| |
SFPD Bust Grocery Store Shoplifting Ring
ABC7News.com (CA) (05/16/13) Brinkley, Leslie
The San Francisco Police Department on Tuesday arrested the alleged ringleader of a large shoplifting operation that stole items like shampoo, conditioners, razor blades, and batteries from various stores in region. Police said they confiscated the stolen items from the apartment of Dai Thai following an undercover sting operation. Police Lt. Ed Santos said there were "bags and boxes of stolen property stacked up high against the wall" in the apartment, amounting to a catch with a retail value of between $300,000 and $400,000, including $100,000 worth of disposable razors and $40,000 worth of cigarettes. According to police, Thai would send out a daily shopping list to a network of thieves operating in San Francisco and several surrounding cities. The thieves would lift items from stores like CVS, Target, Safeway, and Walgreens, Thai would pay them cash for the items, and then he would re-sell those items at flea markets and to small stores, Santos explained. He added that the items could probably be fenced for between 20 to 40 cents on the dollar. Police did not rule out the prospect of more arrests as they continued to inventory the thousands of stolen items.
Association Meeting Locked Down During Boston Manhunt
MeetingsNet (05/13) Kovaleski, Dave
When confronted with Massachusetts Gov. Deval Patrick's "stand-in-place" lockdown order during the manhunt for the Boston Marathon bombing suspects, Alex Zapple, the event services senior coordinator at the association management company SmithBucklin, had to decide whether or not to follow through with a meeting hosted by the company at a Marriott hotel in Boston. Despite the order, which was issued the Friday after the bombing, Zapple and senior SmithBucklin staff decided the meeting should go on as planned and carried it out without much of a hitch. Of those attending the meeting, about 100 were staying at the Marriott and the rest were locals. All of the event speakers and most of the exhibitors were able to make it to the meeting without issue. Zapple and other coordinators communicated the situation to the attendees, police were stationed on the hotel grounds all day, and security at the venue was increased. Only meeting attendees and guests were allowed in and out of the building, and anyone leaving the building did so at their own risk and were often asked by security why they were leaving. Cellular and Internet service were still available during the manhunt, allowing everyone inside the hotel to communicate, though they installed a landline in case cell service was cut. "We just tried to create a sense of normalcy, making sure attendees felt comfortable and safe and aware of what was going on," Zapple said. "The City of Boston and the Boston Marriott Cambridge did a phenomenal job in a very tough situation."
Formula for Success: Retailers Focus on Theft Prevention
Supermarket News (05/13/13) Angrisani, Carol
Retailers across the nation are taking more initiative to curb baby formula theft, which has become a popular shoplifting item for organized retail crime (ORC) rings because of its high market value and significant demand. Baby formula can cost from $15 to $30 per can, meaning parents who are looking to find it on the cheap might turn to third parties to buy it. Suzi Robinson, a spokeswoman for the Stop & Shop in Quincy, Mass., said baby formula has become one of the biggest targets for ORC. Robinson explained that parents looking to buy formula at Stop & Shop must take a voucher for the specific formula they want to the checkout counter, where the cashier will retrieve the item from a locked case. She said the effort helps to prevent the items from ending up on the black market and helps keep the items in stock. Other retailers, like Cincinnati-based Kroger, have installed visible security cameras in the baby formula aisles of their stores and have started placing magnetic strip security devices on the formula packaging. This way, the items can stay on the shelves, which the International Formula Council says is a better practice than locking them away.
Sage Conversations: Taking a Holistic View of Security Operations
SecurityInfoWatch.com (04/22/13) Worman, Ronald
Often within the security functions of public and private organizations there is a tendency to focus inward, missing the holistic perspective of how security benefits the greater organization mission. In an interview with Benjamin Butchko, CEO of Butchko Security Solutions, The Sage Group's Ronald Worman notes four major data elements that Butchko says could be used to create an information data model and architecture for security. These elements are: business data, such as facility, personnel and identity, and contracts management; physical security data, such as access control, intrusion, video surveillance, and voice; operations data, including SCADA, core process or workflows, raw materials, product stores, and locations; and the safety environment, such as proper certifications, medical clearances, and travel. Butchko argues that if this information was identified, captured, and organized properly, then it could be persistently evaluated in context of reactive and proactive analysis, and would equip the organization to spot trends that could tell leaders how to improve their operation, and also predict future events. Butchko is helping his clients by developing an interoperable leadership platform that aims to leverage the knowledge and resources of multiple security stakeholders, including technology vendors, software companies developing in Windows, SQL, and Sharepoint, device companies, and integrators. Another example of this new leadership mindset in the security industry can be found in the Security Executive Council (SEC). Several members of the council have created a Next Generation Security Leader Program that aligns with these leadership elements. Worman notes that this organization keeps a true external and internal perspective by identifying all-hazards risk and best practices that can be accessed through their Collective Knowledge database and consulting network to the accreditation of risk, resilience, and security solutions and services through their Solution Innovation Program (SIP).
Three Simple Steps to Determine Risk Tolerance
CSO Online (04/16/13) Shumard, Craig
One of CISOs' most difficult challenges is successfully negotiating disputed risk issues, as the process for determining risk tolerance is fraught with organizational politics, and each organization requires a customized risk tolerance and assumption process. When working on developing that process, the most important things a CISO needs to consider are how the organization decides on risk tolerance and security risk assumption decision-making and who has the authority to assume security risks. To determine the organization's stance, the best place to start is with the organization's risk tolerance model, particularly by determining what model the organization has -- a formal documented process, an undocumented process, or something in between. There are three critical factors that should be included on all risk tolerance models, such as documenting who within an enterprise is authorized to make security risk decisions. Ideally, the CISO serves as the first line of defense, followed by the CEO or the Board of Directors, if the risks need to be escalated. Business unit executives should only have limited authority to make risk decisions that are constrained by the boundaries of their business unit. The second factor is categorizing enterprise versus business unit risks, as categorization determines who can assume this risk. Lastly, there needs to be documentation governing how disputed issues are escalated and resolved so that each business unit is aware of how to and who needs to be involved in resolving risks. Having a documented formal security risk assumption process that has been approved by the CEO and/or the Board of Directors is a critical first step to successfully resolve any contested risk tolerance issues, particularly as it ensures that the right people are the ones assuming security risks for the organization. CISOs must determine and navigate the risk tolerance level of their organization, as an accurate understanding of organizational risk tolerance helps to drive organizational values.
Suspect Raised No Red Flags
Wall Street Journal (05/16/13) Barrett, Devlin; Gorman, Siobhan; Levitz, Jennifer
Officials investigating the Boston Marathon bombings say that it does not appear that Dzhokhar Tsarnaev, the younger of the two brothers accused of carrying out the attack, was ever truly radicalized. While Dzhokhar did tell investigators that he and his brother Tamerlan carried out the attack because they were upset about U.S. actions against Muslims, it does not appear that Dzhokhar was immersed in radical Islam to the same degree that Tamerlan was. For example, officials also say that while both men downloaded videos made by radical Muslim clerics, most of them were downloaded by Tamerlan. Dzhokhar's freshman-year roommate at UMass Dartmouth, meanwhile, said that he saw no signs that Dzhokhar had any extremist beliefs. Officials say that if Dzhokhar did become radicalized, it likely happened right before the Boston Marathon bombings took place. But investigators have yet to find any evidence of any activity that could have served as a red flag, such as frequent visits to jihadist Web sites, the use of violent rhetoric, or suspicious purchases. Tamerlan, by contrast, was a classic example of a homegrown or lone wolf terrorist--someone who is largely isolated from society who comes from a broken family and is attracted to a poorly-defined cause, officials say. Counterterrorism officials say that if it turns out that Dzhokhar was indeed not radicalized, it could be an indication that some would-be terrorists are simply going to slip through the cracks of efforts to use certain characteristics to identify potentially dangerous individuals.
Man Who Allegedly Taught Bomb Making in Utah Arrested in Terrorism Case
Deseret News (UT) (05/16/13) Romboy, Dennis
A 30-year-old Uzbekistan national who is believed to be a member of the Islamic Movement of Uzbekistan was arrested in Boise, Idaho, on Thursday and charged with preparing to carry out a terrorist attack. According to the indictments filed in federal courts in Idaho and Utah, Fazliddin Kurbanov in January taught others how to build explosive devices and distributed information about manufacturing and using a weapon of mass destruction. As part of the bomb-making training he allegedly provided, Kurbanov showed trainees Internet videos and gave them written instructions that listed the materials that could be used to build a bomb as well as how to assemble those materials into a functional explosive device. Kurbanov is believed to have had some of those parts in his possession last November, including a hollow hand grenade, a hobby fuse, and aluminum powder. Kurbanov has also been charged with providing resources to the Islamic Movement of Uzbekistan, which the U.S. government considers to be a terrorist group, between last August and this month. The resources Kurbanov provided to the Islamic Movement of Uzbekistan include his services as a member, computer software, and money, according to the indictment. Officials have not said whether the attack Kurbanov is believed to have been planning was imminent, nor have they said how they discovered the alleged plot.
Counter-Terrorism Leak Compromised an Informant, Sources Say
Los Angeles Times (05/16/13) Dilanian, Ken
U.S. officials have provided new information about the national security leak that lead the Justice Department to seize the telephone records of Associated Press journalists over a two-month period last year. Officials say that stories published by the Associated Press and several other news outlets in May 2012 compromised an informant who had infiltrated al-Qaida in the Arabian Peninsula (AQAP). The informant was not mentioned in the Associated Press' May 7, 2012 story about a bombing plot by AQAP, though other news organizations were reporting on the informant's role by the end of the following day. The informant reportedly was able to provide the U.S. information that led to a drone attack on a suspect in the 2000 U.S.S. Cole bombing, and had also convinced AQAP members that he wanted to bomb a U.S. commercial aircraft using an underwear bomb. Officials said that having an informant who had earned the trust of terrorists was extremely valuable, though they said they could no longer use the informant following the publication of the Associated Press story. The Justice Department is currently investigating the leak of the information about the informant, which Attorney General Eric Holder said was one of the most serious leaks he has ever seen. A former CIA lawyer, however, said Holder was exaggerating.
Wig-Wearing 'CIA Spy' in Russia 'Was Investigating Boston Bombings'
Telegraph.co.uk (05/15/13)
Russia's Federal Security Service (FSB) on Tuesday temporarily detained an employee of the U.S. Embassy in Moscow on charges of being an American spy. Ryan Fogle, a third secretary from the U.S. Embassy's political section, was arrested in a sting operation for allegedly trying to recruit a Russian anti-terrorism official to provide him with information. The FSB said that Fogle was carrying a letter at the time of his arrest that promised the anti-terrorism official an initial payment of $100,000 and as much as $1 million per year for "long-term cooperation," along with bonuses for additional information. In addition, the FSB said that Fogle had a kit that included items used to alter his appearance, such as wigs and sunglasses. The Russian Foreign Ministry concluded that Fogle was a CIA operative, and Russian authorities have ordered him to leave Moscow. A Russian newspaper, meanwhile, has reported that Fogle was looking for information about the suspects in the Boston Marathon bombings, who are from Russia. The Russian anti-terrorism official Fogle is accused of trying to bribe had been working in the North Caucasus, the area where the suspects are from. Some experts doubt the Russians' story, saying that they believe Fogle may have been set up by Kremlin officials looking to boost their standing in the eyes of the Russian public.
GOP Probes Deeper Into Benghazi Review
Wall Street Journal (05/13/13) Tracy, Tennille; Patterson, Scott
House Oversight and Government Reform Committee Chairman Darrell Issa (R-Calif.) said Sunday that he was planning to send letters to the two leaders of the State Department panel that investigated the Benghazi attacks last September asking them to agree to answer questions about their probe. Issa said he asked Thomas Pickering and retired Adm. Mike Mullen to answer questions about the investigation carried out by the Accountability Review Board, which was set up by then-Secretary of State Hillary Clinton in the wake of the Benghazi attacks in order to evaluate the security measures and preparations that had been taken to protect the U.S. consulate, because its probe was "insufficient." The panel concluded that the State Department did not provide adequate security for the Benghazi facility despite the fact that there had been reports of increased militant activity in the area. GOP lawmakers have said that the investigation was not thorough enough and that Clinton should have been questioned by the panel. Pickering has acknowledged that Clinton was not "exhaustively" questioned, but said that such questioning was unnecessary. Democratic lawmakers are continuing to criticize the congressional investigation into the Benghazi attacks as being politically motivated, though Issa has said that his goal is to simply find out what went wrong before, during, and after the attacks.
Utilities Targeted by Hackers Raise Dire U.S. Warnings
Bloomberg (05/16/13) Strohm, Chris
Charles Edwards, the U.S. Department of Homeland Security's (DHS) top investigator and acting inspector general, said in testimony for the House Homeland Security Subcommittee on Cybersecurity that the number of cyberattacks on the computers that run the nation's critical infrastructure are increasing, with potentially lethal effects. He notes that successful infiltrations of these networks could potentially create large-scale power outages or result in "physical damage, loss of life and other cascading effects that could disrupt services." Edwards stresses that the DHS "needs to consolidate its information sharing and communication efforts" with companies and other agencies. The House of Representatives has passed a piece of legislation that encourages the sharing of information regarding cyberthreats between businesses and the government. "[DHS] has repeatedly demonstrated its ability to expeditiously support private sector partners with cyber intrusion mitigation and incident response," says Roberta Stempley with DHS' Office of Cybersecurity and Communications. She also says the department believes "that carefully crafted information sharing provisions, as part of a comprehensive suite of cybersecurity legislation, are essential to improve the nation's cybersecurity to an acceptable level." Stempley also points out that the department intends to continue its cooperative work with Congress to develop such provisions and legislation.
Experts: Smartphones Another Avenue for Hackers
Associated Press (05/16/13) Winton, Tony
An April study from the Federal Reserve Bank of Atlanta finds that smartphone threats are proliferating, ranging from phishing scams to consumers' reluctance to use basic security protections they normally keep on home computers, such as passwords. The study noted several things that can make mobile devices an easy target. Individuals retain vast amounts of personal information in emails, texts, and social media sites. Organized crime rings also view smartphones as the weakest entry point into the electronic financial system, The Fed says. The Fed cites Trusteer research involving 20 computer servers that were used to disseminate more than 100,000 phishing emails. By analyzing the server records, Trusteer found that about 2,200 of the 3,000 responses the scam artists received came from smartphones. Financial industry experts say they expect those figures to get worse. The Fed helps run the Automated Clearing House (ACH), a system that processed 21 billion transactions in 2012. Although banks must adhere to authentication standards for ACH transactions, those protections are often unknowingly weakened by consumers. Several manufacturers are planning biometric technology, such as fingerprint scanners, that can increase phones security. But even with those protections, consumer behavior can still carry risk.
Many State and Local Networks Unprepared for Cyberattacks
Government Computer News (05/15/13) Jackson, William
The networks and IT systems used by many state and local governments are not prepared for cyberattacks, according to a Consero survey. Of the three dozen state and local government CIOs who took part in the informal survey at a recent Consero conference, 44 percent said that their networks and systems were not adequately prepared to ward off cyberattacks. An additional 28 percent said they had experienced a security breach within the past 12 months. Many of the CIOs said their networks and systems were not prepared for cyberattacks due to budget constraints. According to the survey, 55 percent said the lack of money was the biggest difficulty they faced in doing their jobs. The inability to hire new security professionals and turnover among existing staff members also were cited as reasons why networks and systems were not prepared for cyberattacks. However, CIOs said they could overcome some of these problems by helping those within their organization who make budgetary decisions to understand their security needs.
Android Threats Growing in Number and Complexity, Report Says
IDG News Service (05/14/13) Constantin, Lucian
Android threats are growing in both size and complexity as cybercriminals adopt new distribution tactics and develop Android-focused malware services, according to a new F-Secure report. F-Secure researchers say the most worrying trend is that the Android malware ecosystem is becoming similar to Windows, in which highly specialized attackers provide commoditized malware products. An example of this is an Android Trojan program called Stels that was disseminated through fake Internal Revenue Service emails sent by the Cutwail spam botnet earlier this year. Those emails contained links that redirected users to a website asking them to download and update their Flash Player software. By installing the so-called the program, the user unwittingly gives the Trojan permission to make phone calls. The F-Secure researchers note that this new distribution method threatens Android users who are not actively searching for new apps on the Google Play store, where Android malware writers traditionally have duped users into installing malicious apps on their phones by passing them off as legitimate apps.
Adobe Shares Cybersecurity Lessons Learned the Hard Way
Wall Street Journal (05/13/13) King, Rachael
Aspects of Adobe Systems' in-house training program for creating secure software will be adapted by the nonprofit organization SAFECode to create a set of free online training courses. Howard Schmidt, a former White House cybersecurity advisor and the executive director of SAFECode, said with the increasing amount and severity of cyber attacks on U.S. companies it is critical for software developers to learn how to secure their code so hackers cannot exploit it to gain access to critical system files and other data. Members of the SAFECode group, including Intel, Microsoft, SAP, and Symantec, took Adobe's in-house system and added material to it to create original training modules for software engineers. Schmidt said the modules would be offered for free because of the tighter budgets many companies are facing. Adobe created computerized training modules for its software developers in response to attacks on Adobe Reader and Adobe Flash Player in 2008. Adobe Chief Security Officer Brad Arkin explained the training program consists of several different levels where participants earn different colored belts, similar to karate. The first two levels, which earn the white belt and the green belt, each take about 8 hours to complete. There is also a more advanced security training program, known as the black belt program, that can take a year or more to finish.
Abstracts Copyright © 2013 Information, Inc. Bethesda, MD |
No comments:
Post a Comment