| Learn more! -> | | | | | Ex-Microsoft Employee Charged With Trade Secret Theft Bloomberg (03/20/14) Gullo, Karen; Pettersson, Edvard Former Microsoft employee Alex Kibkalo, a Russian national, was arrested on March 19 and charged with stealing the company's trade secrets. The criminal complaint filed by U.S. prosecutors stated that Kibkalo had admitted to Microsoft's investigators that he stole the confidential information, including the code for a program called the Microsoft Activation Server Software Development Kit. The program is used by Microsoft to protect against copyright infringement. Kibkalo then allegedly leaked the trade secrets to a French blogger, who contacted an individual asking for help examining the anti-copyright infringement kit's code. It was that individual, who asked for his identity to be withheld, who alerted Microsoft to the theft in 2012. Microsoft's investigation into the theft traced the leak to Kibkalo, who had been working for Microsoft as a software architect for seven years. Teen Sneaks Past Security, Climbs Atop 1 World Trade Center ABC News (03/20/14) Margolin, Josh; Newcomb, Alyssa Security at New York City's One World Trade Center is being investigated following a recent incident in which a teenager was able to climb the building's spire. Authorities say that 16-year-old Justin Casquejo of New Jersey squeezed through a 12-by-12-inch hole in the middle of the night on March 16 to reach the spire. Casquejo, who has admitted to climbing the spire, was arrested by Port Authority police after a construction supervisor saw him coming down from the top of the building. Security at One World Trade Center was thought to be impenetrable before this incident took place. U.S. Alleges Inside Traders Used Spycraft, Ate Evidence Wall Street Journal (03/19/14) Smith, Jennifer Prosecutors say three men began running an insider trading ring in February 2009 using information from Simpson Thacher & Bartlett, a mergers-and-acquisitions law firm where one of the men worked as a managing clerk. Steven Metro, the clerk, allegedly used the law firm's computer system to gather information on deals and sensitive corporate developments related to the firm's clients that he then shared with an unnamed friend, who allegedly passed the tips to his broker-dealer, Vladimir Eydelman, whose most recent employer was Morgan Stanley. The middleman allegedly met Eydelman at New York City's Grand Central Station and after showing him a piece of paper with the trading symbol of the company in question would eat the paper. He also allegedly exchanged insider tips with Metro after using code like "let's meet for coffee" to arrange the information sharing meetings. It is not known how the alleged scheme came to the attention of the prosecutors, though potentially suspicious activity is often reported to the Securities and Exchange Commission by trading exchanges and self-regulatory bodies. Metro and Eydelman were arrested Wednesday and released on $1 million bond each. Metro and Eydelman face several criminal charges that could result in as many as 20 years in prison for each of them. The third man, a mortgage broker, is cooperating with prosecutors and is expected to enter a plea agreement which could earn him a reduced sentence. Incidence of US Cargo Theft Remains the Same in 2013 Forbes (03/17/14) Banker, Steve FreightWatch International reports that cargo theft figures remained relatively stable in 2013 compared to 2012. However, Freight Watch still ranks the United States at four out of five points in terms of its risk of cargo theft. The report also found that the number of violent cargo thefts remained low, making up 1.3 percent of all cargo thefts in 2013. “Cargo thieves in the United States largely tend to pursue loaded trailers and containers that are stationary and unattended, and in 2013 a whopping 73 percent of all thefts fell into this category," the report said. The average loss in a theft dropped from $550,000 in 2009 to just over $170,000 in 2013, and the percentage of deceptive pickups declined to just 6.4 percent of incidents. These steady figures and even slight declines are particularly notable in light of the nation's unusually severe winter, as winter storms tend to result in an increase in the number of cargo thefts. Organized cargo thieves often take advantage of bad weather by blocking normal routes, sometimes forcing trucks to take shelter at temporary storage points. “Cargo at rest is cargo at risk. Thieves prey on disruption,” the report explains. The Cost of Doing Business in Mexico Security InfoWatch (03/17/14) Griffin, Joel Large, multinational corporations face a substantial cost of doing business in Mexico due to the continuously changing threat landscape, which requires security executives and their organizations to be able to adapt quickly to changes. The nation is plagued by an ongoing war between drug cartels, which has to be taken into account in enterprise risk management plans, as do other crimes including cargo theft, extortion and kidnapping. One change in the security landscape took place in January, when the Mexican government decided to legalize various vigilante groups and formed them into quasi-military units. Samuel Logan, the director of the strategic advisory group Southern Pulse, noted that six months ago many of the larger conflicts between cartels died down, but believes that the trend could be heading towards increased violence depending on how widespread these vigilante groups become. He suggested that companies with operations in Mexico maintain a certain level of situational awareness and conduct detailed due diligence on third-party vendors and employees. Charlie LeBlanc, the vice president of security services for FrontierMEDEX, noted that companies have had to include security in the cost of doing business in Mexico for some time and that many of those costs have risen. He added that over the last decade, five of his company's clients shutdown their facilities in Mexico and moved them back to either Canada or the U.S. because they did not want to put their employees at risk and because they were concerned about the "overall lack of law enforcement capacity and capability" in Mexico. Australia Says Nothing Spotted in Search for Plane Associated Press (03/21/14) Aerial searches of a remote part of the Indian Ocean that were prompted by the appearance of possible debris from Malaysia Airlines Flight 370 on satellite images have not turned up anything that could be from the missing aircraft. Acting Australian Prime Minister Warren Truss said Friday that the search for the two objects that were seen in the images may have been fruitless in part because the images were taken five days ago, and any objects floating on the ocean's surface may have sunk or moved away since then. Weather conditions in the area where the search is being performed have also been bad, Truss said. But the search for possible debris from the plane will continue in the area. Aircraft that have been sent to look for potential signs of the plane are using radar to detect objects on the ocean surface and are then flying low over the water to make visual identifications of any objects that are seen. Meanwhile, more aircraft and ships from China are en route to the search zone. Back in Malaysia, where the flight originated, authorities have not ruled out any possible cause for the plane's disappearance, including terrorism, hijacking, or sabotage. Search of Malaysia Pilot's Home Finds No Signs of Terrorism, Suicide Los Angeles Times (CA) (03/18/14) Serrano, Richard A. Two U.S. law enforcement officials who were briefed by Malaysian officials on the results of a search of the home of Zaharie Ahmad Shah, the pilot of the plane that disappeared March 8 enroute to Beijing from Kuala Lumpur, say that neither Shah nor his co-pilot appear to have deliberately taken the plane off course. Investigators looked into whether Shah may have been using a flight simulator to learn how to turn off in-flight devices, including the transponder, or to practice flight patterns heading away from Beijing, but they did not found any evidence that Shah did either one of these things. Nothing in the personal lives of Shah or his co-pilot pointed to the possibility of trouble, while communications between them and Malaysia's air traffic control tower were normal. These latest findings seem to discredit theories that either the pilot or the co-pilot were trying to commit suicide. Investigators are now focusing on a possible hijacking or another form of sabotage, including the tampering of the aircraft's computer systems by someone who wanted to divert the plane. However, investigators say it remains possible that one of the pilots tried to divert the plane. NSA Surveillance Program Reaches ‘Into the Past’ to Retrieve, Replay Phone Calls Washington Post (03/18/14) Gellman, Barton; Soltani, Ashkan The National Security Agency (NSA) can record "every single" phone call in a foreign country and review those conversations up to a month after they occur, according to a briefing slide leaked by former NSA contractor Edward Snowden. This voice interception and retrieval program originated in 2009 and reached full capacity to target a nation in 2011. It works by using collection systems that store billions of conversations on a rolling, 30-day basis. While analysts would usually only listen to a fraction of 1 percent of the total calls, they send millions of voice clippings for processing and long-term storage each month. Although the documents identify the country where the system was deployed or the five or six other countries where its use may have been planned, those details are being withheld by journalists at the request of U.S. officials. National Security Council spokeswoman Caitlin Hayden did not comment on the specific program, but she did say that, “new or emerging threats” are “often hidden within the large and complex system of modern global communications, and the United States must consequently collect signals intelligence in bulk in certain circumstances in order to identify these threats.” Pentagon: Navy Yard Shooting Could Have Been Prevented Wall Street Journal (03/18/14) Nissenbaum, Dion Defense Secretary Chuck Hagel announced March 18 that the investigation into the Washington Navy Yard shooting in September 2013 has uncovered "troubling gaps" in the U.S. security screening process. Hagel added that the shooting might have been prevented had the gunman's troubling behavior in the run-up to the shooting been detected by Defense Department officials or reported by the defense contractor for which he worked. In order to fix these gaps, Hagel has launched a review to determine if the Department of Defense (DOD) can reduce the 2.3 million people it has currently given security clearances to by at least 10 percent. Hagel also wants to create a new system to oversee those people working for the DOD who hold security clearances. Under the new system, those clearances would be regularly reevaluated. These changes come as part of a larger attempt to prevent physical and digital security problems, including massive data leaks like the one perpetrated by former National Security Agency contractor Edward Snowden. The U.S. government has a total of 5 million people with security clearances. Reviews of these clearances still rely on self-reporting of issues such as legal disputes or arrests. Enhanced Airport Security May Waste Money, Study Says Los Angeles Times (CA) (03/16/14) Martin, Hugo A new study, "Cost-Benefit Analysis of Airport Security: Are Airports Too Safe?," published in the March edition of Journal of Air Transport Management, concluded that the addition of greater security measures at airports in the United States may not be worth the cost. The study by John Mueller, a professor of political science at Ohio State University, and Mark G. Stewart, a civil engineering professor at the University of Newcastle in Australia, suggested that the U.S. should instead consider relaxing some of the currently existing security tactics in use at the nation's airports. Using cost and risk reduction numbers for Los Angeles International Airport that were calculated before the Nov. 1 shooting there, Mueller and Stewart looked at several potential threats, as well as several potential security measures. After looking at the cost and effectiveness of those security measures in managing the potential threats, the study concluded that the cost of such measures would not be justified, as none of them would be able to completely eliminate any of the threats. The report added that, given how highly questionable increasing security was found to be, airports may want to consider whether their current security arrangements might be excessive. In their report, Mueller and Stewart also concluded that airports are not priority targets for terrorists. Researchers Find Cross-Platform RAT for Windows, Android CSO Online (03/19/14) Gonsalves, Antone The WinSpy remote access tool (RAT) that was sent via e-mail to a U.S. financial institution during a spear-phishing attack can be used to take control of either a Windows machine or a mobile device running Android, according to researchers at FireEye. WinSpy can be used by an attacker to access all the information captured from compromised Android devices and PCs through the software author's servers. However, an attacker would have to find a way to trick a user into installing WinSpy first. FireEye senior threat intelligence researcher Nart Villeneuve commented that the application was probably made to be cross-platform because of growing demand among hackers for Android-based RATs. He added that cross-platform RATs will become more common in the future. Villeneuve noted that WinSpy is not a major cybersecurity threat because it is flagged as malware by anti-virus products, so CSOs should be more concerned about the continued interest among hackers in finding ways to access Android devices. Cyberattack 'Could Cause Blackouts' Wall Street Journal (03/18/14) King, Rachael Cybersecurity researchers say that the nation's electric grid is vulnerable to both physical and cyberattacks, and warned that any serious attack on the grid would likely involve both attack techniques. The Wall Street Journal reported last week that the grid could experience a coast-to-coast outage if just nine of the nation's 55,000 electric-transmission substations were knocked out on an extremely hot summer day. Those findings have been corroborated by a Federal Energy Regulatory Commission (FERC) study found that coordinated physical attacks in each of the nation's three separate electric systems could result in a collapse of the whole network that could continue for weeks or even months. Experts believe that in most cases physical attacks would be conducted by overseas groups who send operatives to the U.S., though cyberattacks against the nation's electric grid could be carried out from anywhere in the world. James A. Lewis, the director and senior fellow of the technology and public policy program at the Center for Strategic and International Studies, added that the difficulty of tracing a cyberattack would give the attacker plausible deniability. The FERC is hoping to improve the security of the grid by implementing mandatory standards to protect critical facilities from physical security threats and vulnerabilities. 25,000 UNIX Servers Hijacked by Backdoor Trojan Help Net Security (03/18/14) ESET has worked with other leading security agencies such as the Swedish National Infrastructure for Computing and CERT-Bund to uncover a widespread cybercriminal campaign involving a backdoor Trojan. The malware, dubbed Operation Windigo by security experts, has seized control of more than 25,000 UNIX servers globally. Once infected, targeted systems are used to steal credentials, redirect Web traffic to malicious content, and send as many as 35 million spam messages daily. Servers located throughout the U.S., Germany, France, and Britain are among those infected. "Windigo has been gathering strength, largely unnoticed by the security community, for more than two and a half years and currently has 10,000 servers under its control," says ESET's Pierre-Marc Bureau. More than 60 percent of the world's websites run on Linux servers, so ESET researchers are warning Webmasters and system administrators to check if their systems have been compromised. The company has published a detailed technical report that provides guidance on how organizations can remove the malicious code. Operating systems altered by the spam component include Linux, FreeBSD, OpenBSD, OS X, and Windows. Amplified DDoS Attacks Increasingly Use Network Time Service eWeek (03/18/14) Lemos, Robert Prolexic says large-scale distributed denial-of-service (DDoS) attacks have become more prevalent among cybercriminals and hacktivists, in particular attacks that use a vulnerability in the network time protocol (NTP) to generate copious data. Prolexic released an advisory on March 12 about attacks that target vulnerable NTP servers, which have increased by nearly fourfold in the last month. Such attacks can boost the bandwidth of a simple NTP request by more than 300 times, creating a large spike in traffic. NTP amplification attacks are uncomplicated to implement and deliver the largest spike in traffic. Attacks using NTP started appearing at the end of 2013 and accelerated considerably this year. "It is the convergence of what [is] old is new again with the evolution of DDoS-as-a-service," says Akamai Technologies' Stuart Scholly. "You can go to these service sites and pay nominal dollars as a nontechnical person and generate pretty substantial attack sizes." An attacker can potentially overwhelm a victim's network with an upsurge of data by asking an NTP server for a list of previous requesters and spoofing the source address of the request to point to the victim, the firms note. Despite Pwn2Own 2014 Hacks, Application Sandboxing Still Critical SearchSecurity.com (03/18/14) Blevins, Brandan Bug hunters and researchers attending the recent CanSecWest security conference's Pwn2Own hacking contest were able to successfully demonstrate 35 successful exploits of some of the most popular browsers and software suites. Despite these successes, participants and organizers say the results of this year's contest show that popular software is increasingly more secure and harder to compromise. Brian Gorenc with HP's Security Research group says most of the successful exploits had to target multiple vulnerabilities in order to succeed. "As the mitigations get added in to technologies, it is becoming more difficult," he notes. "It takes a significant amount of time to develop that chain of exploits." Chief among these mitigation techniques is the use of application sandboxing. Most major browsers and software have implemented sandboxing, thus requiring attackers to create exploits simply to defeat or escape the sandbox before they can exploit the targeted software. However, Carnegie Mellon University's Will Dormann says sandboxing alone is not enough. He suggests security professionals apply several other controls, such as running the Firefox browser's NoScript add-on and Microsoft's Enhanced Mitigation Experience Toolkit (EMET). EMET, for example, was able to mitigate all of the zero-day exploits of Internet Explorer used at Pwn2Own in 2013. Abstracts Copyright © 2014 Information, Inc. Bethesda, MD | |
No comments:
Post a Comment