Search This Blog

Friday, March 15, 2013

Security Management Weekly - March 15, 2013

header

  Learn more! ->   sm professional  

March 15, 2013
 
 
Corporate Security
Sponsored By:
  1. "U.S. Jury Finds Nintendo Liable for Patent Infringement"
  2. "Hospitals Amp Up Visitor Management Systems"
  3. "Foreign Hostages in Nigeria Confirmed to Be Dead"
  4. "Tanzania: DRC Cargo Theft Curbed At Dar es Salaam Port" Democratic Republic of Congo
  5. "CCTV Bares All: Art Theft on the Rise"

Homeland Security
  1. "Obama Says Iran Nuclear Bomb a Year Away"
  2. "Man Who Fatally Shot 4 in Upstate New York is Killed by Police"
  3. "Stun-Gun in Breach at JFK"
  4. "Va. Congressman: NASA's Foreign Contractor Hires a Security Risk"
  5. "Older, Quieter Than WikiLeaks, Cryptome Perseveres"

Cyber Security
  1. "Cloud Computing's Security Pitfalls"
  2. "Pentagon Forming Cyber Teams to Prevent Attacks"
  3. "Federal Cybersecurity Misses Targets in Annual Report"
  4. "Cyberattacks: The Complexities of Attacking Back"
  5. "WWIII on the WWW" Cyber War Between U.S. and China

   

 
 
 

 


U.S. Jury Finds Nintendo Liable for Patent Infringement
Reuters (03/13/13) Vaughn, Bernard

Nintendo was found guilty of patent infringement in U.S. District Court in New York City on Wednesday. A jury found that the video game company's 3DS handheld video game system infringed on a patent held by Seijiro Tomita for a technology that displays 3D images without requiring users to wear 3D glasses. Tomita was awarded $30.2 million in compensatory damages. Nintendo maintains that its 3DS system does not use key aspects of Tomita's technology. The company also said that a 2003 meeting between Nintendo officials and Tomita that was cited in the lawsuit was one of several that the company held with vendors of 3D display technologies.


Hospitals Amp Up Visitor Management Systems
Security Director News (03/11/13) Canfield, Amy

Hospitals around the nation are beginning to button up their identification procedures in an effort to increase security and protect patients. More hospitals have begun to restrict public access to only a few entrances and have started to deploy technology for badge systems that check visitors against databases of prohibited visitors and link them to patients in permitted areas. The databases also link visitors to sex-offender lists and individual patients' restraining orders. Security experts say the upgraded security comes as hospitals try to be more proactive when it comes to the safety of their patients. Jeremy Gallman, the director of security, safety, and emergency management at North Florida Regional Healthcare, said the increased security measures were attempts at "pushing that perimeter of safety away from the patient." Some hospitals are taking less technological steps to increase security. The University of Michigan Health System (UMHS) has a badge entry system, but it also relies on the "gut feeling" of its employees, according to Marilyn Hollier, the director of security and entrance systems for UMHS. Hollier said members of the UMHS guest services department are expected to greet each person getting off an elevator and help them to find a patient's room. "It's a two-pronged approach," she said. "Computers don't give you common sense."


Foreign Hostages in Nigeria Confirmed to Be Dead
Wall Street Journal (03/11/13) Hinshaw, Drew

A militant Islamic sect in Nigeria that is believed to have ties to al-Qaida in the Islamic Maghreb (AQIM) has said that it killed the seven construction workers it kidnapped last month. The deaths of the hostages--who were from Lebanon, the U.K., Greece, Italy, and the Philippines--were announced online on March 9 by Jama'atu Ansarul Musilimina Fi Biladis Sudan, which means "Vanguards for the Protection of Muslims in Black Africa." The group, which goes by Ansaru for short, posted an image of four men lying down and claimed that they had killed all of the hostages before they could be rescued. Those claims were confirmed by the foreign ministries of several of the hostages' home countries, though they have not been confirmed by the Nigerian government. Not much is known about Ansaru, which did not make any demands after the kidnapping. The group was largely unknown until the kidnappings, and its relationship with the better-known AQIM remains unclear. The deaths of the hostages come as expatriate workers in Nigeria are facing a growing risk of being kidnapped by jihadists. In March and May of last year, three European construction workers were killed by Nigerian militants. Meanwhile, the deteriorating security situation in Nigeria has forced the French oil company Total to move its Nigeria operations out of the terrorism-plagued capital of Abuja to the southern part of the country.


Tanzania: DRC Cargo Theft Curbed At Dar es Salaam Port
allAfrica.com (03/11/13) Mwakyusa, Alvar

Recent changes in top management at the port of Dar es Salaam, Tanzania, and the Tanzania Ports Authority (TPA) have led to a reduction in theft of cargo meant for the Democratic Republic of Congo (DRC), according to DRC Customs official Peter Molisho. Molisho said that since Transport Minister Harrison Mwakyembe's shuffling of TPA management there had been no complaints of cargo being stolen while it was at the port. The port of Dar es Salaam handles most imports to and exports from the eastern parts of DRC. The country imports fuel, garments, motor vehicle spare parts, used cars, edible oil, detergents, and food; and it exports minerals like copper, cobalt, and coltan. Molisho said the newly opened DRC Customs office in the port will work to counter fraud, facilitate trade logistics, and promote customs relations between DRC and Tanzania. He explained DRC is looking to install an inland container depot in the near future to securely store items while they wait to be transported to the interior of the country.


CCTV Bares All: Art Theft on the Rise
Inquirer.net (03/11/13) Robillos, Alyosha J.

Criminal syndicates in the Philippines have recently taken a great interest in art pieces, often lifting them from galleries or workshops and then selling them at extremely reduced prices to unsuspecting customers. Ramon Orlina, a sculptor in the country, used blanket closed-circuit TV coverage and well-trained staff to foil a heist at one of his galleries in February. During the failed heist, two men claiming to be artists showed up at Orlina's Manila workshop and asked to see some sculptures from storage that they were looking to immediately buy. Orlina's secretary let the two men into the workshop but instructed some workers to keep on eye on them. The men allegedly looked at a few pieces around the workshop, took photos of some of them, and then separated. The secretary said it was obvious the men were trying to get rid of the studio workers by crafting a series of alibis to try and get them to leave. "They kept on asking if my men had a spare camera or a camera battery charger since their camera suddenly died," Orlina said. "My secretary was up on his toes because it was obvious that the men wanted to be left alone within the workshop. CCTV cameras are all over the place. They were really eyeing particular works and even spent a good 15 minutes looking around while repeatedly trying to convince the workers to fetch a camera or charger, or whatever gimmick they could come up with.”




Obama Says Iran Nuclear Bomb a Year Away
Reuters (03/15/13)

President Obama sat for an interview with an Israeli journalist on March 14 to discuss issues such as the Iranian nuclear program ahead of his upcoming visit to Israel. During the interview, the president stated that he believed that it would take Iran more than a year to develop a nuclear weapon once it chooses to build one. However, Iranian officials still maintain that the goal of their nuclear program is not to build a nuclear weapon. Obama also noted that "all options are on the table" with regard to possible military action against Iran should diplomacy fail to convince it to give up its pursuit of nuclear weapons. The interview appeared to be an attempt by Obama to signal to Israeli Prime Minister Benjamin Netanyahu that he needs to be patient with the U.S.'s strategy of dealing with Iran. Obama may have also been attempting to show that the U.S. was willing to use force against Iran if necessary. Netanyahu, for his part, said last year that Israel would not allow Iran's nuclear program to progress past this spring or summer. However, negotiations between Iran and several world powers, as well as adjustments that have been made to its uranium enrichment process, may have resulted in that deadline being pushed back.


Man Who Fatally Shot 4 in Upstate New York is Killed by Police
New York Times (03/14/13) Larson, Jamie; Santora, Marc

Four people were killed and two others were critically injured in a shooting rampage in upstate New York on Wednesday. Authorities say that the suspect, Kurt Myers, set fire to his apartment in the village of Mohawk around 9:30 a.m. before going to a barber shop in the center of town, where he shot and killed two people and injured two others. State Police Superintendent Joseph D'Amico said that Myers exchanged brief words with people in the barber shop did not seem to have been provoked before he began shooting. Myers then drove to a car wash in nearby Herkimer, N.Y., where he killed two more people. Eyewitnesses say that they heard at least five gunshots at the car wash, and that people nearby were running away in panic. Myers fled following the car wash shooting, taking refuge in a building on Herkimer's Main Street at about 1 p.m. The standoff between Myers and police prompted the evacuation of nearby businesses and the lockdown of schools. Police stormed the building Thursday morning and killed Myers in the process. New York Gov. Andrew Cuomo said that authorities are not aware of any "rational motive" in the case.


