| |
Anonymous Leaks Alleged Data on BofA Execs, Surveillance
CNet (02/28/13) Musil, Steven
Par:AnoIA, a group that refers to itself as the intelligence agency for the hacking collective Anonymous, said Feb. 28 that it released sensitive information about executives at Bank of America and several other companies. The documents, which Par:AnoIA said it obtained from an unsecured server in Israel, included information about BofA's alleged attempt to "spy and collect secret information on private citizens." According to Anonymous, companies such as BofA and TEKSystems collected information about Anonymous and other activists by monitoring their movements on social-media sites and Internet Relay Chat channels. TEKSystems, which Anonymous said was hired last year to monitor hackers and social activists, also reportedly gathered information about the Internet activity of members of the Occupy Wall Street movement. Par:AnoIA added that the research methodology used by TEKSystems was "sloppy, random, and valueless," relying on a keyword list to find items of interest on IRC channels and social media platforms.
Fatal Shootings at Swiss Factory
Associated Press (NY) (02/27/13)
A shooting at a wood-processing company in Menznau, Switzerland, on Wednesday left three people dead, including the attacker. Seven other people were also injured at the Kronospan facility, police say. Although police have given out few other details, witnesses say the shooting began in the Kronospan lunchroom at around 9 a.m. local time. Kronospan, which has about 450 employees, also has yet to comment on the incident. The shooter has not been identified, so it is unknown whether the suspect worked for the company or what might have motivated the attack.
Statoil Begins Probe Into Algeria Terrorist Attack
Wall Street Journal (02/26/13) Hovland, Kjetil M.
Norway-based Statoil ASA on Feb. 26 launched an investigation into January's assault on the In Amenas gas plant located in Algeria, with Statoil Chairman Svein Rennemo saying the company would "investigate to determine the chain of events before, during, and after the terrorist attack." The company, which lost five of its employees in the attack, said it would have the report ready by Sept. 15. Statoil said the investigation will be led by Torgeir Hagen, the former head of the Norwegian Intelligence Service, and it said the investigation would focus on the company's risk assessments, emergency preparations, and security arrangements at In Amenas prior to the attack. The team also includes Adrian Fulcher, a former director of counter terrorism in the British Diplomatic Service; Leif D. Riis of the Norwegian Defense Estates Agency; and three Statoil employees. "The terrorists, and no one else, are responsible for the attack. They stand guilty of causing all the anguish and suffering," Rennemo said. "Our responsibility is to learn and do what we can to further strengthen the safety of our employees for the future."
Kootenai Medical Center Says Worker Attacks Rising
Spokesman-Review (02/26/2013) Russell, Betsy Z.
Kootenai Medical Center in Coeur d’Alene, Idaho, is seeing an increase in violent behavior among its emergency room patients, with a lobbyist for the hospital saying the institution has seen its workers assaulted more frequently. The increase in violence prompted the medical center to pursue legislation that would make any attack on a healthcare worker in Idaho a felony, but state legislators recently rejected the proposal in a tied vote. Current Idaho law dictates all attacks on hospital personnel are misdemeanor crimes punishable by at most six months in jail and a $1,000 fine. State Rep. Luke Malek, the bill's sponsor, said healthcare workers are obligated to treat everyone and are exposed to violent patients because of this. "In just the past few months, at Kootenai Medical Center in my district, an NICU employee was lifted and thrown to the ground, a … nurse's aide was kicked in the chest, a security guard was kicked in the groin, a mental health specialist was threatened with a fire extinguisher," he said. "Providers and staff have been spit on, bitten and threatened with fists and knives. These examples represent just a small fraction of the incidents in Idaho over the past year." Malek's bill was backed by the Idaho Hospital Association, the Idaho Medical Association, and Nurse Leaders of Idaho.
Neglect and Apathy -- Your Worst Enemy
Security InfoWatch (02/18/13) Campbell, George
Risks can be curbed when effective safeguards are put in place, but are heightened if security measures are disabled or not adequately implemented. One large retail chain, for instance, had aggressively purchased regional rivals for several years while eliminating internal business units in favor of outsourced service vendors and suppliers. The chain's goal was to slash costs and boost profitability to enable to company to make more acquisitions. But over the past 24 months, the company experienced rising inventory losses at its distribution facilities and increases in internal fraud and misconduct. The company's facilities manager had outsourced security to multiple guard vendors assigned to local cost centers. The board of directors subsequently requested the CEO to instruct the Chief Risk Officer to investigate and identify the factors contributing to these losses. An external company conducted a risk assessment in addition to an employee survey that asks about perceptions of security policy and practices. The survey revealed that employees with less than a year’s tenure had the highest levels of confidence and lowest perception of problems. But the longer the employees worked, they realized that leaders were focused more on cost cutting, performance pressure, and rule bending, generating an environment where it was easy to pursue one's own interests and look the other way. Such disengagement among management and lack of controls gave employees an impression of "take what I want." This signifies that management's commitments were not on ethics or expectations.
Bangladesh Verdict Sparks Fatal Riots
Wall Street Journal (03/01/13) Al-Mahmood, Syed Z.
