| |
Mayor: City Will Investigate SF General Hospital Security After Patient Found Dead in Stairwell
San Francisco Examiner (10/11/13) Lamb, Jonah Owen
San Francisco Mayor Ed Lee said Oct. 10 that the city will launch an investigation and independent review of security at San Francisco General Hospital to find out what happened to Lynne Spalding, a patient at the facility who disappeared on Sept. 21 and was found dead in a stairwell on Oct. 8. The review will examine the hospital's security policy, training and security staffing, patient and employee security, the control of the hospital building and campus security, and the response to staff and patient safety events. Lee said that the goal of the review is to prevent a similar incident from occurring again. He refused to speculate on who or what was to blame for Spalding's death. The exact cause and manner of Spalding's death is still under investigation, though foul play has been ruled out.
Power Grid is Attacked in Arkansas
New York Times (10/09/13) Blinder, Alan
The FBI and the Department of Energy are investigating three acts of sabotage against electric power equipment in Arkansas that could be related. The most recent of those incidents took place on Oct. 7, when two power poles were deliberately severed in Lonoke County. One of the poles was reportedly brought down with the help of a stolen tractor. No one was injured, but the incident resulted in a power outage. That incident followed a Sept. 29 fire at an electrical substation in Lonoke County. After the fire, investigators found the words "You should have expected U.S." written on a control panel at the substation. The third incident was reported more than six weeks ago by Entergy Arkansas, which said that one of its high-voltage transmission lines in Lonoke County had been pulled down. The FBI launched an investigation and found that a cable had been attached to a transmission tower and laid across a railroad track in an apparent attempt to use a passing train to bring down the tower. It remains unclear what the motive for the acts of sabotage may have been. No suspects have been identified, though the FBI has said that whoever is responsible may have expertise in electricity.
Three Men Indicted in Computer-Code Theft Probe
Wall Street Journal (10/08/13) Matthews, Christopher M.
Three men have been indicted by a New York state grand jury after Manhattan District Attorney Cyrus Vance Jr. accused them of stealing valuable computer source code containing secret algorithms from the automated-trading firm Flow Traders US. Two of the men, Glen Cressman and Jason Vuu, were former traders at the firm. The third man, Simon Lu was a college friend of Vuu's who helped build a trading platform for a startup company using the code, which contained algorithms that played an important part in Flow Traders' high-frequency trading strategy. According to the 20-count indictment, a series of e-mails Vuu sent to himself in 2012 included computer data, computer programs, and spreadsheets belonging to Flow Traders. The data in many of the messages were valued at more than $2,500 per e-mail. Cressman's lawyer has said that his client is innocent, and both Lu and Vuu have denied the allegations, with Lu saying that, to the best of his knowledge, what he worked on with Vuu was "freely available publicly or commercially purchased." In September, Vance and other New York prosecutors met to examine the outdated laws which have not kept pace with ever-more sophisticated frauds, the Internet, and technology, before proposing changes to state law that would better protect intellectual property.
Report Indicates Insider Threats Leading Cause of Data Breaches in Last 12 Months
CSO Online (10/08/13) Hatchimonji, Grant
Forrester Research recently released its Understand the State of Data Security and Privacy Report, which draws on a survey of small and medium businesses and other enterprises in the United States, Canada, Britain, France, and Germany. The survey found that inadvertent misuses of data ranked as the top source of data breaches in 2012, accounting for 36 percent of all breaches. Nearly a quarter of respondents said breaches were most commonly the result of malicious insiders. Only 42 percent of small and medium businesses said their workforces received training on how to secure data, and only 57 percent of workers said they were aware of their organizations' current security policies. Data security also received the second largest portion of IT budgets, 17 percent, after network security. Forrester analyst Heidi Shey says these numbers show that organizations need to make data security more of a priority. The report suggests organizations utilize a framework for data security built on three steps: inventorying all the organization's data, analyzing the data, and structuring data security around protecting the most valuable data. Shey also says separating privacy efforts from security efforts can undermine data security, and that privacy and security should addressed together.
In Vegas, Security Cameras Guard Money, Not Guests
Associated Press (10/08/13) Dreier, Hannah
Las Vegas casinos are famous for their security, but Associated Press reviewers found that 23 of the 27 major casinos on the Las Vegas Strip do not post them in hotel hallways or elevator landings. Casino owners argue their facilities have cameras on gambling floors, in lobbies, and in elevators, and that their casinos have more cameras per square foot than airports or sports arenas. But only Caesars Palace, Planet Hollywood, the MGM Grand, and Tropicana Las Vegas put any kind of surveillance above the gambling floor. "The level of security at the hotel level is zero," notes security consultant Fred Del Marva. This is a particular concern as thefts from hotel rooms account for a large amount of casino crime, particularly in recent years. Las Vegas Chief Deputy District Attorney James Sweetin explains that the lack of cameras emboldens criminals and can make theft or even assaults harder to prosecute. The biggest challenge for casinos in adding new security cameras appears to be price. Art Steele, the former head of security for the Stratosphere Las Vegas casino, says casinos could pay about $2 million to install security cameras at hotel levels and $100,000 per year to monitor them.
C.I.A. Warning on Snowden in ’09 Said to Slip Through the Cracks
New York Times (10/11/13) Schmitt, Eric
Officials say that concerns about Edward Snowden's behavior were not passed along to the National Security Agency (NSA) before he began leaking sensitive documents earlier this year. Those concerns were raised in 2009 by Snowden's supervisor at the CIA, where he was working as a technician in Geneva. The supervisor had observed troubling changes in Snowden's behavior and work habits, and noted those concerns in a report in Snowden's personnel file. It is unclear what the exact nature of those concerns were, but a friend of Snowden's said that the report was made at a time when Snowden was troubled about his work at the CIA and was complaining about government surveillance programs. Entries in Snowden's personnel file from that period of time also noted that Snowden was suspected of attempting to break into classified computer files without authorization. Although the CIA decided to send Snowden home, the concerns about his behavior were not passed along to the NSA or its contractors. A senior law enforcement official said that the system the CIA and NSA uses for managing security clearances was only set up at the time to track major rule-based violations, meaning that lesser derogatory information would have only been given to the NSA upon request. Such lesser derogatory information is now being forwarded to agencies that access the security clearance management system.
Pilots Union Warns of Possible Terrorism 'Dry Runs'
USA Today (10/10/13) Deeson, Mike
An internal memo from the US Airlines Pilots Association indicates that there have been several recent cases throughout the airline industry of "dry runs" aimed at determining how airline personnel respond to in-flight threats. The memo details the most recent dry run, which occurred on Sept. 2 aboard a flight from Washington, D.C., to Orlando. Shortly after the flight took off, a group of four men described as "Middle Eastern" began to cause a commotion. Witness statements claim that one man ran from his seat in coach toward the flight deck door before turning and going into the forward bathroom "for a considerable length of time." During the time the first man was in the bathroom, three others moved around the cabin, switched seats, opened overhead bins, and generally appeared to be trying to occupy and distract the flight attendants. Both US Airways and the Transportation Security Administration confirmed the incident, with the latter noting that no further investigation into the incident is required at this time. There is concern among flight crews that such incidents may indicate that plans are underway for a 9/11-type attack.
Sen. Wyden Seeks to Scale Back NSA Surveillance
Washington Times (10/09/13) Glaser, John
Sen. Ron Wyden (D-Ore.) said Wednesday that if those defending the National Security Agency's surveillance programs are able to hold off current reform efforts in Congress, there will be a "new era in digital surveillance" that he said would be marked by increased risks to Americans' privacy and freedom. Wyden added that if opponents of efforts to reform the surveillance programs succeed in their efforts to "fog up the surveillance debate," any reform measures ultimately passed by Congress would be superficial at best. Wyden is sponsoring legislation that would end the NSA's bulk collection of Americans' phone data and would place limits on the agency's ability to conduct surveillance without a warrant. The bill would also force the Foreign Intelligence Surveillance Court (FISC), which oversees surveillance orders, to become more transparent. Wyden said that reform is necessary because NSA has often broken the statutory guidelines governing its surveillance programs. That information was seen in a recently declassified FISC ruling, which stated that the NSA had "frequently and systematically violated" laws that govern how its intelligence agents could search the communications databases. The ruling also stated that NSA analysts had deliberately misled judges about their activities to get court approval.
Heeding New Counterterror Guidelines, U.S. Forces Backed Off in Somalia Raid
Washington Post (10/08/13) DeYoung, Karen
Current and former Obama administration officials provided an explanation on Monday as to why Navy SEALS called off a raid in Somalia on Oct. 5 that was intended to capture al-Shabab commander Abdulkadir Mohamed Abdulkadir. The officials noted that the raid, which was carried out in the Somali town of Barawe, was executed using guidelines that call for the use of lethal force only in cases where it is almost certain that non-combatants will not be injured or killed. Those guidelines also state that it is preferable to capture rather than kill suspected terrorists. Both of those guidelines were approved by President Obama last spring. Officials said that it was because of those guidelines that the commander of the operation decided to retreat following a gunbattle with militants rather than call in an airstrike on the compound that was being raided, even though he had the authority to do so, because there were too many women and children inside. Destroying the compound in an airstrike also would have likely resulted in Abdulkadir's death. But a senior administration official said that if there were no civilians in the compound, the U.S. would have likely launched a missile attack on the facility using either drones or manned aircraft.
Capture of Bombing Suspect in Libya Represents Rare ‘Rendition’ by U.S. Military
Washington Post (10/07/13) Londoño, Ernesto
The U.S. military carried out two raids against terrorist suspects on Oct. 4 and Oct. 5, one of which was successful but drew the condemnation of the country where it was carried out. The successful raid was carried out on Oct. 5 in Tripoli, Libya, when Special Operations forces captured Nazih Abdul-Hamed al-Ruqai--a suspect in the 1998 U.S. Embassy bombings--by forcing him out of his car and taking him to an undisclosed location. U.S. officials hailed the capture of al-Ruqai, saying that the move will help them obtain information that will hurt al-Qaida's efforts to strengthen al-Qaida in the Islamic Maghreb, its affiliate in North Africa. But the Libyan government on Sunday issued a statement on al-Ruqai's capture, saying that it amounted to a "kidnapping" of a Libyan citizen. The capture of al-Ruqai came just hours after U.S. Navy SEALS carried out a raid against the hideout of an al-Shabab leader in the Somali town of Baraawe. Navy SEALS were hoping to capture a senior al-Shabab operative but were forced to retreat due to concerns that the firefight with al-Shabab militants could have resulted in innocent civilians being killed. Both operations are seen by some as a sign that the Obama administration is increasingly willing to use ground troops to capture high-value terrorist suspects.
Shutdown Could Delay Government's Patching of IE, Windows and .NET Flaws
Computerworld (10/09/13) Vijayan, Jaikumar
Desktop and server systems used in many federal agencies could be left vulnerable to new threats recently disclosed by Microsoft in its latest round of security updates. Government agencies are running with the bare minimum IT staff, meaning there are few personnel around to install Microsoft's latest patches on desktop and notebook systems, security analysts say. Microsoft recently issued patches for 26 flaws, including several critical, remotely exploitable, vulnerabilities in Windows XP, Windows Server 2003, the Microsoft .Net Framework, and multiple versions of the Internet Explorer browser. Security experts usually urge organizations to implement patches as quickly as possible to minimize the risk from hackers. Security consultant Richard Stiennon predicts that many government systems will encounter problems once they are turned on following the shutdown. He says the best practice would be to isolate these machines until they can be brought up to the most recent patch level. "Because so much attention being paid to the numerous websites displaying shutdown notices, agency IT staffs should be on heightened alert for defacement, [distributed denial of service] attacks and other shenanigans during the crisis." Stiennon advises. Former federal CIO Karen Evans says automation of the patching process is a key factor in whether an agency deploys the latest patches in a timely manner.
More Than 80 Percent of Smartphones Remain Unprotected from Malware and Attacks
Cellular-News (10/09/13)
More than 80 percent of the total enterprise- and consumer-owned smartphone device base will remain unprotected through 2013, according to Juniper Research. The firm attributes the low level of adoption of security software to numerous factors, including the relatively low consumer awareness about online attacks on mobile devices and a widespread consumer notion that security products cost too much. According to the report, nearly 1.3 billion mobile devices, including smartphones, feature-phones, and tablets, are expected to have mobile security software installed by 2018, up from around 325 million this year. The report found that security risks are also on the uptick due to an explosion of mobile malware in the past two years. It determined that cybercriminals are focusing less on PCs and more on mobile devices across both enterprise and consumer markets. Juniper also learned that growth in the enterprise space for security products is being driven by increases in IT budgets, greater implementation of security policies and security products, and training for employees.
Adobe Source Code Leak is Bad News for U.S. Government
Wall Street Journal (10/08/13) King, Rachael
There are concerns that the recent leak of source code for Adobe Acrobat, Coldfusion, and ColdFusion Builder could become a major security issue for the U.S. government. Adobe ColdFusion software is widely used in the Web sites of at least 11 government agencies, including the departments of Defense and Energy and the National Security Agency. Security experts have commented that access to this proprietary source code would allow attackers to more easily locate and exploit vulnerabilities in the software. But Adobe Chief Security Officer Brad Arkin said that his experience has shown that the most efficient way of finding vulnerabilities is does not involve looking at the source code but rather directly testing a particular product while it is running. Another concern is that the hackers may have tampered with the code, meaning that all of those who have recently purchased Adobe software could have malicious code. So far there is no evidence of tampering or malicious insertions into either code or products. Randal Rioux, a principal security strategist for Splunk, Inc., said that the source code leak, in combination with the current lack of personnel overseeing government Web sites, means that hackers currently have a window of opportunity where they could take advantage of the security vulnerabilities created by the shutdown to infiltrate systems.
Frequency, Cost of Cyberattacks on the Rise
Federal Computer Week (10/08/13) Corrin, Amber
The cost of cyberattacks to U.S. organizations has increased by 78 percent over the last four years, according to a new Ponemon Institute report. The report surveyed 60 U.S. organizations, including government agencies, and found that cybercrime cost these organizations an average of $11.6 million during 2013. The organizations faced an average of 122 successful attacks per week, with malware such as Trojan viruses and worms being the most common. However, government organizations in particular faced more serious attacks. Distributed denial-of-service attacks are most recently associated with the financial sector, but they also have wreaked havoc with some agencies. Ponemon Institute founder Larry Ponemon cites one unnamed agency targeted by a DDoS attack that "had a fairly significant cost of disruption because when the system was down, their business processes failed." Data exfiltration is another major concern for government agencies, as demonstrated by recent leaks of confidential data by former National Security Agency contractor Edward Snowden. Hewlett-Packard's Dan Lamorena says agencies need to invest in security strategically. "Security intelligence tools, software and application testing, better people and training, and better data protection tools—these all offer higher return on interest, but they're not getting enough investment so far," he observes.
GOP Senator 'Very Close' to Introducing Cybersecurity Bill
The Hill (10/08/13) Sasso, Brendan
Senate Intelligence Committee vice chairman Sen. Saxby Chambliss (Ga.) on Tuesday said the Senate is "very close" to introducing a bill aimed at cybersecurity information-sharing between the federal government and private industry. The bill, which Chambliss is working on with Intelligence Committee chairwoman Dianne Feinstein (D-Calif.), would be the Senate's version of the Cyber Intelligence Sharing and Protection Act (CISPA), which the House passed in April. Like the House bill, the Senate bill offers immunity to companies that share data to eliminate the concern of litigation from customers. Information would be managed by a government portal, with the National Security Agency playing a major role because "they're the experts," Chambliss says. CISPA co-authors Reps. Mike Rogers (R-Mich.) and Dutch Ruppersberger (D-Md.) are working closely with Chambliss and Feinstein on the Senate bill, which could be merged with CISPA if it passes the Senate.
Abstracts Copyright © 2013 Information, Inc. Bethesda, MD |
No comments:
Post a Comment