| |
Experian Faces Connecticut, Illinois Probes of Data Breach
Wall Street Journal (04/03/14) Yadron, Danny
Representatives for Connecticut Attorney General George Jepsen and Illinois Attorney General Lisa Madigan have confirmed that they are investigating Experian following a breach of a company database by Hieu Minh Ngo, a Vietnamese man who has pleaded guilty to selling credit-card data, Social Security numbers and other personal information to fraudsters that had been taken from the Experian database. Ngo reportedly posed as a private investigator to become a customer of a California-based court records firm that allowed its customers to access a database with records on around 200 million Americans. Experian, which now owns the court records firm, commented that it was likely that Ngo had access a much smaller number of records. Experian claimed that it did not have control over the impacted database and says it was managed by U.S. Info Search, which had a partnership with the court records firm. The database was reportedly queried more than 3 million times on behalf of Ngo's customers, though the government still does not know how many individuals were impacted by the breach. The investigation is the first action against Experian since Ngo plead guilty.
U.S. Officials Warn of Pattern in ATM Hacks
Wall Street Journal (04/03/14) Tracy, Ryan
The Federal Financial Institutions Examination Council has issued a warning about an expanding campaign of cyberattacks against bank ATM networks. The council says the attacks pose the greatest threat to small- and medium-sized banks. The attacks consist of cybercriminals using payment card numbers and PINs stolen from retailers and elsewhere to make withdrawals from customer accounts. These withdrawals are for large amounts of money taken from a number of ATMs simultaneously over a short period of time. The council notes that the cybercriminals behind these attacks are able to bypass ATM withdrawal limits by hacking into and changing the settings of Web-based control panels for ATM networks. Banks are being urged to take steps to protect themselves from these attacks, including training employees to identify email-based cybersecurity threats, performing ongoing vulnerability assessments, and having systems in place that can detect cyberattacks in progress.
Mitigating Retail Shrink with Better Monitoring
Security (04/14) Meyer, Claire
Some retailers are using improved security monitoring systems, including both live and recorded video, to reduce the amount of money lost through retail shrinkage and to track and identify suspected thieves. For example, a new Century 21 store in New Jersey has begun using an Internet Protocol (IP) surveillance system that includes cameras placed in domes over the sales floor. Company officials say the system reduces lag time in camera control and allows for real-time tracking of suspicious behavior. “We have very proactive LP (loss prevention) policies in place to protect our inventory and guest experience so we needed the lowest latency and best quality picture from these domes as possible,” says James Betesh, the vice president of loss prevention at Century 21 Department Stores. To achieve these goals, Century 21 also installed a unified video management system that can condense video clips for faster investigations and allow security employees to access the video on mobile devices.
How Remote Monitoring Adds Value from Afar
Security (04/14) Finkel, Ed
Remote monitoring is an important part of security for many businesses, but some organizations require more complex systems than others. The four hospitals that make up the University Health Network in Toronto, for example, use about 500 cameras, alarm systems, and panic devices at each facility. Todd Milne, the senior manager of security operations for the network, commented on the system supplied by Johnson Controls Canada. “We have to balance safety and security with the need of healthcare for a person," he says, which is where remote monitoring comes in. And IHS Research study has found that Milne is not alone in his support for remote monitoring, which the study expects will grow in the next several years, particularly in the education, government, data center, and hospitality markets. As Sam Grinter, a market analyst for building technologies at IHS explains, remote monitoring helps save costs for security departments being asked to do more with less.
Training Employees to be First Line of Defense Against Active Shooters
Security Director News (03/31/14) Canfield, Amy
Jeremiah Hart of the Force Training Institute says that employees need to be trained on how to handle active shooter situations until law enforcement arrives. Speaking at a March 29 seminar, "Workplace Safety: Active Shooter and Emergency Response,” Hart says such training should be part of the plans companies have for dealing with active shooter scenarios. For example, he calls on companies to train their employees to recognize the sound and smell of gunfire in different environments. He also says that employees should be able to spot warning signs and report them. In addition, employees should be trained to run and help others who may freeze up during active shooter situations, Hart explains. This training should also include asking employees what they would do in an active shooter situation, such as what they would use to barricade a room they choose to hide in or what they would tell the 911 dispatcher. Finally, Hart says, employees should be trained on how to react when the police arrive, pointing out that they should not come out of hiding until actively approached by an officer to avoid being caught in the crossfire.
Soldier’s Attack at Base Echoed Rampage in 2009
New York Times (04/04/14) Fernandez, Manny; Kovaleski, Serge F.; Schmitt, Eric
Wednesday's shooting at Fort Hood is raising questions about how well the U.S. Army and the Pentagon responded to the 2009 shooting at the same facility. Following the 2009 attack, officials with the Army and the Defense Department conducted a review of the security measures and other programs that were in place to prevent such incidents from occurring, including the procedures used to identify service members who could pose a potential threat to others as well as the military's mental health programs. That review resulted in a report that called for a greater focus on internal threats within the military, the development of guidance and awareness programs to help commanders identify service members who display troublesome behavior, and an information-sharing program to keep high-ranking military officials informed about potential threats. Yet despite those recommendations, Wednesday's shooting unfolded in much the same way as the 2009 attack, with a soldier in uniform sneaking a weapon onto the base and beginning to fire in the facility's medical support area. Officials at Fort Hood say it would be impossible to check soldiers or other personnel entering the base for unauthorized handguns, given the fact that there are 100,000 people at the facility on any given day. However, officials at Fort Hood say they are responding to the shooting by examining whether the gunman--who was being evaluated for post-traumatic stress disorder--was being given the mental health treatment he needed.
Fort Hood Shooter Had Psychiatric Issues but Showed no ‘Sign of Likely Violence,’ Officials Say
Washington Post (04/04/14) Whitlock, Craig; Leonnig, Carol D.
Officials say that Spc. Ivan A. Lopez, the Iraq war veteran who killed three people and then himself at Fort Hood, Texas, on Wednesday had a history of mental illness but had shown no potential for violence. Information released April 3 indicates that Lopez received treatment for anxiety and depression, but investigators are still trying to determine what caused him to open fire on his fellow soldiers. Army Secretary John McHugh told a Senate panel that Lopez's most recent psychiatric evaluation last month had resulted in him being prescribed "a number of drugs" including the sleep aid Ambien. The psychiatrist at the time said Lopez showed no sign of violence "either to himself or to others." It was around the time of that evaluation that Lopez bought the automatic .45 pistol that he used in the shooting. Army regulations allow soldiers to keep personal weapons, but they are not allowed to bring them on base unless they are registered, and Lopez had not registered his new gun at Fort Hood. Fort Hood officials say that although they do conduct random security checks there was little they could have done to prevent Lopez from sneaking the gun onto the base.
4 Die in Post Shooting
Killeen Daily Herald (TX) (04/03/14) McGuinness, Chris
Four people were killed and 16 others were injured in yet another shooting at Fort Hood, Texas, on Wednesday. Officials at Fort Hood say the gunman was a soldier in the 13th Sustainment Command who brought a recently-purchased .45-caliber Smith and Wesson handgun to the base and opened fire inside the 1st Medical Brigade area at about 4 p.m. local time. The shooting prompted base officials to implement a security lock down, which lasted for about five hours and prevented people from leaving the compound. Law enforcement arrived at the scene shortly after the shooting began and engaged the gunman. The shooting was brought to an end when the gunman shot and killed himself. The other three people who were killed, as well as all of those who were injured, were military service members. Fort Hood commander Lt. Gen. Mark Milley said the motive for the shooting remains unknown, but that it does not appear at this point that the incident was a terrorist attack. However, all possible explanations for the attack are being examined, Milley said. Milley did note that the soldier who committed the shooting was suffering from a number of mental health problems, potentially including post-traumatic stress disorder.
NSA Performed Warrantless Searches on Americans' Calls and Emails – Clapper
The Guardian (04/01/14) Ackerman, Spencer; Ball, James
Director of National Intelligence James Clapper admitted in a letter to Sen. Ron Wyden (D-Ore.) that the National Security Agency (NSA) has performed warrantless searches of its databases to obtain data from Americans' phone calls and e-mails. Clapper noted in his letter, which was sent in response to Wyden's request as to whether NSA had actually performed such searches, that "U.S. person identifiers" are used in searches of the databases to obtain intelligence on "non-U.S. persons" who are believed to be located overseas. Documents released by Edward Snowden indicate that the searches are performed under procedures approved by the Foreign Intelligence Surveillance Act (FISA) court in 2011. The information that is analyzed is collected under Section 702 of the 2008 FISA Amendments Act, which states that the federal government can collect the content and metadata of Americans' communications without a warrant if they are in direct contact with foreign surveillance targets. Clapper said in his letter to Wyden that these searches are legal under Section 702 and compliant with the Fourth Amendment. Wyden disagreed, saying that the searches are unconstitutional and that they represent a "threat to the privacy rights of law-abiding Americans."
U.S. Lawmakers See No Evidence of Terrorism in Malaysia Jet Crash
Reuters India (03/30/2014) Shalal, Andrea
Sen. Dianne Feinstein (D-Calif.) and Rep. Mike Rogers (R-Mich.), the chairs of the congressional intelligence committees, said Sunday that investigators probing the disappearance of Malaysia Airlines Flight 370 have found no evidence that terrorists were involved. Rogers added that the evidence he has seen so far leads him to believe that the plane went down as a result of some type of problem that was not caused by foul play. Malaysian officials, meanwhile, have said the plane's course was deliberately changed but that it is not certain at this point who altered the course or why they did so. Despite Rogers and Feinstein's statements that foul play was not the cause of Flight 370's disappearance, U.S. investigators are still looking into the backgrounds of the flight's crew and its passengers. Investigators also plan to perform a detailed forensic analysis on the computer equipment used by the pilots. An analysis of that equipment, as well as data from a flight simulator used by the pilots, has so far turned up nothing that would shed light on what happened to the plane.
DHS Warns of Fake Help-Desk Scams
Federal Computer Week (04/02/14) Rockwell, Mark
A recent U.S. Department of Homeland Security Office of Intelligence and Analysis memo warned that with the approaching expiration of Microsoft's support and security updates for Windows XP, cybercriminals could increase the number of fake emails and cold calls. For years, federal agencies have been moving to get rid of computers using the Windows XP platform. However, there still could be thousands of XP-based machines operating at government agencies around the world after the April 8 expiration date. More than 10 percent of computers used in government and corporations worldwide will still use the 12-year-old operating system after April 8, according to Qualys estimates. The fake help desk scam begins with an email or a cold call with the contact representing themselves as a help desk employee from a legitimate software or hardware vendor. They then try to convince the victim to download software to fix the problem.
Federal Agencies Face Outsider Threats and Internal Ignorance
Help Net Security (04/01/14)
Despite an abundance of confidence in their cybersecurity readiness, agencies still face significant cybersecurity challenges, according to a new SolarWinds survey of government IT security professionals. SolarWinds and Market Connections surveyed 200 federal government and military IT decision makers early this year and found that 94 percent rated their organization's readiness as good or excellent. Half of the respondents identified external hacking as the top cybersecurity threat facing their organization, followed by insider data leakage and theft, mobile device theft, and physical security attacks. Nine percent said they were unsure if their agency was affected by cyberthreats. Forty-seven percent identified external hackers as to blame for the majority of breaches, while 42 percent pointed to insider threats. Insider threats were actually a larger concern for military IT decision makers, 53 percent of which identified careless and untrained insiders as a top security threat. Just over a fourth of military respondents also said their agencies were endangered by malicious insiders. Forty percent of respondents said the biggest obstacle to IT security improvement and maintenance was budget constraints, while 19 percent identified competing agency priorities and 14 percent identified complex internal environments. Organizational issues such as departments fighting over turf also were identified as major impediments to implementing appropriate IT security tools.
Windows XP: Old Platforms Die Hard, Security Risks Live On
Wall Street Journal (04/01/14) King, Rachael; Yadron, Danny
A significant number of PCs, including computers in use at government agencies, will still be running Windows XP after Microsoft stops providing security patches for the operating system on April 8. Qualys says more than 10 percent of government and corporate computers around the world are running XP. General Electric's Intelligent Platforms division, meanwhile, says 30 to 35 percent of its customers are using the operating system. There are concerns that XP machines used by these organizations will be vulnerable to cyberattacks, partly because security patches will no longer be provided by Microsoft and partly because the operating system still contains several security flaws. Last year, hackers exploited a vulnerability in XP machines running Internet Explorer 8 to target visitors to a website operated by the U.S. Department of Labor. Cybercriminals may be able to identify other, as-yet-to-be-resolved vulnerabilities by reverse engineering the security patches Microsoft will continue to issue for Windows 7 and 8, since all three operating systems share similar code. Microsoft is urging XP users to protect themselves by upgrading to a newer version of Windows, which some organizations are hesitant to do because of the cost involved.
RSA Caught Again in NSA Subverting of Dual EC Encryption
ZDNet (04/01/14) Duckett, Chris
RSA Security is not disputing the findings of a recently-released research paper that indicates it cooperated with the National Security Agency (NSA) more closely than originally thought by providing the agency with a way to more quickly attack a random bit generator included in some of its products. The authors of the paper used a 16-CPU cluster to attack RSA BSAFE Share for C/C++ and RSA BSAFE Share for Java, both of which use the flawed Dual Elliptic Curve (Dual EC) Deterministic Random Bit Generator. RSA's BSAFE encryption libraries also use the "Extended Random" TLS extension, which does not add randomness to the encryption but rather speeds up an attack on Dual EC by a factor of as much as 65,000. The researchers found that the C version of BSAFE, which was the easier of the two RSA encryption libraries to attack, facilitates faster attacks because it transmits long contiguous strings of random bytes and caches the output from all generator calls. As a result, an attacker can obtain TLS session keys in just a few seconds on one CPU, the researchers said. The Java version of BSAFE includes fingerprints in connections, which the researchers said makes it easier to pick them out of streams of network traffic. Researchers concluded that their findings underscore the need to "deprecate" the Dual EC algorithm as soon as possible.
Internet of Things: Mitigating the Risk
GovInfoSecurity.com (04/01/14) Chabrow, Eric
Tony Sager, chief technologist of the Council on Cybersecurity and former COO of the U.S. National Security Agency's information assurance directorate, has turned his attention to mitigating the cybersecurity threats facing the Internet of Things. Sager says the greatest threat to such devices is the issue of cybersecurity simply does not occur to most device-makers, even those whose products deal with sensitive information. Sager says this mirrors the IT industry, which did not begin to view cybersecurity as a foundational issue that had to be addressed directly by their products until the prominent rise of the Internet. Sager says device makers can avoid the same mistake by making use of existing resources to build cybersecurity into their devices. He suggests manufacturers use standards such as Mitre's Common Vulnerabilities and Exposures dictionary of security vulnerabilities to identify common threats. Another resource Sager suggests are industry-specific information sharing and analysis centers, especially those of the financial industry, which is already actively building cybersecurity into industry-specific devices. However, Sager does not take a position on whether regulations or voluntary standards or some other approach should be used to help incentivize device makers to address cybersecurity issues.
Abstracts Copyright © 2014 Information, Inc. Bethesda, MD |
No comments:
Post a Comment