Friday, June 28, 2013

Security Management Weekly - June 28, 2013

header

  Learn more! ->   sm professional  

June 28, 2013
 
 
Corporate Security
  1. "Chinese Firm is Charged in Theft of Turbine Software"
  2. "U.S. Exec Chip Starnes Freed From China Factory"
  3. "Company Offers Free Solution to Bolster Retailers' Loss Prevention Efforts"
  4. "How Energy Companies Fight Terrorism"
  5. "OSHA Alleges 'Workplace Violence' in Citation Against Lakeview" Occupational Safety and Health Administration, New Hampshire

Homeland Security
  1. "Justice Dept. Targets General in Leak Probe"
  2. "Bulger Trial Explores His FBI Ties"
  3. "Snowden, While on the Run, Poses Greater Risk to U.S."
  4. "Company Allegedly Misled Government About Security Clearance Checks"
  5. "U.S. Begins Shipping Arms for Syrian Rebels"

Cyber Security
  1. "Opera Says Hackers Pilfered Expired Code-Signing Certificate"
  2. "‘Dark Seoul’ Behind Some Cyberattacks in South Korea"
  3. "Phishing Attackers Diversify, Target Facebook Credentials"
  4. "Most Android Threats Would Be Blocked If Phones Ran Latest Android Version, Report Says"
  5. "US Made Intensive Hacking Attacks on China: Edward Snowden"

   

 
 
 

 


Chinese Firm is Charged in Theft of Turbine Software
New York Times (06/27/13) Wald, Matthew L.

According to an indictment by a federal grand jury in Madison, Wis., the Chinese wind turbine company Sinovel and two of its executives conspired with an employee of AMSC to steal the firm's software for controlling the flow of electricity. AMSC claims that Sinovel used the stolen software to build its own wind turbines, which were ultimately exported back into the U.S. According to AMSC, the 2011 theft led to the loss of 500 jobs and $800 million in damages from lost sales and trade secrets. U.S. Attorney John W. Vaudreuil said that both Chinese executives, Su Liying and Zhao Haichun, and the former AMSC employee, Dejan Karabasevic of Serbia, are located in countries with which the U.S. does not have an extradition treaty. That means that they cannot be arrested, though they could be if they travel to a country that the U.S. does have an extradition treaty. Meanwhile, Sinovel will face a trial in the U.S., with potential fines equal to twice the damages suffered by AMSC as well as restitution. AMSC has been pursuing claims against the Chinese firm, as the company refused delivery of more than $700 million worth of merchandise after it allegedly stole the software. In that case the U.S. firm is seeking $70 million in arbitration and is suing Sinovel in China for $450 million for infringement of trade secrets.


U.S. Exec Chip Starnes Freed From China Factory
USA Today (06/27/13) MacLeod, Calum

Specialty Medical Supplies co-owner Chip Starnes was freed on Thursday from the Beijing factory he founded after workers there held him as a hostage for the past six days. The dispute was rooted in worker concerns related to lay-offs and unpaid salaries, and underscores that fact that Chinese workers are willing to take desperate measures to protect their rights. The hostage situation began after Starnes traveled to the plant on June 21 to finalize the severance payments for 30 workers who were being laid off from the firm's plastic-injection-molding division, which is being moved to Mumbai, India. The other 100 workers at the plant, out of concern that the whole factory was being closed, demanded similar severance packages and voiced complaints about unpaid wages. The workers then barricaded Starnes, who has denied that the workers were not paid, inside the plant. Starnes was set free after the two sides came to an agreement in which 97 workers received two months' salary and compensation that together totaled almost $300,000. Starnes said that he was forced to give in to the demands, and called his experience over the past six days "humiliating, embarrassing." He commented that "We're going to take [June 27] off to let the dust settle, and we're going to be rehiring a lot of the previous workers on new contracts as of [June 28]."


Company Offers Free Solution to Bolster Retailers' Loss Prevention Efforts
SecurityInfoWatch.com (06/27/13) Griffin, Joel

The Utah-based Corrective Education Company (CEC) is now offering a new solution for retailers to use when apprehending and processing low-risk individuals accused of shoplifting. The CEC Correct program issues iPads and fingerprint scanners to allow loss prevention officers to process shoplifters and on site. An online database will be able to show them whether the person caught is a repeat offender. First-time offenders, which make up about 80 percent of all shoplifters, can then be diverted to the CEC's voluntary corrective program, which lasts 90 days. Offenders undergo one six to eight-hour education program in that time. The retailer agrees not to prosecute and police are not called. The solution and the accompanying program is already being either fully deployed or piloted in 10 retailers across the country.


How Energy Companies Fight Terrorism
Christian Science Monitor (06/24/13) Graeber, Daniel J.

In response to the terrorist attack on the In Amenas natural gas facility in Algeria last January, the Norwegian energy company Statoil--one of the owners of the In Amenas facility--has announced that it will be forming a special operations division tasked with handling emergency operations. By July, Statoil hopes to appoint an official to lead the facility's security operations. The number of employees detailed for existing security operations at the facility will be doubled as part of the company's comprehensive response to the attack. Energy industry observers say that the fact that Statoil has taken steps to introduce additional security at the plant suggests that, given international economic dependence on the reliability of energy, the energy sector may begin to take on some of the security burden itself. Meanwhile, BP--which owns the In Amenas facility with Statoil and Algeria's state energy company Sonatrach--has commented that it is holding off on natural gas projects because of the security situation in Algeria.


OSHA Alleges 'Workplace Violence' in Citation Against Lakeview
Conway Daily Sun (NH) (06/24/2013) Steer, Daymond

Lakeview NeuroRehabilitation Center in New Hampshire is contesting a citation issued by the Occupational Safety and Health Administration (OSHA) which claims that the center exposed employees "to physical abuse while working with [aggressive] patients by themselves." An inspection was conducted between Dec. 6 and May 20 in response to a complaint brought forward by former Lakeview employee Nancylee Berman, who left because she felt her safety was in jeopardy because of the small number of dangerous clients admitted by Lakeview. Based on injury records, programs and policies, and employee and management interviews, OSHA concluded that Lakeview was in violation of a section of the Occupational Safety and Health Act of 1970 called the "General Duty Clause." The "citation and notification of penalty" alleges that: "On or about Dec. 6, 2012, at 244 Highwatch Road, Effingham, N.H., direct-care employees working with clients who pose a risk to themselves or others, were exposed to workplace violence hazards when they interacted with these clients, [...which] has resulted in workplace violence that is likely to cause death and or serious physical harm. The employer had not developed and/or implemented adequate measures to protect its employees from this hazard." Lakeview has until July 12 to abate the violation and pay the $7,000 fine, though Lakeview was given until June 17 to challenge the citation and notification.




Justice Dept. Targets General in Leak Probe
Washington Post (06/28/13) Miller, Greg; Horwitz, Sari

Retired Marine Corps Gen. James E. Cartwright, the former deputy chairman of the Joint Chiefs of Staff who was sometimes referred to as President Obama's favorite general, is reportedly the target of a year-long Justice Department investigation into national security leaks. According to a senior Obama administration official speaking on condition of anonymity, Cartwright is suspected of leaking information about the highly-classified effort to use the Stuxnet computer virus to attack Iranian computer networks. Those cyberattacks, which were part of a broader campaign of cyberattacks called Olympic Games that was disclosed by the New York Times last year, were designed to set back Iran's efforts to develop a nuclear weapon. Cartwright was one of the main people behind the Stuxnet attack, and was a regular participant in meetings of national security officials at the White House before he retired in 2011. He has not yet been indicted for his alleged involvement in the leaks, though he is expected to be. Meanwhile, Justice Department officials have also been putting pressure on other current and former senior officials who are suspected of being involved in the leaks as well.


Bulger Trial Explores His FBI Ties
Wall Street Journal (06/28/13) Levitz, Jennifer

Testimony in the ongoing trial of notorious Boston gangster James "Whitey" Bulger has focused on the ties between the FBI and Bulger's crime syndicate, the Winter Hill gang. As former federal prosecutor Walter B. Prince points out, the FBI was going to great lengths to protect its sources. Bulger is believed to be one of those sources, as prosecutors say that he was a secret FBI informant and was given protection and inside information from the FBI. "I don't know if we'll ever find out the total truth about that," he lamented. Retired FBI agent John F. Connolly Jr. has already been sentenced to 10 years in prison for warning Bulger about his imminent arrest, leading Bulger to flee. He subsequently eluded capture until 2011. Testimony in the trial given on June 26 shows the extent of Bulger's influence, with Justice Department officials testifying that Bulger had multiple members of the Boston FBI on his payroll. Bulger has pleaded not guilty to all charges, while his defense team has attempted to portray government agents as co-conspirators in his crimes. Former federal prosecutor Michael D. Kendall expressed doubt that the strategy would be successful, calling the recent testimony "more of a public education of problems that have been addressed."


Snowden, While on the Run, Poses Greater Risk to U.S.
Wall Street Journal (06/27/13) Perez, Evan; Gorman, Siobhan

U.S. officials say that Edward Snowden, who has admitted to leaking classified documents about National Security Agency surveillance programs, poses a greater and greater threat to national security the longer he remains on the loose. Snowden is thought to still be in the transit section of the Moscow airport, where he has been since he flew to the Russian capital from Hong Kong on Sunday. Russian officials have so far refused to extradite him to the U.S. Officials believe that Snowden may not be done releasing sensitive information, and that intelligence agencies in countries where Snowden has sought refuge may have the opportunity to examine any documents that he might have stolen. Officials also say that while Snowden appears to not have a complete understanding about the surveillance programs whose existence he divulged, foreign intelligence agencies in Russia and other countries likely will be able to make sense of the information in his possession. Any further leaks by Snowden could result in additional damage to U.S. intelligence collection efforts, officials say. Meanwhile, investigators in the U.S. believe that they have a rough idea about what information was stolen by Snowden while he worked as a systems administrator for the NSA contractor Booz Allen Hamilton. Those conclusions were reached after the FBI, NSA, and other intelligence agencies examined Snowden's work at Booz Allen, interviewed his former co-workers, and tracked his movements inside the secret computer networks he had access to.


Company Allegedly Misled Government About Security Clearance Checks
Washington Post (06/27/13) Hamburger, Tom; Goldfarb, Zachary A.

Federal investigators have reportedly found evidence that USIS, a contractor conducting security clearance screening, had mislead the government about how thorough its background checks were. The contractor allegedly skipped a required second review of background checks between 2008 and 2011 in around 50 percent of the cases it handled, despite informing federal officials that the second review had been performed. There is speculation that the second review was skipped to make USIS appear more efficient in order to trigger incentives. It is not known whether USIS did anything improper in its 2011 background check of Edward Snowden, though Office of Personnel Management Inspector General Patrick E. McFarland has previously expressed concerns about Snowden's background check. A federal watchdog plans to recommend that OPM end ties with USIS unless the contractor can show it is performing responsibly. That could create a major logistical quagmire because the government relies heavily on contractors to clear workers in what is an already-jammed security clearance process.


U.S. Begins Shipping Arms for Syrian Rebels
Wall Street Journal (06/27/13) Entous, Adam; Barnes, Julian E.; Gorman, Siobhan

Diplomats and U.S. officials say that the CIA has started implementing President Obama's plans to arm moderate factions of Syrian rebel groups. The agency has begun transporting weapons to Jordan from a network of secret warehouses, and is expected to give the weapons to small groups of vetted Syrian rebels within a month. The move will expand the United States' support for the moderate forces loyal to Gen. Salim Idris, the top Syrian rebel commander backed by the West. The U.S. will also be monitoring Saudi Arabia's effort to provide shoulder-fired antiaircraft missile, known as Manpads to a small number of handpicked fighters to help try to reduce the risk that the they could fall into the control of radical Islamists. This possibility is a major U.S. and Israeli concern. Obama rejected a proposal for the CIA to arm moderate rebels last year because of such concerns. But administration officials have noted that the CIA now has a better understanding of who is involved in the opposition and that it has confidence in Gen. Idris' leadership. The CIA has also established a thorough vetting process to ensure that weapons do not fall into the hands of radical elements within the Syrian opposition, though officials concede that the agency's limited intelligence-collection capabilities in Syria could make it difficult to obtain reliable information about the backgrounds of certain rebels.




Opera Says Hackers Pilfered Expired Code-Signing Certificate
IDG News Service (06/27/13) Kirk, Jeremy

Opera Software says hackers breached its internal systems and swiped at least one code-signing certificate that was used to sign malicious software. The Oslo-based manufacturer of mobile and desktop software believes several thousand Windows users may have automatically installed malware on June 19, the day that attack was spotted and thwarted. By using these code-signing certificates, which cryptographically verify that a piece of software comes from its purported publisher, users would be misled into believing that the malware was legitimate software from Opera. Opera cites a link to VirusTotal, a website that tests malware samples against security programs to see if the malware is spotted. As of late June, slightly more than 50 percent of the 47 security programs listed on VirusTotal that tested the sample spotted it, and Opera says the figure is likely to increase as vendors tweak their programs to detect it. Opera plans to release a new version of its browser with a new code-signing certificate, but does not say when it will be available.


‘Dark Seoul’ Behind Some Cyberattacks in South Korea
Wall Street Journal (06/27/13) Kwaak, Jeyup S.

Symantec reports that some of Tuesday's attacks against South Korean government Web sites were carried out by the "Dark Seoul" hacker group. According to Symantec, the most recent breach bears resemblance to other attacks carried out by the group over the past four years. The South Korean government and private companies have been targeted by a number of hard disk wiping and denial-of service attacks in that time. It is unknown whether Dark Seoul is connected to the North Korean government, but Symantec did say that the hackers must have some significant financial support and that the attacks will likely continue. Tuesday was also the anniversary of the outbreak of the Korean War. The South Korean science ministry, which previously pointed the finger at North Korea for earlier attacks, has said it will conduct its own investigation of this incident. The South Korean government also said that it had increased monitoring of its servers and had recruited a dedicated response team to deal with the aftermath of the attacks, which did not appear to target military sites and did not cause any data breaches or economic damage.


Phishing Attackers Diversify, Target Facebook Credentials
InformationWeek (06/26/13) Schwartz, Mathew J.

The FBI has issued a warning to consumers about a recent surge in spear-phishing attacks designed to steal intellectual property, financial credentials, and personal information. This warning tracks with a Kaspersky Lab report based on data gathered from 50 million individual Windows users over the last year. The report found that over 12 months the number of distinct phishing attack sources had tripled, while 87 percent more people were being targeted. These numbers echo a recent Google Transparency Report which found that the number of phishing sites had increased from less than 10,000 in May 2010 to over 100,000 in June 2013. The Kaspersky report further found that half of phishing sites are mimicking search, email, and social networking sites, with 12 percent mimicking the websites of financial institutions, 8 percent emulating IT company sites, 7 percent imitating gaming sites, 7 percent mimicking online shopping and auction sites, and 6 percent imitating payment services. The sites most commonly emulated by phishers in the United States were Yahoo, Facebook, Google, Amazon.com, Wow-Europe, Microsoft, AOL, American Express, an unnamed bank, and Twitter. The study found that phishing attacks target mostly residents of Russia, the U.S., India, Vietnam, and Britain, while most phishing attacks are launched from the U.S., Britain, Germany, Russia, and India.


Most Android Threats Would Be Blocked If Phones Ran Latest Android Version, Report Says
IDG News Service (06/26/13) Constantin, Lucian

More than 75 percent of Android threats are malicious apps that send SMS messages to premium rate numbers and could be thwarted by a protection feature present in Android 4.2, according to researchers from Juniper Networks. However, since manufacturers and carriers neglect to update Android end user devices in a timely manner, just 4 percent of devices currently run Android 4.2, even though this version has been available for more than six months. Juniper Networks' Mobile Threat Center announced that between March 2012 and March 2013 the number of mobile threats increased by 614 percent, reaching a total of 276,259 malicious samples. Of those malicious appls, 92 percent target the Android operating system. Seventy-seven percent of Android malware are apps that net money for their creators by either requiring end users to send SMS messages to premium rate numbers or by surreptitiously disseminating such messages on their own. Juniper researchers say every successful attack using such an app can net an immediate profit of $10, on average, for the attacker.


US Made Intensive Hacking Attacks on China: Edward Snowden
Economic Times (India) (06/23/13)

Edward Snowden said Sunday that the United States has conducted intensive cyberattacks on Tsinghua University, China's top education and research institute. Though the number of attacks is unknown, Snowden said that one of the most recent breaches by the National Security Agency (NSA) occurred in January, and that least 63 computers and servers at the university were hacked by the NSA in one day that month. Tsinghua University may have been a target because it is home to the China Education and Research Network (CERNET), which is one of the country's major Internet backbone networks. Experts say that data from millions of Chinese citizens could have been mined from the network. Snowden also said that the Chinese University in Hong Kong was a target, as were other universities in Hong Kong and mainland China. The Chinese University is home to the Hong Kong Internet Exchange, which is the central hub for all Internet traffic in the semi-autonomous city. Snowden's revelations indicate that most of the offensive cyberattacks carried out by the NSA against Chinese targets have focused on network backbones, which serve as transit points for large amounts of data. Experts say that most of the data passing through Chinese network backbones is not encrypted.


Abstracts Copyright © 2013 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments:

Post a Comment