Stun-Gun in Breach at JFK
Wall Street Journal (03/14/13) El-Ghobashy, Tamer

Officials in New York City reported a security breach at John F. Kennedy International Airport on Wednesday, in what was the second such breach in as many weeks at an airport in the New York area. The man involved in the breach, a 23-year-old Greek national wanted by the New York Police Department on suspicion of having raped his former girlfriend, reportedly made it past a security checkpoint at the airport with a 3,800K-volt stun-gun. Passengers are prohibited from bringing such devices onto airplanes. The stun gun was discovered in the man's gym bag after he was taken into custody by U.S. Customs and Border Protection officers before he boarded his scheduled flight to London. The breach at JFK comes after an undercover Transportation Security Administration (TSA) inspector managed to get a mock explosive device through two security checkpoints at Newark Liberty International Airport by hiding the device in his pants last week. Security personnel at Newark were unable to find the device even though they gave the inspector a pat down. TSA says the incident at Newark will help it identify weaknesses in the security screening process so that improvements can be made.


Va. Congressman: NASA's Foreign Contractor Hires a Security Risk
Daily Press (Virginia) (03/11/13) Dietrich, Tamara

Rep. Frank Wolf (Va.-R) recently claimed NASA Langley Research Center in Hampton, Va., and other NASA facilities had endangered national security by using a "workaround" to circumvent federal hiring restrictions for foreign nationals. The congressman said unnamed whistleblowers at Langley had told him "several dozen" Chinese nationals were employed by a Langley contractor to get around restrictions Congress put in place to prevent the hiring of "certain foreign nationals of concern." David Weaver, NASA's associate administrator for communications, said foreign nationals are allowed to work at NASA facilities, but the contractors that hire them must comply with all U.S. Export Control and all immigration laws and regulations. Weaver said NASA also requires foreign nationals from China and certain other countries to undergo additional background screenings, and the agency places additional conditions on their visits, including limited access to information and subjection to full-time escort. Wolf, who is chairman of the House Commerce, Justice, and Science appropriations subcommittee, which funds NASA, worries that billions of dollars in U.S. trade secrets are being stolen by foreign countries. He called for several steps to be taken to address "systemic security issues" at NASA, including a review of all foreign nationals with current NASA credentials, an investigation into hiring practices, and criminal sanctions if NASA officials are found to have violated federal law.


Older, Quieter Than WikiLeaks, Cryptome Perseveres
Associated Press (03/09/13)

Created in 1996 and home to some 77,000 classified and otherwise secretive files, the watchdog Web site Cryptome has remained relatively unknown outside of circles involved with intelligence tactics, government secrets, and whistle-blowing. Despite the Web site's resemblance to WikiLeaks, Cryptome co-founder and webmaster John Young said his site's minimal $2,000-a-year budget, aversion to publicity, and scholarly approach set it apart from its better-known counterpart. He explained his creation as a "dusty, dimly lit library." Young said Cryptome's long lifespan is thanks to a group of anonymous but dedicated contributors who give the site a constant stream of material to post. He explained the only editorial freedom he takes with the site is deciding which documents to post; outside of that, he leaves it to the readers to develop their own opinions. Cryptome plays home to postings that include high-resolution photos of the Fukushima Dai-ichi power plant after it was damaged in March 2011, and lists of names of people purported to be CIA sources, members of Britain's MI6 spy agency, and spies with Japan's Public Security Investigation Agency. Despite all of this sensitive information, Young said he has never had charges filed against the site, and any efforts to shut the site down have been unsuccessful.




Cloud Computing's Security Pitfalls
BBC News (03/13/13) Ward, Mark

Cybersecurity researchers say they have developed a new technique for carrying out cyberattacks on cloud computing providers. The technique, developed by a researchers from Wisconsin, the University of North Carolina, and RSA, involves determining how hard servers are being worked in a particular cloud. Yingian Zhang, one of the researchers who developed the technique, says knowing how hard servers are being worked can allow cyberattackers to deduce other important pieces of information, such as the length and type of cryptographic key being used. That in turn can help attackers reduce the amount of time it takes to decrypt encrypted data stored in the cloud. However, Amazon's Stephen Schmidt says the technique developed by Zhang and his colleagues was "more theoretical than practical," since it only worked in the lab. He also notes there are many security systems in use by live cloud services that would mitigate the threat from attacks such as the one developed by Zhang and his associates. But Schmidt also points out that the presence of these security systems should not lead to complacency about the security of computation work being done in the cloud.


Pentagon Forming Cyber Teams to Prevent Attacks
Associated Press (NY) (03/12/13) Lardner, Richard

Gen. Keith Alexander, the top officer at U.S. Cyber Command, warned in recent congressional testimony that the threat of cyber attacks against U.S. institutions and infrastructure was very real and that steps needed to be taken by the federal government and the private sector to combat the threat. Alexander said to help combat this threat 13 cyber teams were being formed to launch offensive measures against hackers assaulting U.S. assets. He said some of these teams would be working at unspecified locations outside of the United States, and he likened the methods they would use to the practice of knocking a missile out of the sky before it hits a target. As Alexander explained these measures, he also urged lawmakers to pass cyber security legislation that would make it easier for the government and the private sector to share information about who is getting hacked and what steps can be taken to prevent or combat such hacking attempts. Alexander stressed the nation needed to develop a hierarchy of cyber defense officials to maintain better control when dealing with a cyber threat. "It takes a team to operate in cyberspace," Alexander said. "But at times I think in talking about the team approach, we're not clear on who's in charge when."


Federal Cybersecurity Misses Targets in Annual Report
NextGov.com (03/12/13) Sternstein, Aliya

More government programs violated data security law standards in 2012 than in 2011, the White House informed Congress. Simultaneously, computer security costs have spiked by more than $1 billion, according to the Obama administration's annual report on compliance with the 2002 Federal Information Security Management Act. Inadequate training was a large reason why overall FISMA adherence scores dropped from 75 percent to 74 percent in 2012. Agencies say roughly 88 percent of personnel with system access privileges received annual security awareness instruction, down from 99 percent in 2011. Meanwhile, agencies spent $1.3 billion less on IT security in 2011. Another factor that led to lower FISMA scores in 2012 is that major departments are not using smart cards to restrict network access and are not automatically configuring system settings. About 57 percent of user accounts require tokens to log on, down from 66 percent in 2011. The White House's report also said agencies reported experiencing about 49,000 computer security incidents last year. In 2011, Homeland Security received 43,889 incident reports.


Cyberattacks: The Complexities of Attacking Back
Politico (03/12/13) Romm, Tony

Some in the the cyber security industry say that now is the time to have a debate over the use of offensive strategies in combating the threat from malicious hackers. Such strategies involve carrying out cyber attacks to retaliate against hackers that are believed to have carried out attacks of their own. Companies and others that are victims of cyber attacks may find these proactive measures enticing because they could allow them to recover data that was stolen from them or bring down a server controlled by hackers. Dmitri Alperovitch, the founder of a company that offers active defense capabilities, says that the use of these techniques is important because they "empower the private sector to be more than just victims." However, the use of offensive cyber attacks raises a number of legal issues. Among them is the fact that companies are prohibited under the Computer Fraud and Abuse Act from accessing other computers or networks without authorization, even if their intention is to stop hackers from carrying out attacks. But companies can work with the operators of other computer networks and systems, as well as law enforcement, after they discover a hacker. Microsoft and Symantec have taken this approach by working with the FBI to knock a number of botnets offline.


WWIII on the WWW
EuroNews (03/11/13)

Recent cyber attacks on U.S. institutions by Chinese hackers have brought into the spotlight a clandestine ongoing cyber war between Washington and Beijing, and some officials fear vital infrastructure and valuable secrets could be at risk. Irving Lachow of the Center for a New American Security said U.S. companies need to take the cyber threat very seriously or risk losing key assets. "The fact that there is potentially some very serious espionage occurring, that is stealing intellectual property from the United States and maybe from some other nations is big news for businesses," he said. "If they do not take cyber security seriously, they are going to lose intellectual property." Paul Innella, the head of the cyber security firm TDI, said "everyone is hacking everyone," with some players in the hacking game having much more to lose than others. But experts say that the U.S. is engaging in hacking as well. However, former CIA Director Gen. Michael Hayden said any hacking sanctioned by the United States was done under the interest of protecting the country, while hacking sanctioned by China was largely done for commercial gain. Experts say they are not certain how to bring about an end to the hacking of U.S. companies by the Chinese. Lachow said diplomacy with China might prove a wasted effort, especially without global regulations like the Geneva Convention dictating what hacking practices are acceptable when waging a cyber war. "Talking tough won't do any good, in fact, it may be harmful, unless we back it up," he said.


Abstracts Copyright © 2013 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments: