" to deter potential shoplifters from pocketing items that are typically susceptible to theft. Health and beauty care products like soap, shampoo, and medicine are attractive to shoplifters because of their small size. The Alpha Keepers are clear boxes placed over such items to make them bulkier and harder to conceal. The boxes are removed by a special device located at any checkout in the store, meaning customers do not have to go to a specific counter to checkout. Christy Phillips-Brown, the external communications director for Food Lion, said Alpha Keepers are a common theft deterrent used in grocery stores nationwide. A 2012 study by the Food Marketing Institute and the Retail Control Group found that a third of the merchandise in supermarkets that is unaccounted for is lost as the result of theft, while one third of that theft is the result of shoplifting. Another third of supermarket theft is carried out by employees or distributors, the study noted. The study found that a single incident of shoplifting costs a supermarket about $52 on average.


Hospital Installs RFID to Protect Youngest Patients
Security Director News (02/01/13) Canfield, Amy

Danbury (Conn.) Hospital, which is part of the Western Connecticut Health Network, recently added a radio frequency identification (RFID) system to three levels of its facility -- including the family birthing and pediatric units -- in an effort to reduce the risk of abduction for the 2,500 babies born there annually. The technology, called Safe Place Infant Security Solution, consists of radio frequency transmitters attached to newborns' ankles. This allows hospital officials to monitor their locations while they are in the hospital. If a band is broken or otherwise tampered with, or if the band passes a monitored exit, the designated area of the hospital will be locked down and staff will be alerted to the baby's location. "The staff in the maternity ward feels the system is working as designed, and parents are reassured that a safety initiative is in place," said Andrea Rynn, the director of government and public relations for Western Connecticut Health Network.


Private Security Group Assembles First Private Navy Since East India Company to Protect Indian Ocean Shipping Convoys from Somali Pirates
Daily Mail (UK) (01/30/13) Davies, Rob

In order to mitigate the risks and costs associated with piracy on the high seas, the private security company Typhon is setting up the world's first private navy since the East India Company closed down about 220 years ago. According to chief executive Anthony Sharp, the navy will be based out of Dubai. From there, Typhon will monitor both clients' ships and reported pirate activity to help avoid a confrontation. The company's ships, meanwhile, will be based off a 130 meter "mothership" that carries four patrol boats capable of speeds of up to 50 knots. The ship will also be equipped with an unmanned drone or other surveillance equipment to spot threats. The 60 security officers manning Typhon's crew will all be former British Royal Navy and Royal marines. The first boats are expected to hit the water in April.




Nominee Tested by CIA Critic
The Wall Street Journal (02/08/13) Gorman, Siobhan; Hughes, Siobhan

John Brennan, President Obama's nominee to head the CIA, was grilled at a Senate confirmation hearing on Feb. 7 about a now-unused interrogation program that utilized tactics like waterboarding. Sen. Jay Rockefeller (D-W.Va.) said the problems with the interrogation program could be symptomatic of larger problems present at the CIA, possibly negatively impacting the agency's ability to carry out other covert programs like the killing of terrorists with drones. Rockefeller said that some of those who carried out the interrogation program lacked experience and were corrupted by "pecuniary conflicts of interest" that ultimately amounted to "grossly inflated claims of professionalism and effectiveness." Brennan, while the deputy executive director at the agency at the time of the interrogations, said he did not have oversight over the operation and was under the impression that the interrogations produced valuable intelligence. He said a classified report on the CIA's interrogation program raised "serious questions about whether or not there are serious systemic issues that are at play here," and he stressed that as head of the CIA he would work to understand and correct such problems.


Officials Defend Pentagon's Benghazi Response
Wall Street Journal (02/08/13) Entous, Adam

Pentagon officials who testified before the Senate Armed Services Committee on Thursday defended the military response to the attack on the U.S. mission in Benghazi, Libya. Defense Secretary Leon Panetta and Joint Chiefs Chairman Gen. Martin Dempsey reported that there was not enough time to mobilize air or ground forces in defense of the consulate. They also said that the military's presence in the area at the time was "consistent with available threat estimates." Republicans on the committee hammered both officials, questioning why the military did not mobilize aircraft stationed in Southern Europe, about a 90-minute flight from Benghazi. In response to this criticism, Gen. Dempsey said that the military was concerned about security around the region and that it did not receive a request from the State Department to mobilize. The U.S. military does not have primary responsibility for security at diplomatic missions, which are usually protected by the State Department and the host government.


U.S. Counterterrorism Efforts in Africa Defined by a Decade of Missteps
Washington Post (02/05/13) Whitlock, Craig

Some U.S. officials say that the effort to address the threat posed by Islamist extremists in North and West Africa over the past decade has been marked by a number of mistakes that have allowed militant groups to strengthen and gain a foothold in the region. Among the missteps that some officials are pointing to as evidence that the U.S. has bungled its response to the threat from Islamist militants is the failure to kill or capture the Algerian jihadist Mokhtar Belmokhtar in 2003 when the U.S. military had the opportunity to do so. The U.S. Ambassador to Mali at the time blocked plans for airstrikes on a location in Mali where Belmokhtar was believed to be hiding on the grounds that such an attack could spark a backlash against Washington among the Malian population. Now Belmokhtar's group and several other jihadist organizations have seized control over northern Mali. Some officials also say that the U.S. made mistakes in its effort to invest large sums of money in counterterrorism programs in North Africa beginning in 2005 in order to prevent al-Qaida from setting up shop in the region. Former Deputy Assistant Secretary of State for African Affairs Todd Moss said that the effort was "wholly inadequate" and that there was no agreement among officials about the "size and seriousness" of the militant threat in Africa.


Homegrown Muslim-American Terrorism Down Third Straight Year
PhysOrg.com (02/04/13)

A recent study by the Triangle Center on Terrorism and Homeland Security indicates that the number of homegrown terrorism incidents carried out by Muslim-Americans has fallen for the third year in a row. A total of 14 Muslim-Americans were charged with terrorism-related crimes in 2012, down from 21 in 2011, 26 in 2010, and 49 in 2009. Last year is also the first time since 2008 that the number of Muslim-Americans arrested or convicted for terrorism-related crimes has fallen below the average of roughly 20 per year. Additionally, the study reported that there have been no fatalities or injuries in attacks planned by Muslim-Americans for a second year in a row; that none of the offenders attended terrorist training camps; and that, as in prior years, the offenders do not match any specific ethnic profile. Based on these figures, study author Charles Kurzman says that it appears the "wave of violence" called for by al-Qaida and its allies is not the threat that many security experts expected. David Schanzer, the director of the Triangle Center, agrees, saying "Not only is the number of incidents dropping, but the more recent terrorists are less skilled and have fewer connections with international terrorist organizations than offenders in prior years."


Lawyers Say Surveillance of Muslims Flouts Accord
The New York Times (02/04/13) Goldstein, Joseph

The New York Police Department's Intelligence Division has come under fire from civil rights lawyers in the city who on Feb. 4 filed a complaint in the Federal District Court of Manhattan accusing the organization of infiltrating Muslim institutions like mosques, student associations, and cafes, and recording what was overheard in those locations. This accusation means the department could potentially be in violation of the Handschu agreement, which regulates how police investigations can interact with political or religious activity. A relaxing of the agreement following the September 11, 2001, terrorist attack on New York City allowed police to investigate political and religious groups for terrorist activity without notifying an oversight panel, but the guidelines still stipulate that police are not allowed to take records of information at events unless they are relevant "to potential unlawful or terrorist activity." Department officials maintain that their actions are within Handschu regulations and are not tantamount to spying or surveillance. The civil rights lawyers pursuing the case argue that the department's actions are a blatant case of profiling. "The N.Y.P.D. is continuing a massive, all-encompassing dragnet for intelligence concerning anything connected with Muslim activity through intrusive infiltration and record-keeping about all aspects of life, politics and worship," the court filing states. "The N.Y.P.D. operates on a theory that conservative Muslim beliefs and participation in Muslim organizations are themselves bases for investigation."




Microsoft and Symantec Take Down Bamital Botnet That Had Ensnared Thousands of PCs
V3.co.uk (02/07/13) Stevenson, Alastair

Microsoft and Symantec say they have unplugged the Bamital botnet, which was behind a global cybercrime operation involving hundreds of thousands of infected PCs. Both companies confirmed that law enforcement agencies had raided several data centers hosting the botnet's servers. The Bamital botnet intercepted victims' requests from search engines and redirected them to malicious Web sites and also generated nonuser-initiated network traffic. In addition to its money-generating click fraud campaign, the botnet's authors also are believed to have used Bamital to spread other malware. At its peak, experts estimate the malware infected more than 8 million Windows PCs. Bamital was spread mainly through a Windows software app, although it has also been infecting machines via infected Web sites.


Vulnerability Lets Hackers Control Building Locks, Electricity, Elevators and More
Wired (02/13) Zetter, Kim

Cylance security researchers Billy Rios and Terry McCorkle demonstrated a zero-day attack that provides root access to a widely used industrial control system. The attack targets a vulnerability in the Niagara AX Framework used in industrial control devices such as electronic locks, lighting systems, elevators, boilers, surveillance cameras, alarms, and other facility control systems made by Tridium. Rios and McCorkle do not detail the attack, but say it gave them root access to the system that runs the Tridium client as well as the devices' embedded software. Tridium's Mark Hamel says the majority of Niagara systems are operated behind a firewall or virtual private network, but Rios and McCorkle found several thousand unsecured Niagara devices connected to the Internet, using the Shodan search engine. Niagara facility management devices are used in thousands of locations around the globe, including a Chicago complex that houses offices for several federal agencies. Hamel says Tridium will issue a security patch to address the vulnerability.


As Cloud Use Grows, So Will Rate of DDoS Attacks
InfoWorld (02/05/13) Linthicum, David

The yearly Worldwide Infrastructure Security Report reveals that 94 percent of data center managers reported some type of security attacks occurring in the past year, while 76 percent encountered distributed denial-of-service attacks on their customers and 43 percent had partial or total infrastructure outages due to DDoS. The report comprised 130 enterprise and network operations professionals who were asked 200 security-based questions. Automated tools are a good way to identify and safeguard core cloud services from such attacks. However, smaller cloud providers may not have the resources to successfully protect themselves from DDoS attacks and will likely be key targets.


Anonymous Posts Over 4,000 U.S. Bank Executive Credentials
ZDNet (02/04/13) Blue, Violet

The hacking collective Anonymous has apparently published sensitive information from the accounts of more than 4,000 U.S. bank executives as part of its Operation Last Resort Campaign, which is aimed at drawing attention to the need to reform laws governing computer crimes. On Sunday, Anonymous published a spreadsheet on Pastebin and a .gov Web site that purportedly contained the bank executives' login information, passwords, IP addresses, and contact information. However, the passwords published in the spreadsheet were not in plain text. The information published in the spreadsheets may have come from accounts at the Federal Reserve's Fedline service.


Chinese Hackers Suspected in Attack on The Post's Computers
The Washington Post (02/01/13) Timber, Craig; Nakashima, Ellen

An independent cybersecurity blog reported Feb. 1 that the The Washington Post had sustained a cyber attack likely perpetrated by Chinese hackers. The attack on the Post targeted its information technology server and several computers, according to sources close to the breach, which likely gave the hackers access to administrative passwords. The sources said it was unclear if the hackers had stolen any information. The attack ended in 2011 after the newspaper worked with security company Mandiant to expel the intruders and put up walls to protect against further attacks. This security breach comes in the wake of similar breaches at both The New York Times and The Wall Street Journal. Grady Summers, a vice president at Mandiant, said all of the attacks were likely attempts to uncover sources of information for articles that were critical of the Chinese government. He said the Chinese government hackers "want to know who the sources are, who in China is talking to the media. ... They want to understand how the media is portraying them -- what they're planning and what's coming."


Abstracts Copyright © 2013 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments: