Search This Blog

Friday, October 25, 2013

Security Management Weekly - October 25, 2013

header

  Learn more! ->   sm professional  

October 25, 2013
 
 
Corporate Security
Sponsored By:
  1. "No Clues in Hunt for Americans Kidnapped at Sea, Nigeria's Military Says"
  2. "Laptop Thefts from Medical Office Compromise 729K Patient Files" California
  3. "NSA Surveillance Creeps Onto Tech’s Lobbying Agenda"
  4. "Thieves Pose as Truckers to Steal Huge Cargo Loads"
  5. "Experian Sold Consumer Data to ID Theft Service"

Homeland Security
  1. "Merkel, Hollande Want to Forge New Rules for Sharing Intelligence Data with U.S."
  2. "US Warns Foreign Spy Agencies About Snowden Documents"
  3. "U.S. Intelligence Official Disputes Spying Report in French Newspaper"
  4. "Secret Memos Reveal Explicit Nature of U.S., Pakistan Agreement on Drones"
  5. "Civilian Deaths in Drone Strikes Cited in Report"

Cyber Security
  1. "Attackers Use Smaller Botnets to Launch High-Bandwidth Attacks"
  2. "Problems Arise With Cybersecurity at Shippingport Nuclear Power Plant in Beaver" Pennsylvania
  3. "Dept. of Energy Breach: Bigger Than We Realized"
  4. "Survey: IT's Cloud, BYOD Policies Don't Deter Gen Y Use" Bring Your Own Device
  5. "Google's 'Project Shield' Will Offer Free Cyberattack Protection to Hundreds of At-Risk Sites"

   

 
 
 

 


No Clues in Hunt for Americans Kidnapped at Sea, Nigeria's Military Says
NBC News (10/25/13) Bruton, F. Brinley; Miklaszewski, Jim

The Nigerian military said Oct. 25 that it has uncovered no leads in its search for two Americans believed to have been kidnapped by pirates from a U.S.-flagged oil-supply vessel sailing off the Nigerian coast. Nigerian navy spokesman Kabiru Aliyu noted that the navy has deployed search and rescue teams and is looking for the missing individuals in local waters. The U.S. State Department has confirmed that the victims were likely taken by pirates, and there is no information to indicate that the kidnappers have terrorist connections. The kidnapped Americans are believed to be the captain and chief engineer of the C-Retriever. The ship's insurer said that the vessel itself was "not under the control of pirates." Currently the U.S. end of the investigation is being managed by the State Department and the FBI. The U.S. Marine Corps. does have a small training unit in the area, but it is unclear if it would get involved in any search and rescue attempts. Maritime experts say the incident is indicative of the rising level of pirate activity in West Africa's Gulf of Guinea. While pirates off the Somali coast have historically gotten the most attention, all of the crew kidnappings in the first nine months of 2013 occurred in the Gulf of Guinea, according to the International Maritime Bureau.


Laptop Thefts from Medical Office Compromise 729K Patient Files
SecurityInfoWatch.com (10/23/13) Winton, Richard

The hospital group AHMC Healthcare, based in San Gabriel Valley, Calif., reports that two laptops were stolen on Oct. 12 from one of its administration buildings. Hospital officials reported on Oct. 22 that the theft compromised health data on 729,000 patients. That data includes patient names, insurance information, diagnoses, and payment records as well as the Social Security numbers of Medicare patients. AHMC had previously reported the theft to the police as soon as it was discovered on Oct. 14. The floor from which the laptops were taken is video monitored and the entire administration building is "gated and patrolled by security," company officials added. Both of the laptops are password protected, and there is no indication that the stolen information has been accessed or used. Still, AHMC has advised affected patients to place fraud alerts on their credit files and monitor credit activity closely.


NSA Surveillance Creeps Onto Tech’s Lobbying Agenda
Politico (10/23/13) Romm, Tony

An analysis of lobbying reports from the third quarter indicates that some technology companies are spending more money to lobby lawmakers so that they will have a say in any possible reform of the National Security Agency's surveillance programs. Google, for example, revealed in its third-quarter lobbying report that it spent $3.3 million during the three-month period lobbying regulators on cybersecurity and other issues. But the report also noted that Google lobbied lawmakers on two surveillance reform bills that would limit the NSA's authority to carry out surveillance. However, representatives from Google have not publicly said how Congress should limit the NSA's surveillance capabilities or whether it should do so at all. Meanwhile, Apple reported that it spent nearly $1 million on lobbying in the third quarter on a variety of policy issues, including government requests for data. That amount is the most the company has ever spent on lobbying in Washington during a three-month period. While it remains unclear exactly what these and other tech companies hope to accomplish by stepping up their lobbying, public comments by representatives from these firms indicate that they are primarily concerned with making government requests for data more transparent. However, tech companies are also closely watching Congress for signs that it will change surveillance laws in such a way that it will impact their business.