Police in Bangladesh on Thursday worked to quell riots over the recent sentencing to death of Delwar Hossain Sayeedi , a leader of the Jamaat-e-Islami party and one of the country's best-known Islamic preachers. The violence has so far left 44 people dead. The sentencing came as Sayeedi was found guilty of eight counts including murder, arson, rape, and religious persecution during the country's 1971 war for independence, according to lawyers in the case. The war crimes tribunal that sentenced Sayeedi has drawn criticism from those who claim the process is illegitimate, pointing to the fact that all 10 men thus far indicted by the tribunal have been politicians opposed to Prime Minister Sheikh Hasina's government. Crowds celebrating Sayeedi's sentencing clashed with opposition protestors, leading to violence and unrest that caused police in at least 12 districts in the country to fire on rioters. Police said many of those killed were Jamaat-e-Islami supporters. Rafiqul Islam Khan, a Jamaat-e-Islami leader, said the death toll was higher than the officially reported figures, placing it at 50 or more.
U.S. Officials Propose Sharing Drone Surveillance Data With Algerians
New York Times (02/27/13) Gordon, Michael R.; Schmitt, Eric
January's attack on the In Amenas gas plant in Algeria has prompted the American ambassador to that country and senior counterterrorism officials to propose sharing more information with Algerian security forces to help them combat militants. One plan has officials supplying the security forces with information from American drones, similar to how the United States is already supplying such information to the French-led military operation in Mali to combat terrorism. Officials from the Obama administration said Henry Ensher, the U.S. envoy in Algiers, recently sent a cable to the State Department urging the pursuit of Algerian militant Mokhtar Belmokhtar, the mastermind of the gas field attack. He recommended using drones in this endeavor and gaining permission from Algerians by promising to share information gleaned from the reconnaissance. Algeria has in the past guarded it sovereignty closely, but it has recently shown signs of becoming more open to cooperation with other nations, such as when it allowed the United States to fly a Predator drone over the In Amenas plant during the terrorist assault. Algeria has also become more open to pursuing militants outside its own borders.
On Terror's New Front Line, Mistrust Blunts U.S. Strategy
Wall Street Journal (02/27/13) Hinshaw, Drew; Entous, Adam
Suspicions run both ways in the relationship between the U.S. and Nigeria, the African nation that Washington sees as being increasingly important in fighting al-Qaida. Since President Obama took office, the U.S. has increasingly tried to achieve its security goals in troubled parts of the world by relying on local partners as much as possible. In Africa, Nigeria is seen as being an important part of efforts by the U.S. to contain the spread of Islamic militancy in the region. But at the same time, the U.S. is also suspicious of Nigeria, as evidenced by the fact that American officials are hesitant to share highly-sensitive intelligence with Nigerian government and security officials because of concerns that it could fall into the hands of militants that have infiltrated both the government and security forces. U.S. officials have also expressed concern that the Nigerian military's tendency to resort to violence could further radicalize the population. At the same time, Nigerian officials have been hesitant to accept offers by the U.S. to provide military training, saying that it does not want to "subjugate" its military under another world power. Despite the mistrust on both sides, U.S. officials say they feel that the two countries must work together, since Nigeria has the largest army in a region where al-Qaida has been active in carrying out kidnappings and terrorist attacks.
Terrorism More About 'Bloods and Crips' Than 'Koran and Hadith'
U.S. News & World Report (02/26/13) Shinkman, Paul D.
A recent report conducted by the London-based think tank The Henry Jackson Society found most convicted terrorists in the United States were college educated, employed or in school, had received terrorist training, and were U.S. residents. The report, called "Al Qaeda in the United States," is the first time this sort of data has been compiled to reveal terrorist trends, according to former CIA and National Security Agency Director Michael Hayden. Hayden, who wrote the report's forward, said the report was not published as a means to target these Americans, but rather to give those targeted by terrorist recruitment more resources to resist the recruitment efforts. Hayden said American adherence to Islamic terrorism has more to do with social alienation, a propensity for crime, and gang culture than it does religion. Those who feel disenfranchised by society or are seeking conformity are most susceptible to conversion, he said. "This isn't about communities. It's not about large monotheistic religious groups. It's about individuals who, for one reason or another in a small group, are attracted to the symbol of 9/11 rather than repelled," he explained. "I'm willing to accept the possibility that this has a lot more to do with the Crips and the Bloods than it does with the Koran and the Hadith."
Militants Crossed Africa for Siege, Algeria Probe Says
Wall Street Journal (02/23/13) Gauthier-Villars, David
Last month's attack on the In Amenas gas facility in Algeria was perpetrated by militants from more than half a dozen African countries who crossed fluid international borders, according to officials familiar with the attack. Sources close to the investigation said Algerian anti-terrorism investigators had begun to piece together part of a 1,200-mile itinerary followed by some of the extremists who took park in the attack by looking at logbooks and satellite phones the militants carried. The investigators discovered the militants began their journey in Aguelhok, Mali, near Algeria's border with Niger and Libya. Several militants who were captured alive further divulged their group consisted of many nationalities, including three Algerians, 11 Tunisians, eight Egyptians, two Libyans, three Malians, one Mauritanian, and two Nigerians. The international composition of the attack means Algeria will need to focus on combating an insurgency that can launch operations from neighboring countries.
NATO, European governments, Hit by 'MiniDuke' Cyberattack
Reuters (02/27/13) Finkle, Jim
Security researchers with Kaspersky Lab and Hungary's Laboratory of Cryptography and System Security (CrySyS) report that hackers using a recently discovered exploit of Adobe software targeted the computer systems of government agencies in several European countries. The attackers infected the machines with a malware CrySyS and Kaspersky have dubbed MiniDuke by sending targets emails containing PDFs that had been compromised using vulnerabilities in Abode Reader and Acrobat. CrySyS' Boldizsar Ben says the attackers used the malware to install backdoors onto infected systems, but it did not appear they had begun to extract data by the time the infection was discovered. Kaspersky's Kurt Baumgartner says the attack appears to be a completely new and different type of attack and suggests that its sophistication implies it was the work of a nation state. "The technical indicators show this is a new type of threat actor that hasn't been reported on before," Baumgartner says. Adobe notes it has issued a patch that should protect users from the MiniDuke attack.
Hackers Threaten to Resume Cyber Attacks on Banks
Pittsburgh Tribune-Review (02/27/13) Nixon, Alex
The Iranian hacking group al Qassam Cyber Fighters on Feb. 25 said it launched distributed denial of service (DDoS) attacks against against about a dozen bank Web sites -- including those of PNC Bank, Citizens Bank, Bank of America, and Capital One -- as part of a warning demanding the removal of anti-Muslim videos from YouTube. However, PNC said that the attacks did not cause problems with its Web site. The group said the initial attacks were simply a shot over the bow, and it threatened it would continue such attacks on March 5 if four videos it finds offensive are not removed from the popular video sharing website. Cyber Fighters previously claimed responsibility for DDoS attacks on U.S. banks in September and January following the posting of a YouTube video that insulted the Islamic Prophet Muhammad.
2 More Java Zero-Day Vulnerabilities Emerge
InformationWeek (02/26/13) Schwartz, Mathew J.
Security Explorations CEO Adam Gowdiak reports spotting two new zero-day vulnerabilities in Java 7. He says the new security issues—issue 54 and issue 55—when combined together can be successfully wielded to gain a complete Java security sandbox bypass in the Java SE 7 Update 15 environment. The flaws allow Java 7 to be remotely exploited by attackers to circumvent the built-in sandbox and compromise not just the Java software, but the system on which it is running. Oracle verified receiving details of the vulnerability and says it is now investigating the alleged bugs."The concern is that the flaws could be exploited to completely bypass Java's security sandbox and infect computers in a similar fashion to the attacks which recently troubled the likes of Facebook, Apple, and Microsoft," says consultant Graham Cluley. He recommends that "if you don't need Java enabled in your browser, turn it off now."
Chinese Hackers Seen as Increasingly Professional
Associated Press (02/25/13) Bodeen, Christopher
China's government denies involvement in a wave of recent cyberattacks against international targets, but the hackers appear to be professionals who keep regular work hours. The fact that the hackers appear not to work on weekends has added to suspicion of state-sanctioned cyberattacks. Mandiant on Tuesday added to an earlier report that suggested China's military is targeting U.S. defense secrets, punishing dissidents, and stealing valuable corporate secrets, by saying it has tracked the activities back to the People's Liberation Army (PLA) Unit 61398. Mandiant says the group has carried out cyberattacks against 141 foreign entities in countries including the United States, Canada, and the United Kingdom. The group's headquarters are in a military compound in Shanghai, and hackers ordinarily start in the morning and work a standard day, Mandiant says. However, at times the hacking continues until midnight and activity sometimes halts for two weeks at a time, Mandiant notes. Unit 61398 is likely part of the General Staff's Third Department that gathers and analyzes electronic signals such as emails, according to Mandiant and other security firms. Accessing and manipulating computer networks are tasks believed to fall in the domain of the PLA's Third Department and Fourth Department.
DHS Notifies Companies, Offers Intel About Ongoing Hacks
NextGov.com (02/25/13) Sternstein, Aliya
In recent bulletin sent to critical infrastructure companies, the Department of Homeland Security announced that it was beginning to disperse classified information about cybersecurity threats as part of an information-sharing mandate included in President Barack Obama's recent executive order. It was previously reported that DHS was working to develop a restricted communication system for such sharing that would be based on the network used for the department's See Something, Say Something counterterrorism program. Although the bulletin does not mention specific threats or companies by name, it does say the information being shared includes network addresses, website extensions, and malware indicators gleaned from recent cyberattacks. The bulletin also says the goals of the attacks are to steal intellectual property, trade secrets, and other valuable information. The announcement comes after several high-profile companies revealed earlier this month that their networks had been penetrated by malware.
Abstracts Copyright © 2013 Information, Inc. Bethesda, MD |
1 comment:
Zmgcxk [url=http://hermeskelly.finniwolf.com][b]hermes birkin[/b][/url] hermes leather purse http://hermeskelly.finniwolf.com Ewftod Uhqdww hermes kelly
Post a Comment