Thieves Pose as Truckers to Steal Huge Cargo Loads
Associated Press (10/21/13) Hegeman, Roxana

Thieves have begun posing as truckers to steal large shipments of cargo by using the Internet to access online databases where they can assume the identities of legitimate freight haulers and identify the commodities they want to target. Thieves can assume an identity of a trucking company by spending as little as $300 to reactivate a dormant Department of Transportation carrier number on a government Web site. These thefts are still little-known and only rarely discussed outside of the commercial trucking industry, but information on the thefts has been coming out in crime reports and Associated Press interviews. The most commonly stolen items are food and beverages, which are easy to sell on the black market and hard to trace. Stolen loads are also difficult to recover, as companies often do not know there is a problem until the shipment fails to reach its destination, generally four or five days after the fake pick-up, by which point the goods have likely been sold. The thefts not only harm the trucking industry and commerce, but also increase consumer prices, and could place the health and safety of consumers at risk if the stolen products are allowed to spoil or are tampered with before they are returned to the market. Freight brokers have been encouraged to take extra precautions, such as getting drivers' thumbprints, and to look for clues that could indicate a suspicious driver, such as temporary placards or identification numbers, the lack of a GPS, and sudden changes in the time of the pickup.


Experian Sold Consumer Data to ID Theft Service
Krebs on Security (10/20/13) Krebs, Brian

An investigation by KrebsOnSecurity has found that the underground identity theft service Superget.info was able to purchase much of the data it sold from the credit bureau Experian. The abbreviations of the data being resold by Superget.info apparently matched data sets produced by USInfoSearch.com, whose CEO Marc Martin said the data was not obtained directly through his company. Martin said the data was obtained from Court Ventures, a company that had struck an information sharing agreement with US Info Search several years ago. Court Ventures was then purchased in March 2012 by Experian. Martin said that those running Superget.info were able to gain access to Experian's databases by posing as a U.S.-based private investigator, despite being based in Vietnam and paying for the service with wire transfers from Singapore. Experian acknowledged the broad outlines of Martin's story, and added that it had worked with the Secret Service to bring a Vietnamese national, Hieu Minh Ngo, to justice in connection with the online ID theft service. Ngo was lured out of Vietnam to Guam, then transferred to New Hampshire where he is facing 15 criminal charges. It is not clear what trouble Experian will face for its involvement in the scheme, if any.




Merkel, Hollande Want to Forge New Rules for Sharing Intelligence Data with U.S.
Washington Post (10/25/13) Birnbaum, Michael

German Chancellor Angela Merkel and French President Francois Hollande on Friday proposed creating a new agreement that governs how intelligence services in their countries cooperate with those in the U.S. The two leaders said that the goal of the new agreement is to make U.S. intelligence operations in Europe more transparent. In addition, the agreement would create "norms and standards" governing the cooperation between French, German, and American intelligence agencies, Merkel said. The proposal comes amid an uproar in Europe over the National Security Agency's surveillance programs. That anger was stoked further on Thursday by a report that noted that a U.S. official had provided the NSA with 200 phone numbers of 35 world leaders. Surveillance was performed on at least some of those phone lines, though the effort reportedly resulted in little in the way of reportable intelligence because the lines were not used for sensitive discussions. There have also been allegations that Merkel herself was the target of U.S. surveillance. President Obama reportedly denied that surveillance is being carried out against Merkel now or in the future, though he did not say whether such surveillance has been carried out in the past.


US Warns Foreign Spy Agencies About Snowden Documents
Voice of America News (10/25/13)

U.S. officials have issued a warning to foreign spy agencies that the documents stolen by National Security Agency (NSA) leaker Edward Snowden contain information about their secret dealings with U.S. intelligence agencies. The documents reportedly contain information on operations against Iran, Russia, and China as well as operations involving countries that are not openly allied with the United States. The warning comes as the United States continues to face national and global fallout from the information Snowden, who remains in Russia, released. The Obama administration has denied a number of new reports about its intelligence activities. However, administration officials have said that Snowden's information involves intel "gathered by all nations." President Obama, meanwhile, has ordered a review of U.S. intelligence collection in an effort to balance security and privacy concerns.


U.S. Intelligence Official Disputes Spying Report in French Newspaper
New York Times (10/24/13) Bilefsky, Dan

Director of National Intelligence James R. Clapper on Tuesday disputed the way in which the French newspaper Le Monde characterized the National Security Agency's surveillance efforts against French targets in a recent story. That story, which was based on documents provided by Edward Snowden, noted that the NSA had collected as many as 70 million digital communications inside France between December 10, 2012 and Jan. 8. But according to Clapper, the NSA did not collect those communications as the newspaper claimed. However, Clapper did not address reports that the NSA had monitored "French diplomatic interests" at the United Nations and in Washington, D.C. The allegations of spying against French targets have angered French government officials, including the French foreign minister, who asked to meet with American Ambassador Charles H. Rivkin on Monday to discuss the matter. Other U.S. allies, such as Brazil, Germany, and Mexico, have reportedly been targeted by the surveillance efforts as well.


Secret Memos Reveal Explicit Nature of U.S., Pakistan Agreement on Drones
Washington Post (10/24/13) Miller, Greg; Woodward, Bob

The Washington Post has obtained top-secret CIA documents and Pakistani diplomatic memos that show that Islamabad has tacitly given its approval to the U.S. drone campaign, despite the fact that Pakistani officials have routinely spoken out against the attacks. Many of the files, which describe drone attacks that took place in Pakistan's tribal region between late 2007 and late 2011, bear markings that indicate that they were intended to be shared between the CIA's Counterterrorism Center and the Pakistani government. At least two documents noted that the Pakistani government played a direct role in selecting targets for the drone attacks. The documents also indicate that Pakistani officials regularly received classified briefings from American officials about the drone strikes. Some of those briefings were given by Deputy CIA Director Michael J. Morell to Husain Haqqani, who at the time was Pakistan's ambassador to the U.S. The Pakistani Embassy in Washington has not commented on the documents, though Pakistani Prime Minister Nawaz Sharif said in several statements this week that Islamabad is opposed to U.S. drone strikes in Pakistani territory and that the attacks need to be brought to an end. A spokesman for the CIA, meanwhile, refused to discuss the documents but did not call the authenticity of the files into question.


Civilian Deaths in Drone Strikes Cited in Report
New York Times (10/22/13) Walsh, Declan; Mehsud, Ihsanullah Tipu

A new investigation conducted by Amnesty International has found that the CIA's drone campaign in Pakistan has caused substantial distress for the citizens of Miram Shah, a town in northwestern Pakistan, that has seen at least 13 drone strikes since 2008. Among other findings, the investigation determined that at least 19 civilians in the town and surrounding area of North Waziristan have been killed in two drone attacks since January 2012. The strikes in the area mostly occur in densely populated neighborhoods, which is unusual for the overall American drone campaign. The Obama administration, meanwhile, has claimed that drone strikes are highly accurate and without mistakes. Though the number of strikes has fallen recently, the drones continue to hover over Miram Shah, as Islamist fighters from many militant groups shelter in the area, increasing tensions over when the next strike will take place. The Amnesty International report is scheduled to be released on Oct. 22, along with a separate Human Rights Watch report on American drones strikes in Yemen. The reports come just days ahead of a United Nations meeting on Friday that will focus on concerns over the U.S. drone campaign.




Attackers Use Smaller Botnets to Launch High-Bandwidth Attacks
Help Net Security (10/24/13)

Cybercriminals are increasingly modifying the way they carry out denial-of-service (DoS) attacks, according to a Prolexic study. Prolexic found that cybercriminals are using a form of DoS attacks called distributed reflection denial of service (DrDoS) attacks, in which botnets use the bandwidth of intermediary victims to amplify the effect of malicious traffic directed at a particular target. Prolexic's Stuart Scholly says amplification allows for the use of smaller botnets in carrying out the attack, which in turn makes it easier for the attackers to hide the source of malicious traffic. These advantages have led to a 265 percent increase in DrDOS attacks between the third quarter of 2012 and the third quarter of this year, Prolexic reports. The number of distributed denial-of-service (DDoS) attacks, meanwhile, rose 58 percent between the third quarter of last year and the third quarter of 2013. During that same period, the number of application layer attacks rose by 101 percent, while the number of infrastructure attacks rose by 48 percent. Attacks also lasted longer, with the average duration rising from 19 hours in the third quarter of last year to 21.33 hours in the same quarter this year. Finally, Prolexic found that more than 62 percent of all DDoS attacks in the third quarter of this year came from China.


Problems Arise With Cybersecurity at Shippingport Nuclear Power Plant in Beaver
Pittsburgh Tribune (10/23/13) Puko, Timothy

The Beaver Valley nuclear power plant has received two violations for poor security in the plant's cyber security program. The Nuclear Regulatory Commission (NRC) reported the problems to plant officials on Oct. 21. The problems were discovered after inspections began across the country to ensure older plants are prepared to defend against modern cyber-attacks, hackers, and data glitches. Because NRC rules are new on the subject the Beaver Valley plant will not be punished. FirstEnergy, owner of the plant, says Beaver Valley did better than other plants, but noted that the plant relies on analog technology which reduces its exposure to cyber threats. However, officials maintain that reliance on analog technology does not impact safety measures. Beaver Valley was built in the 1970s and has experienced a myriad of problems over the past 18 months. Those problems which included plant access problems and earthquake risks led to citations.


Dept. of Energy Breach: Bigger Than We Realized
InformationWeek (10/22/13) Schwartz, Mathew J.

The U.S. Department of Energy has almost doubled the number of people it now believes were affected by a July data breach, according to an Oct. 11 memo. The breach entailed the theft of the personal information of current and former employees, contractors, and dependents. An initial internal memo sent on Aug. 14 estimated that at last 14,000 people had been affected, with that number revised upward to 53,000 later that month. The latest estimate puts the number of affected people at 104,179. The Oct. 11 memo says 64,480 of these are current or former contractors and their family members. The memo further notes that 2,800 current employees using direct deposit also had their bank account numbers compromised by the breach. The breach reportedly involved DOEInfo, a database used by the agency's chief financial officer that is said to have been an outdated, publicly-accessible, and unpatched ColdFusion system. DOE's Kevin Knobloch says the agency is continuing to investigate the breach with the help of other federal agencies, while DOE's Inspector General has been directed to "conduct a management review of the facts leading up to the attack and compromise."


Survey: IT's Cloud, BYOD Policies Don't Deter Gen Y Use
SearchSecurity.com (10/22/13) Blevins, Brandan

Generation Y users increasingly ignore IT security policies so they can use their own devices and take advantage of cloud services, according to a Fortinet survey of 3,200 users. The survey found that many users between the ages of 21 to 32 intentionally disregard bring your own device and cloud policies and that 65 percent of respondents use personal devices such as smartphones, tablets, or laptops for work purposes most workdays. However, 51 percent of those surveyed said they would violate a corporate policy restricting the use of personal mobile devices at work, a 42 percent increase from a similar survey Fortinet conducted a year ago. Fortinet's John Maddison says enterprises should continue educating young users on corporate security policies and threats against mobile devices and cloud services. Network segmentation might need to be considered, such as using a virtual private network to gain access to a particular segment, he says. Enterprises also should increase their analysis of internal network traffic flow and establish more network security controls as needed.


Google's 'Project Shield' Will Offer Free Cyberattack Protection to Hundreds of At-Risk Sites
Forbes (10/21/13) Greenberg, Andy

Google has announced Google Shield, a product of the Google Ideas initiative, that will offer certain websites free protection from distributed denial-of-service (DDoS) attacks. Google's C.J. Adams describes Google Shield as a hybrid of the company's Page Speed hosting service and Google's internal DDoS mitigation capabilities, which leverage the company's massive server capacity and data filtering capacity. According to Adams, Google has been field-testing Google Shield with a handful of political organizations around the world whose websites are frequently the target of DDoS attacks. One of the organizations, Kenya's Independent Electoral and Boundary Commission, monitors elections in the West African nation and had routinely been disrupted by DDoS attacks. Adams says Google Shield enabled the group's site to stay online during an election for the first time in its history. Google will not be offering Google Shield as a commercial product, but instead is providing it as a free service to selected groups. Adams says Google will focus on providing the service to organizations concentrating on issues such as censorship, human rights, election monitoring, and other political causes, especially in developing nations and those with repressive governments.


Abstracts Copyright © 2013 Information, Inc. Bethesda, MD


  ASIS also offers a daily and a non-sponsored, special-content Professional Edition of
Security Newsbriefs. Please click to see a sample or to contact us for more information.

Unsubscribe | Change E-mail | Advertising Opportunities | Security Management Online | ASIS Online

No comments: